start_for_complement.sh 4.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133
  1. #!/bin/bash
  2. #
  3. # Default ENTRYPOINT for the docker image used for testing synapse with workers under complement
  4. set -e
  5. echo "Complement Synapse launcher"
  6. echo " Args: $@"
  7. echo " Env: SYNAPSE_COMPLEMENT_DATABASE=$SYNAPSE_COMPLEMENT_DATABASE SYNAPSE_COMPLEMENT_USE_WORKERS=$SYNAPSE_COMPLEMENT_USE_WORKERS SYNAPSE_COMPLEMENT_USE_ASYNCIO_REACTOR=$SYNAPSE_COMPLEMENT_USE_ASYNCIO_REACTOR"
  8. function log {
  9. d=$(date +"%Y-%m-%d %H:%M:%S,%3N")
  10. echo "$d $@"
  11. }
  12. # Set the server name of the homeserver
  13. export SYNAPSE_SERVER_NAME=${SERVER_NAME}
  14. # No need to report stats here
  15. export SYNAPSE_REPORT_STATS=no
  16. case "$SYNAPSE_COMPLEMENT_DATABASE" in
  17. postgres)
  18. # Set postgres authentication details which will be placed in the homeserver config file
  19. export POSTGRES_PASSWORD=somesecret
  20. export POSTGRES_USER=postgres
  21. export POSTGRES_HOST=localhost
  22. # configure supervisord to start postgres
  23. export START_POSTGRES=true
  24. ;;
  25. sqlite|"")
  26. # Configure supervisord not to start Postgres, as we don't need it
  27. export START_POSTGRES=false
  28. ;;
  29. *)
  30. echo "Unknown Synapse database: SYNAPSE_COMPLEMENT_DATABASE=$SYNAPSE_COMPLEMENT_DATABASE" >&2
  31. exit 1
  32. ;;
  33. esac
  34. if [[ -n "$SYNAPSE_COMPLEMENT_USE_WORKERS" ]]; then
  35. # Specify the workers to test with
  36. # Allow overriding by explicitly setting SYNAPSE_WORKER_TYPES outside, while still
  37. # utilizing WORKERS=1 for backwards compatibility.
  38. # -n True if the length of string is non-zero.
  39. # -z True if the length of string is zero.
  40. if [[ -z "$SYNAPSE_WORKER_TYPES" ]]; then
  41. export SYNAPSE_WORKER_TYPES="\
  42. event_persister:2, \
  43. background_worker, \
  44. frontend_proxy, \
  45. event_creator, \
  46. user_dir, \
  47. media_repository, \
  48. federation_inbound, \
  49. federation_reader, \
  50. federation_sender, \
  51. synchrotron, \
  52. client_reader, \
  53. appservice, \
  54. pusher, \
  55. stream_writers=account_data+presence+receipts+to_device+typing"
  56. fi
  57. log "Workers requested: $SYNAPSE_WORKER_TYPES"
  58. # adjust connection pool limits on worker mode as otherwise running lots of worker synapses
  59. # can make docker unhappy (in GHA)
  60. export POSTGRES_CP_MIN=1
  61. export POSTGRES_CP_MAX=3
  62. echo "using reduced connection pool limits for worker mode"
  63. # Improve startup times by using a launcher based on fork()
  64. export SYNAPSE_USE_EXPERIMENTAL_FORKING_LAUNCHER=1
  65. else
  66. # Empty string here means 'main process only'
  67. export SYNAPSE_WORKER_TYPES=""
  68. fi
  69. if [[ -n "$SYNAPSE_COMPLEMENT_USE_ASYNCIO_REACTOR" ]]; then
  70. if [[ -n "$SYNAPSE_USE_EXPERIMENTAL_FORKING_LAUNCHER" ]]; then
  71. export SYNAPSE_COMPLEMENT_FORKING_LAUNCHER_ASYNC_IO_REACTOR="1"
  72. else
  73. export SYNAPSE_ASYNC_IO_REACTOR="1"
  74. fi
  75. else
  76. export SYNAPSE_ASYNC_IO_REACTOR="0"
  77. fi
  78. # Add Complement's appservice registration directory, if there is one
  79. # (It can be absent when there are no application services in this test!)
  80. if [ -d /complement/appservice ]; then
  81. export SYNAPSE_AS_REGISTRATION_DIR=/complement/appservice
  82. fi
  83. # Generate a TLS key, then generate a certificate by having Complement's CA sign it
  84. # Note that both the key and certificate are in PEM format (not DER).
  85. # First generate a configuration file to set up a Subject Alternative Name.
  86. cat > /conf/server.tls.conf <<EOF
  87. .include /etc/ssl/openssl.cnf
  88. [SAN]
  89. subjectAltName=DNS:${SERVER_NAME}
  90. EOF
  91. # Generate an RSA key
  92. openssl genrsa -out /conf/server.tls.key 2048
  93. # Generate a certificate signing request
  94. openssl req -new -config /conf/server.tls.conf -key /conf/server.tls.key -out /conf/server.tls.csr \
  95. -subj "/CN=${SERVER_NAME}" -reqexts SAN
  96. # Make the Complement Certificate Authority sign and generate a certificate.
  97. openssl x509 -req -in /conf/server.tls.csr \
  98. -CA /complement/ca/ca.crt -CAkey /complement/ca/ca.key -set_serial 1 \
  99. -out /conf/server.tls.crt -extfile /conf/server.tls.conf -extensions SAN
  100. # Assert that we have a Subject Alternative Name in the certificate.
  101. # (grep will exit with 1 here if there isn't a SAN in the certificate.)
  102. openssl x509 -in /conf/server.tls.crt -noout -text | grep DNS:
  103. export SYNAPSE_TLS_CERT=/conf/server.tls.crt
  104. export SYNAPSE_TLS_KEY=/conf/server.tls.key
  105. # Run the script that writes the necessary config files and starts supervisord, which in turn
  106. # starts everything else
  107. exec /configure_workers_and_start.py