Add a new dockerfile for worker-mode synapse #62
Conversation
| COPY synapse/workers-shared.yaml /conf/workers/shared.yaml | ||
|
|
||
| # Set up TLS certificates using the custom CA | ||
| COPY keys/* /ca/ |
There was a problem hiding this comment.
Not following this here. Complement will auto-mount a volume to /ca which will contain the certs. Why are we doing this copy from a /keys directory?
There was a problem hiding this comment.
Good point. This was just copied over from the existing Synapse config, and can go. However I did notice that having ENV COMPLEMENT_CA=true in the dockerfile (at least in this setup) doesn't seem to goad Complement into running in CA mode.
Including the variable when running the dockerfile works as expected.
There was a problem hiding this comment.
COMPLEMENT_CA=true is a config option for running Complement itself, it's driven by the end-user not by random dockerfiles. It's up to the dockerfile to look in /ca if it exists to know whether to use it or not.
There was a problem hiding this comment.
I see, I was confused by the "or the docker container" bit in the README then: https://github.com/matrix-org/complement#complement-pki.
The signing key is already generated by the dockerfile we're inheriting from.
MatMaul and I were able to figure out why the media repository wasn't reachable. Turns out Complement was sending its traffic directly to the main process instead of nginx. The main process doesn't have the media resource available by default, so that tipped us off. Combined with the changes in matrix-org/synapse#9162 outside requests to 8008 now actually get routed to workers if necessary. With this, the media tests now work - and we can switch on all available worker types!
|
Is this ready to merge? |
|
Yeah, sorry. I was just waiting on the CI stuff to get sorted before merging. But that might be a while and I want to put some more PRs up for fixing cert stuff in Complement that would require more changes here. So let's just merge it now and do anything more in other PRs. |
This PR adds a Dockerfile and some supporting files to the `docker/` directory. The Dockerfile's intention is to spin up a container with: * A Synapse main process. * Any desired worker processes, defined by a `SYNAPSE_WORKERS` environment variable supplied at runtime. * A redis for worker communication. * A nginx for routing traffic. * A supervisord to start all worker processes and monitor them if any go down. Note that **this is not currently intended to be used in production**. If you'd like to use Synapse workers with Docker, instead make use of the official image, with one worker per container. The purpose of this dockerfile is currently to allow testing Synapse in worker mode with the [Complement](https://github.com/matrix-org/complement/) test suite. `configure_workers_and_start.py` is where most of the magic happens in this PR. It reads from environment variables (documented in the file) and creates all necessary config files for the processes. It is the entrypoint of the Dockerfile, and thus is run any time the docker container is spun up, recreating all config files in case you want to use a different set of workers. One can specify which workers they'd like to use by setting the `SYNAPSE_WORKERS` environment variable (as a comma-separated list of arbitrary worker names) or by setting it to `*` for all worker processes. We will be using the latter in CI. Huge thanks to @MatMaul for helping get this all working 🎉 This PR is paired with its equivalent on the Complement side: matrix-org/complement#62. Note, for the purpose of testing this PR before it's merged: You'll need to (re)build the base Synapse docker image for everything to work (`matrixdotorg/synapse:latest`). Then build the worker-based docker image on top (`matrixdotorg/synapse:workers`).
This PR adds a new Dockerfile containing the configuration for a Synapse running in worker mode. Some additional files were required to support the image.
The intention of this is to add testing of Synapse in worker mode to Complement's CI. It is paired with matrix-org/synapse#9162.