1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/synapse_ynh.git synced 2024-09-03 20:26:38 +02:00

Full upgrade

- Add multi instance support
- Remove offical helper in common.sh
- Improve turnserver config
- Update checkprocess
- Check synapse is fully started before the end script
- Use helper nginx ynh_add_nginx_config
This commit is contained in:
Josué Tille 2018-01-19 22:05:39 +01:00
parent f2611f733d
commit 2473f90c5c
16 changed files with 299 additions and 188 deletions

View file

@ -93,6 +93,17 @@ To solve the issue [#30](https://github.com/YunoHost-Apps/synapse_ynh/issues/30)
`yunohost app setting synapse disable_backup_before_upgrade -v 1`
Multi instance support
----------------------
To give a possiblity to have multiple domain you can use synapse in multiple instance. In this case all instance will run on differents port so it's really important to use put a SRV record in your domain. You can get the port that your need to put in your SRV record by this following command :
```
yunohost app setting synapse__<instancenumber> synapse_tls_port
```
Before to install a second instance of the app it's really recommend to update all instance already installed.
Migration from old package
--------------------------

View file

@ -3,24 +3,26 @@
# Commentaire ignoré
; Manifest
domain="domain.tld" (DOMAIN)
path="/_matrix" (PATH)
path="/_matrix/client/#/login" (PATH)
is_public=1 (PUBLIC|public=1|private=0)
; Checks
pkg_linter=1
setup_sub_dir=0
setup_sub_dir=1
setup_root=0
setup_nourl=1
setup_nourl=0
setup_private=0
setup_public=1
upgrade=1
upgrade=1 from_commit=a62bce7dbc6bc0e1f1b4e872286ff124747ea009
upgrade=1 from_commit=bfc07c81c1bcac1b939838209bba6934fec35625
backup_restore=1
multi_instance=0
multi_instance=1
wrong_user=0
wrong_path=1
incorrect_path=0
corrupt_source=1
fail_download_source=1
port_already_use=1 (8008)
port_already_use=1 (8448)
final_path_already_use=1
change_url=0
;;; Levels
@ -34,3 +36,8 @@
Level 8=0
Level 9=0
Level 10=0
;;; Upgrade options
; commit=a62bce7dbc6bc0e1f1b4e872286ff124747ea009
name=Before multi_instance
; commit=bfc07c81c1bcac1b939838209bba6934fec35625
name=Old version package

View file

@ -0,0 +1,27 @@
[Unit]
Description=coturn
Documentation=man:coturn(1) man:turnadmin(1) man:turnserver(1)
After=syslog.target network.target
[Service]
User=turnserver
Group=turnserver
Type=forking
EnvironmentFile=/etc/default/coturn-__APP__
PIDFile=/var/run/coturn-__APP__/turnserver.pid
RuntimeDirectory=coturn-__APP__
RuntimeDirectoryMode=0755
ExecStart=/usr/bin/turnserver -o -c /etc/matrix-__APP__/coturn.conf $EXTRA_OPTIONS
ExecStopPost=/bin/rm -f /var/run/coturn-__APP__/turnserver.pid
Restart=on-abort
LimitCORE=infinity
LimitNOFILE=999999
LimitNPROC=60000
LimitRTPRIO=infinity
LimitRTTIME=7000000
CPUSchedulingPolicy=other
UMask=0007
[Install]
WantedBy=multi-user.target

View file

@ -10,7 +10,7 @@ tls_certificate_path: "/etc/yunohost/certs/__DOMAIN__/crt.pem"
tls_private_key_path: "/etc/yunohost/certs/__DOMAIN__/key.pem"
# PEM dh parameters for ephemeral keys
tls_dh_params_path: "/etc/matrix-synapse/dh.pem"
tls_dh_params_path: "/etc/matrix-__APP__/dh.pem"
# Don't bind to the https port
no_tls: False
@ -20,7 +20,7 @@ no_tls: False
server_name: "__DOMAIN__"
# When running as a daemon, the file to store the pid in
pid_file: "/var/run/matrix-synapse.pid"
pid_file: "/var/run/matrix-__APP__.pid"
# Whether to serve a web client from the HTTP/HTTPS root resource.
web_client: False
@ -113,7 +113,7 @@ database:
args:
user: __SYNAPSE_DB_USER__
password: __SYNAPSE_DB_PWD__
database: matrix_synapse
database: matrix___APP__
host: localhost
cp_min: 5
cp_max: 10
@ -123,7 +123,7 @@ event_cache_size: "10K"
# A yaml python logging config file
log_config: "/etc/matrix-synapse/log.yaml"
log_config: "/etc/matrix-__APP__/log.yaml"
# Stop twisted from discarding the stack traces of exceptions in
# deferreds by waiting a reactor tick before running a deferred's
@ -161,7 +161,7 @@ federation_rc_concurrent: 3
# Directory where uploaded images and attachments are stored.
media_store_path: "/var/lib/matrix-synapse/media"
media_store_path: "/var/lib/matrix-__APP__/media"
# The largest allowed upload size in bytes
max_upload_size: "10M"
@ -353,7 +353,7 @@ expire_access_token: False
## Signing Keys ##
# Path to the signing key to sign messages with
signing_key_path: "/etc/matrix-synapse/homeserver.signing.key"
signing_key_path: "/etc/matrix-__APP__/homeserver.signing.key"
# The keys that the server used to sign messages with but won't use
# to sign new messages. E.g. it has lost its private key

View file

@ -14,7 +14,7 @@ handlers:
file:
class: logging.handlers.RotatingFileHandler
formatter: precise
filename: /var/log/matrix-synapse/homeserver.log
filename: /var/log/matrix-__APP__/homeserver.log
maxBytes: 104857600
backupCount: 10
filters: [context]

View file

@ -3,11 +3,11 @@ Description=Synapse Matrix homeserver
[Service]
Type=simple
User=matrix-synapse
WorkingDirectory=/var/lib/matrix-synapse
EnvironmentFile=/etc/default/matrix-synapse
ExecStartPre=/opt/yunohost/matrix-synapse/bin/python -m synapse.app.homeserver --config-path=/etc/matrix-synapse/homeserver.yaml --config-path=/etc/matrix-synapse/conf.d/ --generate-keys
ExecStart=/opt/yunohost/matrix-synapse/bin/python -m synapse.app.homeserver --config-path=/etc/matrix-synapse/homeserver.yaml --config-path=/etc/matrix-synapse/conf.d/
User=matrix-__APP__
WorkingDirectory=/var/lib/matrix-__APP__
EnvironmentFile=/etc/default/matrix-__APP__
ExecStartPre=/opt/yunohost/matrix-__APP__/bin/python -m synapse.app.homeserver --config-path=/etc/matrix-__APP__/homeserver.yaml --config-path=/etc/matrix-__APP__/conf.d/ --generate-keys
ExecStart=/opt/yunohost/matrix-__APP__/bin/python -m synapse.app.homeserver --config-path=/etc/matrix-__APP__/homeserver.yaml --config-path=/etc/matrix-__APP__/conf.d/
Restart=always
RestartSec=3

View file

@ -5,10 +5,17 @@ realm=__DOMAIN__
no-stun
tls-listening-port=__TLS_PORT__
alt-tls-listening-port=__TLS_ALT_PORT__
cli-port=__CLI_PORT__
cert=/etc/yunohost/certs/__DOMAIN__/crt.pem
pkey=/etc/yunohost/certs/__DOMAIN__/key.pem
dh-file=/etc/yunohost/certs/__DOMAIN__/dh.pem
dh-file=/etc/matrix-__APP__/dh.pem
no-sslv2
no-sslv3
no-udp
no-tcp
log-file=/var/log/matrix-__APP__/turnserver.log
pidfile="/var/run/coturn-__APP__/turnserver.pid"

View file

@ -40,7 +40,7 @@ deactivate () {
# unset irrelevant variables
deactivate nondestructive
VIRTUAL_ENV="/opt/yunohost/matrix-synapse"
VIRTUAL_ENV="__FINAL_PATH__"
export VIRTUAL_ENV
_OLD_VIRTUAL_PATH="$PATH"

View file

@ -3,7 +3,7 @@
"id": "synapse",
"packaging_format": 1,
"requirements": {
"yunohost": ">= 2.7.2"
"yunohost": ">= 2.7.7"
},
"description": {
"en": "Instant messaging server who use matrix",
@ -16,7 +16,7 @@
"name": "Josué Tille",
"email": "josue@tille.ch"
},
"multi_instance": false,
"multi_instance": true,
"services": [
"nginx"
],

View file

@ -2,9 +2,9 @@
# Retrieve arguments
app=$YNH_APP_INSTANCE_NAME
synapse_user="matrix-synapse"
synapse_db_name="matrix_synapse"
synapse_db_user="matrix_synapse"
synapse_user="matrix-$app"
synapse_db_name="matrix_$app"
synapse_db_user="matrix_$app"
get_app_version_from_json() {
manifest_path="../manifest.json"
@ -23,21 +23,21 @@ install_dependances() {
setup_dir() {
# Create empty dir for synapse
mkdir -p /var/lib/matrix-synapse
mkdir -p /var/log/matrix-synapse
mkdir -p /var/log/turnserver
mkdir -p /etc/matrix-synapse/conf.d
mkdir -p /var/lib/matrix-$app
mkdir -p /var/log/matrix-$app
mkdir -p /etc/matrix-$app/conf.d
mkdir -p $final_path
}
set_permission() {
# Set permission
chown $synapse_user:root -R $final_path
chown $synapse_user:root -R /var/lib/matrix-synapse
chown $synapse_user:root -R /var/log/matrix-synapse
chown turnserver:root -R /var/log/turnserver
chown $synapse_user:root -R /etc/matrix-synapse
chmod 600 /etc/matrix-synapse/dh.pem
chown $synapse_user:root -R /var/lib/matrix-$app
chown $synapse_user:root -R /var/log/matrix-$app
chown $synapse_user:root -R /etc/matrix-$app
chmod 600 /etc/matrix-$app/dh.pem
setfacl -R -m user:turnserver:rx /etc/matrix-$app
setfacl -R -m user:turnserver:rwx /var/log/matrix-$app
}
install_source() {
@ -51,6 +51,7 @@ install_source() {
# Install synapse in virtualenv
PS1=""
cp ../conf/virtualenv_activate $final_path/bin/activate
ynh_replace_string __FINAL_PATH__ $final_path $final_path/bin/activate
source $final_path/bin/activate
pip install --upgrade pip
pip install --upgrade setuptools
@ -66,42 +67,46 @@ install_source() {
fi
}
config_nginx() {
cp ../conf/nginx.conf /etc/nginx/conf.d/$domain.d/$app.conf
ynh_replace_string __PATH__ $path /etc/nginx/conf.d/$domain.d/$app.conf
ynh_replace_string __PORT__ $synapse_port /etc/nginx/conf.d/$domain.d/$app.conf
systemctl reload nginx.service
}
config_synapse() {
cp ../conf/homeserver.yaml /etc/matrix-synapse/homeserver.yaml
cp ../conf/log.yaml /etc/matrix-synapse/log.yaml
ynh_backup_if_checksum_is_different /etc/matrix-$app/homeserver.yaml
ynh_backup_if_checksum_is_different /etc/matrix-$app/log.yaml
cp ../conf/homeserver.yaml /etc/matrix-$app/homeserver.yaml
cp ../conf/log.yaml /etc/matrix-$app/log.yaml
ynh_replace_string __DOMAIN__ $domain /etc/matrix-synapse/homeserver.yaml
ynh_replace_string __SYNAPSE_DB_USER__ $synapse_db_user /etc/matrix-synapse/homeserver.yaml
ynh_replace_string __SYNAPSE_DB_PWD__ $synapse_db_pwd /etc/matrix-synapse/homeserver.yaml
ynh_replace_string __PORT__ $synapse_port /etc/matrix-synapse/homeserver.yaml
ynh_replace_string __TLS_PORT__ $synapse_tls_port /etc/matrix-synapse/homeserver.yaml
ynh_replace_string __TURNSERVER_TLS_PORT__ $turnserver_tls_port /etc/matrix-synapse/homeserver.yaml
ynh_replace_string __TURNPWD__ $turnserver_pwd /etc/matrix-synapse/homeserver.yaml
ynh_replace_string __APP__ $app /etc/matrix-$app/homeserver.yaml
ynh_replace_string __DOMAIN__ $domain /etc/matrix-$app/homeserver.yaml
ynh_replace_string __SYNAPSE_DB_USER__ $synapse_db_user /etc/matrix-$app/homeserver.yaml
ynh_replace_string __SYNAPSE_DB_PWD__ $synapse_db_pwd /etc/matrix-$app/homeserver.yaml
ynh_replace_string __PORT__ $port /etc/matrix-$app/homeserver.yaml
ynh_replace_string __TLS_PORT__ $synapse_tls_port /etc/matrix-$app/homeserver.yaml
ynh_replace_string __TURNSERVER_TLS_PORT__ $turnserver_tls_port /etc/matrix-$app/homeserver.yaml
ynh_replace_string __TURNPWD__ $turnserver_pwd /etc/matrix-$app/homeserver.yaml
ynh_replace_string __APP__ $app /etc/matrix-$app/log.yaml
if [ "$is_public" = "0" ]
then
ynh_replace_string __ALLOWED_ACCESS__ False /etc/matrix-synapse/homeserver.yaml
ynh_replace_string __ALLOWED_ACCESS__ False /etc/matrix-$app/homeserver.yaml
else
ynh_replace_string __ALLOWED_ACCESS__ True /etc/matrix-synapse/homeserver.yaml
ynh_replace_string __ALLOWED_ACCESS__ True /etc/matrix-$app/homeserver.yaml
fi
ynh_store_file_checksum /etc/matrix-$app/homeserver.yaml
ynh_store_file_checksum /etc/matrix-$app/log.yaml
}
config_coturn() {
cp ../conf/default_coturn /etc/default/coturn
cp ../conf/turnserver.conf /etc/turnserver.conf
ynh_backup_if_checksum_is_different /etc/matrix-$app/coturn.conf
cp ../conf/turnserver.conf /etc/matrix-$app/coturn.conf
ynh_replace_string __TURNPWD__ $turnserver_pwd /etc/turnserver.conf
ynh_replace_string __DOMAIN__ $domain /etc/turnserver.conf
ynh_replace_string __TLS_PORT__ $turnserver_tls_port /etc/turnserver.conf
ynh_replace_string __APP__ $app /etc/matrix-$app/coturn.conf
ynh_replace_string __TURNPWD__ $turnserver_pwd /etc/matrix-$app/coturn.conf
ynh_replace_string __DOMAIN__ $domain /etc/matrix-$app/coturn.conf
ynh_replace_string __TLS_PORT__ $turnserver_tls_port /etc/matrix-$app/coturn.conf
ynh_replace_string __TLS_ALT_PORT__ $turnserver_alt_tls_port /etc/matrix-$app/coturn.conf
ynh_replace_string __CLI_PORT__ $cli_port /etc/matrix-$app/coturn.conf
ynh_store_file_checksum /etc/matrix-$app/coturn.conf
}
####### Solve issue https://dev.yunohost.org/issues/1006
@ -147,59 +152,68 @@ ynh_package_install_from_equivs () {
ynh_package_is_installed "$pkgname"
}
# Implement PR : https://github.com/YunoHost/yunohost/pull/392
# Start or restart a service and follow its booting
#
# usage: ynh_check_starting "Line to match" [service name] [Log file] [Timeout]
#
# | arg: Line to match - The line to find in the log to attest the service have finished to boot.
# | arg: Log file - The log file to watch
# /var/log/$app/$app.log will be used if no other log is defined.
# | arg: Timeout - The maximum time to wait before ending the watching. Defaut 300 seconds.
ynh_check_starting () {
local line_to_match="$1"
local service_name="${2:-$app}"
local app_log="${3:-/var/log/$app/$app.log}"
local timeout=${4:-300}
# Use logrotate to manage the logfile
#
# usage: ynh_use_logrotate [logfile] [--non-append]
# | arg: logfile - absolute path of logfile
# | option: --non-append - Replace the config file instead of appending this new config.
#
# If no argument provided, a standard directory will be use. /var/log/${app}
# You can provide a path with the directory only or with the logfile.
# /parentdir/logdir
# /parentdir/logdir/logfile.log
#
# It's possible to use this helper several times, each config will be added to the same logrotate config file.
# Unless you use the option --non-append
ynh_use_logrotate () {
local customtee="tee -a"
if [ $# -gt 0 ] && [ "$1" == "--non-append" ]; then
customtee="tee"
# Destroy this argument for the next command.
shift
elif [ $# -gt 1 ] && [ "$2" == "--non-append" ]; then
customtee="tee"
ynh_clean_check_starting () {
# Stop the execution of tail.
kill -s 15 $pid_tail 2>&1
ynh_secure_remove "$templog" 2>&1
}
echo "Starting of $service_name" >&2
systemctl restart $service_name
local i=0
local templog="$(mktemp)"
# Wait if the log file don't exist
if [[ ! -e $app_log ]]
then
for i in $(seq 1 $timeout)
do
if [[ -e $app_log ]]
then
cat $app_log > "$templog"
break
fi
echo -n "." >&2
sleep 1
done
fi
if [ $# -gt 0 ]; then
if [ "$(echo ${1##*.})" == "log" ]; then # Keep only the extension to check if it's a logfile
logfile=$1 # In this case, focus logrotate on the logfile
else
logfile=$1/*.log # Else, uses the directory and all logfile into it.
# Following the starting of the app in its log
tail -f -n1 "$app_log" >> "$templog" &
# Get the PID of the tail command
local pid_tail=$!
for i in $(seq $i $timeout)
do
# Read the log until the sentence is found, that means the app finished to start. Or run until the timeout
if grep --quiet "$line_to_match" "$templog"
then
echo "The service $service_name has correctly started." >&2
break
fi
else
logfile="/var/log/${app}/*.log" # Without argument, use a defaut directory in /var/log
echo -n "." >&2
sleep 1
done
if [ $i -eq $timeout ]
then
echo "The service $service_name didn't fully started before the timeout." >&2
fi
cat > ./${app}-logrotate << EOF # Build a config file for logrotate
$logfile {
# Rotate if the logfile exceeds 100Mo
size 100M
# Keep 12 old log maximum
rotate 12
# Compress the logs with gzip
compress
# Compress the log at the next cycle. So keep always 2 non compressed logs
delaycompress
# Copy and truncate the log to allow to continue write on it. Instead of move the log.
copytruncate
# Do not do an error if the log is missing
missingok
# Not rotate if the log is empty
notifempty
# Keep old logs in the same dir
noolddir
}
EOF
sudo mkdir -p $(dirname "$logfile") # Create the log directory, if not exist
cat ${app}-logrotate | sudo $customtee /etc/logrotate.d/$app > /dev/null # Append this config to the existing config file, or replace the whole config file (depending on $customtee)
echo ""
ynh_clean_check_starting
}

View file

@ -12,31 +12,32 @@ source ../settings/scripts/psql.sh
# Retrieve arguments
domain=$(ynh_app_setting_get $app special_domain)
final_path="/opt/yunohost/matrix-synapse"
final_path="/opt/yunohost/matrix-$app"
# Copy Nginx config
ynh_backup "/etc/nginx/conf.d/${domain}.d/${app}.conf" "nginx.conf"
# Backup synapse config
ynh_backup "/etc/matrix-synapse" "synapse_config"
ynh_backup "/etc/matrix-$app" "synapse_config"
# Backup coturn server
ynh_backup "/etc/turnserver.conf" "coturn_config"
ynh_backup "/etc/default/coturn" "coturn_config_default"
# Backup synapse database
ynh_backup "/var/lib/matrix-synapse" "data" 1
ynh_backup "/var/lib/matrix-$app" "data" 1
# Backup Postgresql database
sudo su -c "pg_dump $synapse_db_name" postgres > ${YNH_CWD}/dump.sql
# Copy the logs
ynh_backup "/var/log/matrix-synapse" "log"
ynh_backup "/var/log/turnserver" "log_turnserver"
ynh_backup "/var/log/matrix-$app" "log"
# Backup systemd service
ynh_backup "/etc/default/matrix-synapse"
ynh_backup "/etc/systemd/system/matrix-synapse.service"
ynh_backup "/etc/default/matrix-$app"
ynh_backup "/etc/systemd/system/matrix-$app.service"
ynh_backup "/etc/default/coturn-$app"
ynh_backup "/etc/systemd/system/coturn-$app.service"
# Backup synapse binary
ynh_backup "$final_path" "bin"

View file

@ -13,27 +13,26 @@ source ./_common.sh
# Retrieve arguments
domain=$YNH_APP_ARG_DOMAIN
is_public=$YNH_APP_ARG_IS_PUBLIC
path="/_matrix"
final_path="/opt/yunohost/matrix-synapse"
path_url="/_matrix"
final_path="/opt/yunohost/matrix-$app"
# Check domain/path availability
test $(ynh_webpath_available $domain $path) == 'True' || ynh_die "$domain$path is not available, please use an other domain."
test $(ynh_webpath_available $domain $path_url) == 'True' || ynh_die "$domain is not available as domain, please use an other domain."
test ! -e "/etc/nginx/conf.d/$domain.d/synapse*.conf" || ynh_die "$domain is not available as domain, please use an other domain."
# Check Final Path availability
test ! -e "$final_path" || ynh_die "This path already contains a folder"
# Ouvre le port dans le firewall
synapse_tls_port=$(ynh_find_port 8448)
synapse_port=$(ynh_find_port 8008)
port=$(ynh_find_port 8008)
turnserver_tls_port=$(ynh_find_port 5349)
turnserver_alt_tls_port=$(ynh_find_port $((turnserver_tls_port+1)))
cli_port=$(ynh_find_port 5766)
yunohost firewall allow --no-upnp TCP $synapse_tls_port > /dev/null 2>&1
yunohost firewall allow --no-upnp Both $turnserver_tls_port > /dev/null 2>&1
# Make dh cert for synapse if it not exist
test ! -e /etc/matrix-synapse/dh.pem && \
mkdir -p /etc/matrix-synapse && \
openssl dhparam -out /etc/matrix-synapse/dh.pem 2048 > /dev/null
yunohost firewall allow --no-upnp Both $turnserver_alt_tls_port > /dev/null 2>&1
# Find password for turnserver and database
turnserver_pwd=$(ynh_string_random 30)
@ -41,21 +40,28 @@ synapse_db_pwd=$(ynh_string_random 30)
# Enregistre les infos dans la config YunoHost
ynh_app_setting_set $app special_domain $domain
ynh_app_setting_set $app special_path $path
ynh_app_setting_set $app special_path $path_url
ynh_app_setting_set $app final_path $final_path
ynh_app_setting_set $app synapse_version $APP_VERSION
ynh_app_setting_set $app synapse_db_pwd $synapse_db_pwd
ynh_app_setting_set $app is_public $is_public
ynh_app_setting_set $app synapse_port $synapse_port
ynh_app_setting_set $app synapse_port $port
ynh_app_setting_set $app synapse_tls_port $synapse_tls_port
ynh_app_setting_set $app turnserver_tls_port $turnserver_tls_port
ynh_app_setting_set $app turnserver_alt_tls_port $turnserver_alt_tls_port
ynh_app_setting_set $app turnserver_pwd $turnserver_pwd
ynh_app_setting_set $app cli_port $cli_port
# Make dh cert for synapse if it not exist
test ! -e /etc/matrix-$app/dh.pem && \
mkdir -p /etc/matrix-$app && \
openssl dhparam -out /etc/matrix-$app/dh.pem 2048 > /dev/null
# Install all dependances
install_dependances
# Create user
ynh_system_user_create $synapse_user /var/lib/matrix-synapse
ynh_system_user_create $synapse_user /var/lib/matrix-$app
adduser $synapse_user ssl-cert
adduser turnserver ssl-cert
@ -74,14 +80,21 @@ cp ../conf/add_sso_conf.py $final_path
cp ../conf/remove_sso_conf.py $final_path
python $final_path/add_sso_conf.py
# Create systemd service
cp ../conf/default_matrix-synapse /etc/default/matrix-synapse
cp ../conf/matrix-synapse.service /etc/systemd/system/
# Create systemd service for synapse and turnserver
cp ../conf/default_matrix-synapse /etc/default/matrix-$app
cp ../conf/matrix-synapse.service /etc/systemd/system/matrix-$app.service
ynh_replace_string __APP__ $app /etc/systemd/system/matrix-$app.service
cp ../conf/default_coturn /etc/default/coturn-$app
cp ../conf/coturn-synapse.service /etc/systemd/system/coturn-$app.service
ynh_replace_string __APP__ $app /etc/systemd/system/coturn-$app.service
systemctl daemon-reload
systemctl enable matrix-synapse.service
systemctl enable matrix-$app.service
systemctl enable coturn-$app.service
# Config nginx
config_nginx
ynh_add_nginx_config
# Configure Synapse
config_synapse
@ -90,15 +103,14 @@ config_synapse
config_coturn
# Configuration de logrotate
ynh_use_logrotate /var/log/matrix-synapse
ynh_use_logrotate /var/log/turnserver
ynh_use_logrotate /var/log/matrix-$app
# Set Permission for all directory
set_permission
# register yunohost service
yunohost service add matrix-synapse
yunohost service add matrix-$app
# Recharge la configuration Nginx
systemctl restart matrix-synapse.service
systemctl restart coturn.service
# Reload service
systemctl restart coturn-$app.service
ynh_check_starting "Synapse now listening on port 8448" "matrix-$app" "/var/log/matrix-$app/homeserver.log" 60

View file

@ -117,7 +117,6 @@ ynh_psql_drop_user() {
su --command="dropuser \"${user}\"" postgres
}
ynh_psql_test_if_first_run() {
if [ -f /etc/yunohost/psql ];
then

View file

@ -15,20 +15,17 @@ domain=$(ynh_app_setting_get $app special_domain)
final_path=$(ynh_app_setting_get $app final_path)
synapse_tls_port=$(ynh_app_setting_get $app synapse_tls_port)
turnserver_tls_port=$(ynh_app_setting_get $app turnserver_tls_port)
turnserver_alt_tls_port=$(ynh_app_setting_get $app turnserver_alt_tls_port)
systemctl stop matrix-synapse.service || true
systemctl stop coturn.service || true
# Suppression de la configuration nginx
ynh_secure_remove "/etc/nginx/conf.d/$domain.d/$app.conf"
systemctl reload nginx.service
systemctl stop matrix-$YNH_APP_INSTANCE_NAME.service || true
systemctl stop coturn-$app.service || true
# Close firewall ports
closeport() {
if yunohost firewall list | grep -q "\- $port$"
then
echo "Close port $port"
yunohost firewall disallow TCP $port > /dev/null
yunohost firewall disallow Both $port > /dev/null
fi
}
@ -36,6 +33,8 @@ port=$synapse_tls_port
closeport
port=$turnserver_tls_port
closeport
port=$turnserver_alt_tls_port
closeport
# Remove the skipped url
python $final_path/remove_sso_conf.py
@ -45,29 +44,30 @@ ynh_remove_app_dependencies || true
# Clean all directory
ynh_secure_remove $final_path
ynh_secure_remove /var/lib/matrix-synapse
ynh_secure_remove /var/log/matrix-synapse
ynh_secure_remove /var/log/turnserver
ynh_secure_remove /etc/matrix-synapse
ynh_secure_remove /etc/default/matrix-synapse
ynh_secure_remove /var/lib/matrix-$YNH_APP_INSTANCE_NAME
ynh_secure_remove /var/log/matrix-$YNH_APP_INSTANCE_NAME
ynh_secure_remove /etc/matrix-$YNH_APP_INSTANCE_NAME
ynh_secure_remove /etc/default/matrix-$YNH_APP_INSTANCE_NAME
ynh_secure_remove /etc/default/coturn-$YNH_APP_INSTANCE_NAME
# Remove nginx config
ynh_remove_nginx_config
# Remove systemd service
systemctl disable matrix-synapse.service
ynh_secure_remove /etc/systemd/system/matrix-synapse.service
systemctl disable matrix-$YNH_APP_INSTANCE_NAME.service
systemctl disable coturn-$YNH_APP_INSTANCE_NAME.service
ynh_secure_remove /etc/systemd/system/matrix-$YNH_APP_INSTANCE_NAME.service
ynh_secure_remove /etc/systemd/system/coturn-$app.service
systemctl daemon-reload
# Remove database and user
ynh_psql_remove_db $synapse_db_name $synapse_db_user
# Remove user
ynh_system_user_delete matrix-synapse
ynh_system_user_delete matrix-$YNH_APP_INSTANCE_NAME
# Remove logrotate
ynh_remove_logrotate
# Remove Monitoring
yunohost service remove matrix-synapse
# Reload nginx
systemctl reload nginx.service
yunohost service remove matrix-$YNH_APP_INSTANCE_NAME

View file

@ -12,27 +12,29 @@ source ../settings/scripts/psql.sh
# Retrieve arguments
domain=$(ynh_app_setting_get $app special_domain)
path=$(ynh_app_setting_get $app special_path)
path_url=$(ynh_app_setting_get $app special_path)
final_path=$(ynh_app_setting_get $app final_path)
synapse_db_pwd=$(ynh_app_setting_get $app synapse_db_pwd)
is_public=$(ynh_app_setting_get $app is_public)
synapse_port=$(ynh_app_setting_get $app synapse_port)
port=$(ynh_app_setting_get $app synapse_port)
synapse_tls_port=$(ynh_app_setting_get $app synapse_tls_port)
turnserver_tls_port=$(ynh_app_setting_get $app turnserver_tls_port)
turnserver_alt_tls_port=$(ynh_app_setting_get $app turnserver_alt_tls_port)
turnserver_pwd=$(ynh_app_setting_get $app turnserver_pwd)
# Check domain/path availability
ynh_webpath_available $domain $path || ynh_die "$domain/$path is not available, please use an other domain."
ynh_webpath_available $domain $path_url || ynh_die "$domain/$path_url is not available, please use an other domain."
# Ouvre le port dans le firewall
yunohost firewall allow --no-upnp TCP $synapse_tls_port > /dev/null 2>&1
yunohost firewall allow --no-upnp Both $turnserver_tls_port > /dev/null 2>&1
yunohost firewall allow --no-upnp Both $turnserver_alt_tls_port > /dev/null 2>&1
# Install all dependances
install_dependances
# Create user
ynh_system_user_create $synapse_user /var/lib/matrix-synapse
ynh_system_user_create $synapse_user /var/lib/matrix-$app
adduser $synapse_user ssl-cert
adduser turnserver ssl-cert
@ -56,19 +58,18 @@ su -c "psql $synapse_db_name" postgres < ${YNH_CWD}/dump.sql
# Enable systemd service
systemctl daemon-reload
systemctl enable matrix-synapse.service
systemctl enable matrix-$app.service
# Configuration de logrotate
ynh_use_logrotate /var/log/matrix-synapse
ynh_use_logrotate /var/log/turnserver
ynh_use_logrotate /var/log/matrix-$app
# Set the permission
set_permission
# register yunohost service
yunohost service add matrix-synapse
yunohost service add matrix-$app
# Reload webserver
# Restart service
systemctl reload nginx.service
systemctl restart matrix-synapse.service
systemctl restart coturn.service
systemctl restart coturn-$app.service
ynh_check_starting "Synapse now listening on port 8448" "matrix-$app" "/var/log/matrix-$app/homeserver.log" 60

View file

@ -12,15 +12,17 @@ source ./_common.sh
# Retrieve arguments
domain=$(ynh_app_setting_get $app special_domain)
path=$(ynh_app_setting_get $app special_path)
path_url=$(ynh_app_setting_get $app special_path)
final_path=$(ynh_app_setting_get $app final_path)
synapse_old_version=$(ynh_app_setting_get $app synapse_version)
synapse_db_pwd=$(ynh_app_setting_get $app synapse_db_pwd)
is_public=$(ynh_app_setting_get $app is_public)
synapse_port=$(ynh_app_setting_get $app synapse_port)
port=$(ynh_app_setting_get $app synapse_port)
synapse_tls_port=$(ynh_app_setting_get $app synapse_tls_port)
turnserver_tls_port=$(ynh_app_setting_get $app turnserver_tls_port)
turnserver_alt_tls_port=$(ynh_app_setting_get $app turnserver_alt_tls_port)
turnserver_pwd=$(ynh_app_setting_get $app turnserver_pwd)
cli_port=$(ynh_app_setting_get $app cli_port)
# To be sure that the migration is sucessfull we check that the old synapse version is compatible with the synapse_port_db script.
if [[ -z $synapse_old_version ]] && [[ $(dpkg -l | grep -c -E "ii.*matrix-synapse.*0.25") != 1 ]] && [[ $(dpkg -l | grep -c -E "ii.*matrix-synapse.*0.26") != 1 ]]
@ -28,7 +30,7 @@ then
ynh_die "Update from this synapse version is not available now. You need to wait for the next update."
fi
systemctl stop matrix-synapse.service
systemctl stop matrix-$app.service
if [[ $(ynh_app_setting_get $app disable_backup_before_upgrade) != '1' ]]
then
@ -45,11 +47,11 @@ then
## We move from debian package to new package with python virtualenv
# Change settings
path="/_matrix"
path_url="/_matrix"
domain=$(ynh_app_setting_get $app domain)
final_path="/opt/yunohost/matrix-synapse"
ynh_app_setting_set $app special_domain $domain
ynh_app_setting_set $app special_path $path
ynh_app_setting_set $app special_path $path_url
ynh_app_setting_set $app final_path $final_path
ynh_app_setting_delete $app domain
ynh_app_setting_delete $app path
@ -91,7 +93,8 @@ then
systemctl disable matrix-synapse.service
cp ../conf/default_matrix-synapse /etc/default/matrix-synapse
cp ../conf/matrix-synapse.service /etc/systemd/system/
cp ../conf/matrix-synapse.service /etc/systemd/system/matrix-synapse.service
ynh_replace_string __APP__ $app /etc/systemd/system/matrix-synapse.service
systemctl daemon-reload
systemctl enable matrix-synapse.service
@ -125,23 +128,52 @@ then
deactivate
fi
# If the turnserver log is not ready configured we configure it now
test -e /var/log/turnserver || (mkdir -p /var/log/turnserver && ynh_use_logrotate /var/log/turnserver)
# Disable default config for turnserver and create a new service
if [[ ! -e /etc/matrix-$app/coturn.conf ]]
then
systemctl stop coturn.service
# Set by default the system config for coturn
echo "" > /etc/turnserver.conf
ynh_replace_string "TURNSERVER_ENABLED=1" "TURNSERVER_ENABLED=0" /etc/default/coturn
# Set a port for each service in turnserver
turnserver_alt_tls_port=$(ynh_find_port $((turnserver_tls_port+1)))
cli_port=$(ynh_find_port 5766)
ynh_app_setting_set $app turnserver_alt_tls_port $turnserver_alt_tls_port
ynh_app_setting_set $app cli_port $cli_port
yunohost firewall allow --no-upnp Both $turnserver_alt_tls_port > /dev/null 2>&1
# Configure systemd
cp ../conf/default_coturn /etc/default/coturn-$app
cp ../conf/coturn-synapse.service /etc/systemd/system/coturn-$app.service
ynh_replace_string __APP__ $app /etc/systemd/system/coturn-$app.service
systemctl daemon-reload
systemctl enable coturn-$app.service
# Clean logrotate file for all old instances
ynh_remove_logrotate
ynh_use_logrotate /var/log/matrix-$app
fi
# Fix issue about certificates access
if [[ ! $(grep "ssl-cert:x:[0-9]*:.*matrix-synapse" /etc/group) ]]
if [[ ! $(grep "ssl-cert:x:[0-9]*:.*matrix-$app" /etc/group) ]]
then
adduser $synapse_user ssl-cert
adduser turnserver ssl-cert
fi
test -e /etc/matrix-synapse/dh.pem || cp /etc/yunohost/certs/$domain/dh.pem /etc/matrix-synapse/dh.pem
# If we don't have the dh file in synapse config dir we copy it
test -e /etc/matrix-$app/dh.pem || cp /etc/yunohost/certs/$domain/dh.pem /etc/matrix-$app/dh.pem
# Upgrade manually Synapse
install_source
# Update nginx config
config_nginx
ynh_add_nginx_config
# Configure Synapse
config_synapse
@ -155,7 +187,7 @@ set_permission
# Set new settings
ynh_app_setting_set $app synapse_version $APP_VERSION
# Recharge la configuration Nginx
systemctl reload nginx.service
systemctl start matrix-synapse.service
systemctl restart coturn.service
# Restart service
systemctl restart coturn-$app.service
ynh_check_starting "Synapse now listening on port 8448" "matrix-$app" "/var/log/matrix-$app/homeserver.log" 60