Upgrade Synapse (v0.99.4 -> v0.99.5.1)

2019-05-23 09:23:04 +09:00 · 2019-05-23 09:23:04 +09:00 · a8b633561d
commit a8b633561d
parent 7a08c9b7cc
3 changed files with 104 additions and 41 deletions
--- a/roles/matrix-synapse/defaults/main.yml
+++ b/roles/matrix-synapse/defaults/main.yml
@ -3,7 +3,7 @@

 matrix_synapse_enabled: true

-matrix_synapse_docker_image: "matrixdotorg/synapse:v0.99.4"
+matrix_synapse_docker_image: "matrixdotorg/synapse:v0.99.5.1"

 matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse"
 matrix_synapse_config_dir_path: "{{ matrix_synapse_base_path }}/config"
@ -67,8 +67,9 @@ matrix_synapse_storage_sql_log_level: "INFO"
 matrix_synapse_root_log_level: "INFO"

 # Rate limits
-matrix_synapse_rc_messages_per_second: 0.2
-matrix_synapse_rc_message_burst_count: 10.0
+matrix_synapse_rc_message:
+  per_second: 0.2
+  burst_count: 10

 matrix_synapse_rc_registration:
  per_second: 0.17
@ -85,11 +86,13 @@ matrix_synapse_rc_login:
    per_second: 0.17
    burst_count: 3

-matrix_synapse_federation_rc_window_size: 1000
-matrix_synapse_federation_rc_sleep_limit: 10
-matrix_synapse_federation_rc_sleep_delay: 500
-matrix_synapse_federation_rc_reject_limit: 50
-matrix_synapse_federation_rc_concurrent: 3
+matrix_synapse_rc_federation:
+  window_size: 1000
+  sleep_limit: 10
+  sleep_delay: 500
+  reject_limit: 50
+  concurrent: 3
+
 matrix_synapse_federation_rr_transactions_per_room_per_second: 50

 # Controls whether the TLS federation listener is enabled (tcp/8448).
--- a/roles/matrix-synapse/tasks/validate_config.yml
+++ b/roles/matrix-synapse/tasks/validate_config.yml
@ -20,3 +20,10 @@
    - {'old': 'matrix_enable_room_list_search', 'new': 'matrix_synapse_enable_room_list_search'}
    - {'old': 'matrix_alias_creation_rules', 'new': 'matrix_synapse_alias_creation_rules'}
    - {'old': 'matrix_room_list_publication_rules', 'new': 'matrix_synapse_room_list_publication_rules'}
+    - {'old': 'matrix_synapse_rc_messages_per_second', 'new': '<per_second subkey of matrix_synapse_rc_message>'}
+    - {'old': 'matrix_synapse_rc_message_burst_count', 'new': '<burst_count subkey of matrix_synapse_rc_message>'}
+    - {'old': 'matrix_synapse_federation_rc_window_size', 'new': '<window_size subkey of matrix_synapse_rc_federation>'}
+    - {'old': 'matrix_synapse_federation_rc_sleep_limit', 'new': '<sleep_limit subkey of matrix_synapse_rc_federation>'}
+    - {'old': 'matrix_synapse_federation_rc_sleep_delay', 'new': '<sleep_delay subkey of matrix_synapse_rc_federation>'}
+    - {'old': 'matrix_synapse_federation_rc_reject_limit', 'new': '<reject_limit subkey of matrix_synapse_rc_federation>'}
+    - {'old': 'matrix_synapse_federation_rc_concurrent', 'new': '<concurrent subkey of matrix_synapse_rc_federation>'}
--- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2
+++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2
@ -110,6 +110,24 @@ use_presence: {{ matrix_synapse_use_presence|to_json }}
 federation_domain_whitelist: {{ matrix_synapse_federation_domain_whitelist|to_json }}
 {% endif %}

+# Prevent federation requests from being sent to the following
+# blacklist IP address CIDR ranges. If this option is not specified, or
+# specified with an empty list, no ip range blacklist will be enforced.
+#
+# (0.0.0.0 and :: are always blacklisted, whether or not they are explicitly
+# listed here, since they correspond to unroutable addresses.)
+#
+federation_ip_range_blacklist:
+  - '127.0.0.0/8'
+  - '10.0.0.0/8'
+  - '172.16.0.0/12'
+  - '192.168.0.0/16'
+  - '100.64.0.0/10'
+  - '169.254.0.0/16'
+  - '::1/128'
+  - 'fe80::/64'
+  - 'fc00::/7'
+
 # List of ports that Synapse should listen on, their purpose and their
 # configuration.
 #
@ -260,6 +278,12 @@ listeners:
 #
 #require_membership_for_aliases: false

+# Whether to allow per-room membership profiles through the send of membership
+# events with profile information that differ from the target's global profile.
+# Defaults to 'true'.
+#
+#allow_per_room_profiles: false
+

 ## TLS ##

@ -433,21 +457,15 @@ log_config: "/data/{{ matrix_server_fqn_matrix }}.log.config"

 ## Ratelimiting ##

-# Number of messages a client can send per second
-#
-rc_messages_per_second: {{ matrix_synapse_rc_messages_per_second }}
-
-# Number of message a client can send before being throttled
-#
-rc_message_burst_count: {{ matrix_synapse_rc_message_burst_count }}
-
-# Ratelimiting settings for registration and login.
+# Ratelimiting settings for client actions (registration, login, messaging).
 #
 # Each ratelimiting configuration is made of two parameters:
 #   - per_second: number of requests a client can send per second.
 #   - burst_count: number of requests a client can send before being throttled.
 #
 # Synapse currently uses the following configurations:
+#   - one for messages that ratelimits sending based on the account the client
+#     is using
 #   - one for registration that ratelimits registration requests based on the
 #     client's IP address.
 #   - one for login that ratelimits login requests based on the client's IP
@ -460,6 +478,12 @@ rc_message_burst_count: {{ matrix_synapse_rc_message_burst_count }}
 #
 # The defaults are as shown below.
 #
+#rc_message:
+#  per_second: 0.2
+#  burst_count: 10
+#
+rc_message: {{ matrix_synapse_rc_message|to_json }}
+#
 #rc_registration:
 #  per_second: 0.17
 #  burst_count: 3
@ -477,34 +501,29 @@ rc_registration: {{ matrix_synapse_rc_registration|to_json }}
 #    burst_count: 3
 rc_login: {{ matrix_synapse_rc_login|to_json }}

-# The federation window size in milliseconds
-#
-#federation_rc_window_size: 1000
-federation_rc_window_size: {{ matrix_synapse_federation_rc_window_size }}

-# The number of federation requests from a single server in a window
-# before the server will delay processing the request.
+# Ratelimiting settings for incoming federation
 #
-#federation_rc_sleep_limit: 10
-federation_rc_sleep_limit: {{ matrix_synapse_federation_rc_sleep_limit }}
-
-# The duration in milliseconds to delay processing events from
-# remote servers by if they go over the sleep limit.
+# The rc_federation configuration is made up of the following settings:
+#   - window_size: window size in milliseconds
+#   - sleep_limit: number of federation requests from a single server in
+#     a window before the server will delay processing the request.
+#   - sleep_delay: duration in milliseconds to delay processing events
+#     from remote servers by if they go over the sleep limit.
+#   - reject_limit: maximum number of concurrent federation requests
+#     allowed from a single server
+#   - concurrent: number of federation requests to concurrently process
+#     from a single server
 #
-#federation_rc_sleep_delay: 500
-federation_rc_sleep_delay: {{ matrix_synapse_federation_rc_sleep_delay }}
-
-# The maximum number of concurrent federation requests allowed
-# from a single server
+# The defaults are as shown below.
 #
-#federation_rc_reject_limit: 50
-federation_rc_reject_limit: {{ matrix_synapse_federation_rc_reject_limit }}
-
-# The number of federation requests to concurrently process from a
-# single server
-#
-#federation_rc_concurrent: 3
-federation_rc_concurrent: {{ matrix_synapse_federation_rc_concurrent }}
+#rc_federation:
+#  window_size: 1000
+#  sleep_limit: 10
+#  sleep_delay: 500
+#  reject_limit: 50
+#  concurrent: 3
+rc_federation: {{ matrix_synapse_rc_federation|to_json }}

 # Target outgoing federation transaction frequency for sending read-receipts,
 # per-room.
@ -719,6 +738,40 @@ turn_allow_guests: False
 #
 enable_registration: {{ matrix_synapse_enable_registration|to_json }}

+# Optional account validity configuration. This allows for accounts to be denied
+# any request after a given period.
+#
+# ``enabled`` defines whether the account validity feature is enabled. Defaults
+# to False.
+#
+# ``period`` allows setting the period after which an account is valid
+# after its registration. When renewing the account, its validity period
+# will be extended by this amount of time. This parameter is required when using
+# the account validity feature.
+#
+# ``renew_at`` is the amount of time before an account's expiry date at which
+# Synapse will send an email to the account's email address with a renewal link.
+# This needs the ``email`` and ``public_baseurl`` configuration sections to be
+# filled.
+#
+# ``renew_email_subject`` is the subject of the email sent out with the renewal
+# link. ``%(app)s`` can be used as a placeholder for the ``app_name`` parameter
+# from the ``email`` section.
+#
+# Once this feature is enabled, Synapse will look for registered users without an
+# expiration date at startup and will add one to every account it found using the
+# current settings at that time.
+# This means that, if a validity period is set, and Synapse is restarted (it will
+# then derive an expiration date from the current validity period), and some time
+# after that the validity period changes and Synapse is restarted, the users'
+# expiration dates won't be updated unless their account is manually renewed.
+#
+#account_validity:
+#  enabled: True
+#  period: 6w
+#  renew_at: 1w
+#  renew_email_subject: "Renew your %(app)s account"
+
 # The user must provide all of the below types of 3PID when registering.
 #
 #registrations_require_3pid: