Updated some stuff about directory and systemd.

This commit is contained in:
Hans van Zijst 2024-12-22 17:07:39 +01:00
parent c41ea155f2
commit dde3bfaad4
No known key found for this signature in database
GPG key ID: ECF8564FB15A8216

View file

@ -20,7 +20,10 @@ themselves. Redirect specific tasks to them and you have several different
servers doing all kinds of tasks at the same time. A busy room will no longer
freeze the rest.
Workers communicate with each other via socket files and Redis.
Workers communicate with each other via UNIX sockets and Redis. We choose
UNIX sockets because they're much more efficient than network sockets. Of
course, if you scale to more than one machine, you will need network sockets
instead.
**Important note**
@ -46,7 +49,8 @@ examples.
# Redis
First step is to install Redis.
Workers need Redis as part of their communication, so our first step is
to install Redis.
```
apt install redis-server
@ -65,33 +69,47 @@ unixsocketperm 770
Our matrix user (`matrix-synapse`) has to be able to read from and write to
that socket, which is created by Redis and owned by `redis:redis`, so we add
user `matrix-synapse` to the group `redis`.
user `matrix-synapse` to the group `redis`. You may come up with a
finer-grained permission solution, but for our example this will do.
```
adduser matrix-synapse redis
```
Restart Redis for these changes to take effect. Check if port 6379 is no
longer active, and if the socketfile `/run/redis/redis-server.sock` exists.
Restart Redis for these changes to take effect. Check for error messages in
the logs, if port 6379 is no longer active, and if the socketfile
`/run/redis/redis-server.sock` exists.
# Synapse
Workers communicate with each other over sockets, that are all placed in one
directory. To make sure only the users that need access will have it, we
create a new group and add the users to it.
create a new group and add the users to it. Remember that nginx needs to be
able to write to many of these sockets.
Then, create the directory where all the socket files for workers will come,
and give it the correct user, group and permission:
Then, make sure systemd creates the directory for the sockets as soon as
Synapse starts, and let it have the correct group.
```
groupadd --system clubmatrix
useradd matrix-synapse clubmatrix
useradd www-data clubmatrix
mkdir /run/matrix-synapse
dpkg-statoverride --add --update matrix-synapse clubmatrix 2770 /run/matrix-synapse
systemctl edit matrix-synapse
```
Now override parts of the `Service` stanza to look like this:
```
[Service]
User=matrix-synapse
Group=clubmatrix
RuntimeDirectory=matrix-synapse
RuntimeDirectoryPreserve=yes
```
Synapse will, from now on, run as group `clubmatrix` instead of
`matrix-synapse`. The directory `/run/matrix-synapse` will be created as soon
as Synapse starts, and will not be removed on restart or stop, because that
would create problems with workers who suddenly lose their sockets.
First we change Synapse from listening on `localhost:8008` to listening on a
socket. We'll do most of our workers work in `conf.d/listeners.yaml`, so let's
put the new configuration for the main proccess there: