mirror of
https://github.com/element-hq/synapse
synced 2024-07-15 15:14:07 +00:00
complement hacks!!!
This commit is contained in:
parent
3d70cc393f
commit
de402248a8
|
@ -89,39 +89,39 @@ fi
|
||||||
|
|
||||||
# Add Complement's appservice registration directory, if there is one
|
# Add Complement's appservice registration directory, if there is one
|
||||||
# (It can be absent when there are no application services in this test!)
|
# (It can be absent when there are no application services in this test!)
|
||||||
if [ -d /complement/appservice ]; then
|
# if [ -d /complement/appservice ]; then
|
||||||
export SYNAPSE_AS_REGISTRATION_DIR=/complement/appservice
|
# export SYNAPSE_AS_REGISTRATION_DIR=/complement/appservice
|
||||||
fi
|
# fi
|
||||||
|
|
||||||
# Generate a TLS key, then generate a certificate by having Complement's CA sign it
|
# Generate a TLS key, then generate a certificate by having Complement's CA sign it
|
||||||
# Note that both the key and certificate are in PEM format (not DER).
|
# Note that both the key and certificate are in PEM format (not DER).
|
||||||
|
|
||||||
# First generate a configuration file to set up a Subject Alternative Name.
|
# First generate a configuration file to set up a Subject Alternative Name.
|
||||||
cat > /conf/server.tls.conf <<EOF
|
# cat > /conf/server.tls.conf <<EOF
|
||||||
.include /etc/ssl/openssl.cnf
|
# .include /etc/ssl/openssl.cnf
|
||||||
|
#
|
||||||
[SAN]
|
# [SAN]
|
||||||
subjectAltName=DNS:${SERVER_NAME}
|
# subjectAltName=DNS:${SERVER_NAME}
|
||||||
EOF
|
# EOF
|
||||||
|
|
||||||
# Generate an RSA key
|
# Generate an RSA key
|
||||||
openssl genrsa -out /conf/server.tls.key 2048
|
# openssl genrsa -out /conf/server.tls.key 2048
|
||||||
|
|
||||||
# Generate a certificate signing request
|
# Generate a certificate signing request
|
||||||
openssl req -new -config /conf/server.tls.conf -key /conf/server.tls.key -out /conf/server.tls.csr \
|
# openssl req -new -config /conf/server.tls.conf -key /conf/server.tls.key -out /conf/server.tls.csr \
|
||||||
-subj "/CN=${SERVER_NAME}" -reqexts SAN
|
# -subj "/CN=${SERVER_NAME}" -reqexts SAN
|
||||||
|
|
||||||
# Make the Complement Certificate Authority sign and generate a certificate.
|
# Make the Complement Certificate Authority sign and generate a certificate.
|
||||||
openssl x509 -req -in /conf/server.tls.csr \
|
# openssl x509 -req -in /conf/server.tls.csr \
|
||||||
-CA /complement/ca/ca.crt -CAkey /complement/ca/ca.key -set_serial 1 \
|
# -CA /complement/ca/ca.crt -CAkey /complement/ca/ca.key -set_serial 1 \
|
||||||
-out /conf/server.tls.crt -extfile /conf/server.tls.conf -extensions SAN
|
# -out /conf/server.tls.crt -extfile /conf/server.tls.conf -extensions SAN
|
||||||
|
|
||||||
# Assert that we have a Subject Alternative Name in the certificate.
|
# Assert that we have a Subject Alternative Name in the certificate.
|
||||||
# (grep will exit with 1 here if there isn't a SAN in the certificate.)
|
# (grep will exit with 1 here if there isn't a SAN in the certificate.)
|
||||||
openssl x509 -in /conf/server.tls.crt -noout -text | grep DNS:
|
# openssl x509 -in /conf/server.tls.crt -noout -text | grep DNS:
|
||||||
|
|
||||||
export SYNAPSE_TLS_CERT=/conf/server.tls.crt
|
# export SYNAPSE_TLS_CERT=/conf/server.tls.crt
|
||||||
export SYNAPSE_TLS_KEY=/conf/server.tls.key
|
# export SYNAPSE_TLS_KEY=/conf/server.tls.key
|
||||||
|
|
||||||
# Run the script that writes the necessary config files and starts supervisord, which in turn
|
# Run the script that writes the necessary config files and starts supervisord, which in turn
|
||||||
# starts everything else
|
# starts everything else
|
||||||
|
|
|
@ -24,8 +24,8 @@ registration_shared_secret: complement
|
||||||
## Federation ##
|
## Federation ##
|
||||||
|
|
||||||
# trust certs signed by Complement's CA
|
# trust certs signed by Complement's CA
|
||||||
federation_custom_ca_list:
|
#federation_custom_ca_list:
|
||||||
- /complement/ca/ca.crt
|
#- /complement/ca/ca.crt
|
||||||
|
|
||||||
# unblacklist RFC1918 addresses
|
# unblacklist RFC1918 addresses
|
||||||
federation_ip_range_blacklist: []
|
federation_ip_range_blacklist: []
|
||||||
|
|
|
@ -566,6 +566,32 @@ def generate_base_homeserver_config() -> None:
|
||||||
os.environ["SYNAPSE_HTTP_PORT"] = str(MAIN_PROCESS_HTTP_LISTENER_PORT)
|
os.environ["SYNAPSE_HTTP_PORT"] = str(MAIN_PROCESS_HTTP_LISTENER_PORT)
|
||||||
subprocess.run(["/usr/local/bin/python", "/start.py", "migrate_config"], check=True)
|
subprocess.run(["/usr/local/bin/python", "/start.py", "migrate_config"], check=True)
|
||||||
|
|
||||||
|
worker_base = "main"
|
||||||
|
mem_limit = os.environ.get(f"MEM_{worker_base}")
|
||||||
|
if mem_limit is None:
|
||||||
|
raise ValueError(
|
||||||
|
f"No memory limit for {worker_base}!")
|
||||||
|
|
||||||
|
extra = {
|
||||||
|
"caches": {
|
||||||
|
"global_factor": 100.0,
|
||||||
|
"sync_response_cache_duration": "2m",
|
||||||
|
"expire_caches": True,
|
||||||
|
"cache_entry_ttl": "30m",
|
||||||
|
"cache_autotuning": {
|
||||||
|
"max_cache_memory_usage": f"{int(mem_limit)}M",
|
||||||
|
"target_cache_memory_usage": f"{int(mem_limit) - 125}M",
|
||||||
|
"min_cache_ttl": "1m",
|
||||||
|
},
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
# append the memory limit YAML...
|
||||||
|
with open("/conf/homeserver.yaml", "a") as fout:
|
||||||
|
fout.write("\n")
|
||||||
|
yaml.dump(extra, fout)
|
||||||
|
fout.flush()
|
||||||
|
|
||||||
|
|
||||||
def parse_worker_types(
|
def parse_worker_types(
|
||||||
requested_worker_types: List[str],
|
requested_worker_types: List[str],
|
||||||
|
@ -791,6 +817,23 @@ def generate_worker_files(
|
||||||
# Replace placeholder names in the config template with the actual worker name.
|
# Replace placeholder names in the config template with the actual worker name.
|
||||||
worker_config = insert_worker_name_for_worker_config(worker_config, worker_name)
|
worker_config = insert_worker_name_for_worker_config(worker_config, worker_name)
|
||||||
|
|
||||||
|
worker_base = re.sub(r"[0-9]+", "", worker_name)
|
||||||
|
mem_limit = os.environ.get(f"MEM_{worker_base}")
|
||||||
|
if mem_limit is None:
|
||||||
|
raise ValueError(f"No memory limit for {worker_base}! of {requested_worker_types}")
|
||||||
|
|
||||||
|
worker_config["caches"] = {
|
||||||
|
"global_factor": 100.0,
|
||||||
|
"sync_response_cache_duration": "2m",
|
||||||
|
"expire_caches": True,
|
||||||
|
"cache_entry_ttl": "30m",
|
||||||
|
"cache_autotuning": {
|
||||||
|
"max_cache_memory_usage": f"{int(mem_limit)}M",
|
||||||
|
"target_cache_memory_usage": f"{int(mem_limit) - 125}M",
|
||||||
|
"min_cache_ttl": "1m",
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
worker_config.update(
|
worker_config.update(
|
||||||
{"name": worker_name, "port": str(worker_port), "config_path": config_path}
|
{"name": worker_name, "port": str(worker_port), "config_path": config_path}
|
||||||
)
|
)
|
||||||
|
|
|
@ -180,7 +180,7 @@ if [ -z "$skip_docker_build" ]; then
|
||||||
|
|
||||||
# Build the unified Complement image (from the worker Synapse image we just built).
|
# Build the unified Complement image (from the worker Synapse image we just built).
|
||||||
echo_if_github "::group::Build Docker image: complement/Dockerfile"
|
echo_if_github "::group::Build Docker image: complement/Dockerfile"
|
||||||
docker build -t complement-synapse \
|
docker build -t synapse-pt10k \
|
||||||
-f "docker/complement/Dockerfile" "docker/complement"
|
-f "docker/complement/Dockerfile" "docker/complement"
|
||||||
echo_if_github "::endgroup::"
|
echo_if_github "::endgroup::"
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue