From dde3bfaad402f55ab77ef07a9ddd3acf7a9165dd Mon Sep 17 00:00:00 2001 From: Hans van Zijst Date: Sun, 22 Dec 2024 17:07:39 +0100 Subject: [PATCH] Updated some stuff about directory and systemd. --- matrix/synapse/workers.md | 44 +++++++++++++++++++++++++++------------ 1 file changed, 31 insertions(+), 13 deletions(-) diff --git a/matrix/synapse/workers.md b/matrix/synapse/workers.md index 8654bda..3d9d42a 100644 --- a/matrix/synapse/workers.md +++ b/matrix/synapse/workers.md @@ -20,7 +20,10 @@ themselves. Redirect specific tasks to them and you have several different servers doing all kinds of tasks at the same time. A busy room will no longer freeze the rest. -Workers communicate with each other via socket files and Redis. +Workers communicate with each other via UNIX sockets and Redis. We choose +UNIX sockets because they're much more efficient than network sockets. Of +course, if you scale to more than one machine, you will need network sockets +instead. **Important note** @@ -46,7 +49,8 @@ examples. # Redis -First step is to install Redis. +Workers need Redis as part of their communication, so our first step is +to install Redis. ``` apt install redis-server @@ -65,33 +69,47 @@ unixsocketperm 770 Our matrix user (`matrix-synapse`) has to be able to read from and write to that socket, which is created by Redis and owned by `redis:redis`, so we add -user `matrix-synapse` to the group `redis`. +user `matrix-synapse` to the group `redis`. You may come up with a +finer-grained permission solution, but for our example this will do. ``` adduser matrix-synapse redis ``` -Restart Redis for these changes to take effect. Check if port 6379 is no -longer active, and if the socketfile `/run/redis/redis-server.sock` exists. +Restart Redis for these changes to take effect. Check for error messages in +the logs, if port 6379 is no longer active, and if the socketfile +`/run/redis/redis-server.sock` exists. # Synapse Workers communicate with each other over sockets, that are all placed in one directory. To make sure only the users that need access will have it, we -create a new group and add the users to it. +create a new group and add the users to it. Remember that nginx needs to be +able to write to many of these sockets. -Then, create the directory where all the socket files for workers will come, -and give it the correct user, group and permission: +Then, make sure systemd creates the directory for the sockets as soon as +Synapse starts, and let it have the correct group. ``` -groupadd --system clubmatrix -useradd matrix-synapse clubmatrix -useradd www-data clubmatrix -mkdir /run/matrix-synapse -dpkg-statoverride --add --update matrix-synapse clubmatrix 2770 /run/matrix-synapse +systemctl edit matrix-synapse ``` +Now override parts of the `Service` stanza to look like this: + +``` +[Service] +User=matrix-synapse +Group=clubmatrix +RuntimeDirectory=matrix-synapse +RuntimeDirectoryPreserve=yes +``` + +Synapse will, from now on, run as group `clubmatrix` instead of +`matrix-synapse`. The directory `/run/matrix-synapse` will be created as soon +as Synapse starts, and will not be removed on restart or stop, because that +would create problems with workers who suddenly lose their sockets. + First we change Synapse from listening on `localhost:8008` to listening on a socket. We'll do most of our workers work in `conf.d/listeners.yaml`, so let's put the new configuration for the main proccess there: