finallycoffee/matrix-docker-ansible-deploy
5
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add retry logic for Synapse user registration on HMAC failure

Browse Source 
When the registration_shared_secret changes (derived from
matrix_synapse_macaroon_secret_key), a running Synapse container still
has the old secret in its config. This causes register_new_matrix_user
to fail with "HMAC incorrect" when the matrix-user-creator role tries
to register users.

This mirrors the approach from 2a581cce (which added similar retry
logic for the Matrix Authentication Service on database auth failure):
if the initial registration attempt fails with an HMAC error, restart
Synapse (picking up the new config with the updated secret), wait for
it to start, and retry.

Caused by c21a80d232

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Slavi Pantaleev
2026-02-09 06:29:14 +02:00
parent 5f8235f44a
commit 44b43a51b9
1 changed files with 29 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
roles/custom/matrix-user-creator/tasks/util/ensure_user_registered_synapse.yml
View File

@@ -4,9 +4,9 @@
---
- name: Ensure Synapse user registered - {{ user.username | quote }}
ansible.builtin.command:
cmd: |-
- name: Build Synapse user registration command - {{ user.username | quote }}
ansible.builtin.set_fact:
matrix_synapse_register_user_command: |-
{{ devture_systemd_docker_base_host_command_docker }} exec matrix-synapse
register_new_matrix_user
-u {{ user.username | quote }}
@@ -21,6 +21,31 @@
{% endif %}
{% endif %}
http://localhost:{{ matrix_synapse_container_client_api_port }}
- name: Ensure Synapse user registered - {{ user.username | quote }}
ansible.builtin.command:
cmd: "{{ matrix_synapse_register_user_command }}"
register: matrix_synapse_register_user_result
changed_when: matrix_synapse_register_user_result.rc == 0 and 'User ID already taken' not in matrix_synapse_register_user_result.stdout
failed_when: matrix_synapse_register_user_result.rc != 0 and 'User ID already taken' not in matrix_synapse_register_user_result.stdout
failed_when: >-
matrix_synapse_register_user_result.rc != 0
and 'User ID already taken' not in matrix_synapse_register_user_result.stdout
and 'HMAC incorrect' not in matrix_synapse_register_user_result.stdout
- when: "'HMAC incorrect' in matrix_synapse_register_user_result.stdout | default('')"
block:
- name: Restart Synapse due to HMAC failure (likely a registration_shared_secret change)
ansible.builtin.service:
name: "matrix-synapse.service"
state: restarted
- name: Wait for Synapse to start after restart
ansible.builtin.pause:
seconds: "{{ matrix_user_creator_homeserver_start_wait_time_seconds }}"
- name: Retry Synapse user registration - {{ user.username | quote }}
ansible.builtin.command:
cmd: "{{ matrix_synapse_register_user_command }}"
register: matrix_synapse_register_user_result
changed_when: matrix_synapse_register_user_result.rc == 0 and 'User ID already taken' not in matrix_synapse_register_user_result.stdout
failed_when: matrix_synapse_register_user_result.rc != 0 and 'User ID already taken' not in matrix_synapse_register_user_result.stdout