Add retry logic for Synapse user registration on HMAC failure
When the registration_shared_secret changes (derived from matrix_synapse_macaroon_secret_key), a running Synapse container still has the old secret in its config. This causes register_new_matrix_user to fail with "HMAC incorrect" when the matrix-user-creator role tries to register users. This mirrors the approach from2a581cce(which added similar retry logic for the Matrix Authentication Service on database auth failure): if the initial registration attempt fails with an HMAC error, restart Synapse (picking up the new config with the updated secret), wait for it to start, and retry. Caused byc21a80d232Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Slavi Pantaleev
@@ -4,9 +4,9 @@
|
|||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: Ensure Synapse user registered - {{ user.username | quote }}
|
- name: Build Synapse user registration command - {{ user.username | quote }}
|
||||||
ansible.builtin.command:
|
ansible.builtin.set_fact:
|
||||||
cmd: |-
|
matrix_synapse_register_user_command: |-
|
||||||
{{ devture_systemd_docker_base_host_command_docker }} exec matrix-synapse
|
{{ devture_systemd_docker_base_host_command_docker }} exec matrix-synapse
|
||||||
register_new_matrix_user
|
register_new_matrix_user
|
||||||
-u {{ user.username | quote }}
|
-u {{ user.username | quote }}
|
||||||
@@ -21,6 +21,31 @@
|
|||||||
{% endif %}
|
{% endif %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
http://localhost:{{ matrix_synapse_container_client_api_port }}
|
http://localhost:{{ matrix_synapse_container_client_api_port }}
|
||||||
|
|
||||||
|
- name: Ensure Synapse user registered - {{ user.username | quote }}
|
||||||
|
ansible.builtin.command:
|
||||||
|
cmd: "{{ matrix_synapse_register_user_command }}"
|
||||||
register: matrix_synapse_register_user_result
|
register: matrix_synapse_register_user_result
|
||||||
changed_when: matrix_synapse_register_user_result.rc == 0 and 'User ID already taken' not in matrix_synapse_register_user_result.stdout
|
changed_when: matrix_synapse_register_user_result.rc == 0 and 'User ID already taken' not in matrix_synapse_register_user_result.stdout
|
||||||
failed_when: matrix_synapse_register_user_result.rc != 0 and 'User ID already taken' not in matrix_synapse_register_user_result.stdout
|
failed_when: >-
|
||||||
|
matrix_synapse_register_user_result.rc != 0
|
||||||
|
and 'User ID already taken' not in matrix_synapse_register_user_result.stdout
|
||||||
|
and 'HMAC incorrect' not in matrix_synapse_register_user_result.stdout
|
||||||
|
|
||||||
|
- when: "'HMAC incorrect' in matrix_synapse_register_user_result.stdout | default('')"
|
||||||
|
block:
|
||||||
|
- name: Restart Synapse due to HMAC failure (likely a registration_shared_secret change)
|
||||||
|
ansible.builtin.service:
|
||||||
|
name: "matrix-synapse.service"
|
||||||
|
state: restarted
|
||||||
|
|
||||||
|
- name: Wait for Synapse to start after restart
|
||||||
|
ansible.builtin.pause:
|
||||||
|
seconds: "{{ matrix_user_creator_homeserver_start_wait_time_seconds }}"
|
||||||
|
|
||||||
|
- name: Retry Synapse user registration - {{ user.username | quote }}
|
||||||
|
ansible.builtin.command:
|
||||||
|
cmd: "{{ matrix_synapse_register_user_command }}"
|
||||||
|
register: matrix_synapse_register_user_result
|
||||||
|
changed_when: matrix_synapse_register_user_result.rc == 0 and 'User ID already taken' not in matrix_synapse_register_user_result.stdout
|
||||||
|
failed_when: matrix_synapse_register_user_result.rc != 0 and 'User ID already taken' not in matrix_synapse_register_user_result.stdout
|
||||||
|
|||||||
Reference in New Issue
Block a user