Merge pull request #2 from jcgruenhage/docker

Support Docker deployments additionally

.editorconfig

@@ -0,0 +1,7 @@
+root = true
+trim_trailing_whitespace = true
+
+[*.yml]
+insert_final_newline = true
+indent_style = space
+indent_size = 2

README.md

@@ -37,6 +37,10 @@ The following should be present on the target system
 | matrix_synapse_signing_key_path | "/opt/synapse/ssl/{{ matrix_server_name }}.signing.key" |
 | matrix_synapse_version | "v0.99.1.1" |
 | matrix_synapse_log_days_keep | 30 |
+| matrix_synapse_deployment_method | pip | Either pip or docker [¹](#footnote_1) |
+| matrix_synapse_supervision_method | systemd | Either systemd, runit or docker [¹](#footnote_1) |
+
+<a name="footnote_1">¹</a>: Docker must be used for both or neither deployment and supervision
 
 ## Dependencies
 

defaults/main.yml

@@ -1,5 +1,7 @@
 ---
 matrix_synapse_extra_config: {}
+matrix_synapse_deployment_method: pip
+matrix_synapse_supervision_method: systemd
 matrix_synapse_dh_path: "/opt/synapse/tls/{{ matrix_server_name }}.dh"
 matrix_synapse_baseurl: "https://{{ matrix_server_name }}"
 matrix_synapse_signing_key_path: "/opt/synapse/tls/{{ matrix_server_name }}.signing.key"
@@ -7,3 +9,5 @@ matrix_synapse_version: "v0.99.1.1"
 matrix_synapse_log_days_keep: 30
 matrix_synapse_skip_tls: false
 matrix_synapse_pid_file: /opt/synapse/synapse.pid
+matrix_synapse_docker_ports: ["8008:8008", "8448:8448"]
+matrix_synapse_docker_labels: {}

handlers/main.yml

@@ -3,14 +3,25 @@
   systemd:
     daemon_reload: yes
 
-- name: "restart matrix-synapse"
+- name: "restart matrix-synapse using systemd"
   service:
     name: "matrix-synapse"
     state: restarted
     enabled: yes
+  when: matrix_synapse_supervision_method == "systemd"
+  listen: "restart matrix-synapse"
+
+- name: "restart synapse using docker"
+  docker_container:
+    name: synapse
+    state: started
+    restart: yes
+  when: matrix_synapse_supervision_method == "docker"
+  listen: "restart matrix-synapse"
 
 - name: restart rsyslog
   become: yes
   service:
     name: rsyslog
     state: restarted
+  when: matrix_synapse_supervision_method == "systemd"

tasks/configure.yml

@@ -1,4 +1,21 @@
 ---
+- name: create user
+  user:
+    name: synapse
+    state: present
+  register: synapse_user
+  tags:
+    - pre_install
+
+- name: create directory
+  file:
+    name: /opt/synapse
+    state: directory
+    owner: synapse
+    group: synapse
+  tags:
+    - pre_install
+
 - name: Create directory for media storage
   file:
     name: "{{ item }}"
@@ -21,6 +38,8 @@
 
 - name: Configure logging
   import_tasks: logging.yml
+  when: matrix_synapse_supervision_method == "systemd"
+  # TODO: Figure out how to make sure that logging ends up in rsyslog no matter what system we run on
 
 - name: Create certificates
   include_tasks: crypto.yml

tasks/deployment.yml

@@ -1,20 +1,6 @@
 ---
-- name: create user
-  user:
-    name: synapse
-    state: present
-  tags:
-    - pre_install
-
-- name: create directory
-  file:
-    name: /opt/synapse
-    state: directory
-    owner: synapse
-    group: synapse
-  tags:
-    - pre_install
-
+- name: install synapse with pip into virtualenv
+  block:
     - name: Install dependencies
       apt:
         name:
@@ -68,4 +54,25 @@
       tags:
         - skip_ansible_lint # skip when clause
         - pre_install
+  when: matrix_synapse_deployment_method == "pip"
 
+- name: install synapse with docker
+  docker_container:
+    name: synapse
+    image: "docker.io/matrixdotorg/synapse:{{ matrix_synapse_version }}"
+    ports: "{{ matrix_synapse_docker_ports }}"
+    labels: "{{ matrix_synapse_docker_labels }}"
+    restart_policy: unless-stopped
+    entrypoint: "python"
+    command:
+      - "-m"
+      - "synapse.app.homeserver"
+      - "-c"
+      - "/opt/synapse/homeserver.yaml"
+    user: "{{ synapse_user.uid }}:{{ synapse_user.group }}"
+    volumes:
+      - "{{ matrix_synapse_config.media_store_path }}:{{ matrix_synapse_config.media_store_path }}"
+      - "{{ matrix_synapse_config.uploads_path }}:{{ matrix_synapse_config.uploads_path }}"
+      - "/opt/synapse/homeserver.yaml:/opt/synapse/homeserver.yaml"
+      - "/opt/synapse/tls:/opt/synapse/tls"
+  when: matrix_synapse_deployment_method == "docker"

tasks/main.yml

@@ -1,9 +1,15 @@
 ---
-- name: deploy synapse
-  import_tasks: deployment.yml
+- name: check that sypervision and deployment are compatible
+  fail:
+    msg: "Either both or neither of deployment and supervision method should be docker."
+  when: (matrix_synapse_supervision_method == "docker" and matrix_synapse_deployment_method != "docker") or (matrix_synapse_deployment_method == "docker" and matrix_synapse_supervision_method != "docker")
 
 - name: configure synapse
   import_tasks: configure.yml
 
+- name: deploy synapse
+  import_tasks: deployment.yml
+
 - name: configure service
   import_tasks: systemd.yml
+  when: matrix_synapse_supervision_method == "systemd"

tests/.gitignore

@@ -0,0 +1,2 @@
+.vagrant
+*.retry

tests/Vagrantfile

@@ -2,12 +2,24 @@
 # vi: set ft=ruby :
 
 Vagrant.configure("2") do |config|
-  config.vm.box = "debian/stretch64"
+  config.vm.define "pip" do |pip| 
+    pip.vm.box = "debian/stretch64"
 
-  config.vm.network "forwarded_port", guest: 8008, host: 8008
-  config.vm.network "forwarded_port", guest: 8448, host: 8448
+    pip.vm.network "forwarded_port", guest: 8008, host: 8008
+    pip.vm.network "forwarded_port", guest: 8448, host: 8448
 
-  config.vm.provision "ansible" do |ansible|
-    ansible.playbook = "test.yml"
+    pip.vm.provision "ansible" do |ansible|
+      ansible.playbook = "test-pip.yml"
+    end
+  end
+  config.vm.define "docker" do |docker| 
+    docker.vm.box = "debian/stretch64"
+
+    docker.vm.network "forwarded_port", guest: 8008, host: 8009
+    docker.vm.network "forwarded_port", guest: 8448, host: 8449
+
+    docker.vm.provision "ansible" do |ansible|
+      ansible.playbook = "test-docker.yml"
+    end
   end
 end

tests/requirements.yml

@@ -1,2 +1,4 @@
 ---
+- role: geerlingguy.pip
+- role: geerlingguy.docker
 - role: geerlingguy.postgresql

tests/test-docker.yml

@@ -0,0 +1,37 @@
+---
+- hosts: all
+  become: true
+  vars:
+    dbname: synapse
+    dbuser: synapse_user
+    dbpw: synapse_password
+    matrix_synapse_deployment_method: docker
+    matrix_synapse_supervision_method: docker
+  roles:
+    - role: geerlingguy.pip
+      pip_install_packages:
+        - name: docker
+    - role: geerlingguy.docker
+    - role: geerlingguy.postgresql
+      postgresql_databases:
+        - name: "{{ dbname }}"
+      postgresql_users:
+        - name: "{{ dbuser }}"
+          password: "{{ dbpw }}"
+      postgresql_global_config_options:
+        - option: listen_addresses
+          value: "172.17.0.1"
+      postgresql_hba_entries:
+        - { type: local, database: all, user: all, auth_method: trust }
+        - { type: host, database: "{{ dbname }}", user: "{{ dbuser }}", address: "172.17.0.1/16", auth_method: md5 }
+    - role: matrix-ansible-synapse
+      matrix_server_name: localhost
+      matrix_synapse_report_stats: false
+      matrix_synapse_pg_host: 172.17.0.1
+      matrix_synapse_pg_user: "{{ dbuser }}"
+      matrix_synapse_pg_pass: "{{ dbpw }}"
+      matrix_synapse_pg_db: "{{ dbname }}"
+      matrix_synapse_macaroon_secret_key: "THIS_IS_TOTALLY_SECRET_1337_L33T_HaxXxOR"
+      matrix_synapse_registration_secret: "waewi7Joolae8Pahh1eePhaeJubairieFuhoorie3h"
+      matrix_synapse_extra_config:
+        no_tls: true

tests/test-pip.yml

@@ -6,12 +6,16 @@
     dbuser: synapse_user
     dbpw: synapse_password
   roles:
+    - role: geerlingguy.pip
     - role: geerlingguy.postgresql
       postgresql_databases:
         - name: "{{ dbname }}"
       postgresql_users:
         - name: "{{ dbuser }}"
           password: "{{ dbpw }}"
+      postgresql_global_config_options:
+        - option: listen_address
+          value: "*"
     - role: matrix-ansible-synapse
       matrix_server_name: localhost
       matrix_synapse_report_stats: false