YunoHost-Apps/synapse_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/synapse_ynh.git synced 2024-09-03 20:26:38 +02:00
Code Issues Activity Actions

Full upgrade

Browse source 
- Add multi instance support
- Remove offical helper in common.sh
- Improve turnserver config
- Update checkprocess
- Check synapse is fully started before the end script
- Use helper nginx ynh_add_nginx_config
This commit is contained in:
Josué Tille 2018-01-19 22:05:39 +01:00
parent f2611f733d
commit 2473f90c5c
16 changed files with 299 additions and 188 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
README.md
View file

@ -93,6 +93,17 @@ To solve the issue [#30](https://github.com/YunoHost-Apps/synapse_ynh/issues/30)
`yunohost app setting synapse disable_backup_before_upgrade -v 1`
Multi instance support
----------------------
To give a possiblity to have multiple domain you can use synapse in multiple instance. In this case all instance will run on differents port so it's really important to use put a SRV record in your domain. You can get the port that your need to put in your SRV record by this following command :
```
yunohost app setting synapse__<instancenumber> synapse_tls_port
```
Before to install a second instance of the app it's really recommend to update all instance already installed.
Migration from old package
--------------------------

17
check_process
View file

@ -3,24 +3,26 @@
# Commentaire ignoré
; Manifest
domain="domain.tld" (DOMAIN)
path="/_matrix" (PATH)
path="/_matrix/client/#/login" (PATH)
is_public=1 (PUBLIC|public=1|private=0)
; Checks
pkg_linter=1
setup_sub_dir=0
setup_sub_dir=1
setup_root=0
setup_nourl=1
setup_nourl=0
setup_private=0
setup_public=1
upgrade=1
upgrade=1 from_commit=a62bce7dbc6bc0e1f1b4e872286ff124747ea009
upgrade=1 from_commit=bfc07c81c1bcac1b939838209bba6934fec35625
backup_restore=1
multi_instance=0
multi_instance=1
wrong_user=0
wrong_path=1
incorrect_path=0
corrupt_source=1
fail_download_source=1
port_already_use=1 (8008)
port_already_use=1 (8448)
final_path_already_use=1
change_url=0
;;; Levels
@ -34,3 +36,8 @@
Level 8=0
Level 9=0
Level 10=0
;;; Upgrade options
; commit=a62bce7dbc6bc0e1f1b4e872286ff124747ea009
name=Before multi_instance
; commit=bfc07c81c1bcac1b939838209bba6934fec35625
name=Old version package

27
conf/coturn-synapse.service Normal file
View file

@ -0,0 +1,27 @@
[Unit]
Description=coturn
Documentation=man:coturn(1) man:turnadmin(1) man:turnserver(1)
After=syslog.target network.target
[Service]
User=turnserver
Group=turnserver
Type=forking
EnvironmentFile=/etc/default/coturn-__APP__
PIDFile=/var/run/coturn-__APP__/turnserver.pid
RuntimeDirectory=coturn-__APP__
RuntimeDirectoryMode=0755
ExecStart=/usr/bin/turnserver -o -c /etc/matrix-__APP__/coturn.conf $EXTRA_OPTIONS
ExecStopPost=/bin/rm -f /var/run/coturn-__APP__/turnserver.pid
Restart=on-abort
LimitCORE=infinity
LimitNOFILE=999999
LimitNPROC=60000
LimitRTPRIO=infinity
LimitRTTIME=7000000
CPUSchedulingPolicy=other
UMask=0007
[Install]
WantedBy=multi-user.target

12
conf/homeserver.yaml
View file

@ -10,7 +10,7 @@ tls_certificate_path: "/etc/yunohost/certs/__DOMAIN__/crt.pem"
tls_private_key_path: "/etc/yunohost/certs/__DOMAIN__/key.pem"
# PEM dh parameters for ephemeral keys
tls_dh_params_path: "/etc/matrix-synapse/dh.pem"
tls_dh_params_path: "/etc/matrix-__APP__/dh.pem"
# Don't bind to the https port
no_tls: False
@ -20,7 +20,7 @@ no_tls: False
server_name: "__DOMAIN__"
# When running as a daemon, the file to store the pid in
pid_file: "/var/run/matrix-synapse.pid"
pid_file: "/var/run/matrix-__APP__.pid"
# Whether to serve a web client from the HTTP/HTTPS root resource.
web_client: False
@ -113,7 +113,7 @@ database:
args:
user: __SYNAPSE_DB_USER__
password: __SYNAPSE_DB_PWD__
database: matrix_synapse
database: matrix___APP__
host: localhost
cp_min: 5
cp_max: 10
@ -123,7 +123,7 @@ event_cache_size: "10K"
# A yaml python logging config file
log_config: "/etc/matrix-synapse/log.yaml"
log_config: "/etc/matrix-__APP__/log.yaml"
# Stop twisted from discarding the stack traces of exceptions in
# deferreds by waiting a reactor tick before running a deferred's
@ -161,7 +161,7 @@ federation_rc_concurrent: 3
# Directory where uploaded images and attachments are stored.
media_store_path: "/var/lib/matrix-synapse/media"
media_store_path: "/var/lib/matrix-__APP__/media"
# The largest allowed upload size in bytes
max_upload_size: "10M"
@ -353,7 +353,7 @@ expire_access_token: False
## Signing Keys ##
# Path to the signing key to sign messages with
signing_key_path: "/etc/matrix-synapse/homeserver.signing.key"
signing_key_path: "/etc/matrix-__APP__/homeserver.signing.key"
# The keys that the server used to sign messages with but won't use
# to sign new messages. E.g. it has lost its private key

2
conf/log.yaml
View file

@ -14,7 +14,7 @@ handlers:
file:
class: logging.handlers.RotatingFileHandler
formatter: precise
filename: /var/log/matrix-synapse/homeserver.log
filename: /var/log/matrix-__APP__/homeserver.log
maxBytes: 104857600
backupCount: 10
filters: [context]

10
conf/matrix-synapse.service
View file

@ -3,11 +3,11 @@ Description=Synapse Matrix homeserver
[Service]
Type=simple
User=matrix-synapse
WorkingDirectory=/var/lib/matrix-synapse
EnvironmentFile=/etc/default/matrix-synapse
ExecStartPre=/opt/yunohost/matrix-synapse/bin/python -m synapse.app.homeserver --config-path=/etc/matrix-synapse/homeserver.yaml --config-path=/etc/matrix-synapse/conf.d/ --generate-keys
ExecStart=/opt/yunohost/matrix-synapse/bin/python -m synapse.app.homeserver --config-path=/etc/matrix-synapse/homeserver.yaml --config-path=/etc/matrix-synapse/conf.d/
User=matrix-__APP__
WorkingDirectory=/var/lib/matrix-__APP__
EnvironmentFile=/etc/default/matrix-__APP__
ExecStartPre=/opt/yunohost/matrix-__APP__/bin/python -m synapse.app.homeserver --config-path=/etc/matrix-__APP__/homeserver.yaml --config-path=/etc/matrix-__APP__/conf.d/ --generate-keys
ExecStart=/opt/yunohost/matrix-__APP__/bin/python -m synapse.app.homeserver --config-path=/etc/matrix-__APP__/homeserver.yaml --config-path=/etc/matrix-__APP__/conf.d/
Restart=always
RestartSec=3

11
conf/turnserver.conf
View file

@ -5,10 +5,17 @@ realm=__DOMAIN__
no-stun
tls-listening-port=__TLS_PORT__
alt-tls-listening-port=__TLS_ALT_PORT__
cli-port=__CLI_PORT__
cert=/etc/yunohost/certs/__DOMAIN__/crt.pem
pkey=/etc/yunohost/certs/__DOMAIN__/key.pem
dh-file=/etc/yunohost/certs/__DOMAIN__/dh.pem
dh-file=/etc/matrix-__APP__/dh.pem
no-sslv2
no-sslv3
no-sslv3
no-udp
no-tcp
log-file=/var/log/matrix-__APP__/turnserver.log
pidfile="/var/run/coturn-__APP__/turnserver.pid"

2
conf/virtualenv_activate
View file

@ -40,7 +40,7 @@ deactivate () {
# unset irrelevant variables
deactivate nondestructive
VIRTUAL_ENV="/opt/yunohost/matrix-synapse"
VIRTUAL_ENV="__FINAL_PATH__"
export VIRTUAL_ENV
_OLD_VIRTUAL_PATH="$PATH"

4
manifest.json
View file

@ -3,7 +3,7 @@
"id": "synapse",
"packaging_format": 1,
"requirements": {
"yunohost": ">= 2.7.2"
"yunohost": ">= 2.7.7"
},
"description": {
"en": "Instant messaging server who use matrix",
@ -16,7 +16,7 @@
"name": "Josué Tille",
"email": "josue@tille.ch"
},
"multi_instance": false,
"multi_instance": true,
"services": [
"nginx"
],

192
scripts/_common.sh
View file

@ -2,9 +2,9 @@
# Retrieve arguments
app=$YNH_APP_INSTANCE_NAME
synapse_user="matrix-synapse"
synapse_db_name="matrix_synapse"
synapse_db_user="matrix_synapse"
synapse_user="matrix-$app"
synapse_db_name="matrix_$app"
synapse_db_user="matrix_$app"
get_app_version_from_json() {
manifest_path="../manifest.json"
@ -23,21 +23,21 @@ install_dependances() {
setup_dir() {
# Create empty dir for synapse
mkdir -p /var/lib/matrix-synapse
mkdir -p /var/log/matrix-synapse
mkdir -p /var/log/turnserver
mkdir -p /etc/matrix-synapse/conf.d
mkdir -p /var/lib/matrix-$app
mkdir -p /var/log/matrix-$app
mkdir -p /etc/matrix-$app/conf.d
mkdir -p $final_path
}
set_permission() {
# Set permission
chown $synapse_user:root -R $final_path
chown $synapse_user:root -R /var/lib/matrix-synapse
chown $synapse_user:root -R /var/log/matrix-synapse
chown turnserver:root -R /var/log/turnserver
chown $synapse_user:root -R /etc/matrix-synapse
chmod 600 /etc/matrix-synapse/dh.pem
chown $synapse_user:root -R /var/lib/matrix-$app
chown $synapse_user:root -R /var/log/matrix-$app
chown $synapse_user:root -R /etc/matrix-$app
chmod 600 /etc/matrix-$app/dh.pem
setfacl -R -m user:turnserver:rx /etc/matrix-$app
setfacl -R -m user:turnserver:rwx /var/log/matrix-$app
}
install_source() {
@ -51,6 +51,7 @@ install_source() {
# Install synapse in virtualenv
PS1=""
cp ../conf/virtualenv_activate $final_path/bin/activate
ynh_replace_string __FINAL_PATH__ $final_path $final_path/bin/activate
source $final_path/bin/activate
pip install --upgrade pip
pip install --upgrade setuptools
@ -66,42 +67,46 @@ install_source() {
fi
}
config_nginx() {
cp ../conf/nginx.conf /etc/nginx/conf.d/$domain.d/$app.conf
ynh_replace_string __PATH__ $path /etc/nginx/conf.d/$domain.d/$app.conf
ynh_replace_string __PORT__ $synapse_port /etc/nginx/conf.d/$domain.d/$app.conf
systemctl reload nginx.service
}
config_synapse() {
cp ../conf/homeserver.yaml /etc/matrix-synapse/homeserver.yaml
cp ../conf/log.yaml /etc/matrix-synapse/log.yaml
ynh_backup_if_checksum_is_different /etc/matrix-$app/homeserver.yaml
ynh_backup_if_checksum_is_different /etc/matrix-$app/log.yaml
cp ../conf/homeserver.yaml /etc/matrix-$app/homeserver.yaml
cp ../conf/log.yaml /etc/matrix-$app/log.yaml
ynh_replace_string __DOMAIN__ $domain /etc/matrix-synapse/homeserver.yaml
ynh_replace_string __SYNAPSE_DB_USER__ $synapse_db_user /etc/matrix-synapse/homeserver.yaml
ynh_replace_string __SYNAPSE_DB_PWD__ $synapse_db_pwd /etc/matrix-synapse/homeserver.yaml
ynh_replace_string __PORT__ $synapse_port /etc/matrix-synapse/homeserver.yaml
ynh_replace_string __TLS_PORT__ $synapse_tls_port /etc/matrix-synapse/homeserver.yaml
ynh_replace_string __TURNSERVER_TLS_PORT__ $turnserver_tls_port /etc/matrix-synapse/homeserver.yaml
ynh_replace_string __TURNPWD__ $turnserver_pwd /etc/matrix-synapse/homeserver.yaml
ynh_replace_string __APP__ $app /etc/matrix-$app/homeserver.yaml
ynh_replace_string __DOMAIN__ $domain /etc/matrix-$app/homeserver.yaml
ynh_replace_string __SYNAPSE_DB_USER__ $synapse_db_user /etc/matrix-$app/homeserver.yaml
ynh_replace_string __SYNAPSE_DB_PWD__ $synapse_db_pwd /etc/matrix-$app/homeserver.yaml
ynh_replace_string __PORT__ $port /etc/matrix-$app/homeserver.yaml
ynh_replace_string __TLS_PORT__ $synapse_tls_port /etc/matrix-$app/homeserver.yaml
ynh_replace_string __TURNSERVER_TLS_PORT__ $turnserver_tls_port /etc/matrix-$app/homeserver.yaml
ynh_replace_string __TURNPWD__ $turnserver_pwd /etc/matrix-$app/homeserver.yaml
ynh_replace_string __APP__ $app /etc/matrix-$app/log.yaml
if [ "$is_public" = "0" ]
then
ynh_replace_string __ALLOWED_ACCESS__ False /etc/matrix-synapse/homeserver.yaml
ynh_replace_string __ALLOWED_ACCESS__ False /etc/matrix-$app/homeserver.yaml
else
ynh_replace_string __ALLOWED_ACCESS__ True /etc/matrix-synapse/homeserver.yaml
ynh_replace_string __ALLOWED_ACCESS__ True /etc/matrix-$app/homeserver.yaml
fi
ynh_store_file_checksum /etc/matrix-$app/homeserver.yaml
ynh_store_file_checksum /etc/matrix-$app/log.yaml
}
config_coturn() {
cp ../conf/default_coturn /etc/default/coturn
cp ../conf/turnserver.conf /etc/turnserver.conf
ynh_backup_if_checksum_is_different /etc/matrix-$app/coturn.conf
cp ../conf/turnserver.conf /etc/matrix-$app/coturn.conf
ynh_replace_string __TURNPWD__ $turnserver_pwd /etc/turnserver.conf
ynh_replace_string __DOMAIN__ $domain /etc/turnserver.conf
ynh_replace_string __TLS_PORT__ $turnserver_tls_port /etc/turnserver.conf
ynh_replace_string __APP__ $app /etc/matrix-$app/coturn.conf
ynh_replace_string __TURNPWD__ $turnserver_pwd /etc/matrix-$app/coturn.conf
ynh_replace_string __DOMAIN__ $domain /etc/matrix-$app/coturn.conf
ynh_replace_string __TLS_PORT__ $turnserver_tls_port /etc/matrix-$app/coturn.conf
ynh_replace_string __TLS_ALT_PORT__ $turnserver_alt_tls_port /etc/matrix-$app/coturn.conf
ynh_replace_string __CLI_PORT__ $cli_port /etc/matrix-$app/coturn.conf
ynh_store_file_checksum /etc/matrix-$app/coturn.conf
}
####### Solve issue https://dev.yunohost.org/issues/1006
@ -147,59 +152,68 @@ ynh_package_install_from_equivs () {
ynh_package_is_installed "$pkgname"
}
# Implement PR : https://github.com/YunoHost/yunohost/pull/392
# Start or restart a service and follow its booting
#
# usage: ynh_check_starting "Line to match" [service name] [Log file] [Timeout]
#
# | arg: Line to match - The line to find in the log to attest the service have finished to boot.
# | arg: Log file - The log file to watch
# /var/log/$app/$app.log will be used if no other log is defined.
# | arg: Timeout - The maximum time to wait before ending the watching. Defaut 300 seconds.
ynh_check_starting () {
local line_to_match="$1"
local service_name="${2:-$app}"
local app_log="${3:-/var/log/$app/$app.log}"
local timeout=${4:-300}
# Use logrotate to manage the logfile
#
# usage: ynh_use_logrotate [logfile] [--non-append]
# | arg: logfile - absolute path of logfile
# | option: --non-append - Replace the config file instead of appending this new config.
#
# If no argument provided, a standard directory will be use. /var/log/${app}
# You can provide a path with the directory only or with the logfile.
# /parentdir/logdir
# /parentdir/logdir/logfile.log
#
# It's possible to use this helper several times, each config will be added to the same logrotate config file.
# Unless you use the option --non-append
ynh_use_logrotate () {
local customtee="tee -a"
if [ $# -gt 0 ] && [ "$1" == "--non-append" ]; then
customtee="tee"
# Destroy this argument for the next command.
shift
elif [ $# -gt 1 ] && [ "$2" == "--non-append" ]; then
customtee="tee"
ynh_clean_check_starting () {
# Stop the execution of tail.
kill -s 15 $pid_tail 2>&1
ynh_secure_remove "$templog" 2>&1
}
echo "Starting of $service_name" >&2
systemctl restart $service_name
local i=0
local templog="$(mktemp)"
# Wait if the log file don't exist
if [[ ! -e $app_log ]]
then
for i in $(seq 1 $timeout)
do
if [[ -e $app_log ]]
then
cat $app_log > "$templog"
break
fi
echo -n "." >&2
sleep 1
done
fi
if [ $# -gt 0 ]; then
if [ "$(echo ${1##*.})" == "log" ]; then # Keep only the extension to check if it's a logfile
logfile=$1 # In this case, focus logrotate on the logfile
else
logfile=$1/*.log # Else, uses the directory and all logfile into it.
# Following the starting of the app in its log
tail -f -n1 "$app_log" >> "$templog" &
# Get the PID of the tail command
local pid_tail=$!
for i in $(seq $i $timeout)
do
# Read the log until the sentence is found, that means the app finished to start. Or run until the timeout
if grep --quiet "$line_to_match" "$templog"
then
echo "The service $service_name has correctly started." >&2
break
fi
else
logfile="/var/log/${app}/*.log" # Without argument, use a defaut directory in /var/log
echo -n "." >&2
sleep 1
done
if [ $i -eq $timeout ]
then
echo "The service $service_name didn't fully started before the timeout." >&2
fi
cat > ./${app}-logrotate << EOF # Build a config file for logrotate
$logfile {
# Rotate if the logfile exceeds 100Mo
size 100M
# Keep 12 old log maximum
rotate 12
# Compress the logs with gzip
compress
# Compress the log at the next cycle. So keep always 2 non compressed logs
delaycompress
# Copy and truncate the log to allow to continue write on it. Instead of move the log.
copytruncate
# Do not do an error if the log is missing
missingok
# Not rotate if the log is empty
notifempty
# Keep old logs in the same dir
noolddir
}
EOF
sudo mkdir -p $(dirname "$logfile") # Create the log directory, if not exist
cat ${app}-logrotate | sudo $customtee /etc/logrotate.d/$app > /dev/null # Append this config to the existing config file, or replace the whole config file (depending on $customtee)
}
echo ""
ynh_clean_check_starting
}

15
scripts/backup
View file

@ -12,31 +12,32 @@ source ../settings/scripts/psql.sh
# Retrieve arguments
domain=$(ynh_app_setting_get $app special_domain)
final_path="/opt/yunohost/matrix-synapse"
final_path="/opt/yunohost/matrix-$app"
# Copy Nginx config
ynh_backup "/etc/nginx/conf.d/${domain}.d/${app}.conf" "nginx.conf"
# Backup synapse config
ynh_backup "/etc/matrix-synapse" "synapse_config"
ynh_backup "/etc/matrix-$app" "synapse_config"
# Backup coturn server
ynh_backup "/etc/turnserver.conf" "coturn_config"
ynh_backup "/etc/default/coturn" "coturn_config_default"
# Backup synapse database
ynh_backup "/var/lib/matrix-synapse" "data" 1
ynh_backup "/var/lib/matrix-$app" "data" 1
# Backup Postgresql database
sudo su -c "pg_dump $synapse_db_name" postgres > ${YNH_CWD}/dump.sql
# Copy the logs
ynh_backup "/var/log/matrix-synapse" "log"
ynh_backup "/var/log/turnserver" "log_turnserver"
ynh_backup "/var/log/matrix-$app" "log"
# Backup systemd service
ynh_backup "/etc/default/matrix-synapse"
ynh_backup "/etc/systemd/system/matrix-synapse.service"
ynh_backup "/etc/default/matrix-$app"
ynh_backup "/etc/systemd/system/matrix-$app.service"
ynh_backup "/etc/default/coturn-$app"
ynh_backup "/etc/systemd/system/coturn-$app.service"
# Backup synapse binary
ynh_backup "$final_path" "bin"

58
scripts/install
View file

@ -13,27 +13,26 @@ source ./_common.sh
# Retrieve arguments
domain=$YNH_APP_ARG_DOMAIN
is_public=$YNH_APP_ARG_IS_PUBLIC
path="/_matrix"
final_path="/opt/yunohost/matrix-synapse"
path_url="/_matrix"
final_path="/opt/yunohost/matrix-$app"
# Check domain/path availability
test $(ynh_webpath_available $domain $path) == 'True' || ynh_die "$domain$path is not available, please use an other domain."
test $(ynh_webpath_available $domain $path_url) == 'True' || ynh_die "$domain is not available as domain, please use an other domain."
test ! -e "/etc/nginx/conf.d/$domain.d/synapse*.conf" || ynh_die "$domain is not available as domain, please use an other domain."
# Check Final Path availability
test ! -e "$final_path" || ynh_die "This path already contains a folder"
# Ouvre le port dans le firewall
synapse_tls_port=$(ynh_find_port 8448)
synapse_port=$(ynh_find_port 8008)
port=$(ynh_find_port 8008)
turnserver_tls_port=$(ynh_find_port 5349)
turnserver_alt_tls_port=$(ynh_find_port $((turnserver_tls_port+1)))
cli_port=$(ynh_find_port 5766)
yunohost firewall allow --no-upnp TCP $synapse_tls_port > /dev/null 2>&1
yunohost firewall allow --no-upnp Both $turnserver_tls_port > /dev/null 2>&1
# Make dh cert for synapse if it not exist
test ! -e /etc/matrix-synapse/dh.pem && \
mkdir -p /etc/matrix-synapse && \
openssl dhparam -out /etc/matrix-synapse/dh.pem 2048 > /dev/null
yunohost firewall allow --no-upnp Both $turnserver_alt_tls_port > /dev/null 2>&1
# Find password for turnserver and database
turnserver_pwd=$(ynh_string_random 30)
@ -41,21 +40,28 @@ synapse_db_pwd=$(ynh_string_random 30)
# Enregistre les infos dans la config YunoHost
ynh_app_setting_set $app special_domain $domain
ynh_app_setting_set $app special_path $path
ynh_app_setting_set $app special_path $path_url
ynh_app_setting_set $app final_path $final_path
ynh_app_setting_set $app synapse_version $APP_VERSION
ynh_app_setting_set $app synapse_db_pwd $synapse_db_pwd
ynh_app_setting_set $app is_public $is_public
ynh_app_setting_set $app synapse_port $synapse_port
ynh_app_setting_set $app synapse_port $port
ynh_app_setting_set $app synapse_tls_port $synapse_tls_port
ynh_app_setting_set $app turnserver_tls_port $turnserver_tls_port
ynh_app_setting_set $app turnserver_alt_tls_port $turnserver_alt_tls_port
ynh_app_setting_set $app turnserver_pwd $turnserver_pwd
ynh_app_setting_set $app cli_port $cli_port
# Make dh cert for synapse if it not exist
test ! -e /etc/matrix-$app/dh.pem && \
mkdir -p /etc/matrix-$app && \
openssl dhparam -out /etc/matrix-$app/dh.pem 2048 > /dev/null
# Install all dependances
install_dependances
# Create user
ynh_system_user_create $synapse_user /var/lib/matrix-synapse
ynh_system_user_create $synapse_user /var/lib/matrix-$app
adduser $synapse_user ssl-cert
adduser turnserver ssl-cert
@ -74,14 +80,21 @@ cp ../conf/add_sso_conf.py $final_path
cp ../conf/remove_sso_conf.py $final_path
python $final_path/add_sso_conf.py
# Create systemd service
cp ../conf/default_matrix-synapse /etc/default/matrix-synapse
cp ../conf/matrix-synapse.service /etc/systemd/system/
# Create systemd service for synapse and turnserver
cp ../conf/default_matrix-synapse /etc/default/matrix-$app
cp ../conf/matrix-synapse.service /etc/systemd/system/matrix-$app.service
ynh_replace_string __APP__ $app /etc/systemd/system/matrix-$app.service
cp ../conf/default_coturn /etc/default/coturn-$app
cp ../conf/coturn-synapse.service /etc/systemd/system/coturn-$app.service
ynh_replace_string __APP__ $app /etc/systemd/system/coturn-$app.service
systemctl daemon-reload
systemctl enable matrix-synapse.service
systemctl enable matrix-$app.service
systemctl enable coturn-$app.service
# Config nginx
config_nginx
ynh_add_nginx_config
# Configure Synapse
config_synapse
@ -90,15 +103,14 @@ config_synapse
config_coturn
# Configuration de logrotate
ynh_use_logrotate /var/log/matrix-synapse
ynh_use_logrotate /var/log/turnserver
ynh_use_logrotate /var/log/matrix-$app
# Set Permission for all directory
set_permission
# register yunohost service
yunohost service add matrix-synapse
yunohost service add matrix-$app
# Recharge la configuration Nginx
systemctl restart matrix-synapse.service
systemctl restart coturn.service
# Reload service
systemctl restart coturn-$app.service
ynh_check_starting "Synapse now listening on port 8448" "matrix-$app" "/var/log/matrix-$app/homeserver.log" 60

1
scripts/psql.sh
View file

@ -117,7 +117,6 @@ ynh_psql_drop_user() {
su --command="dropuser \"${user}\"" postgres
}
ynh_psql_test_if_first_run() {
if [ -f /etc/yunohost/psql ];
then

40
scripts/remove
View file

@ -15,20 +15,17 @@ domain=$(ynh_app_setting_get $app special_domain)
final_path=$(ynh_app_setting_get $app final_path)
synapse_tls_port=$(ynh_app_setting_get $app synapse_tls_port)
turnserver_tls_port=$(ynh_app_setting_get $app turnserver_tls_port)
turnserver_alt_tls_port=$(ynh_app_setting_get $app turnserver_alt_tls_port)
systemctl stop matrix-synapse.service || true
systemctl stop coturn.service || true
# Suppression de la configuration nginx
ynh_secure_remove "/etc/nginx/conf.d/$domain.d/$app.conf"
systemctl reload nginx.service
systemctl stop matrix-$YNH_APP_INSTANCE_NAME.service || true
systemctl stop coturn-$app.service || true
# Close firewall ports
closeport() {
if yunohost firewall list | grep -q "\- $port$"
then
echo "Close port $port"
yunohost firewall disallow TCP $port > /dev/null
yunohost firewall disallow Both $port > /dev/null
fi
}
@ -36,6 +33,8 @@ port=$synapse_tls_port
closeport
port=$turnserver_tls_port
closeport
port=$turnserver_alt_tls_port
closeport
# Remove the skipped url
python $final_path/remove_sso_conf.py
@ -45,29 +44,30 @@ ynh_remove_app_dependencies || true
# Clean all directory
ynh_secure_remove $final_path
ynh_secure_remove /var/lib/matrix-synapse
ynh_secure_remove /var/log/matrix-synapse
ynh_secure_remove /var/log/turnserver
ynh_secure_remove /etc/matrix-synapse
ynh_secure_remove /etc/default/matrix-synapse
ynh_secure_remove /var/lib/matrix-$YNH_APP_INSTANCE_NAME
ynh_secure_remove /var/log/matrix-$YNH_APP_INSTANCE_NAME
ynh_secure_remove /etc/matrix-$YNH_APP_INSTANCE_NAME
ynh_secure_remove /etc/default/matrix-$YNH_APP_INSTANCE_NAME
ynh_secure_remove /etc/default/coturn-$YNH_APP_INSTANCE_NAME
# Remove nginx config
ynh_remove_nginx_config
# Remove systemd service
systemctl disable matrix-synapse.service
ynh_secure_remove /etc/systemd/system/matrix-synapse.service
systemctl disable matrix-$YNH_APP_INSTANCE_NAME.service
systemctl disable coturn-$YNH_APP_INSTANCE_NAME.service
ynh_secure_remove /etc/systemd/system/matrix-$YNH_APP_INSTANCE_NAME.service
ynh_secure_remove /etc/systemd/system/coturn-$app.service
systemctl daemon-reload
# Remove database and user
ynh_psql_remove_db $synapse_db_name $synapse_db_user
# Remove user
ynh_system_user_delete matrix-synapse
ynh_system_user_delete matrix-$YNH_APP_INSTANCE_NAME
# Remove logrotate
ynh_remove_logrotate
# Remove Monitoring
yunohost service remove matrix-synapse
# Reload nginx
systemctl reload nginx.service
yunohost service remove matrix-$YNH_APP_INSTANCE_NAME

23
scripts/restore
View file

@ -12,27 +12,29 @@ source ../settings/scripts/psql.sh
# Retrieve arguments
domain=$(ynh_app_setting_get $app special_domain)
path=$(ynh_app_setting_get $app special_path)
path_url=$(ynh_app_setting_get $app special_path)
final_path=$(ynh_app_setting_get $app final_path)
synapse_db_pwd=$(ynh_app_setting_get $app synapse_db_pwd)
is_public=$(ynh_app_setting_get $app is_public)
synapse_port=$(ynh_app_setting_get $app synapse_port)
port=$(ynh_app_setting_get $app synapse_port)
synapse_tls_port=$(ynh_app_setting_get $app synapse_tls_port)
turnserver_tls_port=$(ynh_app_setting_get $app turnserver_tls_port)
turnserver_alt_tls_port=$(ynh_app_setting_get $app turnserver_alt_tls_port)
turnserver_pwd=$(ynh_app_setting_get $app turnserver_pwd)
# Check domain/path availability
ynh_webpath_available $domain $path || ynh_die "$domain/$path is not available, please use an other domain."
ynh_webpath_available $domain $path_url || ynh_die "$domain/$path_url is not available, please use an other domain."
# Ouvre le port dans le firewall
yunohost firewall allow --no-upnp TCP $synapse_tls_port > /dev/null 2>&1
yunohost firewall allow --no-upnp Both $turnserver_tls_port > /dev/null 2>&1
yunohost firewall allow --no-upnp Both $turnserver_alt_tls_port > /dev/null 2>&1
# Install all dependances
install_dependances
# Create user
ynh_system_user_create $synapse_user /var/lib/matrix-synapse
ynh_system_user_create $synapse_user /var/lib/matrix-$app
adduser $synapse_user ssl-cert
adduser turnserver ssl-cert
@ -56,19 +58,18 @@ su -c "psql $synapse_db_name" postgres < ${YNH_CWD}/dump.sql
# Enable systemd service
systemctl daemon-reload
systemctl enable matrix-synapse.service
systemctl enable matrix-$app.service
# Configuration de logrotate
ynh_use_logrotate /var/log/matrix-synapse
ynh_use_logrotate /var/log/turnserver
ynh_use_logrotate /var/log/matrix-$app
# Set the permission
set_permission
# register yunohost service
yunohost service add matrix-synapse
yunohost service add matrix-$app
# Reload webserver
# Restart service
systemctl reload nginx.service
systemctl restart matrix-synapse.service
systemctl restart coturn.service
systemctl restart coturn-$app.service
ynh_check_starting "Synapse now listening on port 8448" "matrix-$app" "/var/log/matrix-$app/homeserver.log" 60

62
scripts/upgrade
View file

@ -12,15 +12,17 @@ source ./_common.sh
# Retrieve arguments
domain=$(ynh_app_setting_get $app special_domain)
path=$(ynh_app_setting_get $app special_path)
path_url=$(ynh_app_setting_get $app special_path)
final_path=$(ynh_app_setting_get $app final_path)
synapse_old_version=$(ynh_app_setting_get $app synapse_version)
synapse_db_pwd=$(ynh_app_setting_get $app synapse_db_pwd)
is_public=$(ynh_app_setting_get $app is_public)
synapse_port=$(ynh_app_setting_get $app synapse_port)
port=$(ynh_app_setting_get $app synapse_port)
synapse_tls_port=$(ynh_app_setting_get $app synapse_tls_port)
turnserver_tls_port=$(ynh_app_setting_get $app turnserver_tls_port)
turnserver_alt_tls_port=$(ynh_app_setting_get $app turnserver_alt_tls_port)
turnserver_pwd=$(ynh_app_setting_get $app turnserver_pwd)
cli_port=$(ynh_app_setting_get $app cli_port)
# To be sure that the migration is sucessfull we check that the old synapse version is compatible with the synapse_port_db script.
if [[ -z $synapse_old_version ]] && [[ $(dpkg -l | grep -c -E "ii.*matrix-synapse.*0.25") != 1 ]] && [[ $(dpkg -l | grep -c -E "ii.*matrix-synapse.*0.26") != 1 ]]
@ -28,7 +30,7 @@ then
ynh_die "Update from this synapse version is not available now. You need to wait for the next update."
fi
systemctl stop matrix-synapse.service
systemctl stop matrix-$app.service
if [[ $(ynh_app_setting_get $app disable_backup_before_upgrade) != '1' ]]
then
@ -45,11 +47,11 @@ then
## We move from debian package to new package with python virtualenv
# Change settings
path="/_matrix"
path_url="/_matrix"
domain=$(ynh_app_setting_get $app domain)
final_path="/opt/yunohost/matrix-synapse"
ynh_app_setting_set $app special_domain $domain
ynh_app_setting_set $app special_path $path
ynh_app_setting_set $app special_path $path_url
ynh_app_setting_set $app final_path $final_path
ynh_app_setting_delete $app domain
ynh_app_setting_delete $app path
@ -91,7 +93,8 @@ then
systemctl disable matrix-synapse.service
cp ../conf/default_matrix-synapse /etc/default/matrix-synapse
cp ../conf/matrix-synapse.service /etc/systemd/system/
cp ../conf/matrix-synapse.service /etc/systemd/system/matrix-synapse.service
ynh_replace_string __APP__ $app /etc/systemd/system/matrix-synapse.service
systemctl daemon-reload
systemctl enable matrix-synapse.service
@ -125,23 +128,52 @@ then
deactivate
fi
# If the turnserver log is not ready configured we configure it now
test -e /var/log/turnserver || (mkdir -p /var/log/turnserver && ynh_use_logrotate /var/log/turnserver)
# Disable default config for turnserver and create a new service
if [[ ! -e /etc/matrix-$app/coturn.conf ]]
then
systemctl stop coturn.service
# Set by default the system config for coturn
echo "" > /etc/turnserver.conf
ynh_replace_string "TURNSERVER_ENABLED=1" "TURNSERVER_ENABLED=0" /etc/default/coturn
# Set a port for each service in turnserver
turnserver_alt_tls_port=$(ynh_find_port $((turnserver_tls_port+1)))
cli_port=$(ynh_find_port 5766)
ynh_app_setting_set $app turnserver_alt_tls_port $turnserver_alt_tls_port
ynh_app_setting_set $app cli_port $cli_port
yunohost firewall allow --no-upnp Both $turnserver_alt_tls_port > /dev/null 2>&1
# Configure systemd
cp ../conf/default_coturn /etc/default/coturn-$app
cp ../conf/coturn-synapse.service /etc/systemd/system/coturn-$app.service
ynh_replace_string __APP__ $app /etc/systemd/system/coturn-$app.service
systemctl daemon-reload
systemctl enable coturn-$app.service
# Clean logrotate file for all old instances
ynh_remove_logrotate
ynh_use_logrotate /var/log/matrix-$app
fi
# Fix issue about certificates access
if [[ ! $(grep "ssl-cert:x:[0-9]*:.*matrix-synapse" /etc/group) ]]
if [[ ! $(grep "ssl-cert:x:[0-9]*:.*matrix-$app" /etc/group) ]]
then
adduser $synapse_user ssl-cert
adduser turnserver ssl-cert
fi
test -e /etc/matrix-synapse/dh.pem || cp /etc/yunohost/certs/$domain/dh.pem /etc/matrix-synapse/dh.pem
# If we don't have the dh file in synapse config dir we copy it
test -e /etc/matrix-$app/dh.pem || cp /etc/yunohost/certs/$domain/dh.pem /etc/matrix-$app/dh.pem
# Upgrade manually Synapse
install_source
# Update nginx config
config_nginx
ynh_add_nginx_config
# Configure Synapse
config_synapse
@ -155,7 +187,7 @@ set_permission
# Set new settings
ynh_app_setting_set $app synapse_version $APP_VERSION
# Recharge la configuration Nginx
systemctl reload nginx.service
systemctl start matrix-synapse.service
systemctl restart coturn.service
# Restart service
systemctl restart coturn-$app.service
ynh_check_starting "Synapse now listening on port 8448" "matrix-$app" "/var/log/matrix-$app/homeserver.log" 60