diff --git a/roles/matrix-synapse/tasks/goofys/setup.yml b/roles/matrix-synapse/tasks/goofys/setup.yml new file mode 100644 index 00000000..56a792f0 --- /dev/null +++ b/roles/matrix-synapse/tasks/goofys/setup.yml @@ -0,0 +1,7 @@ +--- + +- import_tasks: "{{ role_path }}/tasks/goofys/setup_install.yml" + when: matrix_s3_media_store_enabled + +- import_tasks: "{{ role_path }}/tasks/goofys/setup_uninstall.yml" + when: "not matrix_s3_media_store_enabled" diff --git a/roles/matrix-synapse/tasks/goofys/setup_install.yml b/roles/matrix-synapse/tasks/goofys/setup_install.yml new file mode 100644 index 00000000..86d228b0 --- /dev/null +++ b/roles/matrix-synapse/tasks/goofys/setup_install.yml @@ -0,0 +1,38 @@ +- name: Ensure Goofys Docker image is pulled + docker_image: + name: "{{ matrix_s3_goofys_docker_image }}" + +# This will throw a Permission Denied error if already mounted +- name: Check Matrix Goofys external storage mountpoint path + stat: + path: "{{ matrix_synapse_media_store_path }}" + register: local_path_matrix_synapse_media_store_path_stat + ignore_errors: yes + +- name: Ensure Matrix Goofys external storage mountpoint exists + file: + path: "{{ matrix_synapse_media_store_path }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_uid }}" + group: "{{ matrix_user_gid }}" + when: "not local_path_matrix_synapse_media_store_path_stat.failed and not local_path_matrix_synapse_media_store_path_stat.stat.exists" + +- name: Ensure goofys environment variables file created + template: + src: "{{ role_path }}/templates/goofys/env-goofys.j2" + dest: "{{ matrix_synapse_config_dir_path }}/env-goofys" + owner: root + mode: 0600 + +- name: Ensure matrix-goofys.service installed + template: + src: "{{ role_path }}/templates/goofys/systemd/matrix-goofys.service.j2" + dest: "/etc/systemd/system/matrix-goofys.service" + mode: 0644 + register: matrix_goofys_systemd_service_result + +- name: Ensure systemd reloaded after matrix-goofys.service installation + service: + daemon_reload: yes + when: "matrix_goofys_systemd_service_result.changed" diff --git a/roles/matrix-synapse/tasks/goofys/setup_uninstall.yml b/roles/matrix-synapse/tasks/goofys/setup_uninstall.yml new file mode 100644 index 00000000..076f9a37 --- /dev/null +++ b/roles/matrix-synapse/tasks/goofys/setup_uninstall.yml @@ -0,0 +1,33 @@ +- name: Check existence of matrix-goofys service + stat: + path: "/etc/systemd/system/matrix-goofys.service" + register: matrix_goofys_service_stat + +- name: Ensure matrix-goofys is stopped + service: + name: matrix-goofys + state: stopped + daemon_reload: yes + register: stopping_result + when: "matrix_goofys_service_stat.stat.exists" + +- name: Ensure matrix-goofys.service doesn't exist + file: + path: "/etc/systemd/system/matrix-goofys.service" + state: absent + when: "matrix_goofys_service_stat.stat.exists" + +- name: Ensure systemd reloaded after matrix-goofys.service removal + service: + daemon_reload: yes + when: "matrix_goofys_service_stat.stat.exists" + +- name: Ensure goofys environment variables file doesn't exist + file: + path: "{{ matrix_synapse_config_dir_path }}/env-goofys" + state: absent + +- name: Ensure Goofys Docker image doesn't exist + docker_image: + name: "{{ matrix_s3_goofys_docker_image }}" + state: absent diff --git a/roles/matrix-synapse/tasks/init.yml b/roles/matrix-synapse/tasks/init.yml index 753f3223..d8ff42a1 100644 --- a/roles/matrix-synapse/tasks/init.yml +++ b/roles/matrix-synapse/tasks/init.yml @@ -1,5 +1,6 @@ - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-synapse'] }}" + when: matrix_synapse_enabled - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-goofys'] }}" diff --git a/roles/matrix-synapse/tasks/main.yml b/roles/matrix-synapse/tasks/main.yml index 8404ccf1..f51b2416 100644 --- a/roles/matrix-synapse/tasks/main.yml +++ b/roles/matrix-synapse/tasks/main.yml @@ -8,7 +8,7 @@ - setup-all - setup-synapse -- import_tasks: "{{ role_path }}/tasks/setup_synapse_entrypoint.yml" +- import_tasks: "{{ role_path }}/tasks/setup_synapse.yml" when: run_setup tags: - setup-all diff --git a/roles/matrix-synapse/tasks/self_check_client_api.yml b/roles/matrix-synapse/tasks/self_check_client_api.yml index 888ff210..2fdc3e06 100644 --- a/roles/matrix-synapse/tasks/self_check_client_api.yml +++ b/roles/matrix-synapse/tasks/self_check_client_api.yml @@ -7,12 +7,14 @@ validate_certs: "{{ matrix_synapse_self_check_validate_certificates }}" register: result_matrix_synapse_client_api ignore_errors: true + when: matrix_synapse_enabled - name: Fail if Matrix Client API not working fail: msg: "Failed checking Matrix Client API is up at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_client_api_url_endpoint_public }}`). Is Synapse running? Is port 443 open in your firewall? Full error: {{ result_matrix_synapse_client_api }}" - when: "result_matrix_synapse_client_api.failed or 'json' not in result_matrix_synapse_client_api" + when: "matrix_synapse_enabled and (result_matrix_synapse_client_api.failed or 'json' not in result_matrix_synapse_client_api)" - name: Report working Matrix Client API debug: msg: "The Matrix Client API at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_client_api_url_endpoint_public }}`) is working" + when: matrix_synapse_enabled diff --git a/roles/matrix-synapse/tasks/self_check_federation_api.yml b/roles/matrix-synapse/tasks/self_check_federation_api.yml index db3070f7..034d91ae 100644 --- a/roles/matrix-synapse/tasks/self_check_federation_api.yml +++ b/roles/matrix-synapse/tasks/self_check_federation_api.yml @@ -7,18 +7,19 @@ validate_certs: "{{ matrix_synapse_self_check_validate_certificates }}" register: result_matrix_synapse_federation_api ignore_errors: true + when: matrix_synapse_enabled - name: Fail if Matrix Federation API not working fail: msg: "Failed checking Matrix Federation API is up at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_federation_api_url_endpoint_public }}`). Is Synapse running? Is port 8448 open in your firewall? Full error: {{ result_matrix_synapse_federation_api }}" - when: "matrix_synapse_federation_enabled and (result_matrix_synapse_federation_api.failed or 'json' not in result_matrix_synapse_federation_api)" + when: "matrix_synapse_enabled and matrix_synapse_federation_enabled and (result_matrix_synapse_federation_api.failed or 'json' not in result_matrix_synapse_federation_api)" - name: Fail if Matrix Federation API unexpectedly enabled fail: msg: "Matrix Federation API is up at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_federation_api_url_endpoint_public }}`) despite being disabled." - when: "matrix_synapse_federation_enabled == false and not result_matrix_synapse_federation_api.failed" + when: "matrix_synapse_enabled and not matrix_synapse_federation_enabled and not result_matrix_synapse_federation_api.failed" - name: Report working Matrix Federation API debug: msg: "The Matrix Federation API at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_federation_api_url_endpoint_public }}`) is working" - when: "matrix_synapse_federation_enabled" + when: "matrix_synapse_enabled and matrix_synapse_federation_enabled" diff --git a/roles/matrix-synapse/tasks/setup_synapse_pre.yml b/roles/matrix-synapse/tasks/setup_synapse.yml similarity index 66% rename from roles/matrix-synapse/tasks/setup_synapse_pre.yml rename to roles/matrix-synapse/tasks/setup_synapse.yml index f95c3eb2..754ab1d9 100644 --- a/roles/matrix-synapse/tasks/setup_synapse_pre.yml +++ b/roles/matrix-synapse/tasks/setup_synapse.yml @@ -15,6 +15,13 @@ - "{{ matrix_synapse_config_dir_path }}" - "{{ matrix_synapse_run_path }}" - "{{ matrix_synapse_ext_path }}" - # We handle matrix_synapse_media_store_path elsewhere (in setup_synapse_main.yml), + # We handle matrix_synapse_media_store_path elsewhere (in ./synapse/setup_install.yml), # because if it's using Goofys and it's already mounted (from before), # trying to chown/chmod it here will cause trouble. + when: "matrix_synapse_enabled or matrix_s3_media_store_enabled" + +- import_tasks: "{{ role_path }}/tasks/ext/setup.yml" + +- import_tasks: "{{ role_path }}/tasks/synapse/setup.yml" + +- import_tasks: "{{ role_path }}/tasks/goofys/setup.yml" diff --git a/roles/matrix-synapse/tasks/setup_synapse_entrypoint.yml b/roles/matrix-synapse/tasks/setup_synapse_entrypoint.yml deleted file mode 100644 index 46639cdd..00000000 --- a/roles/matrix-synapse/tasks/setup_synapse_entrypoint.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- - -- import_tasks: "{{ role_path }}/tasks/setup_synapse_pre.yml" - -- import_tasks: "{{ role_path }}/tasks/ext/setup.yml" - -- import_tasks: "{{ role_path }}/tasks/setup_synapse_main.yml" - -- import_tasks: "{{ role_path }}/tasks/setup_synapse_goofys.yml" diff --git a/roles/matrix-synapse/tasks/setup_synapse_goofys.yml b/roles/matrix-synapse/tasks/setup_synapse_goofys.yml deleted file mode 100644 index 7cb1d513..00000000 --- a/roles/matrix-synapse/tasks/setup_synapse_goofys.yml +++ /dev/null @@ -1,87 +0,0 @@ -# -# Tasks related to setting up Goofys -# - -- name: Ensure Goofys Docker image is pulled - docker_image: - name: "{{ matrix_s3_goofys_docker_image }}" - when: matrix_s3_media_store_enabled - -# This will throw a Permission Denied error if already mounted -- name: Check Matrix Goofys external storage mountpoint path - stat: - path: "{{ matrix_synapse_media_store_path }}" - register: local_path_matrix_synapse_media_store_path_stat - ignore_errors: yes - when: matrix_s3_media_store_enabled - -- name: Ensure Matrix Goofys external storage mountpoint exists - file: - path: "{{ matrix_synapse_media_store_path }}" - state: directory - mode: 0750 - owner: "{{ matrix_user_uid }}" - group: "{{ matrix_user_gid }}" - when: "matrix_s3_media_store_enabled and not local_path_matrix_synapse_media_store_path_stat.failed and not local_path_matrix_synapse_media_store_path_stat.stat.exists" - -- name: Ensure goofys environment variables file created - template: - src: "{{ role_path }}/templates/goofys/env-goofys.j2" - dest: "{{ matrix_synapse_config_dir_path }}/env-goofys" - owner: root - mode: 0600 - when: matrix_s3_media_store_enabled - -- name: Ensure matrix-goofys.service installed - template: - src: "{{ role_path }}/templates/goofys/systemd/matrix-goofys.service.j2" - dest: "/etc/systemd/system/matrix-goofys.service" - mode: 0644 - register: matrix_goofys_systemd_service_result - when: matrix_s3_media_store_enabled - -- name: Ensure systemd reloaded after matrix-goofys.service installation - service: - daemon_reload: yes - when: "matrix_s3_media_store_enabled and matrix_goofys_systemd_service_result.changed" - -# -# Tasks related to getting rid of goofys (if it was previously enabled) -# - -- name: Check existence of matrix-goofys service - stat: - path: "/etc/systemd/system/matrix-goofys.service" - register: matrix_goofys_service_stat - when: "not matrix_s3_media_store_enabled" - -- name: Ensure matrix-goofys is stopped - service: - name: matrix-goofys - state: stopped - daemon_reload: yes - register: stopping_result - when: "not matrix_s3_media_store_enabled and matrix_goofys_service_stat.stat.exists" - -- name: Ensure matrix-goofys.service doesn't exist - file: - path: "/etc/systemd/system/matrix-goofys.service" - state: absent - when: "not matrix_s3_media_store_enabled and matrix_goofys_service_stat.stat.exists" - -- name: Ensure systemd reloaded after matrix-goofys.service removal - service: - daemon_reload: yes - when: "not matrix_s3_media_store_enabled and matrix_goofys_service_stat.stat.exists" - -- name: Ensure goofys environment variables file doesn't exist - file: - path: "{{ matrix_synapse_config_dir_path }}/env-goofys" - state: absent - when: "not matrix_s3_media_store_enabled" - -- name: Ensure Goofys Docker image doesn't exist - docker_image: - name: "{{ matrix_s3_goofys_docker_image }}" - state: absent - when: "not matrix_s3_media_store_enabled" diff --git a/roles/matrix-synapse/tasks/synapse/setup.yml b/roles/matrix-synapse/tasks/synapse/setup.yml new file mode 100644 index 00000000..227369a8 --- /dev/null +++ b/roles/matrix-synapse/tasks/synapse/setup.yml @@ -0,0 +1,7 @@ +--- + +- import_tasks: "{{ role_path }}/tasks/synapse/setup_install.yml" + when: matrix_synapse_enabled + +- import_tasks: "{{ role_path }}/tasks/synapse/setup_uninstall.yml" + when: "not matrix_synapse_enabled" diff --git a/roles/matrix-synapse/tasks/setup_synapse_main.yml b/roles/matrix-synapse/tasks/synapse/setup_install.yml similarity index 100% rename from roles/matrix-synapse/tasks/setup_synapse_main.yml rename to roles/matrix-synapse/tasks/synapse/setup_install.yml diff --git a/roles/matrix-synapse/tasks/synapse/setup_uninstall.yml b/roles/matrix-synapse/tasks/synapse/setup_uninstall.yml new file mode 100644 index 00000000..241c6937 --- /dev/null +++ b/roles/matrix-synapse/tasks/synapse/setup_uninstall.yml @@ -0,0 +1,28 @@ +- name: Check existence of matrix-synapse service + stat: + path: "/etc/systemd/system/matrix-synapse.service" + register: matrix_synapse_service_stat + +- name: Ensure matrix-synapse is stopped + service: + name: matrix-synapse + state: stopped + daemon_reload: yes + register: stopping_result + when: "matrix_synapse_service_stat.stat.exists" + +- name: Ensure matrix-synapse.service doesn't exist + file: + path: "/etc/systemd/system/matrix-synapse.service" + state: absent + when: "matrix_synapse_service_stat.stat.exists" + +- name: Ensure systemd reloaded after matrix-synapse.service removal + service: + daemon_reload: yes + when: "matrix_synapse_service_stat.stat.exists" + +- name: Ensure Synapse Docker image doesn't exist + docker_image: + name: "{{ matrix_synapse_docker_image }}" + state: absent diff --git a/roles/matrix-synapse/tasks/validate_config.yml b/roles/matrix-synapse/tasks/validate_config.yml index 65778967..b02abd29 100644 --- a/roles/matrix-synapse/tasks/validate_config.yml +++ b/roles/matrix-synapse/tasks/validate_config.yml @@ -2,7 +2,7 @@ - name: Fail if required Synapse settings not defined fail: - msg: > + msg: >- You need to define a required configuration setting (`{{ item }}`) for using Synapse. when: "vars[item] == ''" with_items: