Prefer --mount instead of -v for mounting volumes
This doesn't replace all usage of `-v`, but it's a start. People sometimes troubleshoot by deleting files (especially bridge config files). Restarting Synapse with a missing registration.yaml file for a given bridge, causes the `-v /something/registration.yaml:/something/registration.yaml:ro` option to force-create `/something/registration.yaml` as a directory. When a path that's provided to the `-v` option is missing, Docker auto-creates that path as a directory. This causes more breakage and confusion later on. We'd rather fail, instead of magically creating directories. Using `--mount`, instead of `-v` is the solution to this. From Docker's documentation: > When you use --mount with type=bind, the host-path must refer to an existing path on the host. > The path will not be created for you and the service will fail with an error if the path does not exist.
This commit is contained in:
parent
7d8dde8a53
commit
70487061f4
@ -89,10 +89,8 @@ matrix_nginx_proxy_proxy_matrix_federation_api_ssl_certificate_key: /matrix/ssl/
|
||||
If your files are not in `/matrix/ssl` but in some other location, you would need to mount them into the container:
|
||||
|
||||
```yaml
|
||||
matrix_nginx_proxy_container_additional_volumes:
|
||||
- src: /some/path/on/the/host
|
||||
dst: /some/path/inside/the/container
|
||||
options: ro
|
||||
matrix_synapse_container_extra_arguments:
|
||||
- "--mount type-bind,src=/some/path/on/the/host,dst=/some/path/inside/the/container,ro"
|
||||
```
|
||||
|
||||
You then refer to them (for `matrix_nginx_proxy_proxy_matrix_federation_api_ssl_certificate` and `matrix_nginx_proxy_proxy_matrix_federation_api_ssl_certificate_key`) by using `/some/path/inside/the/container`.
|
||||
@ -118,10 +116,8 @@ Make sure to reload/restart your webserver once in a while, so that newer certif
|
||||
To do that, make sure the certificate files are mounted into the Synapse container:
|
||||
|
||||
```yaml
|
||||
matrix_synapse_container_additional_volumes:
|
||||
- src: /some/path/on/the/host
|
||||
dst: /some/path/inside/the/container
|
||||
options: ro
|
||||
matrix_synapse_container_extra_arguments:
|
||||
- "--mount type-bind,src=/some/path/on/the/host,dst=/some/path/inside/the/container,ro"
|
||||
```
|
||||
|
||||
You can then tell Synapse to serve Federation traffic over TLS on `tcp/8448`:
|
||||
|
@ -61,9 +61,6 @@
|
||||
-l discord_bot
|
||||
when: "not appservice_discord_registration_file.stat.exists"
|
||||
|
||||
- set_fact:
|
||||
matrix_synapse_app_service_config_file_appservice_discord: '{{ matrix_appservice_discord_base_path }}/discord-registration.yml'
|
||||
|
||||
- name: Check if a matrix-appservice-discord invite_link file exists
|
||||
stat:
|
||||
path: "{{ matrix_appservice_discord_base_path }}/invite_link"
|
||||
@ -82,12 +79,12 @@
|
||||
|
||||
# If the matrix-synapse role is not used, these variables may not exist.
|
||||
- set_fact:
|
||||
matrix_synapse_container_additional_volumes: >
|
||||
{{ matrix_synapse_container_additional_volumes|default([]) }}
|
||||
matrix_synapse_container_extra_arguments: >
|
||||
{{ matrix_synapse_container_extra_arguments|default([]) }}
|
||||
+
|
||||
{{ [{'src': '{{ matrix_appservice_discord_base_path }}/discord-registration.yaml', 'dst': '{{ matrix_synapse_app_service_config_file_appservice_discord }}', 'options': 'ro'}] }}
|
||||
{{ ["--mount type=bind,src={{ matrix_appservice_discord_base_path }}/discord-registration.yaml,dst=/matrix-appservice-discord-registration.yaml,ro"] }}
|
||||
|
||||
matrix_synapse_app_service_config_files: >
|
||||
{{ matrix_synapse_app_service_config_files|default([]) }}
|
||||
+
|
||||
{{ ["{{ matrix_synapse_app_service_config_file_appservice_discord }}"] | to_nice_json }}
|
||||
{{ ["/matrix-appservice-discord-registration.yaml"] }}
|
||||
|
@ -70,20 +70,17 @@
|
||||
-l irc_bot
|
||||
when: "not appservice_irc_registration_file.stat.exists"
|
||||
|
||||
- set_fact:
|
||||
matrix_synapse_app_service_config_file_appservice_irc: '/app-registration/appservice-irc.yml'
|
||||
|
||||
# If the matrix-synapse role is not used, these variables may not exist.
|
||||
- set_fact:
|
||||
matrix_synapse_container_additional_volumes: >
|
||||
{{ matrix_synapse_container_additional_volumes|default([]) }}
|
||||
matrix_synapse_container_extra_arguments: >
|
||||
{{ matrix_synapse_container_extra_arguments|default([]) }}
|
||||
+
|
||||
{{ [{'src': '{{ matrix_appservice_irc_base_path }}/registration.yaml', 'dst': '{{ matrix_synapse_app_service_config_file_appservice_irc }}', 'options': 'ro'}] }}
|
||||
{{ ["--mount type=bind,src={{ matrix_appservice_irc_base_path }}/registration.yaml,dst=/matrix-appservice-irc-registration.yaml,ro"] }}
|
||||
|
||||
matrix_synapse_app_service_config_files: >
|
||||
{{ matrix_synapse_app_service_config_files|default([]) }}
|
||||
+
|
||||
{{ ["{{ matrix_synapse_app_service_config_file_appservice_irc }}"] | to_nice_json }}
|
||||
{{ ["/matrix-appservice-irc-registration.yaml"] }}
|
||||
|
||||
- name: Ensure IRC configuration directory permissions are correct
|
||||
file:
|
||||
|
@ -65,17 +65,14 @@
|
||||
python3 -m mautrix_facebook -g -c /data/config.yaml -r /data/registration.yaml
|
||||
when: "not mautrix_facebook_registration_file_stat.stat.exists"
|
||||
|
||||
- set_fact:
|
||||
matrix_synapse_app_service_config_file_mautrix_facebook: '/app-registration/mautrix-facebook.yml'
|
||||
|
||||
# If the matrix-synapse role is not used, these variables may not exist.
|
||||
- set_fact:
|
||||
matrix_synapse_container_additional_volumes: >
|
||||
{{ matrix_synapse_container_additional_volumes|default([]) }}
|
||||
matrix_synapse_container_extra_arguments: >
|
||||
{{ matrix_synapse_container_extra_arguments|default([]) }}
|
||||
+
|
||||
{{ [{'src': '{{ matrix_mautrix_facebook_base_path }}/registration.yaml', 'dst': '{{ matrix_synapse_app_service_config_file_mautrix_facebook }}', 'options': 'ro'}] }}
|
||||
{{ ["--mount type=bind,src={{ matrix_mautrix_facebook_base_path }}/registration.yaml,dst=/matrix-mautrix-facebook-registration.yaml,ro"] }}
|
||||
|
||||
matrix_synapse_app_service_config_files: >
|
||||
{{ matrix_synapse_app_service_config_files|default([]) }}
|
||||
+
|
||||
{{ ["{{ matrix_synapse_app_service_config_file_mautrix_facebook }}"] | to_nice_json }}
|
||||
{{ ["/matrix-mautrix-facebook-registration.yaml"] }}
|
||||
|
@ -76,20 +76,17 @@
|
||||
python3 -m mautrix_telegram -g -c /data/config.yaml -r /data/registration.yaml
|
||||
when: "not mautrix_telegram_registration_file_stat.stat.exists"
|
||||
|
||||
- set_fact:
|
||||
matrix_synapse_app_service_config_file_mautrix_telegram: '/app-registration/mautrix-telegram.yml'
|
||||
|
||||
# If the matrix-synapse role is not used, these variables may not exist.
|
||||
- set_fact:
|
||||
matrix_synapse_container_additional_volumes: >
|
||||
{{ matrix_synapse_container_additional_volumes|default([]) }}
|
||||
matrix_synapse_container_extra_arguments: >
|
||||
{{ matrix_synapse_container_extra_arguments|default([]) }}
|
||||
+
|
||||
{{ [{'src': '{{ matrix_mautrix_telegram_base_path }}/registration.yaml', 'dst': '{{ matrix_synapse_app_service_config_file_mautrix_telegram }}', 'options': 'ro'}] }}
|
||||
{{ ["--mount type=bind,src={{ matrix_mautrix_telegram_base_path }}/registration.yaml,dst=/matrix-mautrix-telegram-registration.yaml,ro"] }}
|
||||
|
||||
matrix_synapse_app_service_config_files: >
|
||||
{{ matrix_synapse_app_service_config_files|default([]) }}
|
||||
+
|
||||
{{ ["{{ matrix_synapse_app_service_config_file_mautrix_telegram }}"] | to_nice_json }}
|
||||
{{ ["/matrix-mautrix-telegram-registration.yaml"] }}
|
||||
|
||||
- block:
|
||||
- name: Fail if matrix-nginx-proxy role already executed
|
||||
|
@ -65,17 +65,14 @@
|
||||
/usr/bin/mautrix-whatsapp -g -c /data/config.yaml -r /data/registration.yaml
|
||||
when: "not mautrix_whatsapp_registration_file_stat.stat.exists"
|
||||
|
||||
- set_fact:
|
||||
matrix_synapse_app_service_config_file_mautrix_whatsapp: '/app-registration/mautrix-whatsapp.yml'
|
||||
|
||||
# If the matrix-synapse role is not used, these variables may not exist.
|
||||
- set_fact:
|
||||
matrix_synapse_container_additional_volumes: >
|
||||
{{ matrix_synapse_container_additional_volumes|default([]) }}
|
||||
matrix_synapse_container_extra_arguments: >
|
||||
{{ matrix_synapse_container_extra_arguments|default([]) }}
|
||||
+
|
||||
{{ [{'src': '{{ matrix_mautrix_whatsapp_base_path }}/registration.yaml', 'dst': '{{ matrix_synapse_app_service_config_file_mautrix_whatsapp }}', 'options': 'ro'}] }}
|
||||
{{ ["--mount type=bind,src={{ matrix_mautrix_whatsapp_base_path }}/registration.yaml,dst=/matrix-mautrix-whatsapp-registration.yaml,ro"] }}
|
||||
|
||||
matrix_synapse_app_service_config_files: >
|
||||
{{ matrix_synapse_app_service_config_files|default([]) }}
|
||||
+
|
||||
{{ ["{{ matrix_synapse_app_service_config_file_mautrix_whatsapp }}"] | to_nice_json }}
|
||||
{{ ["/matrix-mautrix-whatsapp-registration.yaml"] }}
|
||||
|
@ -170,6 +170,11 @@ matrix_synapse_federation_domain_whitelist: ~
|
||||
# A list of additional "volumes" to mount in the container.
|
||||
# This list gets populated dynamically based on Synapse extensions that have been enabled.
|
||||
# Contains definition objects like this: `{"src": "/outside", "dst": "/inside", "options": "rw|ro|slave|.."}
|
||||
#
|
||||
# Note: internally, this uses the `-v` flag for mounting the specified volumes.
|
||||
# It's better (safer) to use the `--mount` flag for mounting volumes.
|
||||
# To use `--mount`, specifiy it in `matrix_synapse_container_extra_arguments`.
|
||||
# Example: `matrix_synapse_container_extra_arguments: ['--mount type=bind,src=/outside,dst=/inside,ro']
|
||||
matrix_synapse_container_additional_volumes: []
|
||||
|
||||
# A list of additional loggers to register in synapse.log.config.
|
||||
@ -179,7 +184,7 @@ matrix_synapse_additional_loggers: []
|
||||
|
||||
# A list of appservice config files (in-container filesystem paths).
|
||||
# This list gets populated dynamically based on Synapse extensions that have been enabled.
|
||||
# You may wish to use this together with `matrix_synapse_container_additional_volumes`.
|
||||
# You may wish to use this together with `matrix_synapse_container_additional_volumes` or `matrix_synapse_container_extra_arguments`.
|
||||
matrix_synapse_app_service_config_files: []
|
||||
|
||||
# This is set dynamically during execution depending on whether
|
||||
|
@ -1,8 +1,6 @@
|
||||
- set_fact:
|
||||
matrix_synapse_password_providers_enabled: true
|
||||
when: matrix_synapse_ext_password_provider_ldap_enabled|bool
|
||||
|
||||
- set_fact:
|
||||
matrix_synapse_additional_loggers: >
|
||||
{{ matrix_synapse_additional_loggers }}
|
||||
+
|
||||
|
@ -17,13 +17,11 @@
|
||||
- set_fact:
|
||||
matrix_synapse_password_providers_enabled: true
|
||||
|
||||
- set_fact:
|
||||
matrix_synapse_container_additional_volumes: >
|
||||
{{ matrix_synapse_container_additional_volumes }}
|
||||
matrix_synapse_container_extra_arguments: >
|
||||
{{ matrix_synapse_container_extra_arguments|default([]) }}
|
||||
+
|
||||
{{ [{'src': '{{ matrix_synapse_ext_path }}/rest_auth_provider.py', 'dst': '{{ matrix_synapse_in_container_python_packages_path }}/rest_auth_provider.py', 'options': 'ro'}] }}
|
||||
{{ ["--mount type=bind,src={{ matrix_synapse_ext_path }}/rest_auth_provider.py,dst={{ matrix_synapse_in_container_python_packages_path }}/rest_auth_provider.py,ro"] }}
|
||||
|
||||
- set_fact:
|
||||
matrix_synapse_additional_loggers: >
|
||||
{{ matrix_synapse_additional_loggers }}
|
||||
+
|
||||
|
@ -17,13 +17,11 @@
|
||||
- set_fact:
|
||||
matrix_synapse_password_providers_enabled: true
|
||||
|
||||
- set_fact:
|
||||
matrix_synapse_container_additional_volumes: >
|
||||
{{ matrix_synapse_container_additional_volumes }}
|
||||
matrix_synapse_container_extra_arguments: >
|
||||
{{ matrix_synapse_container_extra_arguments|default([]) }}
|
||||
+
|
||||
{{ [{'src': '{{ matrix_synapse_ext_path }}/shared_secret_authenticator.py', 'dst': '{{ matrix_synapse_in_container_python_packages_path }}/shared_secret_authenticator.py', 'options': 'ro'}] }}
|
||||
{{ ["--mount type=bind,src={{ matrix_synapse_ext_path }}/shared_secret_authenticator.py,dst={{ matrix_synapse_in_container_python_packages_path }}/shared_secret_authenticator.py,ro"] }}
|
||||
|
||||
- set_fact:
|
||||
matrix_synapse_additional_loggers: >
|
||||
{{ matrix_synapse_additional_loggers }}
|
||||
+
|
||||
|
Loading…
Reference in New Issue
Block a user