1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/synapse_ynh.git synced 2024-09-03 20:26:38 +02:00

Full upgrade

- Add multi instance support
- Remove offical helper in common.sh
- Improve turnserver config
- Update checkprocess
- Check synapse is fully started before the end script
- Use helper nginx ynh_add_nginx_config
This commit is contained in:
Josué Tille 2018-01-19 22:05:39 +01:00
parent f2611f733d
commit 2473f90c5c
16 changed files with 299 additions and 188 deletions

View file

@ -93,6 +93,17 @@ To solve the issue [#30](https://github.com/YunoHost-Apps/synapse_ynh/issues/30)
`yunohost app setting synapse disable_backup_before_upgrade -v 1` `yunohost app setting synapse disable_backup_before_upgrade -v 1`
Multi instance support
----------------------
To give a possiblity to have multiple domain you can use synapse in multiple instance. In this case all instance will run on differents port so it's really important to use put a SRV record in your domain. You can get the port that your need to put in your SRV record by this following command :
```
yunohost app setting synapse__<instancenumber> synapse_tls_port
```
Before to install a second instance of the app it's really recommend to update all instance already installed.
Migration from old package Migration from old package
-------------------------- --------------------------

View file

@ -3,24 +3,26 @@
# Commentaire ignoré # Commentaire ignoré
; Manifest ; Manifest
domain="domain.tld" (DOMAIN) domain="domain.tld" (DOMAIN)
path="/_matrix" (PATH) path="/_matrix/client/#/login" (PATH)
is_public=1 (PUBLIC|public=1|private=0) is_public=1 (PUBLIC|public=1|private=0)
; Checks ; Checks
pkg_linter=1 pkg_linter=1
setup_sub_dir=0 setup_sub_dir=1
setup_root=0 setup_root=0
setup_nourl=1 setup_nourl=0
setup_private=0 setup_private=0
setup_public=1 setup_public=1
upgrade=1 upgrade=1
upgrade=1 from_commit=a62bce7dbc6bc0e1f1b4e872286ff124747ea009
upgrade=1 from_commit=bfc07c81c1bcac1b939838209bba6934fec35625
backup_restore=1 backup_restore=1
multi_instance=0 multi_instance=1
wrong_user=0 wrong_user=0
wrong_path=1 wrong_path=1
incorrect_path=0 incorrect_path=0
corrupt_source=1 corrupt_source=1
fail_download_source=1 fail_download_source=1
port_already_use=1 (8008) port_already_use=1 (8448)
final_path_already_use=1 final_path_already_use=1
change_url=0 change_url=0
;;; Levels ;;; Levels
@ -34,3 +36,8 @@
Level 8=0 Level 8=0
Level 9=0 Level 9=0
Level 10=0 Level 10=0
;;; Upgrade options
; commit=a62bce7dbc6bc0e1f1b4e872286ff124747ea009
name=Before multi_instance
; commit=bfc07c81c1bcac1b939838209bba6934fec35625
name=Old version package

View file

@ -0,0 +1,27 @@
[Unit]
Description=coturn
Documentation=man:coturn(1) man:turnadmin(1) man:turnserver(1)
After=syslog.target network.target
[Service]
User=turnserver
Group=turnserver
Type=forking
EnvironmentFile=/etc/default/coturn-__APP__
PIDFile=/var/run/coturn-__APP__/turnserver.pid
RuntimeDirectory=coturn-__APP__
RuntimeDirectoryMode=0755
ExecStart=/usr/bin/turnserver -o -c /etc/matrix-__APP__/coturn.conf $EXTRA_OPTIONS
ExecStopPost=/bin/rm -f /var/run/coturn-__APP__/turnserver.pid
Restart=on-abort
LimitCORE=infinity
LimitNOFILE=999999
LimitNPROC=60000
LimitRTPRIO=infinity
LimitRTTIME=7000000
CPUSchedulingPolicy=other
UMask=0007
[Install]
WantedBy=multi-user.target

View file

@ -10,7 +10,7 @@ tls_certificate_path: "/etc/yunohost/certs/__DOMAIN__/crt.pem"
tls_private_key_path: "/etc/yunohost/certs/__DOMAIN__/key.pem" tls_private_key_path: "/etc/yunohost/certs/__DOMAIN__/key.pem"
# PEM dh parameters for ephemeral keys # PEM dh parameters for ephemeral keys
tls_dh_params_path: "/etc/matrix-synapse/dh.pem" tls_dh_params_path: "/etc/matrix-__APP__/dh.pem"
# Don't bind to the https port # Don't bind to the https port
no_tls: False no_tls: False
@ -20,7 +20,7 @@ no_tls: False
server_name: "__DOMAIN__" server_name: "__DOMAIN__"
# When running as a daemon, the file to store the pid in # When running as a daemon, the file to store the pid in
pid_file: "/var/run/matrix-synapse.pid" pid_file: "/var/run/matrix-__APP__.pid"
# Whether to serve a web client from the HTTP/HTTPS root resource. # Whether to serve a web client from the HTTP/HTTPS root resource.
web_client: False web_client: False
@ -113,7 +113,7 @@ database:
args: args:
user: __SYNAPSE_DB_USER__ user: __SYNAPSE_DB_USER__
password: __SYNAPSE_DB_PWD__ password: __SYNAPSE_DB_PWD__
database: matrix_synapse database: matrix___APP__
host: localhost host: localhost
cp_min: 5 cp_min: 5
cp_max: 10 cp_max: 10
@ -123,7 +123,7 @@ event_cache_size: "10K"
# A yaml python logging config file # A yaml python logging config file
log_config: "/etc/matrix-synapse/log.yaml" log_config: "/etc/matrix-__APP__/log.yaml"
# Stop twisted from discarding the stack traces of exceptions in # Stop twisted from discarding the stack traces of exceptions in
# deferreds by waiting a reactor tick before running a deferred's # deferreds by waiting a reactor tick before running a deferred's
@ -161,7 +161,7 @@ federation_rc_concurrent: 3
# Directory where uploaded images and attachments are stored. # Directory where uploaded images and attachments are stored.
media_store_path: "/var/lib/matrix-synapse/media" media_store_path: "/var/lib/matrix-__APP__/media"
# The largest allowed upload size in bytes # The largest allowed upload size in bytes
max_upload_size: "10M" max_upload_size: "10M"
@ -353,7 +353,7 @@ expire_access_token: False
## Signing Keys ## ## Signing Keys ##
# Path to the signing key to sign messages with # Path to the signing key to sign messages with
signing_key_path: "/etc/matrix-synapse/homeserver.signing.key" signing_key_path: "/etc/matrix-__APP__/homeserver.signing.key"
# The keys that the server used to sign messages with but won't use # The keys that the server used to sign messages with but won't use
# to sign new messages. E.g. it has lost its private key # to sign new messages. E.g. it has lost its private key

View file

@ -14,7 +14,7 @@ handlers:
file: file:
class: logging.handlers.RotatingFileHandler class: logging.handlers.RotatingFileHandler
formatter: precise formatter: precise
filename: /var/log/matrix-synapse/homeserver.log filename: /var/log/matrix-__APP__/homeserver.log
maxBytes: 104857600 maxBytes: 104857600
backupCount: 10 backupCount: 10
filters: [context] filters: [context]

View file

@ -3,11 +3,11 @@ Description=Synapse Matrix homeserver
[Service] [Service]
Type=simple Type=simple
User=matrix-synapse User=matrix-__APP__
WorkingDirectory=/var/lib/matrix-synapse WorkingDirectory=/var/lib/matrix-__APP__
EnvironmentFile=/etc/default/matrix-synapse EnvironmentFile=/etc/default/matrix-__APP__
ExecStartPre=/opt/yunohost/matrix-synapse/bin/python -m synapse.app.homeserver --config-path=/etc/matrix-synapse/homeserver.yaml --config-path=/etc/matrix-synapse/conf.d/ --generate-keys ExecStartPre=/opt/yunohost/matrix-__APP__/bin/python -m synapse.app.homeserver --config-path=/etc/matrix-__APP__/homeserver.yaml --config-path=/etc/matrix-__APP__/conf.d/ --generate-keys
ExecStart=/opt/yunohost/matrix-synapse/bin/python -m synapse.app.homeserver --config-path=/etc/matrix-synapse/homeserver.yaml --config-path=/etc/matrix-synapse/conf.d/ ExecStart=/opt/yunohost/matrix-__APP__/bin/python -m synapse.app.homeserver --config-path=/etc/matrix-__APP__/homeserver.yaml --config-path=/etc/matrix-__APP__/conf.d/
Restart=always Restart=always
RestartSec=3 RestartSec=3

View file

@ -5,10 +5,17 @@ realm=__DOMAIN__
no-stun no-stun
tls-listening-port=__TLS_PORT__ tls-listening-port=__TLS_PORT__
alt-tls-listening-port=__TLS_ALT_PORT__
cli-port=__CLI_PORT__
cert=/etc/yunohost/certs/__DOMAIN__/crt.pem cert=/etc/yunohost/certs/__DOMAIN__/crt.pem
pkey=/etc/yunohost/certs/__DOMAIN__/key.pem pkey=/etc/yunohost/certs/__DOMAIN__/key.pem
dh-file=/etc/yunohost/certs/__DOMAIN__/dh.pem dh-file=/etc/matrix-__APP__/dh.pem
no-sslv2 no-sslv2
no-sslv3 no-sslv3
no-udp
no-tcp
log-file=/var/log/matrix-__APP__/turnserver.log
pidfile="/var/run/coturn-__APP__/turnserver.pid"

View file

@ -40,7 +40,7 @@ deactivate () {
# unset irrelevant variables # unset irrelevant variables
deactivate nondestructive deactivate nondestructive
VIRTUAL_ENV="/opt/yunohost/matrix-synapse" VIRTUAL_ENV="__FINAL_PATH__"
export VIRTUAL_ENV export VIRTUAL_ENV
_OLD_VIRTUAL_PATH="$PATH" _OLD_VIRTUAL_PATH="$PATH"

View file

@ -3,7 +3,7 @@
"id": "synapse", "id": "synapse",
"packaging_format": 1, "packaging_format": 1,
"requirements": { "requirements": {
"yunohost": ">= 2.7.2" "yunohost": ">= 2.7.7"
}, },
"description": { "description": {
"en": "Instant messaging server who use matrix", "en": "Instant messaging server who use matrix",
@ -16,7 +16,7 @@
"name": "Josué Tille", "name": "Josué Tille",
"email": "josue@tille.ch" "email": "josue@tille.ch"
}, },
"multi_instance": false, "multi_instance": true,
"services": [ "services": [
"nginx" "nginx"
], ],

View file

@ -2,9 +2,9 @@
# Retrieve arguments # Retrieve arguments
app=$YNH_APP_INSTANCE_NAME app=$YNH_APP_INSTANCE_NAME
synapse_user="matrix-synapse" synapse_user="matrix-$app"
synapse_db_name="matrix_synapse" synapse_db_name="matrix_$app"
synapse_db_user="matrix_synapse" synapse_db_user="matrix_$app"
get_app_version_from_json() { get_app_version_from_json() {
manifest_path="../manifest.json" manifest_path="../manifest.json"
@ -23,21 +23,21 @@ install_dependances() {
setup_dir() { setup_dir() {
# Create empty dir for synapse # Create empty dir for synapse
mkdir -p /var/lib/matrix-synapse mkdir -p /var/lib/matrix-$app
mkdir -p /var/log/matrix-synapse mkdir -p /var/log/matrix-$app
mkdir -p /var/log/turnserver mkdir -p /etc/matrix-$app/conf.d
mkdir -p /etc/matrix-synapse/conf.d
mkdir -p $final_path mkdir -p $final_path
} }
set_permission() { set_permission() {
# Set permission # Set permission
chown $synapse_user:root -R $final_path chown $synapse_user:root -R $final_path
chown $synapse_user:root -R /var/lib/matrix-synapse chown $synapse_user:root -R /var/lib/matrix-$app
chown $synapse_user:root -R /var/log/matrix-synapse chown $synapse_user:root -R /var/log/matrix-$app
chown turnserver:root -R /var/log/turnserver chown $synapse_user:root -R /etc/matrix-$app
chown $synapse_user:root -R /etc/matrix-synapse chmod 600 /etc/matrix-$app/dh.pem
chmod 600 /etc/matrix-synapse/dh.pem setfacl -R -m user:turnserver:rx /etc/matrix-$app
setfacl -R -m user:turnserver:rwx /var/log/matrix-$app
} }
install_source() { install_source() {
@ -51,6 +51,7 @@ install_source() {
# Install synapse in virtualenv # Install synapse in virtualenv
PS1="" PS1=""
cp ../conf/virtualenv_activate $final_path/bin/activate cp ../conf/virtualenv_activate $final_path/bin/activate
ynh_replace_string __FINAL_PATH__ $final_path $final_path/bin/activate
source $final_path/bin/activate source $final_path/bin/activate
pip install --upgrade pip pip install --upgrade pip
pip install --upgrade setuptools pip install --upgrade setuptools
@ -66,42 +67,46 @@ install_source() {
fi fi
} }
config_nginx() {
cp ../conf/nginx.conf /etc/nginx/conf.d/$domain.d/$app.conf
ynh_replace_string __PATH__ $path /etc/nginx/conf.d/$domain.d/$app.conf
ynh_replace_string __PORT__ $synapse_port /etc/nginx/conf.d/$domain.d/$app.conf
systemctl reload nginx.service
}
config_synapse() { config_synapse() {
cp ../conf/homeserver.yaml /etc/matrix-synapse/homeserver.yaml ynh_backup_if_checksum_is_different /etc/matrix-$app/homeserver.yaml
cp ../conf/log.yaml /etc/matrix-synapse/log.yaml ynh_backup_if_checksum_is_different /etc/matrix-$app/log.yaml
cp ../conf/homeserver.yaml /etc/matrix-$app/homeserver.yaml
cp ../conf/log.yaml /etc/matrix-$app/log.yaml
ynh_replace_string __DOMAIN__ $domain /etc/matrix-synapse/homeserver.yaml ynh_replace_string __APP__ $app /etc/matrix-$app/homeserver.yaml
ynh_replace_string __SYNAPSE_DB_USER__ $synapse_db_user /etc/matrix-synapse/homeserver.yaml ynh_replace_string __DOMAIN__ $domain /etc/matrix-$app/homeserver.yaml
ynh_replace_string __SYNAPSE_DB_PWD__ $synapse_db_pwd /etc/matrix-synapse/homeserver.yaml ynh_replace_string __SYNAPSE_DB_USER__ $synapse_db_user /etc/matrix-$app/homeserver.yaml
ynh_replace_string __PORT__ $synapse_port /etc/matrix-synapse/homeserver.yaml ynh_replace_string __SYNAPSE_DB_PWD__ $synapse_db_pwd /etc/matrix-$app/homeserver.yaml
ynh_replace_string __TLS_PORT__ $synapse_tls_port /etc/matrix-synapse/homeserver.yaml ynh_replace_string __PORT__ $port /etc/matrix-$app/homeserver.yaml
ynh_replace_string __TURNSERVER_TLS_PORT__ $turnserver_tls_port /etc/matrix-synapse/homeserver.yaml ynh_replace_string __TLS_PORT__ $synapse_tls_port /etc/matrix-$app/homeserver.yaml
ynh_replace_string __TURNPWD__ $turnserver_pwd /etc/matrix-synapse/homeserver.yaml ynh_replace_string __TURNSERVER_TLS_PORT__ $turnserver_tls_port /etc/matrix-$app/homeserver.yaml
ynh_replace_string __TURNPWD__ $turnserver_pwd /etc/matrix-$app/homeserver.yaml
ynh_replace_string __APP__ $app /etc/matrix-$app/log.yaml
if [ "$is_public" = "0" ] if [ "$is_public" = "0" ]
then then
ynh_replace_string __ALLOWED_ACCESS__ False /etc/matrix-synapse/homeserver.yaml ynh_replace_string __ALLOWED_ACCESS__ False /etc/matrix-$app/homeserver.yaml
else else
ynh_replace_string __ALLOWED_ACCESS__ True /etc/matrix-synapse/homeserver.yaml ynh_replace_string __ALLOWED_ACCESS__ True /etc/matrix-$app/homeserver.yaml
fi fi
ynh_store_file_checksum /etc/matrix-$app/homeserver.yaml
ynh_store_file_checksum /etc/matrix-$app/log.yaml
} }
config_coturn() { config_coturn() {
cp ../conf/default_coturn /etc/default/coturn ynh_backup_if_checksum_is_different /etc/matrix-$app/coturn.conf
cp ../conf/turnserver.conf /etc/turnserver.conf cp ../conf/turnserver.conf /etc/matrix-$app/coturn.conf
ynh_replace_string __TURNPWD__ $turnserver_pwd /etc/turnserver.conf ynh_replace_string __APP__ $app /etc/matrix-$app/coturn.conf
ynh_replace_string __DOMAIN__ $domain /etc/turnserver.conf ynh_replace_string __TURNPWD__ $turnserver_pwd /etc/matrix-$app/coturn.conf
ynh_replace_string __TLS_PORT__ $turnserver_tls_port /etc/turnserver.conf ynh_replace_string __DOMAIN__ $domain /etc/matrix-$app/coturn.conf
ynh_replace_string __TLS_PORT__ $turnserver_tls_port /etc/matrix-$app/coturn.conf
ynh_replace_string __TLS_ALT_PORT__ $turnserver_alt_tls_port /etc/matrix-$app/coturn.conf
ynh_replace_string __CLI_PORT__ $cli_port /etc/matrix-$app/coturn.conf
ynh_store_file_checksum /etc/matrix-$app/coturn.conf
} }
####### Solve issue https://dev.yunohost.org/issues/1006 ####### Solve issue https://dev.yunohost.org/issues/1006
@ -147,59 +152,68 @@ ynh_package_install_from_equivs () {
ynh_package_is_installed "$pkgname" ynh_package_is_installed "$pkgname"
} }
# Implement PR : https://github.com/YunoHost/yunohost/pull/392 # Start or restart a service and follow its booting
#
# usage: ynh_check_starting "Line to match" [service name] [Log file] [Timeout]
#
# | arg: Line to match - The line to find in the log to attest the service have finished to boot.
# | arg: Log file - The log file to watch
# /var/log/$app/$app.log will be used if no other log is defined.
# | arg: Timeout - The maximum time to wait before ending the watching. Defaut 300 seconds.
ynh_check_starting () {
local line_to_match="$1"
local service_name="${2:-$app}"
local app_log="${3:-/var/log/$app/$app.log}"
local timeout=${4:-300}
# Use logrotate to manage the logfile ynh_clean_check_starting () {
# # Stop the execution of tail.
# usage: ynh_use_logrotate [logfile] [--non-append] kill -s 15 $pid_tail 2>&1
# | arg: logfile - absolute path of logfile ynh_secure_remove "$templog" 2>&1
# | option: --non-append - Replace the config file instead of appending this new config. }
#
# If no argument provided, a standard directory will be use. /var/log/${app} echo "Starting of $service_name" >&2
# You can provide a path with the directory only or with the logfile. systemctl restart $service_name
# /parentdir/logdir
# /parentdir/logdir/logfile.log local i=0
# local templog="$(mktemp)"
# It's possible to use this helper several times, each config will be added to the same logrotate config file.
# Unless you use the option --non-append # Wait if the log file don't exist
ynh_use_logrotate () { if [[ ! -e $app_log ]]
local customtee="tee -a" then
if [ $# -gt 0 ] && [ "$1" == "--non-append" ]; then for i in $(seq 1 $timeout)
customtee="tee" do
# Destroy this argument for the next command. if [[ -e $app_log ]]
shift then
elif [ $# -gt 1 ] && [ "$2" == "--non-append" ]; then cat $app_log > "$templog"
customtee="tee" break
fi fi
if [ $# -gt 0 ]; then echo -n "." >&2
if [ "$(echo ${1##*.})" == "log" ]; then # Keep only the extension to check if it's a logfile sleep 1
logfile=$1 # In this case, focus logrotate on the logfile done
else
logfile=$1/*.log # Else, uses the directory and all logfile into it.
fi fi
else
logfile="/var/log/${app}/*.log" # Without argument, use a defaut directory in /var/log # Following the starting of the app in its log
tail -f -n1 "$app_log" >> "$templog" &
# Get the PID of the tail command
local pid_tail=$!
for i in $(seq $i $timeout)
do
# Read the log until the sentence is found, that means the app finished to start. Or run until the timeout
if grep --quiet "$line_to_match" "$templog"
then
echo "The service $service_name has correctly started." >&2
break
fi fi
cat > ./${app}-logrotate << EOF # Build a config file for logrotate echo -n "." >&2
$logfile { sleep 1
# Rotate if the logfile exceeds 100Mo done
size 100M if [ $i -eq $timeout ]
# Keep 12 old log maximum then
rotate 12 echo "The service $service_name didn't fully started before the timeout." >&2
# Compress the logs with gzip fi
compress
# Compress the log at the next cycle. So keep always 2 non compressed logs echo ""
delaycompress ynh_clean_check_starting
# Copy and truncate the log to allow to continue write on it. Instead of move the log.
copytruncate
# Do not do an error if the log is missing
missingok
# Not rotate if the log is empty
notifempty
# Keep old logs in the same dir
noolddir
}
EOF
sudo mkdir -p $(dirname "$logfile") # Create the log directory, if not exist
cat ${app}-logrotate | sudo $customtee /etc/logrotate.d/$app > /dev/null # Append this config to the existing config file, or replace the whole config file (depending on $customtee)
} }

View file

@ -12,31 +12,32 @@ source ../settings/scripts/psql.sh
# Retrieve arguments # Retrieve arguments
domain=$(ynh_app_setting_get $app special_domain) domain=$(ynh_app_setting_get $app special_domain)
final_path="/opt/yunohost/matrix-synapse" final_path="/opt/yunohost/matrix-$app"
# Copy Nginx config # Copy Nginx config
ynh_backup "/etc/nginx/conf.d/${domain}.d/${app}.conf" "nginx.conf" ynh_backup "/etc/nginx/conf.d/${domain}.d/${app}.conf" "nginx.conf"
# Backup synapse config # Backup synapse config
ynh_backup "/etc/matrix-synapse" "synapse_config" ynh_backup "/etc/matrix-$app" "synapse_config"
# Backup coturn server # Backup coturn server
ynh_backup "/etc/turnserver.conf" "coturn_config" ynh_backup "/etc/turnserver.conf" "coturn_config"
ynh_backup "/etc/default/coturn" "coturn_config_default" ynh_backup "/etc/default/coturn" "coturn_config_default"
# Backup synapse database # Backup synapse database
ynh_backup "/var/lib/matrix-synapse" "data" 1 ynh_backup "/var/lib/matrix-$app" "data" 1
# Backup Postgresql database # Backup Postgresql database
sudo su -c "pg_dump $synapse_db_name" postgres > ${YNH_CWD}/dump.sql sudo su -c "pg_dump $synapse_db_name" postgres > ${YNH_CWD}/dump.sql
# Copy the logs # Copy the logs
ynh_backup "/var/log/matrix-synapse" "log" ynh_backup "/var/log/matrix-$app" "log"
ynh_backup "/var/log/turnserver" "log_turnserver"
# Backup systemd service # Backup systemd service
ynh_backup "/etc/default/matrix-synapse" ynh_backup "/etc/default/matrix-$app"
ynh_backup "/etc/systemd/system/matrix-synapse.service" ynh_backup "/etc/systemd/system/matrix-$app.service"
ynh_backup "/etc/default/coturn-$app"
ynh_backup "/etc/systemd/system/coturn-$app.service"
# Backup synapse binary # Backup synapse binary
ynh_backup "$final_path" "bin" ynh_backup "$final_path" "bin"

View file

@ -13,27 +13,26 @@ source ./_common.sh
# Retrieve arguments # Retrieve arguments
domain=$YNH_APP_ARG_DOMAIN domain=$YNH_APP_ARG_DOMAIN
is_public=$YNH_APP_ARG_IS_PUBLIC is_public=$YNH_APP_ARG_IS_PUBLIC
path="/_matrix" path_url="/_matrix"
final_path="/opt/yunohost/matrix-synapse" final_path="/opt/yunohost/matrix-$app"
# Check domain/path availability # Check domain/path availability
test $(ynh_webpath_available $domain $path) == 'True' || ynh_die "$domain$path is not available, please use an other domain." test $(ynh_webpath_available $domain $path_url) == 'True' || ynh_die "$domain is not available as domain, please use an other domain."
test ! -e "/etc/nginx/conf.d/$domain.d/synapse*.conf" || ynh_die "$domain is not available as domain, please use an other domain."
# Check Final Path availability # Check Final Path availability
test ! -e "$final_path" || ynh_die "This path already contains a folder" test ! -e "$final_path" || ynh_die "This path already contains a folder"
# Ouvre le port dans le firewall # Ouvre le port dans le firewall
synapse_tls_port=$(ynh_find_port 8448) synapse_tls_port=$(ynh_find_port 8448)
synapse_port=$(ynh_find_port 8008) port=$(ynh_find_port 8008)
turnserver_tls_port=$(ynh_find_port 5349) turnserver_tls_port=$(ynh_find_port 5349)
turnserver_alt_tls_port=$(ynh_find_port $((turnserver_tls_port+1)))
cli_port=$(ynh_find_port 5766)
yunohost firewall allow --no-upnp TCP $synapse_tls_port > /dev/null 2>&1 yunohost firewall allow --no-upnp TCP $synapse_tls_port > /dev/null 2>&1
yunohost firewall allow --no-upnp Both $turnserver_tls_port > /dev/null 2>&1 yunohost firewall allow --no-upnp Both $turnserver_tls_port > /dev/null 2>&1
yunohost firewall allow --no-upnp Both $turnserver_alt_tls_port > /dev/null 2>&1
# Make dh cert for synapse if it not exist
test ! -e /etc/matrix-synapse/dh.pem && \
mkdir -p /etc/matrix-synapse && \
openssl dhparam -out /etc/matrix-synapse/dh.pem 2048 > /dev/null
# Find password for turnserver and database # Find password for turnserver and database
turnserver_pwd=$(ynh_string_random 30) turnserver_pwd=$(ynh_string_random 30)
@ -41,21 +40,28 @@ synapse_db_pwd=$(ynh_string_random 30)
# Enregistre les infos dans la config YunoHost # Enregistre les infos dans la config YunoHost
ynh_app_setting_set $app special_domain $domain ynh_app_setting_set $app special_domain $domain
ynh_app_setting_set $app special_path $path ynh_app_setting_set $app special_path $path_url
ynh_app_setting_set $app final_path $final_path ynh_app_setting_set $app final_path $final_path
ynh_app_setting_set $app synapse_version $APP_VERSION ynh_app_setting_set $app synapse_version $APP_VERSION
ynh_app_setting_set $app synapse_db_pwd $synapse_db_pwd ynh_app_setting_set $app synapse_db_pwd $synapse_db_pwd
ynh_app_setting_set $app is_public $is_public ynh_app_setting_set $app is_public $is_public
ynh_app_setting_set $app synapse_port $synapse_port ynh_app_setting_set $app synapse_port $port
ynh_app_setting_set $app synapse_tls_port $synapse_tls_port ynh_app_setting_set $app synapse_tls_port $synapse_tls_port
ynh_app_setting_set $app turnserver_tls_port $turnserver_tls_port ynh_app_setting_set $app turnserver_tls_port $turnserver_tls_port
ynh_app_setting_set $app turnserver_alt_tls_port $turnserver_alt_tls_port
ynh_app_setting_set $app turnserver_pwd $turnserver_pwd ynh_app_setting_set $app turnserver_pwd $turnserver_pwd
ynh_app_setting_set $app cli_port $cli_port
# Make dh cert for synapse if it not exist
test ! -e /etc/matrix-$app/dh.pem && \
mkdir -p /etc/matrix-$app && \
openssl dhparam -out /etc/matrix-$app/dh.pem 2048 > /dev/null
# Install all dependances # Install all dependances
install_dependances install_dependances
# Create user # Create user
ynh_system_user_create $synapse_user /var/lib/matrix-synapse ynh_system_user_create $synapse_user /var/lib/matrix-$app
adduser $synapse_user ssl-cert adduser $synapse_user ssl-cert
adduser turnserver ssl-cert adduser turnserver ssl-cert
@ -74,14 +80,21 @@ cp ../conf/add_sso_conf.py $final_path
cp ../conf/remove_sso_conf.py $final_path cp ../conf/remove_sso_conf.py $final_path
python $final_path/add_sso_conf.py python $final_path/add_sso_conf.py
# Create systemd service # Create systemd service for synapse and turnserver
cp ../conf/default_matrix-synapse /etc/default/matrix-synapse cp ../conf/default_matrix-synapse /etc/default/matrix-$app
cp ../conf/matrix-synapse.service /etc/systemd/system/ cp ../conf/matrix-synapse.service /etc/systemd/system/matrix-$app.service
ynh_replace_string __APP__ $app /etc/systemd/system/matrix-$app.service
cp ../conf/default_coturn /etc/default/coturn-$app
cp ../conf/coturn-synapse.service /etc/systemd/system/coturn-$app.service
ynh_replace_string __APP__ $app /etc/systemd/system/coturn-$app.service
systemctl daemon-reload systemctl daemon-reload
systemctl enable matrix-synapse.service systemctl enable matrix-$app.service
systemctl enable coturn-$app.service
# Config nginx # Config nginx
config_nginx ynh_add_nginx_config
# Configure Synapse # Configure Synapse
config_synapse config_synapse
@ -90,15 +103,14 @@ config_synapse
config_coturn config_coturn
# Configuration de logrotate # Configuration de logrotate
ynh_use_logrotate /var/log/matrix-synapse ynh_use_logrotate /var/log/matrix-$app
ynh_use_logrotate /var/log/turnserver
# Set Permission for all directory # Set Permission for all directory
set_permission set_permission
# register yunohost service # register yunohost service
yunohost service add matrix-synapse yunohost service add matrix-$app
# Recharge la configuration Nginx # Reload service
systemctl restart matrix-synapse.service systemctl restart coturn-$app.service
systemctl restart coturn.service ynh_check_starting "Synapse now listening on port 8448" "matrix-$app" "/var/log/matrix-$app/homeserver.log" 60

View file

@ -117,7 +117,6 @@ ynh_psql_drop_user() {
su --command="dropuser \"${user}\"" postgres su --command="dropuser \"${user}\"" postgres
} }
ynh_psql_test_if_first_run() { ynh_psql_test_if_first_run() {
if [ -f /etc/yunohost/psql ]; if [ -f /etc/yunohost/psql ];
then then

View file

@ -15,20 +15,17 @@ domain=$(ynh_app_setting_get $app special_domain)
final_path=$(ynh_app_setting_get $app final_path) final_path=$(ynh_app_setting_get $app final_path)
synapse_tls_port=$(ynh_app_setting_get $app synapse_tls_port) synapse_tls_port=$(ynh_app_setting_get $app synapse_tls_port)
turnserver_tls_port=$(ynh_app_setting_get $app turnserver_tls_port) turnserver_tls_port=$(ynh_app_setting_get $app turnserver_tls_port)
turnserver_alt_tls_port=$(ynh_app_setting_get $app turnserver_alt_tls_port)
systemctl stop matrix-synapse.service || true systemctl stop matrix-$YNH_APP_INSTANCE_NAME.service || true
systemctl stop coturn.service || true systemctl stop coturn-$app.service || true
# Suppression de la configuration nginx
ynh_secure_remove "/etc/nginx/conf.d/$domain.d/$app.conf"
systemctl reload nginx.service
# Close firewall ports # Close firewall ports
closeport() { closeport() {
if yunohost firewall list | grep -q "\- $port$" if yunohost firewall list | grep -q "\- $port$"
then then
echo "Close port $port" echo "Close port $port"
yunohost firewall disallow TCP $port > /dev/null yunohost firewall disallow Both $port > /dev/null
fi fi
} }
@ -36,6 +33,8 @@ port=$synapse_tls_port
closeport closeport
port=$turnserver_tls_port port=$turnserver_tls_port
closeport closeport
port=$turnserver_alt_tls_port
closeport
# Remove the skipped url # Remove the skipped url
python $final_path/remove_sso_conf.py python $final_path/remove_sso_conf.py
@ -45,29 +44,30 @@ ynh_remove_app_dependencies || true
# Clean all directory # Clean all directory
ynh_secure_remove $final_path ynh_secure_remove $final_path
ynh_secure_remove /var/lib/matrix-synapse ynh_secure_remove /var/lib/matrix-$YNH_APP_INSTANCE_NAME
ynh_secure_remove /var/log/matrix-synapse ynh_secure_remove /var/log/matrix-$YNH_APP_INSTANCE_NAME
ynh_secure_remove /var/log/turnserver ynh_secure_remove /etc/matrix-$YNH_APP_INSTANCE_NAME
ynh_secure_remove /etc/matrix-synapse ynh_secure_remove /etc/default/matrix-$YNH_APP_INSTANCE_NAME
ynh_secure_remove /etc/default/matrix-synapse ynh_secure_remove /etc/default/coturn-$YNH_APP_INSTANCE_NAME
# Remove nginx config
ynh_remove_nginx_config
# Remove systemd service # Remove systemd service
systemctl disable matrix-synapse.service systemctl disable matrix-$YNH_APP_INSTANCE_NAME.service
ynh_secure_remove /etc/systemd/system/matrix-synapse.service systemctl disable coturn-$YNH_APP_INSTANCE_NAME.service
ynh_secure_remove /etc/systemd/system/matrix-$YNH_APP_INSTANCE_NAME.service
ynh_secure_remove /etc/systemd/system/coturn-$app.service
systemctl daemon-reload systemctl daemon-reload
# Remove database and user # Remove database and user
ynh_psql_remove_db $synapse_db_name $synapse_db_user ynh_psql_remove_db $synapse_db_name $synapse_db_user
# Remove user # Remove user
ynh_system_user_delete matrix-synapse ynh_system_user_delete matrix-$YNH_APP_INSTANCE_NAME
# Remove logrotate # Remove logrotate
ynh_remove_logrotate ynh_remove_logrotate
# Remove Monitoring # Remove Monitoring
yunohost service remove matrix-synapse yunohost service remove matrix-$YNH_APP_INSTANCE_NAME
# Reload nginx
systemctl reload nginx.service

View file

@ -12,27 +12,29 @@ source ../settings/scripts/psql.sh
# Retrieve arguments # Retrieve arguments
domain=$(ynh_app_setting_get $app special_domain) domain=$(ynh_app_setting_get $app special_domain)
path=$(ynh_app_setting_get $app special_path) path_url=$(ynh_app_setting_get $app special_path)
final_path=$(ynh_app_setting_get $app final_path) final_path=$(ynh_app_setting_get $app final_path)
synapse_db_pwd=$(ynh_app_setting_get $app synapse_db_pwd) synapse_db_pwd=$(ynh_app_setting_get $app synapse_db_pwd)
is_public=$(ynh_app_setting_get $app is_public) is_public=$(ynh_app_setting_get $app is_public)
synapse_port=$(ynh_app_setting_get $app synapse_port) port=$(ynh_app_setting_get $app synapse_port)
synapse_tls_port=$(ynh_app_setting_get $app synapse_tls_port) synapse_tls_port=$(ynh_app_setting_get $app synapse_tls_port)
turnserver_tls_port=$(ynh_app_setting_get $app turnserver_tls_port) turnserver_tls_port=$(ynh_app_setting_get $app turnserver_tls_port)
turnserver_alt_tls_port=$(ynh_app_setting_get $app turnserver_alt_tls_port)
turnserver_pwd=$(ynh_app_setting_get $app turnserver_pwd) turnserver_pwd=$(ynh_app_setting_get $app turnserver_pwd)
# Check domain/path availability # Check domain/path availability
ynh_webpath_available $domain $path || ynh_die "$domain/$path is not available, please use an other domain." ynh_webpath_available $domain $path_url || ynh_die "$domain/$path_url is not available, please use an other domain."
# Ouvre le port dans le firewall # Ouvre le port dans le firewall
yunohost firewall allow --no-upnp TCP $synapse_tls_port > /dev/null 2>&1 yunohost firewall allow --no-upnp TCP $synapse_tls_port > /dev/null 2>&1
yunohost firewall allow --no-upnp Both $turnserver_tls_port > /dev/null 2>&1 yunohost firewall allow --no-upnp Both $turnserver_tls_port > /dev/null 2>&1
yunohost firewall allow --no-upnp Both $turnserver_alt_tls_port > /dev/null 2>&1
# Install all dependances # Install all dependances
install_dependances install_dependances
# Create user # Create user
ynh_system_user_create $synapse_user /var/lib/matrix-synapse ynh_system_user_create $synapse_user /var/lib/matrix-$app
adduser $synapse_user ssl-cert adduser $synapse_user ssl-cert
adduser turnserver ssl-cert adduser turnserver ssl-cert
@ -56,19 +58,18 @@ su -c "psql $synapse_db_name" postgres < ${YNH_CWD}/dump.sql
# Enable systemd service # Enable systemd service
systemctl daemon-reload systemctl daemon-reload
systemctl enable matrix-synapse.service systemctl enable matrix-$app.service
# Configuration de logrotate # Configuration de logrotate
ynh_use_logrotate /var/log/matrix-synapse ynh_use_logrotate /var/log/matrix-$app
ynh_use_logrotate /var/log/turnserver
# Set the permission # Set the permission
set_permission set_permission
# register yunohost service # register yunohost service
yunohost service add matrix-synapse yunohost service add matrix-$app
# Reload webserver # Restart service
systemctl reload nginx.service systemctl reload nginx.service
systemctl restart matrix-synapse.service systemctl restart coturn-$app.service
systemctl restart coturn.service ynh_check_starting "Synapse now listening on port 8448" "matrix-$app" "/var/log/matrix-$app/homeserver.log" 60

View file

@ -12,15 +12,17 @@ source ./_common.sh
# Retrieve arguments # Retrieve arguments
domain=$(ynh_app_setting_get $app special_domain) domain=$(ynh_app_setting_get $app special_domain)
path=$(ynh_app_setting_get $app special_path) path_url=$(ynh_app_setting_get $app special_path)
final_path=$(ynh_app_setting_get $app final_path) final_path=$(ynh_app_setting_get $app final_path)
synapse_old_version=$(ynh_app_setting_get $app synapse_version) synapse_old_version=$(ynh_app_setting_get $app synapse_version)
synapse_db_pwd=$(ynh_app_setting_get $app synapse_db_pwd) synapse_db_pwd=$(ynh_app_setting_get $app synapse_db_pwd)
is_public=$(ynh_app_setting_get $app is_public) is_public=$(ynh_app_setting_get $app is_public)
synapse_port=$(ynh_app_setting_get $app synapse_port) port=$(ynh_app_setting_get $app synapse_port)
synapse_tls_port=$(ynh_app_setting_get $app synapse_tls_port) synapse_tls_port=$(ynh_app_setting_get $app synapse_tls_port)
turnserver_tls_port=$(ynh_app_setting_get $app turnserver_tls_port) turnserver_tls_port=$(ynh_app_setting_get $app turnserver_tls_port)
turnserver_alt_tls_port=$(ynh_app_setting_get $app turnserver_alt_tls_port)
turnserver_pwd=$(ynh_app_setting_get $app turnserver_pwd) turnserver_pwd=$(ynh_app_setting_get $app turnserver_pwd)
cli_port=$(ynh_app_setting_get $app cli_port)
# To be sure that the migration is sucessfull we check that the old synapse version is compatible with the synapse_port_db script. # To be sure that the migration is sucessfull we check that the old synapse version is compatible with the synapse_port_db script.
if [[ -z $synapse_old_version ]] && [[ $(dpkg -l | grep -c -E "ii.*matrix-synapse.*0.25") != 1 ]] && [[ $(dpkg -l | grep -c -E "ii.*matrix-synapse.*0.26") != 1 ]] if [[ -z $synapse_old_version ]] && [[ $(dpkg -l | grep -c -E "ii.*matrix-synapse.*0.25") != 1 ]] && [[ $(dpkg -l | grep -c -E "ii.*matrix-synapse.*0.26") != 1 ]]
@ -28,7 +30,7 @@ then
ynh_die "Update from this synapse version is not available now. You need to wait for the next update." ynh_die "Update from this synapse version is not available now. You need to wait for the next update."
fi fi
systemctl stop matrix-synapse.service systemctl stop matrix-$app.service
if [[ $(ynh_app_setting_get $app disable_backup_before_upgrade) != '1' ]] if [[ $(ynh_app_setting_get $app disable_backup_before_upgrade) != '1' ]]
then then
@ -45,11 +47,11 @@ then
## We move from debian package to new package with python virtualenv ## We move from debian package to new package with python virtualenv
# Change settings # Change settings
path="/_matrix" path_url="/_matrix"
domain=$(ynh_app_setting_get $app domain) domain=$(ynh_app_setting_get $app domain)
final_path="/opt/yunohost/matrix-synapse" final_path="/opt/yunohost/matrix-synapse"
ynh_app_setting_set $app special_domain $domain ynh_app_setting_set $app special_domain $domain
ynh_app_setting_set $app special_path $path ynh_app_setting_set $app special_path $path_url
ynh_app_setting_set $app final_path $final_path ynh_app_setting_set $app final_path $final_path
ynh_app_setting_delete $app domain ynh_app_setting_delete $app domain
ynh_app_setting_delete $app path ynh_app_setting_delete $app path
@ -91,7 +93,8 @@ then
systemctl disable matrix-synapse.service systemctl disable matrix-synapse.service
cp ../conf/default_matrix-synapse /etc/default/matrix-synapse cp ../conf/default_matrix-synapse /etc/default/matrix-synapse
cp ../conf/matrix-synapse.service /etc/systemd/system/ cp ../conf/matrix-synapse.service /etc/systemd/system/matrix-synapse.service
ynh_replace_string __APP__ $app /etc/systemd/system/matrix-synapse.service
systemctl daemon-reload systemctl daemon-reload
systemctl enable matrix-synapse.service systemctl enable matrix-synapse.service
@ -125,23 +128,52 @@ then
deactivate deactivate
fi fi
# If the turnserver log is not ready configured we configure it now # Disable default config for turnserver and create a new service
test -e /var/log/turnserver || (mkdir -p /var/log/turnserver && ynh_use_logrotate /var/log/turnserver) if [[ ! -e /etc/matrix-$app/coturn.conf ]]
then
systemctl stop coturn.service
# Set by default the system config for coturn
echo "" > /etc/turnserver.conf
ynh_replace_string "TURNSERVER_ENABLED=1" "TURNSERVER_ENABLED=0" /etc/default/coturn
# Set a port for each service in turnserver
turnserver_alt_tls_port=$(ynh_find_port $((turnserver_tls_port+1)))
cli_port=$(ynh_find_port 5766)
ynh_app_setting_set $app turnserver_alt_tls_port $turnserver_alt_tls_port
ynh_app_setting_set $app cli_port $cli_port
yunohost firewall allow --no-upnp Both $turnserver_alt_tls_port > /dev/null 2>&1
# Configure systemd
cp ../conf/default_coturn /etc/default/coturn-$app
cp ../conf/coturn-synapse.service /etc/systemd/system/coturn-$app.service
ynh_replace_string __APP__ $app /etc/systemd/system/coturn-$app.service
systemctl daemon-reload
systemctl enable coturn-$app.service
# Clean logrotate file for all old instances
ynh_remove_logrotate
ynh_use_logrotate /var/log/matrix-$app
fi
# Fix issue about certificates access # Fix issue about certificates access
if [[ ! $(grep "ssl-cert:x:[0-9]*:.*matrix-synapse" /etc/group) ]] if [[ ! $(grep "ssl-cert:x:[0-9]*:.*matrix-$app" /etc/group) ]]
then then
adduser $synapse_user ssl-cert adduser $synapse_user ssl-cert
adduser turnserver ssl-cert adduser turnserver ssl-cert
fi fi
test -e /etc/matrix-synapse/dh.pem || cp /etc/yunohost/certs/$domain/dh.pem /etc/matrix-synapse/dh.pem # If we don't have the dh file in synapse config dir we copy it
test -e /etc/matrix-$app/dh.pem || cp /etc/yunohost/certs/$domain/dh.pem /etc/matrix-$app/dh.pem
# Upgrade manually Synapse # Upgrade manually Synapse
install_source install_source
# Update nginx config # Update nginx config
config_nginx ynh_add_nginx_config
# Configure Synapse # Configure Synapse
config_synapse config_synapse
@ -155,7 +187,7 @@ set_permission
# Set new settings # Set new settings
ynh_app_setting_set $app synapse_version $APP_VERSION ynh_app_setting_set $app synapse_version $APP_VERSION
# Recharge la configuration Nginx # Restart service
systemctl reload nginx.service systemctl restart coturn-$app.service
systemctl start matrix-synapse.service ynh_check_starting "Synapse now listening on port 8448" "matrix-$app" "/var/log/matrix-$app/homeserver.log" 60
systemctl restart coturn.service