spantaleev / matrix-docker-ansible-deploy Goto Github PK
View Code? Open in Web Editor NEW🐳 Matrix (An open network for secure, decentralized communication) server setup using Ansible and Docker
License: GNU Affero General Public License v3.0
🐳 Matrix (An open network for secure, decentralized communication) server setup using Ansible and Docker
License: GNU Affero General Public License v3.0
If mxisd is enabled (which it is by default), we should reverse-proxy the following endpoint: /_matrix/client/r0/user_directory/search
over to mxisd.
By default, mxisd uses Synapse's database as a source. So it may seem like it will be returning the same data in such a case. However, mxisd can also search by 3PIDs.
Another benefit would be for users who enable identity store (LDAP, etc.) - making the identity store's users searchable as well.
Additional integration information is here: https://github.com/kamax-matrix/mxisd/blob/master/docs/features/directory.md
As requested by @benparsons, it would be useful if notes like this are shown at the end of playbook execution:
"NOTE: Your setup is on an old Postgres version (postgres:10.7-alpine), while postgres:11.2-alpine is supported. You can upgrade using --tags=upgrade-postgres"
Otherwise, they scroll by and might go unnoticed.
We can probably show these notes whenever they happen, and also append them to some list.
We can then use the matrix-common-after
role for iterating over the list and showing them again.
Is it possible for me to turn on report-stats?
I thought it was clear enough that only people who know what they are looking for should setup Matrix Corporal but @x0n:staubsaugertraum.de
Had a bad experience after setting it up and not being able to find out why he couldn’t set his avatar.
I just rechecked the github docs. there is no mention of the optional parts being "advanced" and/or "this will fuck up your life because noone will be able to help you". maybe such a warning would suffice
You can assign this to me
When doing the self-check for /.well-known/matrix/client
, we rely on Ansible's uri module to automatically parse JSON content for us.
This only happens if the HTTP response contains Content-Type: application/json
.
If not, Ansible's uri
module doesn't parse JSON for us and the self-check fails.
While it's nice to serve the file with the appropriate Content-Type
header, according to the Server Discovery specification, supplying such a response header is not required.
We should fix the self-check, so that it doesn't rely on the header being there.
Success should be determined (by us) if:
200
I'll put small things that I notice doing my audit of this here, which aren't big/important enough to get their own issue.
self_check_dns.yml
: maybe use the dig lookup plugin instead of a command, and if you use a command, use a command and not a shell.setup/ssl/setup_ssl_self_signed_obtain_for_domain.yml
: You could generate the ssl cert manually only on hosts which don't provide up to date pyopenssl and do the proper way on other hostsYou can assign this to me
Maybe some cache factor advice and a note about presence
Related: matrix-org/synapse#4276 and your presence issue matrix-org/synapse#3971
First of all, I want to thank you for making my life easier by creating this ansible playbook. Because I think it's a great idea to have this I want to contribute the following:
Currently, the playbook allows to configure custom postgresql servers. This is great to hear, but I think the playbook should then also enforce the usage of SSL encryption. In my custom version of the playbook I managed to do so by adding the following lines to the homeserver.yml.j2 template:
database:
# The database engine name
name: "psycopg2"
args:
user: {{ matrix_synapse_database_user|to_json }}
password: {{ matrix_synapse_database_password|to_json }}
database: "{{ matrix_synapse_database_database }}"
host: "{{ matrix_synapse_database_host }}"
sslcert: "/data/certs/postgres_chat_client/client.crt"
sslkey: "/data/certs/postgres_chat_client/client.key"
sslrootcert: "/data/certs/postgres_chat_client/rootCA.crt"
sslmode: "verify-full"
cp_min: 5
cp_max: 10
To make this work you only have to copy the certificates to the correct location and chown it to the matrix user.
Btw: The documentation states that database servers running on the docker host are not supported, but I managed to configure my postgres database on the host with the role geerlingguy.postgresql
quite fine. Yes, you will have to allow the postgres database to bind to the outside IP and also allow connections to that ip, but that can issue can be fixed by adding correct firewall rules and a sane pg_hba.conf:
---
---
- hosts: database
become: true
vars:
ansible_ssh_private_key_file: "{{playbook_dir}}/ssh_keys/ansible_rsa"
ansible_user: "ansible"
check_free_diskspace_min_available: 5
apt_update_cache: True
apt_restart_after_dist_upgrade: True
setup_additional_groups:
- name: "postgres"
requires_root_password: True
setup_additional_users:
- name: "postgres"
group: "postgres"
is_sudo: False
roles:
- role: check-free-space
- role: user-setup
- role: force-reconnect
- hosts: database
become: true
vars:
ansible_ssh_private_key_file: "{{playbook_dir}}/ssh_keys/ansible_rsa"
ansible_user: "ansible"
tasks:
- name: "ensure /etc/ansible exists"
file:
path: /etc/ansible
state: directory
- name: "ensure /etc/ansible/certs exists"
file:
path: /etc/ansible/certs
state: directory
- name: "copy postgres_chat certs"
copy:
src: "{{playbook_dir}}/files/certs/database/{{inventory_hostname}}/postgres_chat"
dest: "/etc/ansible/certs"
mode: 0700
owner: postgres
group: postgres
- name: Ensure files in /etc/ansible/certs/postgres_chat 0400
command: find /etc/ansible/certs/postgres_chat -type f -exec chmod 0400 {} \;
- name: Allow incoming access to the postgres port 5432 for docker servers and the database ip
ufw:
rule: allow
direction: in
src: "{{ item }}"
to_port: 5432
with_items:
- <ip>
- 172.17.0.0/16
- 172.18.0.0/16
- hosts: database
become: true
vars:
ansible_ssh_private_key_file: "{{playbook_dir}}/ssh_keys/ansible_rsa"
ansible_user: "ansible"
check_free_diskspace_min_available: 5
apt_update_cache: True
postgresql_user: postgres
postgresql_group: postgres
postgresql_locales:
- 'en_US.UTF-8'
postgresql_users:
- name: matrix
password: "<password>"
state: present
roles:
- role: geerlingguy.postgresql
# now that the basic setup is done setup everything for matrix
- hosts: database
become: true
vars:
ansible_ssh_private_key_file: "{{playbook_dir}}/ssh_keys/ansible_rsa"
ansible_user: "ansible"
check_free_diskspace_min_available: 5
apt_update_cache: True
postgresql_user: postgres
postgresql_group: postgres
postgresql_locales:
- 'en_US.UTF-8'
postgresql_global_config_options:
- option: unix_socket_directories
value: '{{ postgresql_unix_socket_directories | join(",") }}'
- option: "ssl"
value: "on"
- option: "ssl_ca_file"
value: "/etc/ansible/certs/postgres_chat/rootCA.crt"
- option: "ssl_cert_file"
value: "/etc/ansible/certs/postgres_chat/server.crt"
- option: "ssl_key_file"
value: "/etc/ansible/certs/postgres_chat/server.key"
- option: listen_addresses
value: "*"
postgresql_hba_entries:
- { type: local, database: all, user: postgres, auth_method: peer }
- { type: local, database: homeserver, user: matrix, auth_method: md5 }
- { type: hostssl, database: homeserver, address: "<outside_ip>", user: matrix, auth_method: md5, auth_options: "clientcert=1" }
# for docker
- { type: hostssl, database: homeserver, address: "172.17.0.0/16", user: matrix, auth_method: md5, auth_options: "clientcert=1" }
- { type: hostssl, database: homeserver, address: "172.18.0.0/16", user: matrix, auth_method: md5, auth_options: "clientcert=1" }
postgresql_databases:
- name: homeserver
lc_collate: 'en_US.UTF-8'
lc_ctype: 'en_US.UTF-8'
encoding: 'UTF-8'
owner: 'matrix'
state: present
postgresql_users:
- name: matrix
password: "<password>"
state: present
#encrypted: # defaults to not set
#priv: # defaults to not set
#role_attr_flags: # defaults to not set
#db: # defaults to not set
#login_host: # defaults to 'localhost'
#login_password: # defaults to not set
#login_user: # defaults to '{{ postgresql_user }}'
#login_unix_socket: # defaults to 1st of postgresql_unix_socket_directories
#port: # defaults to not set
roles:
- role: geerlingguy.postgresql
Matrix-docker-ansible-deploy version: latest as of today
Docker version: 18.09.1
Ubuntu: 18.04
Install works great and have matrix/riot running fine. On system shutdown however, there's a 2-3minute delay on shutdown that was not there before the install (uninstalling via the instructions in the doc dir eliminates the issue).
Console shows the delay is during shutdown of the various matrix services. Systemd messages show pauses of up to 1 minute 30 seconds on each of the 6 containers. Message looks like this:
[ *** ] (1 of 6) A stop job is running for Matrix Coturn server (30s / 1:30)
This occurs when shutting down the system with /sbin/shutdown.
If I first stop the matrix services via 'sudo systemctl stop matrix*' then run '/sbin/shutdown -r 0' to restart the server, it goes down quickly. But if I don't stop the matrix services first, I see the delay during shutdown.
Note when stopping the services manually via 'sudo systemctl stop matrix*', the services go down quickly. Running a 'docker ps' confirms they all are down. Not sure why it's so slow during shutdown.
Spent some time tweaking settings in the matrix service files under /etc/systemd/system but nothing really helps outside of specifying a low TimeoutStopSec to reduce the delay but that's not ideal.
I do see a lot of these dockerd errors while these stop attempts are happening:
Jan 13 15:05:43 myserver dockerd[1889]: time="2019-01-13T15:05:43.593913457-08:00" level=error msg="failed to get event" error="rpc error: code
= Unavailable desc = transport is closing" module=libcontainerd namespace=moby
Jan 13 15:05:43 myserver dockerd[1889]: time="2019-01-13T15:05:43.593929085-08:00" level=error msg="failed to get event" error="rpc error: code
= Unavailable desc = transport is closing" module=libcontainerd namespace=moby
Jan 13 15:05:43 myserver systemd[1]: Stopping Matrix Riot web server...
Jan 13 15:05:43 myserver dockerd[1889]: time="2019-01-13T15:05:43.593945298-08:00" level=error msg="failed to get event" error="rpc error: code
= Unavailable desc = transport is closing" module=libcontainerd namespace=moby
Jan 13 15:05:43 myserver dockerd[1889]: time="2019-01-13T15:05:43.593961409-08:00" level=error msg="failed to get event" error="rpc error: code
= Unavailable desc = transport is closing" module=libcontainerd namespace=moby
Any help or pointers would be appreciated.
journalctl -f -u matrix-synapse
etc
Hello!
I configured ansible as described in Readme file. When I run ansible-playbook -i inventory/hosts setup.yml --tags=setup-main
I always get the error:
TASK [matrix-server : Determine domains to obtain certificates for (Matrix)] ***********************************************************************************************
fatal: [matrix.mobilap.ru]: FAILED! => {"failed": true, "msg": "the field 'args' has an invalid value, which appears to include a variable that is undefined. The error was: matrix.{{ hostname_identity }}: {{ host_specific_hostname_identity }}: 'host_specific_hostname_identity' is undefined\n\nThe error appears to have been in '/Volumes/ST1000/projects/WVV2/matrix-docker-ansible-deploy/roles/matrix-server/tasks/setup_ssl.yml': line 3, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n- name: Determine domains to obtain certificates for (Matrix)\n ^ here\n"}
PLAY RECAP *****************************************************************************************************************************************************************
matrix.mobilap.ru : ok=11 changed=0 unreachable=0 failed=1
I double checked that my vars.yml is correct and it contains host_specific_hostname_identity
variable
Just upgraded to Riot Web 1.0.1, but now I get lots of "missing translation en" messages in interface on browsers where previous release Riot Web was opened (see image here: https://ibb.co/YWMyvq7). New browsers open with correctly translated interface. Tried to clean browser's cache, but without any success.
Found a pull request on vector-im/riot-web
about correct caching implementation on self-hosted solutions: element-hq/element-web@f9551dd
I'm not good at nginx configuration, so I could not provide a pull request for this issue.
We have a way to import the media store files from a previous installation.
We also have a way to import an SQLite database.
.. but we have no easy/automated way to import people's existing Postgres database.
@spantaleev What would you suggest as a final solution to use Keycloak/SSO together with a Matrix ?
We see several auth options on the link
https://github.com/spantaleev/matrix-docker-ansible-deploy
Another words do we to deploy mxisd
or we need matrix-synapse-rest-auth
?
Originally posted by @eorlovsky in #93 (comment)
Sometimes people would run the playbook (--tags=setup-all
) when changing configuration or simply updating.. and then they'd manage the services manually (systemctl restart matrix-...
)..
Doing this, instead of using --tags=start
means they would still use the old systemd service files.
systemctl
should warn that the service file had changed, but maybe that gets ignored sometimes.
It'd be better if we automatically do a daemon-reload as soon as we update a service file (handlers may also work, but they're unreliable).
Running a self-check like shown below...
ansible-playbook -i inventory/hosts setup.yml --tags=self-check
... fails with message:
TASK [matrix-base : Check DNS SRV record for _matrix._tcp on mathminds.io.] ********************************************************************************************************************************************************************
fatal: [matrix.mathminds.io]: FAILED! => {"msg": "An unhandled exception occurred while running the lookup plugin 'dig'. Error was a <class 'ansible.errors.AnsibleError'>, original message: The dig lookup requires the python 'dnspython' library and it is not installed"}
Notice that from command line I can find the DNS record:
$ dig +short _matrix._tcp.mathminds.io srv
10 0 8448 matrix.mathminds.io.
Is it possible for the self-check to know whether you are running the latest Synapse version or are on the latest commit of matrix-docker-ansible-deploy?
It could probably at least tell you the version you are running
Currently, the Let's Encrypt SSL certificates aren't optional. Therefore the role can't be used on a server that's behind a firewall. That would however be desirable for a test deployment, which doesn't have to be publicly reachable (and maybe shouldn't be).
Also, some people might want to use different certificates.
Hello,
Trying to get the reverse-proxy for .well-known to work on centos 7 I get the following error from nxinx:
2019/02/08 11:36:35 [error] 18043#0: *3 connect() failed (111: Connection refused) while connecting to upstream, client: 1.2.3.4, server: www.e.org, request: "GET /.well-known/matrix/client HTTP/2.0", upstream: "https://a.b.c.d:443//client", host: "e.org"
I've dug around a little but not been able to find anything really useful. Is this something you've seen before?
(p.s.: sorry, had not confirmed the service was running. since matrix.e.org/.well-known/matrix/server doesn't return a file, something must not have worked with the install, despite ansible reporting everything as fine. best delete this I should think.)
The docker binary is just a rest client that is talking to the docker daemon, which means that you aren't supervising the services but just the docker binary. I'm not sure what the reason for this is, but it means you can't use this playbook on alpinelinux, voidlinux, gentoo and possibly more.
I have multiple suggestions on how to solve this:
I strongly prefer option 1 for my usecases, but since podman isn't available to most users, that probably won't be possible.
We’ve also discovered that jemalloc works very well at improving RAM usage on Python 2 under Linux (we haven’t tried it on Python 3 yet) by providing a more fragmentation-resistent malloc implementation; if you are having problems with your Synapse RAM spiking up we recommend giving it a go. All of the Matrix.org server is using it now.
from https://matrix.org/blog/2018/09/15/this-week-in-matrix-2018-09-14/
Sorry I've no experience with this type of record so there may be an obvious solution to this problem.
But so far as I've been able to try, Cloudflare makes it impossible to create a plain "_matrix._tcp" value for an SRV records.
You have to make it "_matrix._tcp.domain.com"
You enter "_matrix._tcp" in "Service"
TCP in protocol
then you HAVE TO add a "Name" which can be "@", your domain or anything.
in doubt I've created both needed records with both Name filled with "<domain.com>" and "matrix.<domain.com>"
As a consequence I believe I've the self-check ansible command failing with:
TASK [matrix-base : Fail if DNS SRV record incorrect (Ansible dig lookup)] ************************************************************
fatal: [matrix.mychinaroots.com]: FAILED! => {"msg": "The conditional check 'lookup_dig_srv is defined and (lookup_dig_srv.target != dns_srv_record_check.expected_target or lookup_dig_srv.port != dns_srv_record_check.expected_port)' failed. The error was: error while e$aluating conditional (lookup_dig_srv is defined and (lookup_dig_srv.target != dns_srv_record_check.expected_target or lookup_dig_srv.p$rt != dns_srv_record_check.expected_port)): 'ansible.utils.unsafe_proxy.AnsibleUnsafeText object' has no attribute 'target'\n\nThe err$r appears to have been in '/root/project/matrix-docker-ansible-deploy/roles/matrix-base/tasks/self_check_dns_srv.yml': line 40, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n- name: Fail if $NS SRV record incorrect (Ansible dig lookup)\n ^ here\n"}
Looking at the content of ./roles/matrix-base/tasks/self_check_dns.yml
it must be the comparison with service_and_protocol
value that fails.
And quite unnervingly I can't even know whether my setup is ok or not due my lack of SRV record understanding.
Using https://neo.lain.haus/fed-tester/ with <mydomain.com> returns a valid result though, all be it with a Warning WARN: Self-signed cert found for ...IP blabla
which is weird. As I though I understood Let's Encrypt WAS used to cerate a cert.
Could you please submit the roles to https://galaxy.ansible.com/ so that they can be added to other playbooks more easily? :)
On Fedora 28+, the python2 package for firewalld was removed: https://bugzilla.redhat.com/show_bug.cgi?id=1575428 so you need to use the python3-firewalld package and therefore use python3.
To make this happen, we need to overwrite ansible_python_interpreter
(according to https://docs.ansible.com/ansible/latest/user_guide/intro_inventory.html#list-of-behavioral-inventory-parameters):
ansible_python_interpreter: "/usr/bin/python3"
Just like we did for mxisd, we can do the same for matrix-corporal configuration .
.. except that we need to generate JSON. Which begs the question: if matrix-corporal uses JSON (that we generate), wouldn't it better if the default configuration and its extension/override are also JSON?
I happen to have set the .well-known folder on an Nginx server
directive that redirect to another server. (
So the --tags=self-check
task chokes on the Check .well-known on the identity hostname
task because it doesn't follow redirect.
- name: Check .well-known on the identity hostname
uri:
url: "{{ well_known_url_identity }}"
follow_redirects: false
return_content: true
register: result_well_known_identity
ignore_errors: true
simply making follow_redirects: true
makes the whole of self-check
works with my setup.
People that want to put the media store elsewhere would currently be made to believe that redefining matrix_synapse_media_store_path
would help (default is: matrix_synapse_media_store_path: "{{ matrix_synapse_storage_path }}/media-store"
).
While matrix_synapse_media_store_path
is used in certain parts of the configuration (when ensuring paths are created, etc.), it's not actually used by Synapse directly. Synapse currently receives a mount to the storage directory and tries to find a ./media-store
directory inside it.
For legacy purposes (media store on s3fs), which may still apply now with Goofys (needs to be verified), we could not directly mount matrix_synapse_media_store_path
into the Synapse container. We had to mount some parent directory (the storage directory) and access the media store through there.
Things we can do to fix this confusion:
check whether our workaround is still required (now that we're using Goofys and not s3fs).. If not, we can mount matrix_synapse_media_store_path
directly in the Synapse container and avoid all this confusion
whether we can mount the media store in a smarter way. Perhaps mounting -v {{ matrix_synapse_media_store_path|dirname }}:/matrix-media-store-parent
and then using media_store_path: "/matrix-media-store-parent/media-store"
in homeserver.yaml.j2
whether we should define some configuration sanity-check tasks, which would fail
: when not matrix_synapse_media_store_path.startswith(matrix_synapse_storage_path)
if all else fails, whether we should define some configuration variables (like matrix_synapse_media_store_path
) as "private" and discourage them from being touched
You can assign this to me
It seems the playbook tries to install v0.17.7 of the docker image, which cannot be found, as the latest release seems to be v0.17.6 (https://github.com/AVENTER-UG/docker-matrix-riot/releases).
This change in roles/matrix-server/defaults/main.yml does the job :
-matrix_riot_web_docker_image: "avhost/docker-matrix-riot:v0.17.7"
+matrix_riot_web_docker_image: "avhost/docker-matrix-riot:v0.17.6"
As proposed by @anadahz, we should make the homepage at matrix.DOMAIN
show something useful or redirect somewhere else, instead of being a 404 page.
Redirecting to riot.DOMAIN
is one option, but also an option that would fail if matrix_riot_web_enabled: false
.
It would probably be ideal if we have our own simple HTML page there, which contains an introduction to Matrix and possibly a link to this playbook.
If you install --tags=setup-all
and then try to import a Postgres database, it would fail.
It happens because we try to detect the local Postgres version first, before doing the import. And Postgres hasn't been started to populate the PG_VERSION
file.
I followed the install documentation and successfully run the role with the tags setup-all
and start
by issuing the following commands:
ansible-playbook -v -i inventory/hosts setup.yml --tags=setup-all
ansible-playbook -v -i inventory/hosts setup.yml --tags=start
However when I run the role with the register-user
tag I get the error : Error: No such container: matrix-synapse
.
Following verbose output:
ansible-playbook -vvvv -i inventory/hosts setup.yml --extra-vars='username=user password=password admin=yes' --tags=register-user
TASK [matrix-server : Register user] **********************************************************************************************************************************
task path: /home/user/matrix-docker-ansible-deploy/roles/matrix-server/tasks/register_user.yml:23
fatal: [matrix.domain.tld]: FAILED! => {
"changed": true,
"cmd": "/usr/local/bin/matrix-synapse-register-user user password 1",
"delta": "0:00:00.103034",
"end": "2018-10-13 13:24:39.089012",
"invocation": {
"module_args": {
"_raw_params": "/usr/local/bin/matrix-synapse-register-user user password 1",
"_uses_shell": true,
"argv": null,
"chdir": null,
"creates": null,
"executable": null,
"removes": null,
"stdin": null,
"warn": true
}
},
"msg": "non-zero return code",
"rc": 1,
"start": "2018-10-13 13:24:38.985978",
"stderr": "Error: No such container: matrix-synapse",
"stderr_lines": [
"Error: No such container: matrix-synapse"
],
"stdout": "",
"stdout_lines": []
}
PLAY RECAP **********************************************************************************************************************************
matrix.domain.tld : ok=2 changed=0 unreachable=0 failed=1
Any ideas to help debug and solve this issue are greatly appreciated.
The documentation states that you can set matrix_synapse_federation_domain_whitelist to [] to disable federation:
matrix-docker-ansible-deploy/roles/matrix-synapse/defaults/main.yml
Lines 93 to 96 in 906942f
However, if you actually do so, invalid YAML gets generated into homeserver.yaml:
federation_domain_whitelist:
[]
This means that matrix-synapse fails to start:
Traceback (most recent call last):
File "/usr/local/lib/python3.6/runpy.py", line 193, in _run_module_as_main
"__main__", mod_spec)
File "/usr/local/lib/python3.6/runpy.py", line 85, in _run_code
exec(code, run_globals)
File "/usr/local/lib/python3.6/site-packages/synapse/app/homeserver.py", line 576, in <module>
main()
File "/usr/local/lib/python3.6/site-packages/synapse/app/homeserver.py", line 571, in main
hs = setup(sys.argv[1:])
File "/usr/local/lib/python3.6/site-packages/synapse/app/homeserver.py", line 312, in setup
config_options,
File "/usr/local/lib/python3.6/site-packages/synapse/config/_base.py", line 356, in load_or_generate_config
generate_keys=generate_keys,
File "/usr/local/lib/python3.6/site-packages/synapse/config/_base.py", line 374, in read_config_files
yaml_config = self.read_config_file(config_file)
File "/usr/local/lib/python3.6/site-packages/synapse/config/_base.py", line 140, in read_config_file
return yaml.load(file_stream)
File "/usr/local/lib/python3.6/site-packages/yaml/__init__.py", line 72, in load
return loader.get_single_data()
File "/usr/local/lib/python3.6/site-packages/yaml/constructor.py", line 35, in get_single_data
node = self.get_single_node()
File "/usr/local/lib/python3.6/site-packages/yaml/composer.py", line 36, in get_single_node
document = self.compose_document()
File "/usr/local/lib/python3.6/site-packages/yaml/composer.py", line 55, in compose_document
node = self.compose_node(None, None)
File "/usr/local/lib/python3.6/site-packages/yaml/composer.py", line 84, in compose_node
node = self.compose_mapping_node(anchor)
File "/usr/local/lib/python3.6/site-packages/yaml/composer.py", line 133, in compose_mapping_node
item_value = self.compose_node(node, item_key)
File "/usr/local/lib/python3.6/site-packages/yaml/composer.py", line 64, in compose_node
if self.check_event(AliasEvent):
File "/usr/local/lib/python3.6/site-packages/yaml/parser.py", line 98, in check_event
self.current_event = self.state()
File "/usr/local/lib/python3.6/site-packages/yaml/parser.py", line 449, in parse_block_mapping_value
if not self.check_token(KeyToken, ValueToken, BlockEndToken):
File "/usr/local/lib/python3.6/site-packages/yaml/scanner.py", line 116, in check_token
self.fetch_more_tokens()
File "/usr/local/lib/python3.6/site-packages/yaml/scanner.py", line 159, in fetch_more_tokens
self.stale_possible_simple_keys()
File "/usr/local/lib/python3.6/site-packages/yaml/scanner.py", line 289, in stale_possible_simple_keys
"could not find expected ':'", self.get_mark())
yaml.scanner.ScannerError: while scanning a simple key
in "/data/homeserver.yaml", line 123, column 1
could not find expected ':'
in "/data/homeserver.yaml", line 128, column 1
Traceback (most recent call last):
File "/start.py", line 66, in <module>
subprocess.check_output(args + ["--generate-keys"])
File "/usr/local/lib/python3.6/subprocess.py", line 356, in check_output
**kwargs).stdout
File "/usr/local/lib/python3.6/subprocess.py", line 438, in run
output=stdout, stderr=stderr)
subprocess.CalledProcessError: Command '['python', '-m', 'synapse.app.homeserver', '--config-path', '/data/homeserver.yaml', '--generate-keys']' returned non-zero exit status 1.
Not sure if any other files do, also not sure which one you want otherwise I would have PR'd
Might be nice to add an editorconfig file https://editorconfig.org
Hello!
First of all, I'd like to thank you for your work!
Would you please help me to find out where things go wrong.
The first task I'd like to solve is to make a Matrix-Keycloak connection. I suppose there is a module mxisd that could help me with that.
Got synapse installed. Can successfully connect via Riot mobile client and via web-based client as well:
https://matrix.perfsys.io
https://riot.perfsys.io
So I assume that Server Delegation via a DNS SRV record (https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/howto-server-delegation.md) was made in the right way.
But I can't get JSON file neither visiting https://perfsys.io/.well-known/matrix/server nor https://perfsys.io/.well-known/matrix/client, I get "Cannot communicate securely with peer: no common encryption algorithm(s). Error code: SSL_ERROR_NO_CYPHER_OVERLAP" instead.
Got mxisd enabled. But self-check (ansible-playbook -i inventory/hosts setup.yml --tags=self-check) returns:
TASK [matrix-mxisd : Check mxisd Identity Service]
fatal: [matrix.perfsys.io -> 127.0.0.1]: FAILED! => {"changed": false, "connection": "close", "content": "\n\n <title>404 - No Such Resource</title>\n \nNo Such Resource
\nSorry. No luck finding that resource.
\n \n\n", "content_length": "167", "content_type": "text/html; charset=utf-8", "date": "Thu, 07 Feb 2019 15:22:37 GMT", "msg": "Status code was 404 and not [200]: HTTP Error 404: Not Found", "redirected": false, "server": "nginx", "status": 404, "url": "https://matrix.perfsys.io/_matrix/identity/api/v1"}
So is it Reverse Proxying or incompatible SSL issue?
Thanks in advance for your help
[..]/tasks/import/import_media_store.yml
for example has a mix of both formats which hurts readability IMO
I need to use my ldap directory as provider for passwords. During my tests (only with matrix-synapse), I used these lines in homeserver.yaml
and it worked ok:
password_providers:
- module: "ldap_auth_provider.LdapAuthProvider"
…
Is there a way to:
Thanks!
Just like we did for mxisd, we can do the same for riot-web.
.. except that we need to generate JSON. Which begs the question: if riot-web uses JSON (that we generate), wouldn't it better if the default configuration and its extension/override are also JSON?
I keep checking https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/configuring-playbook-ssl-certificates.md for the info but it's actually in https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/howto-server-delegation.md#server-delegation-via-a-well-known-file
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.