Merge remote-tracking branch 'origin/master' into synapse-workers

roles/matrix-postgres/defaults/main.yml

@@ -1,18 +1,27 @@
 matrix_postgres_enabled: true
 
-matrix_postgres_connection_hostname: ""
-matrix_postgres_connection_username: ""
+matrix_postgres_connection_hostname: "matrix-postgres"
+matrix_postgres_connection_port: 5432
+matrix_postgres_connection_username: "matrix"
 matrix_postgres_connection_password: ""
-matrix_postgres_db_name: ""
+matrix_postgres_db_name: "matrix"
 
 matrix_postgres_base_path: "{{ matrix_base_data_path }}/postgres"
 matrix_postgres_data_path: "{{ matrix_postgres_base_path }}/data"
 
-matrix_postgres_docker_image_v9: "docker.io/postgres:9.6.20-alpine"
-matrix_postgres_docker_image_v10: "docker.io/postgres:10.15-alpine"
-matrix_postgres_docker_image_v11: "docker.io/postgres:11.10-alpine"
-matrix_postgres_docker_image_v12: "docker.io/postgres:12.5-alpine"
-matrix_postgres_docker_image_v13: "docker.io/postgres:13.1-alpine"
+matrix_postgres_architecture: amd64
+
+# matrix_postgres_docker_image_suffix controls whether we use Alpine-based images (`-alpine`) or the normal Debian-based images.
+# Alpine-based Postgres images are smaller and we usually prefer them, but they don't work on ARM32 (tested on a Raspberry Pi 3 running Raspbian 10.7).
+# On ARM32, `-alpine` images fail with the following error:
+# > LOG:  startup process (PID 37) was terminated by signal 11: Segmentation fault
+matrix_postgres_docker_image_suffix: "{{ '-alpine' if matrix_postgres_architecture in ['amd64', 'arm64'] else '' }}"
+
+matrix_postgres_docker_image_v9: "docker.io/postgres:9.6.20{{ matrix_postgres_docker_image_suffix }}"
+matrix_postgres_docker_image_v10: "docker.io/postgres:10.15{{ matrix_postgres_docker_image_suffix }}"
+matrix_postgres_docker_image_v11: "docker.io/postgres:11.10{{ matrix_postgres_docker_image_suffix }}"
+matrix_postgres_docker_image_v12: "docker.io/postgres:12.5{{ matrix_postgres_docker_image_suffix }}"
+matrix_postgres_docker_image_v13: "docker.io/postgres:13.1{{ matrix_postgres_docker_image_suffix }}"
 matrix_postgres_docker_image_latest: "{{ matrix_postgres_docker_image_v13 }}"
 
 # This variable is assigned at runtime. Overriding its value has no effect.
@@ -67,7 +76,10 @@ matrix_postgres_import_databases_ignore_regex: "^CREATE DATABASE ({{ matrix_post
 # and before trying to run queries for creating additional databases/users against it.
 #
 # For most (subsequent) runs, Postgres would already be running, so no waiting will be happening at all.
-matrix_postgres_additional_databases_postgres_start_wait_timeout_seconds: 15
+#
+# On ARM, we wait some more. ARM32 devices are especially known for being slow.
+# ARM64 likely don't need such a long delay, but it doesn't hurt too much having it.
+matrix_postgres_additional_databases_postgres_start_wait_timeout_seconds: "{{ 45 if matrix_postgres_architecture in ['arm32', 'arm64'] else 15 }}"
 
 
 matrix_postgres_pgloader_container_image_self_build: false

roles/matrix-postgres/tasks/import_postgres.yml

@@ -35,6 +35,13 @@
     postgres_import_wait_time: "{{ 7 * 86400 }}"
   when: "postgres_import_wait_time|default('') == ''"
 
+# By default, we connect and import into the main (`matrix`) database.
+# Single-database dumps for Synapse may wish to import into `synapse` instead.
+- name: Set postgres_default_import_database, if not provided
+  set_fact:
+    postgres_default_import_database: "{{ matrix_postgres_db_name }}"
+  when: "postgres_default_import_database|default('') == ''"
+
 # Actual import work
 
 - name: Ensure matrix-postgres is started
@@ -76,7 +83,7 @@
       {{ 'gunzip |' if server_path_postgres_dump.endswith('.gz') else '' }}
       grep -vE '{{ matrix_postgres_import_roles_ignore_regex }}' |
       grep -vE '{{ matrix_postgres_import_databases_ignore_regex }}' |
-      psql -v ON_ERROR_STOP=1 -h matrix-postgres"
+      psql -v ON_ERROR_STOP=1 -h matrix-postgres --dbname={{ postgres_default_import_database }}"
 
 # This is a hack.
 # See: https://ansibledaily.com/print-to-standard-output-without-escaping/

roles/matrix-postgres/tasks/init.yml

@@ -1,3 +1,3 @@
 - set_fact:
-    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-postgres'] }}"
+    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-postgres.service'] }}"
   when: matrix_postgres_enabled|bool

roles/matrix-postgres/tasks/setup_postgres.yml

@@ -120,6 +120,25 @@
         - always
   when: "matrix_postgres_enabled|bool and matrix_postgres_additional_databases|length > 0"
 
+- name: Check existence of matrix-postgres backup data path
+  stat:
+    path: "{{ matrix_postgres_data_path }}-auto-upgrade-backup"
+  register: matrix_postgres_data_backup_path_stat
+  when: "matrix_postgres_enabled|bool"
+
+- name: Inject warning if backup data remains
+  set_fact:
+    matrix_playbook_runtime_results: |
+      {{
+        matrix_playbook_runtime_results|default([])
+        +
+        [
+          "NOTE: You have some Postgres backup data in `{{ matrix_postgres_data_path }}-auto-upgrade-backup`, which was created during the last major Postgres update you ran. If your setup works well after this upgrade, feel free to delete this whole directory."
+        ]
+      }}
+  when: "matrix_postgres_enabled|bool and matrix_postgres_data_backup_path_stat.stat.exists"
+
+
 #
 # Tasks related to getting rid of the internal postgres server (if it was previously enabled)
 #
@@ -155,9 +174,16 @@
   when: "not matrix_postgres_enabled|bool"
 
 # We just want to notify the user. Deleting data is too destructive.
-- name: Notify if matrix-postgres local data remains
-  debug:
-    msg: "Note: You are not using a local PostgreSQL database, but some old data remains from before in `{{ matrix_postgres_data_path }}`. Feel free to delete it."
+- name: Inject warning if matrix-postgres local data remains
+  set_fact:
+    matrix_playbook_runtime_results: |
+      {{
+        matrix_playbook_runtime_results|default([])
+        +
+        [
+          "NOTE: You are not using a local PostgreSQL database, but some old data remains from before in `{{ matrix_postgres_data_path }}`. Feel free to delete it."
+        ]
+      }}
   when: "not matrix_postgres_enabled|bool and matrix_postgres_data_path_stat.stat.exists"
 
 - name: Remove Postgres scripts

roles/matrix-postgres/tasks/validate_config.yml

@@ -6,17 +6,29 @@
       The `matrix_postgres_use_external` variable defined in your configuration is not used by this playbook anymore!
       You'll need to adapt to the new way of using an external Postgres server.
       It's a combination of `matrix_postgres_enabled: false` and specifying Postgres connection
-      details in a few `matrix_synapse_database_` variables.
+      details in a few `matrix_postgres_connection_` variables.
       See the "Using an external PostgreSQL server (optional)" documentation page.
   when: "'matrix_postgres_use_external' in vars"
 
+# This is separate (from the other required variables below),
+# because we'd like to have a friendlier message for our existing users.
+- name: Fail if matrix_postgres_connection_password not defined
+  fail:
+    msg: >-
+      The playbook no longer has a default Postgres password defined in the `matrix_postgres_connection_password` variable, among lots of other Postgres changes.
+      You need to perform multiple manual steps to resolve this.
+      See our changelog for more details:
+      https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/CHANGELOG.md#breaking-change-postgres-changes-that-require-manual-intervention
+  when: "matrix_postgres_connection_password == ''"
+
 - name: Fail if required Postgres settings not defined
   fail:
-    msg: >
+    msg: >-
       You need to define a required configuration setting (`{{ item }}`).
   when: "vars[item] == ''"
   with_items:
     - "matrix_postgres_connection_hostname"
+    - "matrix_postgres_connection_port"
     - "matrix_postgres_connection_username"
     - "matrix_postgres_connection_password"
     - "matrix_postgres_db_name"
@@ -24,4 +36,4 @@
 - name: Fail if Postgres password length exceeded
   fail:
     msg: "The maximum `matrix_postgres_connection_password` length is 99 characters"
-  when: "matrix_postgres_connection_hostname|length > 99"
+  when: "matrix_postgres_connection_password|length > 99"

roles/matrix-postgres/templates/systemd/matrix-postgres.service.j2

@@ -7,6 +7,7 @@ DefaultDependencies=no
 
 [Service]
 Type=simple
+Environment="HOME={{ matrix_systemd_unit_home_path }}"
 ExecStartPre=-{{ matrix_host_command_docker }} stop matrix-postgres
 ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-postgres
 

roles/matrix-postgres/templates/usr-local-bin/matrix-change-user-admin-status.j2

@@ -16,4 +16,4 @@ docker run \
 	--env-file={{ matrix_postgres_base_path }}/env-postgres-psql \
 	--network {{ matrix_docker_network }} \
 	{{ matrix_postgres_docker_image_to_use }} \
-	psql -h {{ matrix_postgres_connection_hostname }} -c "UPDATE users set admin=$2 WHERE name like '@$1:{{ matrix_domain }}'"
+	psql -h {{ matrix_postgres_connection_hostname }} --dbname={{ matrix_synapse_database_database }} -c "UPDATE users set admin=$2 WHERE name like '@$1:{{ matrix_domain }}'"

roles/matrix-postgres/templates/usr-local-bin/matrix-postgres-update-user-password-hash.j2

@@ -13,4 +13,4 @@ docker run \
 	--env-file={{ matrix_postgres_base_path }}/env-postgres-psql \
 	--network {{ matrix_docker_network }} \
 	{{ matrix_postgres_docker_image_to_use }} \
-	psql -h {{ matrix_postgres_connection_hostname }} -c "UPDATE users set password_hash='$2' WHERE name = '@$1:{{ matrix_domain }}'"
+	psql -h {{ matrix_postgres_connection_hostname }} --dbname={{ matrix_synapse_database_database }} -c "UPDATE users set password_hash='$2' WHERE name = '@$1:{{ matrix_domain }}'"