finallycoffee/matrix-docker-ansible-deploy
5
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Use fully-qualified module names for builtin Ansible modules

Browse Source 
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1939
This commit is contained in:
Slavi Pantaleev
2022-07-18 10:39:08 +03:00
parent 78b5be4a26
commit 34cdaade08
297 changed files with 1420 additions and 1420 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
roles/matrix-synapse/tasks/ext/encryption-disabler/setup_install.yml
View File

@@ -1,7 +1,7 @@
---
- name: Download matrix_encryption_disabler
get_url:
ansible.builtin.get_url:
url: "{{ matrix_synapse_ext_encryption_disabler_download_url }}"
dest: "{{ matrix_synapse_ext_path }}/matrix_e2ee_filter.py"
force: true
@@ -13,7 +13,7 @@
delay: "{{ matrix_geturl_retries_delay }}"
until: result is not failed
- set_fact:
- ansible.builtin.set_fact:
matrix_synapse_modules: |
{{
matrix_synapse_modules|default([])

2
roles/matrix-synapse/tasks/ext/encryption-disabler/setup_uninstall.yml
View File

@@ -1,6 +1,6 @@
---
- name: Ensure matrix_encryption_disabler doesn't exist
file:
ansible.builtin.file:
path: "{{ matrix_synapse_ext_path }}/matrix_e2ee_filter.py"
state: absent

2
roles/matrix-synapse/tasks/ext/ldap-auth/setup.yml
View File

@@ -1,6 +1,6 @@
---
- set_fact:
- ansible.builtin.set_fact:
matrix_synapse_password_providers_enabled: true
matrix_synapse_additional_loggers: >

8
roles/matrix-synapse/tasks/ext/mjolnir-antispam/setup_install.yml
View File

@@ -1,7 +1,7 @@
---
- name: Ensure git installed (RedHat)
yum:
ansible.builtin.yum:
name:
- git
state: present
@@ -9,7 +9,7 @@
when: "ansible_os_family == 'RedHat'"
- name: Ensure git installed (Debian)
apt:
ansible.builtin.apt:
name:
- git
state: present
@@ -25,14 +25,14 @@
when: "ansible_distribution == 'Archlinux'"
- name: Clone mjolnir-antispam git repository
git:
ansible.builtin.git:
repo: "{{ matrix_synapse_ext_spam_checker_mjolnir_antispam_git_repository_url }}"
version: "{{ matrix_synapse_ext_spam_checker_mjolnir_antispam_git_version }}"
dest: "{{ matrix_synapse_ext_path }}/mjolnir"
become: true
become_user: "{{ matrix_user_username }}"
- set_fact:
- ansible.builtin.set_fact:
matrix_synapse_spam_checker: >
{{
matrix_synapse_spam_checker

2
roles/matrix-synapse/tasks/ext/mjolnir-antispam/setup_uninstall.yml
View File

@@ -1,6 +1,6 @@
---
- name: Ensure mjolnir-antispam doesn't exist
file:
ansible.builtin.file:
path: "{{ matrix_synapse_ext_path }}/mjolnir"
state: absent

6
roles/matrix-synapse/tasks/ext/rest-auth/setup_install.yml
View File

@@ -1,12 +1,12 @@
---
- name: Fail if REST Auth endpoint not configured
fail:
ansible.builtin.fail:
msg: "You have enabled the REST Auth password provider, but have not configured its endpoint in the `matrix_synapse_ext_password_provider_rest_auth_endpoint` variable. Consult the documentation."
when: "matrix_synapse_ext_password_provider_rest_auth_endpoint == ''"
- name: Download matrix-synapse-rest-auth
get_url:
ansible.builtin.get_url:
url: "{{ matrix_synapse_ext_password_provider_rest_auth_download_url }}"
dest: "{{ matrix_synapse_ext_path }}/rest_auth_provider.py"
force: true
@@ -18,7 +18,7 @@
delay: "{{ matrix_geturl_retries_delay }}"
until: result is not failed
- set_fact:
- ansible.builtin.set_fact:
matrix_synapse_password_providers_enabled: true
matrix_synapse_container_extra_arguments: >

2
roles/matrix-synapse/tasks/ext/rest-auth/setup_uninstall.yml
View File

@@ -1,6 +1,6 @@
---
- name: Ensure matrix-synapse-rest-auth doesn't exist
file:
ansible.builtin.file:
path: "{{ matrix_synapse_ext_path }}/rest_auth_provider.py"
state: absent

8
roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml
View File

@@ -1,17 +1,17 @@
---
- name: Fail if Shared Secret Auth secret not set
fail:
ansible.builtin.fail:
msg: "Shared Secret Auth is enabled, but no secret has been set in matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret"
when: "matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret == ''"
- name: Fail if no Shared Secret Auth login types enabled
fail:
ansible.builtin.fail:
msg: "Shared Secret Auth is enabled, but none of the login types are"
when: "not (matrix_synapse_ext_password_provider_shared_secret_auth_m_login_password_support_enabled or matrix_synapse_ext_password_provider_shared_secret_auth_com_devture_shared_secret_auth_support_enabled)"
- name: Download matrix-synapse-shared-secret-auth
get_url:
ansible.builtin.get_url:
url: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_download_url }}"
dest: "{{ matrix_synapse_ext_path }}/shared_secret_authenticator.py"
force: true
@@ -23,7 +23,7 @@
delay: "{{ matrix_geturl_retries_delay }}"
until: result is not failed
- set_fact:
- ansible.builtin.set_fact:
matrix_synapse_modules: |
{{
matrix_synapse_modules|default([])

2
roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_uninstall.yml
View File

@@ -1,6 +1,6 @@
---
- name: Ensure matrix-synapse-shared-secret-auth doesn't exist
file:
ansible.builtin.file:
path: "{{ matrix_synapse_ext_path }}/shared_secret_authenticator.py"
state: absent

10
roles/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_install.yml
View File

@@ -1,12 +1,12 @@
---
- name: Fail if Synapse Simple Antispam blocked homeservers is not set
fail:
ansible.builtin.fail:
msg: "Synapse Simple Antispam is enabled, but no blocked homeservers have been set in matrix_synapse_ext_spam_checker_synapse_simple_antispam_config_blocked_homeservers"
when: "matrix_synapse_ext_spam_checker_synapse_simple_antispam_config_blocked_homeservers|length == 0"
- name: Ensure git installed (RedHat)
yum:
ansible.builtin.yum:
name:
- git
state: present
@@ -14,7 +14,7 @@
when: "ansible_os_family == 'RedHat'"
- name: Ensure git installed (Debian)
apt:
ansible.builtin.apt:
name:
- git
state: present
@@ -30,14 +30,14 @@
when: "ansible_distribution == 'Archlinux'"
- name: Clone synapse-simple-antispam git repository
git:
ansible.builtin.git:
repo: "{{ matrix_synapse_ext_spam_checker_synapse_simple_antispam_git_repository_url }}"
version: "{{ matrix_synapse_ext_spam_checker_synapse_simple_antispam_git_version }}"
dest: "{{ matrix_synapse_ext_path }}/synapse-simple-antispam"
become: true
become_user: "{{ matrix_user_username }}"
- set_fact:
- ansible.builtin.set_fact:
matrix_synapse_modules: >
{{
matrix_synapse_modules

2
roles/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_uninstall.yml
View File

@@ -1,6 +1,6 @@
---
- name: Ensure synapse-simple-antispam doesn't exist
file:
ansible.builtin.file:
path: "{{ matrix_synapse_ext_path }}/synapse-simple-antispam"
state: absent

8
roles/matrix-synapse/tasks/goofys/setup_install.yml
View File

@@ -21,7 +21,7 @@
ignore_errors: true
- name: Ensure Matrix Goofys external storage mountpoint exists
file:
ansible.builtin.file:
path: "{{ matrix_s3_media_store_path }}"
state: directory
mode: 0750
@@ -30,20 +30,20 @@
when: "not local_path_matrix_s3_media_store_path_stat.failed and not local_path_matrix_s3_media_store_path_stat.stat.exists"
- name: Ensure goofys environment variables file created
template:
ansible.builtin.template:
src: "{{ role_path }}/templates/goofys/env-goofys.j2"
dest: "{{ matrix_synapse_config_dir_path }}/env-goofys"
owner: root
mode: 0600
- name: Ensure matrix-goofys.service installed
template:
ansible.builtin.template:
src: "{{ role_path }}/templates/goofys/systemd/matrix-goofys.service.j2"
dest: "{{ matrix_systemd_path }}/matrix-goofys.service"
mode: 0644
register: matrix_goofys_systemd_service_result
- name: Ensure systemd reloaded after matrix-goofys.service installation
service:
ansible.builtin.service:
daemon_reload: true
when: "matrix_goofys_systemd_service_result.changed"

8
roles/matrix-synapse/tasks/goofys/setup_uninstall.yml
View File

@@ -6,7 +6,7 @@
register: matrix_goofys_service_stat
- name: Ensure matrix-goofys is stopped
service:
ansible.builtin.service:
name: matrix-goofys
state: stopped
enabled: false
@@ -15,18 +15,18 @@
when: "matrix_goofys_service_stat.stat.exists"
- name: Ensure matrix-goofys.service doesn't exist
file:
ansible.builtin.file:
path: "{{ matrix_systemd_path }}/matrix-goofys.service"
state: absent
when: "matrix_goofys_service_stat.stat.exists"
- name: Ensure systemd reloaded after matrix-goofys.service removal
service:
ansible.builtin.service:
daemon_reload: true
when: "matrix_goofys_service_stat.stat.exists"
- name: Ensure goofys environment variables file doesn't exist
file:
ansible.builtin.file:
path: "{{ matrix_synapse_config_dir_path }}/env-goofys"
state: absent

16
roles/matrix-synapse/tasks/import_media_store.yml
View File

@@ -3,12 +3,12 @@
# Pre-checks
- name: Fail if playbook called incorrectly
fail:
ansible.builtin.fail:
msg: "The `server_path_media_store` variable needs to be provided to this playbook, via --extra-vars"
when: "server_path_media_store is not defined or server_path_media_store.startswith('<')"
- name: Fail if media store is on Amazon S3
fail:
ansible.builtin.fail:
msg: "Your media store is on Amazon S3. Due to technical limitations, restoring is not supported."
when: matrix_s3_media_store_enabled|bool
@@ -18,7 +18,7 @@
register: server_path_media_store_stat
- name: Fail if provided media store directory doesn't exist on the server
fail:
ansible.builtin.fail:
msg: "{{ server_path_media_store }} cannot be found on the server"
when: "not server_path_media_store_stat.stat.exists or not server_path_media_store_stat.stat.isdir"
@@ -33,7 +33,7 @@
register: server_path_media_store_remote_content_stat
- name: Fail if media store directory doesn't look okay (lacking remote and local content)
fail:
ansible.builtin.fail:
msg: "{{ server_path_media_store }} contains neither local_content nor remote_content directories. It's most likely a mistake and is not a media store directory."
when: "not server_path_media_store_local_content_stat.stat.exists and not server_path_media_store_remote_content_stat.stat.exists"
@@ -41,7 +41,7 @@
# Actual import work
- name: Ensure matrix-synapse is stopped
service:
ansible.builtin.service:
name: matrix-synapse
state: stopped
enabled: false
@@ -57,14 +57,14 @@
delete: true
# It's wasteful to preserve owner/group now. We chown below anyway.
owner: false
group: false
ansible.builtin.group: false
times: true
delegate_to: "{{ inventory_hostname }}"
# This is for the generic case and fails in other cases (remote file systems),
# because in such cases the base path (matrix_synapse_media_store_path) is a mount point.
- name: Ensure media store permissions are correct (generic case)
file:
ansible.builtin.file:
path: "{{ matrix_synapse_media_store_path }}"
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
@@ -75,7 +75,7 @@
# all files become owned by whoever needs to own them.
- name: Ensure Synapse is started (if it previously was)
service:
ansible.builtin.service:
name: "{{ item }}"
state: started
daemon_reload: true

16
roles/matrix-synapse/tasks/init.yml
View File

@@ -2,7 +2,7 @@
# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070
# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407
- name: Fail if trying to self-build on Ansible < 2.8
fail:
ansible.builtin.fail:
msg: "To self-build the Synapse image, you should use Ansible 2.8 or higher. See docs/ansible.md"
when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_synapse_container_image_self_build and matrix_synapse_enabled"
@@ -11,7 +11,7 @@
- import_tasks: "{{ role_path }}/tasks/synapse/workers/init.yml"
when: "matrix_synapse_enabled and matrix_synapse_workers_enabled and matrix_synapse_workers_enabled_list|length == 0"
- set_fact:
- ansible.builtin.set_fact:
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-synapse.service'] }}"
when: matrix_synapse_enabled|bool
@@ -22,13 +22,13 @@
loop_var: matrix_synapse_worker_details
when: matrix_synapse_enabled|bool and matrix_synapse_workers_enabled|bool
- set_fact:
- ansible.builtin.set_fact:
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-goofys.service'] }}"
when: matrix_s3_media_store_enabled|bool
- block:
- name: Fail if matrix-nginx-proxy role already executed
fail:
ansible.builtin.fail:
msg: >-
Trying to append Synapse's reverse-proxying configuration to matrix-nginx-proxy,
but it's pointless since the matrix-nginx-proxy role had already executed.
@@ -37,7 +37,7 @@
when: matrix_nginx_proxy_role_executed|default(False)|bool
- name: Generate synapse metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/synapse/main-process)
set_fact:
ansible.builtin.set_fact:
matrix_synapse_nginx_metrics_configuration_block: |
location /metrics/synapse/main-process {
{% if matrix_nginx_proxy_enabled|default(False) %}
@@ -52,7 +52,7 @@
}
- name: Register synapse metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/synapse/main-process)
set_fact:
ansible.builtin.set_fact:
matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: |
{{
matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks|default([])
@@ -61,7 +61,7 @@
}}
- name: Generate synapse worker metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/synapse/worker)
set_fact:
ansible.builtin.set_fact:
matrix_synapse_worker_nginx_metrics_configuration_block: |
{% for worker in matrix_synapse_workers_enabled_list %}
{% if worker.metrics_port != 0 %}
@@ -76,7 +76,7 @@
when: matrix_synapse_workers_enabled_list|length > 0
- name: Register synapse worker metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/synapse/worker)
set_fact:
ansible.builtin.set_fact:
matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: |
{{
matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks|default([])

2
roles/matrix-synapse/tasks/main.yml
View File

@@ -51,7 +51,7 @@
- rust-synapse-compress-state
- name: Mark matrix-synapse role as executed
set_fact:
ansible.builtin.set_fact:
matrix_synapse_role_executed: true
tags:
- always

10
roles/matrix-synapse/tasks/register_user.yml
View File

@@ -1,22 +1,22 @@
---
- name: Fail if playbook called incorrectly
fail:
ansible.builtin.fail:
msg: "The `username` variable needs to be provided to this playbook, via --extra-vars"
when: "username is not defined or username == '<your-username>'"
- name: Fail if playbook called incorrectly
fail:
ansible.builtin.fail:
msg: "The `password` variable needs to be provided to this playbook, via --extra-vars"
when: "password is not defined or password == '<your-password>'"
- name: Fail if playbook called incorrectly
fail:
ansible.builtin.fail:
msg: "The `admin` variable needs to be provided to this playbook, via --extra-vars"
when: "admin is not defined or admin not in ['yes', 'no']"
- name: Ensure matrix-synapse is started
service:
ansible.builtin.service:
name: matrix-synapse
state: started
daemon_reload: true
@@ -28,4 +28,4 @@
when: "start_result.changed"
- name: Register user
command: "{{ matrix_local_bin_path }}/matrix-synapse-register-user {{ username|quote }} {{ password|quote }} {{ '1' if admin == 'yes' else '0' }}"
ansible.builtin.command: "{{ matrix_local_bin_path }}/matrix-synapse-register-user {{ username|quote }} {{ password|quote }} {{ '1' if admin == 'yes' else '0' }}"

14
roles/matrix-synapse/tasks/rust-synapse-compress-state/compress_room.yml
View File

@@ -1,10 +1,10 @@
---
- debug:
- ansible.builtin.debug:
msg: "Compressing room `{{ room_details.room_id }}` having {{ room_details.count }} state group rows"
- name: Generate rust-synapse-compress-state room compression command
set_fact:
ansible.builtin.set_fact:
matrix_synapse_rust_synapse_compress_state_compress_room_command: >-
{{ matrix_host_command_docker }} run --rm --name matrix-rust-synapse-compress-state-compress-room
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
@@ -17,15 +17,15 @@
-r '{{ room_details.room_id }}'
- name: Run rust-synapse-compress-state room compression command (SQL generation)
command: "{{ matrix_synapse_rust_synapse_compress_state_compress_room_command }}"
ansible.builtin.command: "{{ matrix_synapse_rust_synapse_compress_state_compress_room_command }}"
async: "{{ matrix_synapse_rust_synapse_compress_state_compress_room_time }}"
poll: 10
register: matrix_synapse_rust_synapse_compress_state_compress_room_command_result
- debug: var="matrix_synapse_rust_synapse_compress_state_compress_room_command_result"
- ansible.builtin.debug: var="matrix_synapse_rust_synapse_compress_state_compress_room_command_result"
- name: Generate Postgres compression SQL import command
set_fact:
ansible.builtin.set_fact:
matrix_synapse_rust_synapse_compress_state_psql_import_command: >-
{{ matrix_host_command_docker }} run --rm --name matrix-rust-synapse-compress-state-psql-import
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
@@ -39,12 +39,12 @@
psql -v ON_ERROR_STOP=1 -h matrix-postgres -d {{ matrix_synapse_database_database }}"
- name: Import compression SQL into Postgres
command: "{{ matrix_synapse_rust_synapse_compress_state_psql_import_command }}"
ansible.builtin.command: "{{ matrix_synapse_rust_synapse_compress_state_psql_import_command }}"
async: "{{ matrix_synapse_rust_synapse_compress_state_psql_import_time }}"
poll: 10
register: matrix_synapse_rust_synapse_compress_state_psql_import_command_result
- name: Clean up
file:
ansible.builtin.file:
path: "{{ matrix_synapse_rust_synapse_compress_state_base_path }}/state-compressor.sql"
state: absent

26
roles/matrix-synapse/tasks/rust-synapse-compress-state/main.yml
View File

@@ -2,7 +2,7 @@
# Pre-checks
- name: Fail if Postgres not enabled
fail:
ansible.builtin.fail:
msg: "Postgres via the matrix-postgres role is not enabled (`matrix_postgres_enabled`). Cannot use rust-synapse-compress-state."
when: "not matrix_postgres_enabled|bool"
@@ -10,22 +10,22 @@
# Defaults
- name: Set matrix_synapse_rust_synapse_compress_state_find_rooms_command_wait_time, if not provided
set_fact:
ansible.builtin.set_fact:
matrix_synapse_rust_synapse_compress_state_find_rooms_command_wait_time: 1800
when: "matrix_synapse_rust_synapse_compress_state_find_rooms_command_wait_time|default('') == ''"
- name: Set matrix_synapse_rust_synapse_compress_state_compress_room_time, if not provided
set_fact:
ansible.builtin.set_fact:
matrix_synapse_rust_synapse_compress_state_compress_room_time: 3600
when: "matrix_synapse_rust_synapse_compress_state_compress_room_time|default('') == ''"
- name: Set matrix_synapse_rust_synapse_compress_state_psql_import_time, if not provided
set_fact:
ansible.builtin.set_fact:
matrix_synapse_rust_synapse_compress_state_psql_import_time: 3600
when: "matrix_synapse_rust_synapse_compress_state_psql_import_time|default('') == ''"
- name: Set matrix_synapse_rust_synapse_compress_state_min_state_groups_required, if not provided
set_fact:
ansible.builtin.set_fact:
# The minimum number of state groups we're looking for before we consider a room eligible for compression.
# Rooms with a smaller state groups count will not be compressed.
matrix_synapse_rust_synapse_compress_state_min_state_groups_required: 100000
@@ -35,7 +35,7 @@
# Actual compression work
- name: Ensure rust-synapse-compress-state paths exist
file:
ansible.builtin.file:
path: "{{ matrix_synapse_rust_synapse_compress_state_base_path }}"
state: directory
mode: 0750
@@ -54,7 +54,7 @@
until: result is not failed
- name: Generate rust-synapse-compress-state room find command
set_fact:
ansible.builtin.set_fact:
matrix_synapse_rust_synapse_compress_state_find_rooms_command: >-
{{ matrix_host_command_docker }} run --rm --name matrix-rust-synapse-compress-state-find-rooms
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
@@ -66,7 +66,7 @@
'SELECT array_to_json(array_agg(row_to_json (r))) FROM (SELECT room_id, count(*) AS count FROM state_groups_state GROUP BY room_id HAVING count(*) > {{ matrix_synapse_rust_synapse_compress_state_min_state_groups_required }} ORDER BY count DESC) r;'
- name: Find rooms eligible for compression with rust-synapse-compress-state
command: "{{ matrix_synapse_rust_synapse_compress_state_find_rooms_command }}"
ansible.builtin.command: "{{ matrix_synapse_rust_synapse_compress_state_find_rooms_command }}"
async: "{{ matrix_synapse_rust_synapse_compress_state_find_rooms_command_wait_time }}"
poll: 10
register: matrix_synapse_rust_synapse_compress_state_find_rooms_command_result
@@ -85,10 +85,10 @@
# Row 3 contains a space when there's no result.
- block:
- debug: var="matrix_synapse_rust_synapse_compress_state_find_rooms_command_result"
- ansible.builtin.debug: var="matrix_synapse_rust_synapse_compress_state_find_rooms_command_result"
- name: Fail if room find result is not what we expect
fail:
ansible.builtin.fail:
msg: >-
Expecting 4 lines in the "find rooms" result.
when: "matrix_synapse_rust_synapse_compress_state_find_rooms_command_result.failed or matrix_synapse_rust_synapse_compress_state_find_rooms_command_result.stdout_lines|length != 4"
@@ -96,11 +96,11 @@
- block:
# matrix_synapse_rust_synapse_compress_state_eligible_rooms is a list
# of dictionaries like this: {'room_id': '!some-id', 'count': 2461329}
- set_fact:
- ansible.builtin.set_fact:
matrix_synapse_rust_synapse_compress_state_eligible_rooms: "{{ matrix_synapse_rust_synapse_compress_state_find_rooms_command_result.stdout_lines[2] | from_json }}"
- name: Display rooms that will be compressed
debug:
ansible.builtin.debug:
msg: >-
The following rooms contain more than {{ matrix_synapse_rust_synapse_compress_state_min_state_groups_required }} state group rows
(configurable via `matrix_synapse_rust_synapse_compress_state_min_state_groups_required`)
@@ -115,7 +115,7 @@
when: "matrix_synapse_rust_synapse_compress_state_find_rooms_command_result.stdout_lines[2] != ' '"
- name: Show notice about lack of rooms to compress
debug:
ansible.builtin.debug:
msg: >-
No rooms were found to contain more than {{ matrix_synapse_rust_synapse_compress_state_min_state_groups_required }} state group rows
(configurable via `matrix_synapse_rust_synapse_compress_state_min_state_groups_required`),

6
roles/matrix-synapse/tasks/self_check_client_api.yml
View File

@@ -1,7 +1,7 @@
---
- name: Check Matrix Client API
uri:
ansible.builtin.uri:
url: "{{ matrix_synapse_client_api_url_endpoint_public }}"
follow_redirects: none
validate_certs: "{{ matrix_synapse_self_check_validate_certificates }}"
@@ -11,11 +11,11 @@
when: matrix_synapse_enabled|bool
- name: Fail if Matrix Client API not working
fail:
ansible.builtin.fail:
msg: "Failed checking Matrix Client API is up at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_client_api_url_endpoint_public }}`). Is Synapse running? Is port 443 open in your firewall? Full error: {{ result_matrix_synapse_client_api }}"
when: "matrix_synapse_enabled|bool and (result_matrix_synapse_client_api.failed or 'json' not in result_matrix_synapse_client_api)"
- name: Report working Matrix Client API
debug:
ansible.builtin.debug:
msg: "The Matrix Client API at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_client_api_url_endpoint_public }}`) is working"
when: matrix_synapse_enabled|bool

8
roles/matrix-synapse/tasks/self_check_federation_api.yml
View File

@@ -1,7 +1,7 @@
---
- name: Check Matrix Federation API
uri:
ansible.builtin.uri:
url: "{{ matrix_synapse_federation_api_url_endpoint_public }}"
follow_redirects: none
validate_certs: "{{ matrix_synapse_self_check_validate_certificates }}"
@@ -11,16 +11,16 @@
when: matrix_synapse_enabled|bool
- name: Fail if Matrix Federation API not working
fail:
ansible.builtin.fail:
msg: "Failed checking Matrix Federation API is up at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_federation_api_url_endpoint_public }}`). Is Synapse running? Is port {{ matrix_federation_public_port }} open in your firewall? Full error: {{ result_matrix_synapse_federation_api }}"
when: "matrix_synapse_enabled|bool and matrix_synapse_federation_enabled|bool and (result_matrix_synapse_federation_api.failed or 'json' not in result_matrix_synapse_federation_api)"
- name: Fail if Matrix Federation API unexpectedly enabled
fail:
ansible.builtin.fail:
msg: "Matrix Federation API is up at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_federation_api_url_endpoint_public }}`) despite being disabled."
when: "matrix_synapse_enabled|bool and not matrix_synapse_federation_enabled|bool and not result_matrix_synapse_federation_api.failed"
- name: Report working Matrix Federation API
debug:
ansible.builtin.debug:
msg: "The Matrix Federation API at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_federation_api_url_endpoint_public }}`) is working"
when: "matrix_synapse_enabled|bool and matrix_synapse_federation_enabled|bool"

2
roles/matrix-synapse/tasks/setup_synapse.yml
View File

@@ -1,7 +1,7 @@
---
- name: Ensure Synapse paths exist
file:
ansible.builtin.file:
path: "{{ item.path }}"
state: directory
mode: 0750

22
roles/matrix-synapse/tasks/synapse/setup_install.yml
View File

@@ -10,7 +10,7 @@
# This is separate and conditional, to ensure we don't execute it
# if the path already exists or we failed to check, because it's mounted using fuse.
- name: Ensure Synapse media store path exists
file:
ansible.builtin.file:
path: "{{ matrix_synapse_media_store_path }}"
state: directory
mode: 0750
@@ -20,7 +20,7 @@
- block:
- name: Ensure Synapse repository is present on self-build
git:
ansible.builtin.git:
repo: "{{ matrix_synapse_container_image_self_build_repo }}"
dest: "{{ matrix_synapse_docker_src_files_path }}"
version: "{{ matrix_synapse_docker_image.split(':')[1] }}"
@@ -30,14 +30,14 @@
register: matrix_synapse_git_pull_results
- name: Check if Synapse Docker image exists
command: "{{ matrix_host_command_docker }} images --quiet --filter 'reference={{ matrix_synapse_docker_image }}'"
ansible.builtin.command: "{{ matrix_host_command_docker }} images --quiet --filter 'reference={{ matrix_synapse_docker_image }}'"
register: matrix_synapse_docker_image_check_result
# Invoking the `docker build` command here, instead of calling the `docker_image` Ansible module,
# because the latter does not support BuildKit.
# See: https://github.com/ansible-collections/community.general/issues/514
- name: Ensure Synapse Docker image is built
shell:
ansible.builtin.shell:
chdir: "{{ matrix_synapse_docker_src_files_path }}"
cmd: |
{{ matrix_host_command_docker }} build \
@@ -74,7 +74,7 @@
# We don't use the `docker_container` module, because using it with `cap_drop` requires
# a very recent docker-py version, which is not available for a lot of people yet.
- name: Generate initial Synapse config and signing key
command: |
ansible.builtin.command: |
docker run
--rm
--name=matrix-config
@@ -89,7 +89,7 @@
when: "not matrix_synapse_signing_key_stat.stat.exists"
- name: Ensure Synapse homeserver config installed
copy:
ansible.builtin.copy:
content: "{{ matrix_synapse_configuration|to_nice_yaml(indent=2, width=999999) }}"
dest: "{{ matrix_synapse_config_dir_path }}/homeserver.yaml"
mode: 0644
@@ -97,31 +97,31 @@
group: "{{ matrix_user_groupname }}"
- name: Ensure Synapse log config installed
template:
ansible.builtin.template:
src: "{{ matrix_synapse_template_synapse_log }}"
dest: "{{ matrix_synapse_config_dir_path }}/{{ matrix_server_fqn_matrix }}.log.config"
mode: 0644
- name: Ensure matrix-synapse.service installed
template:
ansible.builtin.template:
src: "{{ role_path }}/templates/synapse/systemd/matrix-synapse.service.j2"
dest: "{{ matrix_systemd_path }}/matrix-synapse.service"
mode: 0644
register: matrix_synapse_systemd_service_result
- name: Ensure systemd reloaded after matrix-synapse.service installation
service:
ansible.builtin.service:
daemon_reload: true
when: "matrix_synapse_systemd_service_result.changed"
- name: Ensure matrix-synapse-register-user script created
template:
ansible.builtin.template:
src: "{{ role_path }}/templates/synapse/usr-local-bin/matrix-synapse-register-user.j2"
dest: "{{ matrix_local_bin_path }}/matrix-synapse-register-user"
mode: 0755
- name: Generate sample prometheus.yml for external scraping
template:
ansible.builtin.template:
src: "{{ role_path }}/templates/synapse/prometheus/external_prometheus.yml.example.j2"
dest: "{{ matrix_synapse_base_path }}/external_prometheus.yml.example"
owner: "{{ matrix_user_username }}"

8
roles/matrix-synapse/tasks/synapse/setup_uninstall.yml
View File

@@ -6,7 +6,7 @@
register: matrix_synapse_service_stat
- name: Ensure matrix-synapse is stopped
service:
ansible.builtin.service:
name: matrix-synapse
state: stopped
enabled: false
@@ -15,13 +15,13 @@
when: "matrix_synapse_service_stat.stat.exists"
- name: Ensure matrix-synapse.service doesn't exist
file:
ansible.builtin.file:
path: "{{ matrix_systemd_path }}/matrix-synapse.service"
state: absent
when: "matrix_synapse_service_stat.stat.exists"
- name: Ensure systemd reloaded after matrix-synapse.service removal
service:
ansible.builtin.service:
daemon_reload: true
when: "matrix_synapse_service_stat.stat.exists"
@@ -31,7 +31,7 @@
state: absent
- name: Ensure sample prometheus.yml for external scraping is deleted
file:
ansible.builtin.file:
path: "{{ matrix_synapse_base_path }}/external_prometheus.yml.example"
state: absent
when: "not matrix_synapse_metrics_proxying_enabled|bool"

16
roles/matrix-synapse/tasks/synapse/workers/init.yml
View File

@@ -5,7 +5,7 @@
# so we're forced to do something much uglier.
- name: Build generic workers
set_fact:
ansible.builtin.set_fact:
worker:
type: 'generic_worker'
instanceId: "{{ matrix_synapse_workers_generic_workers_port_range_start + item }}"
@@ -15,7 +15,7 @@
loop: "{{ range(0, matrix_synapse_workers_generic_workers_count|int)|list }}"
- name: Build federation sender workers
set_fact:
ansible.builtin.set_fact:
worker:
type: 'federation_sender'
instanceId: "{{ item }}"
@@ -26,7 +26,7 @@
# This type of worker can only have a count of 1, at most
- name: Build pusher workers
set_fact:
ansible.builtin.set_fact:
worker:
type: 'pusher'
instanceId: "{{ item }}"
@@ -37,7 +37,7 @@
# This type of worker can only have a count of 1, at most
- name: Build appservice workers
set_fact:
ansible.builtin.set_fact:
worker:
type: 'appservice'
instanceId: "{{ item }}"
@@ -47,7 +47,7 @@
loop: "{{ range(0, matrix_synapse_workers_appservice_workers_count|int)|list }}"
- name: Build media_repository workers
set_fact:
ansible.builtin.set_fact:
worker:
type: 'media_repository'
instanceId: "{{ matrix_synapse_workers_media_repository_workers_port_range_start + item }}"
@@ -57,7 +57,7 @@
loop: "{{ range(0, matrix_synapse_workers_media_repository_workers_count|int)|list }}"
- name: Build frontend_proxy workers
set_fact:
ansible.builtin.set_fact:
worker:
type: 'frontend_proxy'
instanceId: "{{ matrix_synapse_workers_frontend_proxy_workers_port_range_start + item }}"
@@ -66,7 +66,7 @@
register: "matrix_synapse_workers_list_results_frontend_proxy_workers"
loop: "{{ range(0, matrix_synapse_workers_frontend_proxy_workers_count|int)|list }}"
- set_fact:
- ansible.builtin.set_fact:
matrix_synapse_dynamic_workers_list: "{{ matrix_synapse_dynamic_workers_list|default([]) + [item.ansible_facts.worker] }}"
with_items: |
{{
@@ -83,5 +83,5 @@
matrix_synapse_workers_list_results_frontend_proxy_workers.results
}}
- set_fact:
- ansible.builtin.set_fact:
matrix_synapse_workers_enabled_list: "{{ matrix_synapse_dynamic_workers_list }}"

4
roles/matrix-synapse/tasks/synapse/workers/setup.yml
View File

@@ -3,14 +3,14 @@
# A previous version of the worker setup used this.
# This is a temporary cleanup for people who ran that version.
- name: Ensure old matrix-synapse.service.wants directory is gone
file:
ansible.builtin.file:
path: "{{ matrix_systemd_path }}/matrix-synapse.service.wants"
state: absent
# Same. This was part of a previous version of the worker setup.
# No longer necessary.
- name: Ensure matrix-synapse-worker-write-pid script is removed
file:
ansible.builtin.file:
path: "{{ matrix_local_bin_path }}/matrix-synapse-worker-write-pid"
state: absent

6
roles/matrix-synapse/tasks/synapse/workers/setup_install.yml
View File

@@ -9,7 +9,7 @@
# This also deletes some things which we need. They will be recreated below.
- name: Ensure previous worker configs are cleaned
file:
ansible.builtin.file:
path: "{{ item.path }}"
state: absent
with_items: "{{ matrix_synapse_workers_current_config_files.files }}"
@@ -22,7 +22,7 @@
register: matrix_synapse_workers_current_systemd_services
- name: Ensure unnecessary worker systemd services are stopped and disabled
service:
ansible.builtin.service:
name: "{{ item.path|basename }}"
state: stopped
enabled: false
@@ -30,7 +30,7 @@
when: "not ansible_check_mode and item.path|basename not in matrix_systemd_services_list"
- name: Ensure unnecessary worker systemd services are cleaned
file:
ansible.builtin.file:
path: "{{ item.path }}"
state: absent
with_items: "{{ matrix_synapse_workers_current_systemd_services.files }}"

6
roles/matrix-synapse/tasks/synapse/workers/setup_uninstall.yml
View File

@@ -4,7 +4,7 @@
service_facts:
- name: Ensure any worker services are stopped
service:
ansible.builtin.service:
name: "{{ item.key }}"
state: stopped
with_dict: "{{ ansible_facts.services|default({})|dict2items|selectattr('key', 'match', 'matrix-synapse-worker-.+\\.service')|list|items2dict }}"
@@ -18,7 +18,7 @@
register: matrix_synapse_workers_current_config_files
- name: Ensure previous worker configs are cleaned
file:
ansible.builtin.file:
path: "{{ item.path }}"
state: absent
with_items: "{{ matrix_synapse_workers_current_config_files.files }}"
@@ -31,7 +31,7 @@
register: matrix_synapse_workers_current_systemd_services
- name: Ensure previous worker systemd services are cleaned
file:
ansible.builtin.file:
path: "{{ item.path }}"
state: absent
with_items: "{{ matrix_synapse_workers_current_systemd_services.files }}"

6
roles/matrix-synapse/tasks/synapse/workers/util/inject_systemd_services_for_worker.yml
View File

@@ -8,12 +8,12 @@
# In the future, it should be possible to remove this check.
# Our own code which dynamically builds `matrix_synapse_workers_enabled_list` does things right.
- name: Fail if instanceId not defined for worker
fail:
ansible.builtin.fail:
msg: "Synapse workers (like {{ matrix_synapse_worker_details|to_json }}) need to define an instanceId property (type + instanceId must be unique)"
when: "'instanceId' not in matrix_synapse_worker_details"
- set_fact:
- ansible.builtin.set_fact:
matrix_synapse_worker_systemd_service_name: "matrix-synapse-worker-{{ matrix_synapse_worker_details.type }}-{{ matrix_synapse_worker_details.instanceId }}.service"
- set_fact:
- ansible.builtin.set_fact:
matrix_systemd_services_list: "{{ matrix_systemd_services_list + [matrix_synapse_worker_systemd_service_name] }}"

10
roles/matrix-synapse/tasks/synapse/workers/util/setup_files_for_worker.yml
View File

@@ -1,21 +1,21 @@
---
- set_fact:
- ansible.builtin.set_fact:
matrix_synapse_worker_systemd_service_name: "matrix-synapse-worker-{{ matrix_synapse_worker_details.type }}-{{ matrix_synapse_worker_details.instanceId }}"
- set_fact:
- ansible.builtin.set_fact:
matrix_synapse_worker_container_name: "{{ matrix_synapse_worker_systemd_service_name }}"
- set_fact:
- ansible.builtin.set_fact:
matrix_synapse_worker_config_file_name: "worker.{{ matrix_synapse_worker_details.type }}_{{ matrix_synapse_worker_details.instanceId }}.yaml"
- name: Ensure configuration exists for {{ matrix_synapse_worker_systemd_service_name }}
template:
ansible.builtin.template:
src: "{{ role_path }}/templates/synapse/worker.yaml.j2"
dest: "{{ matrix_synapse_config_dir_path }}/{{ matrix_synapse_worker_config_file_name }}"
- name: Ensure systemd service exists for {{ matrix_synapse_worker_systemd_service_name }}
template:
ansible.builtin.template:
src: "{{ role_path }}/templates/synapse/systemd/matrix-synapse-worker.service.j2"
dest: "{{ matrix_systemd_path }}/{{ matrix_synapse_worker_systemd_service_name }}.service"
mode: 0644

14
roles/matrix-synapse/tasks/update_user_password.yml
View File

@@ -1,29 +1,29 @@
---
- name: Fail if playbook called incorrectly
fail:
ansible.builtin.fail:
msg: "The `username` variable needs to be provided to this playbook, via --extra-vars"
when: "username is not defined or username == '<your-username>'"
- name: Fail if playbook called incorrectly
fail:
ansible.builtin.fail:
msg: "The `password` variable needs to be provided to this playbook, via --extra-vars"
when: "password is not defined or password == '<your-password>'"
- name: Fail if not using matrix-postgres container
fail:
ansible.builtin.fail:
msg: "This command is working only when matrix-postgres container is being used"
when: "not matrix_postgres_enabled|bool"
- name: Ensure matrix-synapse is started
service:
ansible.builtin.service:
name: matrix-synapse
state: started
daemon_reload: true
register: start_result
- name: Ensure matrix-postgres is started
service:
ansible.builtin.service:
name: matrix-postgres
state: started
daemon_reload: true
@@ -36,8 +36,8 @@
when: "start_result.changed or postgres_start_result.changed"
- name: Generate password hash
shell: "{{ matrix_host_command_docker }} exec matrix-synapse /usr/local/bin/hash_password -c /data/homeserver.yaml -p {{ password|quote }}"
ansible.builtin.shell: "{{ matrix_host_command_docker }} exec matrix-synapse /usr/local/bin/hash_password -c /data/homeserver.yaml -p {{ password|quote }}"
register: password_hash
- name: Update user password hash
command: "{{ matrix_local_bin_path }}/matrix-postgres-update-user-password-hash {{ username|quote }} {{ password_hash.stdout|quote }}"
ansible.builtin.command: "{{ matrix_local_bin_path }}/matrix-postgres-update-user-password-hash {{ username|quote }} {{ password_hash.stdout|quote }}"

10
roles/matrix-synapse/tasks/validate_config.yml
View File

@@ -1,7 +1,7 @@
---
- name: Fail if required Synapse settings not defined
fail:
ansible.builtin.fail:
msg: >-
You need to define a required configuration setting (`{{ item }}`) for using Synapse.
when: "vars[item] == ''"
@@ -13,7 +13,7 @@
- "matrix_synapse_database_database"
- name: Fail if asking to configure deprecaed workers (appservice, userdir)
fail:
ansible.builtin.fail:
msg: >-
`{{ item }}` cannot be more than 0.
This type of worker has been deprecated since Synapse v1.59.
@@ -25,7 +25,7 @@
- "matrix_synapse_workers_user_dir_workers_count"
- name: Fail if asking for more than 1 instance of single-instance workers
fail:
ansible.builtin.fail:
msg: >-
`{{ item }}` cannot be more than 1. This is a single-instance worker.
when: "vars[item]|int > 1"
@@ -34,7 +34,7 @@
- "matrix_synapse_workers_federation_sender_workers_count"
- name: (Deprecation) Catch and report renamed settings
fail:
ansible.builtin.fail:
msg: >-
Your configuration contains a variable, which now has a different name.
Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
@@ -63,7 +63,7 @@
- {'old': 'matrix_synapse_enable_group_creation', 'new': '<removed in Synapse v1.61.0 - use the new Spaces feature instead>'}
- name: (Deprecation) Catch and report renamed settings in matrix_synapse_configuration_extension_yaml
fail:
ansible.builtin.fail:
msg: >-
Your matrix_synapse_configuration_extension_yaml configuration contains a variable, which now has a different name.
Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).