complement hacks!!!

docker/complement/conf/start_for_complement.sh

@@ -89,39 +89,39 @@ fi
 
 # Add Complement's appservice registration directory, if there is one
 # (It can be absent when there are no application services in this test!)
-if [ -d /complement/appservice ]; then
-    export SYNAPSE_AS_REGISTRATION_DIR=/complement/appservice
-fi
+# if [ -d /complement/appservice ]; then
+#     export SYNAPSE_AS_REGISTRATION_DIR=/complement/appservice
+# fi
 
 # Generate a TLS key, then generate a certificate by having Complement's CA sign it
 # Note that both the key and certificate are in PEM format (not DER).
 
 # First generate a configuration file to set up a Subject Alternative Name.
-cat > /conf/server.tls.conf <<EOF
-.include /etc/ssl/openssl.cnf
-
-[SAN]
-subjectAltName=DNS:${SERVER_NAME}
-EOF
+# cat > /conf/server.tls.conf <<EOF
+# .include /etc/ssl/openssl.cnf
+#
+# [SAN]
+# subjectAltName=DNS:${SERVER_NAME}
+# EOF
 
 # Generate an RSA key
-openssl genrsa -out /conf/server.tls.key 2048
+# openssl genrsa -out /conf/server.tls.key 2048
 
 # Generate a certificate signing request
-openssl req -new -config /conf/server.tls.conf -key /conf/server.tls.key -out /conf/server.tls.csr \
-  -subj "/CN=${SERVER_NAME}" -reqexts SAN
+# openssl req -new -config /conf/server.tls.conf -key /conf/server.tls.key -out /conf/server.tls.csr \
+#   -subj "/CN=${SERVER_NAME}" -reqexts SAN
 
 # Make the Complement Certificate Authority sign and generate a certificate.
-openssl x509 -req -in /conf/server.tls.csr \
-  -CA /complement/ca/ca.crt -CAkey /complement/ca/ca.key -set_serial 1 \
-  -out /conf/server.tls.crt -extfile /conf/server.tls.conf -extensions SAN
+# openssl x509 -req -in /conf/server.tls.csr \
+#   -CA /complement/ca/ca.crt -CAkey /complement/ca/ca.key -set_serial 1 \
+#   -out /conf/server.tls.crt -extfile /conf/server.tls.conf -extensions SAN
 
 # Assert that we have a Subject Alternative Name in the certificate.
 # (grep will exit with 1 here if there isn't a SAN in the certificate.)
-openssl x509 -in /conf/server.tls.crt -noout -text | grep DNS:
+# openssl x509 -in /conf/server.tls.crt -noout -text | grep DNS:
 
-export SYNAPSE_TLS_CERT=/conf/server.tls.crt
-export SYNAPSE_TLS_KEY=/conf/server.tls.key
+# export SYNAPSE_TLS_CERT=/conf/server.tls.crt
+# export SYNAPSE_TLS_KEY=/conf/server.tls.key
 
 # Run the script that writes the necessary config files and starts supervisord, which in turn
 # starts everything else

docker/complement/conf/workers-shared-extra.yaml.j2

@@ -24,8 +24,8 @@ registration_shared_secret: complement
 ## Federation ##
 
 # trust certs signed by Complement's CA
-federation_custom_ca_list:
-- /complement/ca/ca.crt
+#federation_custom_ca_list:
+#- /complement/ca/ca.crt
 
 # unblacklist RFC1918 addresses
 federation_ip_range_blacklist: []

docker/configure_workers_and_start.py

@@ -566,6 +566,32 @@ def generate_base_homeserver_config() -> None:
     os.environ["SYNAPSE_HTTP_PORT"] = str(MAIN_PROCESS_HTTP_LISTENER_PORT)
     subprocess.run(["/usr/local/bin/python", "/start.py", "migrate_config"], check=True)
 
+    worker_base = "main"
+    mem_limit = os.environ.get(f"MEM_{worker_base}")
+    if mem_limit is None:
+        raise ValueError(
+            f"No memory limit for {worker_base}!")
+
+    extra = {
+        "caches": {
+            "global_factor": 100.0,
+            "sync_response_cache_duration": "2m",
+            "expire_caches": True,
+            "cache_entry_ttl": "30m",
+            "cache_autotuning": {
+                "max_cache_memory_usage": f"{int(mem_limit)}M",
+                "target_cache_memory_usage": f"{int(mem_limit) - 125}M",
+                "min_cache_ttl": "1m",
+            },
+        }
+    }
+
+    # append the memory limit YAML...
+    with open("/conf/homeserver.yaml", "a") as fout:
+        fout.write("\n")
+        yaml.dump(extra, fout)
+        fout.flush()
+
 
 def parse_worker_types(
     requested_worker_types: List[str],
@@ -791,6 +817,23 @@ def generate_worker_files(
         # Replace placeholder names in the config template with the actual worker name.
         worker_config = insert_worker_name_for_worker_config(worker_config, worker_name)
 
+        worker_base = re.sub(r"[0-9]+", "", worker_name)
+        mem_limit = os.environ.get(f"MEM_{worker_base}")
+        if mem_limit is None:
+            raise ValueError(f"No memory limit for {worker_base}! of {requested_worker_types}")
+
+        worker_config["caches"] = {
+            "global_factor": 100.0,
+            "sync_response_cache_duration": "2m",
+            "expire_caches": True,
+            "cache_entry_ttl": "30m",
+            "cache_autotuning": {
+                "max_cache_memory_usage": f"{int(mem_limit)}M",
+                "target_cache_memory_usage": f"{int(mem_limit) - 125}M",
+                "min_cache_ttl": "1m",
+            },
+        }
+
         worker_config.update(
             {"name": worker_name, "port": str(worker_port), "config_path": config_path}
         )

scripts-dev/complement.sh

@@ -180,7 +180,7 @@ if [ -z "$skip_docker_build" ]; then
 
         # Build the unified Complement image (from the worker Synapse image we just built).
         echo_if_github "::group::Build Docker image: complement/Dockerfile"
-        docker build -t complement-synapse \
+        docker build -t synapse-pt10k \
             -f "docker/complement/Dockerfile" "docker/complement"
         echo_if_github "::endgroup::"