From 2a581cce629b64805b8ccaab5108e09632839983 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sun, 8 Feb 2026 18:30:01 +0200 Subject: [PATCH] Add retry logic for MAS user registration on database auth failure When the Postgres role updates database passwords (e.g., due to a change in the secret derivation method), the Matrix Authentication Service container may still be running with old configuration that references the previous password. This causes mas-cli to fail with "password authentication failed" when the matrix-user-creator role tries to register users. Rather than adding config-change detection or eager restarts to the MAS role, this adds targeted retry logic: if the initial registration attempt fails with a database authentication error, restart the MAS service (which picks up the new config with the updated password), wait for it to start, and retry. The restart usually only triggers once per run since subsequent user registrations succeed after the restart. Related to c21a80d232ffe7e924c539bebecb3d8e26187586 Co-Authored-By: Claude Opus 4.6 --- ...gistered_matrix_authentication_service.yml | 33 ++++++++++++++++--- 1 file changed, 29 insertions(+), 4 deletions(-) diff --git a/roles/custom/matrix-user-creator/tasks/util/ensure_user_registered_matrix_authentication_service.yml b/roles/custom/matrix-user-creator/tasks/util/ensure_user_registered_matrix_authentication_service.yml index 4fbeb03bf..376d15ac8 100644 --- a/roles/custom/matrix-user-creator/tasks/util/ensure_user_registered_matrix_authentication_service.yml +++ b/roles/custom/matrix-user-creator/tasks/util/ensure_user_registered_matrix_authentication_service.yml @@ -4,9 +4,9 @@ --- -- name: Ensure Matrix Authentication Service user registered - {{ user.username | quote }} - ansible.builtin.command: - cmd: |- +- name: Build Matrix Authentication Service user registration command - {{ user.username | quote }} + ansible.builtin.set_fact: + matrix_authentication_service_register_user_command: |- {{ devture_systemd_docker_base_host_command_docker }} exec matrix-authentication-service mas-cli manage register-user -p {{ user.initial_password | quote }} @@ -18,6 +18,31 @@ --no-admin {% endif %} {{ user.username | quote }} + +- name: Ensure Matrix Authentication Service user registered - {{ user.username | quote }} + ansible.builtin.command: + cmd: "{{ matrix_authentication_service_register_user_command }}" register: matrix_authentication_service_register_user_result changed_when: "matrix_authentication_service_register_user_result.rc == 0 and 'Error: User already exists' not in matrix_authentication_service_register_user_result.stderr" - failed_when: "matrix_authentication_service_register_user_result.rc != 0 and 'Error: User already exists' not in matrix_authentication_service_register_user_result.stderr" + failed_when: >- + matrix_authentication_service_register_user_result.rc != 0 + and 'Error: User already exists' not in matrix_authentication_service_register_user_result.stderr + and 'password authentication failed' not in matrix_authentication_service_register_user_result.stderr + +- when: "'password authentication failed' in matrix_authentication_service_register_user_result.stderr | default('')" + block: + - name: Restart Matrix Authentication Service due to database authentication failure (likely a password change) + ansible.builtin.service: + name: "matrix-authentication-service.service" + state: restarted + + - name: Wait for Matrix Authentication Service to start after restart + ansible.builtin.pause: + seconds: "{{ matrix_user_creator_homeserver_start_wait_time_seconds }}" + + - name: Retry Matrix Authentication Service user registration - {{ user.username | quote }} + ansible.builtin.command: + cmd: "{{ matrix_authentication_service_register_user_command }}" + register: matrix_authentication_service_register_user_result + changed_when: "matrix_authentication_service_register_user_result.rc == 0 and 'Error: User already exists' not in matrix_authentication_service_register_user_result.stderr" + failed_when: "matrix_authentication_service_register_user_result.rc != 0 and 'Error: User already exists' not in matrix_authentication_service_register_user_result.stderr"