From a095accce7f54aafb5248b19155c8aeb79bde0a6 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sun, 6 Feb 2022 18:05:25 +0200 Subject: [PATCH 1/2] Replace some CentOS references to support other RHEL derivatives Not hardcoding 'CentOS' and using the OS family ('RedHat') instead, we now behave better on Rockylinux and AlmaLinux, etc. With that said, we may or may not fully support CentOS/Rockylinux/AlmaLinux v8 yet. Certain things were improved in https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/300. v8 support is discussed here: https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/300 Certain things (firewalld?) may still be problematic. This patch does not try to address those. If the remaining issues are confirmed to be fixed in the future, we can mark v8 as supported. --- roles/matrix-base/defaults/main.yml | 4 ++-- roles/matrix-base/tasks/server_base/setup.yml | 8 ++++---- .../server_base/{setup_centos.yml => setup_redhat.yml} | 0 .../server_base/{setup_centos8.yml => setup_redhat8.yml} | 0 roles/matrix-base/tasks/util/ensure_fuse_installed.yml | 6 +++--- roles/matrix-base/tasks/util/ensure_openssl_installed.yml | 6 +++--- roles/matrix-ma1sd/tasks/setup_install.yml | 6 +++--- 7 files changed, 15 insertions(+), 15 deletions(-) rename roles/matrix-base/tasks/server_base/{setup_centos.yml => setup_redhat.yml} (100%) rename roles/matrix-base/tasks/server_base/{setup_centos8.yml => setup_redhat8.yml} (100%) diff --git a/roles/matrix-base/defaults/main.yml b/roles/matrix-base/defaults/main.yml index be403de76..c6b0c1a59 100644 --- a/roles/matrix-base/defaults/main.yml +++ b/roles/matrix-base/defaults/main.yml @@ -98,8 +98,8 @@ matrix_host_command_openssl: "/usr/bin/env openssl" matrix_host_command_systemctl: "/usr/bin/env systemctl" matrix_host_command_sh: "/usr/bin/env sh" -matrix_ntpd_package: "{{ 'systemd-timesyncd' if (ansible_distribution == 'CentOS' and ansible_distribution_major_version > '7') or (ansible_distribution == 'Ubuntu' and ansible_distribution_major_version > '18') else ( 'systemd' if ansible_os_family == 'Suse' else 'ntp' ) }}" -matrix_ntpd_service: "{{ 'systemd-timesyncd' if (ansible_distribution == 'CentOS' and ansible_distribution_major_version > '7') or (ansible_distribution == 'Ubuntu' and ansible_distribution_major_version > '18') or ansible_distribution == 'Archlinux' or ansible_os_family == 'Suse' else ('ntpd' if ansible_os_family == 'RedHat' else 'ntp') }}" +matrix_ntpd_package: "{{ 'systemd-timesyncd' if (ansible_os_family == 'RedHat' and ansible_distribution_major_version > '7') or (ansible_distribution == 'Ubuntu' and ansible_distribution_major_version > '18') else ( 'systemd' if ansible_os_family == 'Suse' else 'ntp' ) }}" +matrix_ntpd_service: "{{ 'systemd-timesyncd' if (ansible_os_family == 'RedHat' and ansible_distribution_major_version > '7') or (ansible_distribution == 'Ubuntu' and ansible_distribution_major_version > '18') or ansible_distribution == 'Archlinux' or ansible_os_family == 'Suse' else ('ntpd' if ansible_os_family == 'RedHat' else 'ntp') }}" matrix_homeserver_url: "https://{{ matrix_server_fqn_matrix }}" diff --git a/roles/matrix-base/tasks/server_base/setup.yml b/roles/matrix-base/tasks/server_base/setup.yml index 0869e5017..33e397f91 100644 --- a/roles/matrix-base/tasks/server_base/setup.yml +++ b/roles/matrix-base/tasks/server_base/setup.yml @@ -1,10 +1,10 @@ --- -- include_tasks: "{{ role_path }}/tasks/server_base/setup_centos.yml" - when: ansible_distribution == 'CentOS' and ansible_distribution_major_version < '8' +- include_tasks: "{{ role_path }}/tasks/server_base/setup_redhat.yml" + when: ansible_os_family == 'RedHat' and ansible_distribution_major_version < '8' -- include_tasks: "{{ role_path }}/tasks/server_base/setup_centos8.yml" - when: ansible_distribution == 'CentOS' and ansible_distribution_major_version > '7' +- include_tasks: "{{ role_path }}/tasks/server_base/setup_redhat8.yml" + when: ansible_os_family == 'RedHat' and ansible_distribution_major_version > '7' - block: # ansible_lsb is only available if lsb-release is installed. diff --git a/roles/matrix-base/tasks/server_base/setup_centos.yml b/roles/matrix-base/tasks/server_base/setup_redhat.yml similarity index 100% rename from roles/matrix-base/tasks/server_base/setup_centos.yml rename to roles/matrix-base/tasks/server_base/setup_redhat.yml diff --git a/roles/matrix-base/tasks/server_base/setup_centos8.yml b/roles/matrix-base/tasks/server_base/setup_redhat8.yml similarity index 100% rename from roles/matrix-base/tasks/server_base/setup_centos8.yml rename to roles/matrix-base/tasks/server_base/setup_redhat8.yml diff --git a/roles/matrix-base/tasks/util/ensure_fuse_installed.yml b/roles/matrix-base/tasks/util/ensure_fuse_installed.yml index 948c60825..a0e1acf09 100644 --- a/roles/matrix-base/tasks/util/ensure_fuse_installed.yml +++ b/roles/matrix-base/tasks/util/ensure_fuse_installed.yml @@ -1,11 +1,11 @@ -# This is for both CentOS 7 and 8 -- name: Ensure fuse installed (CentOS) +# This is for both RedHat 7 and 8 +- name: Ensure fuse installed (RedHat) yum: name: - fuse state: latest - when: ansible_distribution == 'CentOS' + when: ansible_os_family == 'RedHat' # This is for both Debian and Raspbian - name: Ensure fuse installed (Debian/Raspbian) diff --git a/roles/matrix-base/tasks/util/ensure_openssl_installed.yml b/roles/matrix-base/tasks/util/ensure_openssl_installed.yml index 39442bca9..c6277d3cb 100644 --- a/roles/matrix-base/tasks/util/ensure_openssl_installed.yml +++ b/roles/matrix-base/tasks/util/ensure_openssl_installed.yml @@ -1,11 +1,11 @@ -# This is for both CentOS 7 and 8 -- name: Ensure openssl installed (CentOS) +# This is for both RedHat 7 and 8 +- name: Ensure openssl installed (RedHat) yum: name: - openssl state: latest - when: ansible_distribution == 'CentOS' + when: ansible_os_family == 'RedHat' # This is for both Debian and Raspbian - name: Ensure openssl installed (Debian/Raspbian) diff --git a/roles/matrix-ma1sd/tasks/setup_install.yml b/roles/matrix-ma1sd/tasks/setup_install.yml index 3f319eeff..cd82b129c 100644 --- a/roles/matrix-ma1sd/tasks/setup_install.yml +++ b/roles/matrix-ma1sd/tasks/setup_install.yml @@ -62,10 +62,10 @@ update_cache: yes when: (ansible_os_family == 'Debian') - - name: Ensure gradle is installed for self-building (CentOS) + - name: Ensure gradle is installed for self-building (RedHat) fail: - msg: "Installing gradle on CentOS is currently not supported, so self-building ma1sd cannot happen at this time" - when: ansible_distribution == 'CentOS' + msg: "Installing gradle on RedHat ({{ ansible_distribution }}) is currently not supported, so self-building ma1sd cannot happen at this time" + when: ansible_os_family == 'RedHat' - name: Ensure gradle is installed for self-building (Archlinux) pacman: From 5163aa643a02b27dbde97c1eb7f24cee2ce20cbd Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 8 Feb 2022 15:13:41 +0200 Subject: [PATCH 2/2] Upgrade Synapse (1.51.0 -> 1.52.0) This also removes the `matrix_synapse_version_arm64` variable we've been dragging around for a long time. Since https://github.com/matrix-org/synapse/pull/11810, a multiarch Synapse container image (for AMD64 and ARM64) is released at the same time. --- roles/matrix-synapse/defaults/main.yml | 12 ++----- .../matrix-synapse/tasks/validate_config.yml | 1 + .../templates/synapse/homeserver.yaml.j2 | 34 ++++++++++++++++--- 3 files changed, 32 insertions(+), 15 deletions(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 364f26a56..9c6b1b1f5 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -8,16 +8,8 @@ matrix_synapse_container_image_self_build_repo: "https://github.com/matrix-org/s matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}" matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}" -# The if statement below may look silly at times (leading to the same version being returned), -# but ARM-compatible container images are only released 1-7 hours after a release, -# so we may often be on different versions for different architectures when new Synapse releases come out. -# -# amd64 gets released first. -# arm32 relies on self-building, so the same version can be built immediately. -# arm64 users need to wait for a prebuilt image to become available. -matrix_synapse_version: v1.51.0 -matrix_synapse_version_arm64: v1.51.0 -matrix_synapse_docker_image_tag: "{{ matrix_synapse_version if matrix_architecture in ['arm32', 'amd64'] else matrix_synapse_version_arm64 }}" +matrix_synapse_version: v1.52.0 +matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse" diff --git a/roles/matrix-synapse/tasks/validate_config.yml b/roles/matrix-synapse/tasks/validate_config.yml index 6dcb50ce5..89107c0a6 100644 --- a/roles/matrix-synapse/tasks/validate_config.yml +++ b/roles/matrix-synapse/tasks/validate_config.yml @@ -48,6 +48,7 @@ - {'old': 'matrix_synapse_cache_factor', 'new': 'matrix_synapse_caches_global_factor'} - {'old': 'matrix_synapse_trusted_third_party_id_servers', 'new': ''} - {'old': 'matrix_synapse_use_presence', 'new': 'matrix_synapse_presence_enabled'} + - {'old': 'matrix_synapse_version_arm64', 'new': ''} - name: (Deprecation) Catch and report renamed settings in matrix_synapse_configuration_extension_yaml fail: diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 9c7c22f5c..8cfb9b205 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -16,11 +16,11 @@ # documentation on how to configure or create custom modules for Synapse. # #modules: - # - module: my_super_module.MySuperClass - # config: - # do_thing: true - # - module: my_other_super_module.SomeClass - # config: {} + #- module: my_super_module.MySuperClass + # config: + # do_thing: true + #- module: my_other_super_module.SomeClass + # config: {} modules: {{ matrix_synapse_modules|to_json }} @@ -488,6 +488,20 @@ limit_remote_rooms: # #allow_per_room_profiles: false +# The largest allowed file size for a user avatar. Defaults to no restriction. +# +# Note that user avatar changes will not work if this is set without +# using Synapse's media repository. +# +#max_avatar_size: 10M + +# The MIME types allowed for user avatars. Defaults to no restriction. +# +# Note that user avatar changes will not work if this is set without +# using Synapse's media repository. +# +#allowed_avatar_mimetypes: ["image/png", "image/jpeg", "image/gif"] + # How long to keep redacted events in unredacted form in the database. After # this period redacted events get replaced with their redacted form in the DB. # @@ -1458,6 +1472,16 @@ autocreate_auto_join_rooms: {{ matrix_synapse_autocreate_auto_join_rooms|to_json # #auto_join_rooms_for_guests: false +# Whether to inhibit errors raised when registering a new account if the user ID +# already exists. If turned on, that requests to /register/available will always +# show a user ID as available, and Synapse won't raise an error when starting +# a registration with a user ID that already exists. However, Synapse will still +# raise an error if the registration completes and the username conflicts. +# +# Defaults to false. +# +#inhibit_user_in_use_error: true + ## Metrics ###