3
0
mirror of https://github.com/spantaleev/matrix-docker-ansible-deploy.git synced 2025-10-24 17:13:23 +00:00
Commit Graph

175 Commits

Author SHA1 Message Date
Slavi Pantaleev
7fb45a507d Make --tags=run-postgres-vacuum and --tags=upgrade-postgres not assume Synapse
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2211
2022-10-28 17:40:12 +03:00
Sebastian Gumprich
48388a3d96 use fqcns for some task
Signed-off-by: Sebastian Gumprich <github@gumpri.ch>
2022-10-28 14:04:29 +02:00
Slavi Pantaleev
cb2fecbea9 Fix some ansible-lint-reported warnings 2022-10-25 06:43:57 +03:00
Slavi Pantaleev
ff0fc88fae Make Postgres import not break for databases with special names
We haven't encountered such a problem yet, but it doesn't hurt to
make things more robust.
2022-10-21 11:25:30 +03:00
Slavi Pantaleev
0b44ec19b4 Do not override matrix_postgres_import_roles_to_ignore/matrix_postgres_import_databases_to_ignore in group_vars
These values that we were setting also make sense in the context of the
`matrix-postgres` role even when not used within the playbook.
2022-10-21 10:01:22 +03:00
Slavi Pantaleev
e37e86eb1c Fix 'could not save history to file "//.psql_history"' errors 2022-10-21 07:33:10 +03:00
Slavi Pantaleev
bed9c18ab0 Pin Postgres version to 15.0
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2180

Just specifying `15` means we won't automatically re-pull `15.1` when it comes out.
2022-10-21 05:32:02 +03:00
Slavi Pantaleev
af3a32cf6a Fix Jinja2 interpolation for some default variables
We're overriding these in the correct way in `group_vars/matrix_servers`
so this wasn't causing any problem in practice.
2022-10-20 15:46:02 +03:00
Slavi Pantaleev
a32eea41fe Make roles/matrix-postgres/tasks/detect_existing_postgres_version.yml detect Postgres v14 2022-10-20 07:43:01 +03:00
David Napier
2eef6af23e Bump postgres version to newly released 15 2022-10-19 10:45:11 -04:00
Slavi Pantaleev
881fdd28f0 Add support for Synapse container image customization
This allows people to augment the Synapse image with custom tools and
addons without having to rebuild it from scratch.

If customizations are enabled, the playbook will build a new
`localhost/matrixdotorg/synapse:VERSION-customized` image
on top of the default one (`FROM matrixdotorg/synapse:VERSION`)
and with custom Dockerfile build steps.

For servers that self-build the Synapse image, the Synapse image will be
built first, before proceding to extend it the same way.

In the future, we'll also have easy to enable Dockerfile build steps
for modules that the playbook supports.
2022-10-14 16:37:54 +03:00
Slavi Pantaleev
62215a87fe Upgrade Postgres minor versions (14.4 -> 14.5, 13.7 -> 13.8, etc.) 2022-10-14 16:25:57 +03:00
Slavi Pantaleev
e6ecd54e72 Suppress some ansible-lint errors 2022-10-09 20:42:20 +03:00
Slavi Pantaleev
a12cbeac3b Fix async commands
Fixes a regression introduced in d1b5681ba0.

Looks like `.finished` is a property on the main object, not on some
`.async_result` object.
2022-10-06 19:48:11 +03:00
Slavi Pantaleev
d1b5681ba0 Report async task failures better
We were previously trying to reach into `.rc`,
but there's no such thing if `async_result.finished == 0`.

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2153
2022-10-06 10:04:37 +03:00
Slavi Pantaleev
1ea1597020 Fix some ansible-lint-reported warnings
This mostly fixes `key-order` warnings around
`block` statements.
2022-09-27 11:38:33 +03:00
Slavi Pantaleev
89648cf58e Fix some ansible-lint-reported warnings 2022-09-18 12:21:09 +03:00
Slavi Pantaleev
10a5b0d831 Add warnings about using Borg backup with external Postgres
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1982
2022-07-26 17:31:06 +03:00
Slavi Pantaleev
7831dc91b3 Import tasks from other roles in a better way
One that doesn't trip up ansible-lint, causing `load-failure` errors.
2022-07-18 16:15:04 +03:00
Slavi Pantaleev
c1849ae888 Fix the remaining var-spacing ansible-lint errors
Reference: https://ansible-lint.readthedocs.io/en/latest/default_rules/#var-spacing
2022-07-18 15:33:41 +03:00
Slavi Pantaleev
1693c4ca1d Fix no-changed-when ansible-lint errors
Reference: https://ansible-lint.readthedocs.io/en/latest/default_rules/#no-changed-when
2022-07-18 15:08:10 +03:00
Slavi Pantaleev
bb8b8c4bf0 Fix tasks include regression 2022-07-18 13:03:17 +03:00
Slavi Pantaleev
d073c7ecb3 More ansible-lint fixes 2022-07-18 13:01:19 +03:00
Slavi Pantaleev
ddf18eadc7 More ansible-lint fixes 2022-07-18 13:01:17 +03:00
Slavi Pantaleev
34cdaade08 Use fully-qualified module names for builtin Ansible modules
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1939
2022-07-18 12:58:41 +03:00
Aine
e149f33140 add/unify 'Project source code URL' link across all roles 2022-07-16 23:59:21 +03:00
Slavi Pantaleev
5963a387f0 Upgrade Postgres (14.3 -> 14.4) 2022-06-22 14:43:55 +03:00
Aine
4109dc3bcd Update Postgres (CVE-2022-1552 + last 9.x update)
CVE: https://security-tracker.debian.org/tracker/CVE-2022-1552
Source: https://www.postgresql.org/about/news/postgresql-143-137-1211-1116-and-1021-released-2449/
Postgres 9.6 upgrade (**not a CVE fix, 9.x still vulnerable**): https://www.postgresql.org/docs/release/9.6.24/
2022-05-16 19:56:54 +00:00
Aine
1ee118bd49 matrix-change-user-admin-status: do not allocate tty 2022-04-26 17:48:28 +00:00
Slavi Pantaleev
2df993977a Ensure git cloning when self-building is done with the matrix user, not root
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1749
2022-04-14 08:52:37 +03:00
Slavi Pantaleev
0364c6c634 Suppress old container cleanup (kill/rm) failures
People often report and ask about these "failures".
More-so previously, when the `docker kill/rm` output was collected,
but it still happens now when people do `systemctl status
matrix-something` and notice that it says "FAILURE".

Suppressing to avoid further time being wasted on saying "this is
expected".
2022-04-11 09:05:33 +03:00
Aine
5f0ece0c28 fix permissions 2022-04-03 00:49:57 +03:00
Aine
701591e87e Added retries to the docker pulls 2022-03-17 17:30:48 +02:00
Slavi Pantaleev
d5de1e8352 Document that using an external Postgres server has serious downsides
Related to:

- https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1682
- https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1679
2022-03-08 09:30:20 +02:00
GoMatrixHosting
28f6091ed4 GoMatrixHosting v0.7.0 2022-02-27 17:40:20 +08:00
Aaron Raimist
f0e30c76f3 Postgres Minor Updates (14.2, 13.6, 12.10, 11.15, 10.20) 2022-02-16 09:22:25 +00:00
Marko Weltzer
819574b8ba Merge branch 'spantaleev:master' into master 2022-02-05 21:37:53 +01:00
Marko Weltzer
7e5b88c3b7 fix: all praise the allmighty yamllinter 2022-02-05 21:32:54 +01:00
Slavi Pantaleev
86c36523df Replace ExecStopPost with ExecStop
Reverts b1b4ba501f, 90c9801c56, a3c84f78ca, ..

I haven't really traced it (yet), but on some servers, I'm observing
`ansible-playbook ... --tags=start` completing very slowly, waiting
to stop services. I can't reproduce this on all Matrix servers I manage.
I suspect that either the systemd version is to blame or that some
specific service is not responding well to some `docker kill/rm` command.

`ExecStop` seems to work great in all cases and it's what we've been
using for a very long time, so I'm reverting to that.
2022-02-05 12:13:36 +02:00
Slavi Pantaleev
b1b4ba501f Replace ExecStop with ExecStopPost
ExecStopPost should allow us to clean up (docker kill + docker rm)
even if the ExecStart (docker run ..) command failed, and not just after
a graceful service stop was initiated.

Source: https://www.freedesktop.org/software/systemd/man/systemd.service.html#ExecStopPost=
2022-01-04 17:27:25 +02:00
Aaron Raimist
61b743f86d Postgres Minor Updates (14.1, 13.5, 12.9, 11.14, 10.19) 2021-11-14 19:10:56 +00:00
Slavi Pantaleev
c4d2c8394c Abort if on an unsupported Postgres version (v9.6)
Official support ends today (2021-11-11).
Synapse still supports v9.6, but we'd better force users to transition
to newer versions anyway.
2021-11-11 15:42:34 +02:00
Slavi Pantaleev
735c966ab6 Disable systemd services when stopping to uninstall them
Until now, we were leaving services "enabled"
(symlinks in /etc/systemd/system/multi-user.target.wants/).

We clean these up now. Broken symlinks may still exist in older
installations that enabled/disabled services. We're not taking care
to fix these up. It's just a cosmetic defect anyway.
2021-11-10 17:39:21 +02:00
Patrick C. F. Ernzer
65182ea0f2 fixes #1365
docker-ce does not like quotes around the shm-size value
2021-10-30 13:13:30 +02:00
Slavi Pantaleev
fc593bc8ab Increase shm-size for Postgres container to fix VACUUM
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1268

Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1364

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1362
2021-10-30 09:53:56 +03:00
Slavi Pantaleev
09ac950d17 Fix dump importing (backup restore) into Postgres v14
In short, the problem is that older Postgres versions store passwords
hashed as md5. When you dump such a database, the dump naturally also
contains md5-hashed passwords.
Restoring from that dump used to create users and updates their passwords
with these md5 hashes.
However, Postgres v14 prefers does not like md5-hashed passwords now (by default),
which breaks connectivity. Postgres v14 prefers `scram-sha-256` for
authentication.

Our solution is to just ignore setting passwords (`ALTER ROLE ..`
statements) when restoring dumps. We don't need to set passwords as
defined in the dump anyway, because the playbook creates users
and manages their passwords by itself.

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1340
2021-10-21 16:38:56 +03:00
Slavi Pantaleev
096c960b84 Add support for Postgres v14 2021-10-01 11:27:40 +03:00
sakkiii
48548eb561 Postgres Minor Updates 2021-08-22 18:45:25 +05:30
sakkiii
d338090f00 postgres minor updates 2021-06-30 10:00:52 +05:30
pushytoxin
bee14550ab Fix local/bin scripts autocompletion by adding rx perms to everyone
It's mildly annoying when trying to execute these scripts while logged
in as a regular user, as the missing execute permissions will hinder
autocompletion even when trying to use with sudo.

These shell scripts don't contain secrets, but may fail when ran by a
regular user. The failure is due to the lack of access to the /matrix
directory, and does not result in any damage.
2021-05-28 10:39:27 +02:00