forked from fediversity/fediversity
Updated some stuff about directory and systemd.
This commit is contained in:
Hans van Zijst
parent
c41ea155f2
commit
dde3bfaad4
1 changed files with 31 additions and 13 deletions
|
|
@ -20,7 +20,10 @@ themselves. Redirect specific tasks to them and you have several different
|
|||
servers doing all kinds of tasks at the same time. A busy room will no longer
|
||||
freeze the rest.
|
||||
|
||||
Workers communicate with each other via socket files and Redis.
|
||||
Workers communicate with each other via UNIX sockets and Redis. We choose
|
||||
UNIX sockets because they're much more efficient than network sockets. Of
|
||||
course, if you scale to more than one machine, you will need network sockets
|
||||
instead.
|
||||
|
||||
**Important note**
|
||||
|
||||
|
|
@ -46,7 +49,8 @@ examples.
|
|||
|
||||
# Redis
|
||||
|
||||
First step is to install Redis.
|
||||
Workers need Redis as part of their communication, so our first step is
|
||||
to install Redis.
|
||||
|
||||
```
|
||||
apt install redis-server
|
||||
|
|
@ -65,33 +69,47 @@ unixsocketperm 770
|
|||
|
||||
Our matrix user (`matrix-synapse`) has to be able to read from and write to
|
||||
that socket, which is created by Redis and owned by `redis:redis`, so we add
|
||||
user `matrix-synapse` to the group `redis`.
|
||||
user `matrix-synapse` to the group `redis`. You may come up with a
|
||||
finer-grained permission solution, but for our example this will do.
|
||||
|
||||
```
|
||||
adduser matrix-synapse redis
|
||||
```
|
||||
|
||||
Restart Redis for these changes to take effect. Check if port 6379 is no
|
||||
longer active, and if the socketfile `/run/redis/redis-server.sock` exists.
|
||||
Restart Redis for these changes to take effect. Check for error messages in
|
||||
the logs, if port 6379 is no longer active, and if the socketfile
|
||||
`/run/redis/redis-server.sock` exists.
|
||||
|
||||
|
||||
# Synapse
|
||||
|
||||
Workers communicate with each other over sockets, that are all placed in one
|
||||
directory. To make sure only the users that need access will have it, we
|
||||
create a new group and add the users to it.
|
||||
create a new group and add the users to it. Remember that nginx needs to be
|
||||
able to write to many of these sockets.
|
||||
|
||||
Then, create the directory where all the socket files for workers will come,
|
||||
and give it the correct user, group and permission:
|
||||
Then, make sure systemd creates the directory for the sockets as soon as
|
||||
Synapse starts, and let it have the correct group.
|
||||
|
||||
```
|
||||
groupadd --system clubmatrix
|
||||
useradd matrix-synapse clubmatrix
|
||||
useradd www-data clubmatrix
|
||||
mkdir /run/matrix-synapse
|
||||
dpkg-statoverride --add --update matrix-synapse clubmatrix 2770 /run/matrix-synapse
|
||||
systemctl edit matrix-synapse
|
||||
```
|
||||
|
||||
Now override parts of the `Service` stanza to look like this:
|
||||
|
||||
```
|
||||
[Service]
|
||||
User=matrix-synapse
|
||||
Group=clubmatrix
|
||||
RuntimeDirectory=matrix-synapse
|
||||
RuntimeDirectoryPreserve=yes
|
||||
```
|
||||
|
||||
Synapse will, from now on, run as group `clubmatrix` instead of
|
||||
`matrix-synapse`. The directory `/run/matrix-synapse` will be created as soon
|
||||
as Synapse starts, and will not be removed on restart or stop, because that
|
||||
would create problems with workers who suddenly lose their sockets.
|
||||
|
||||
First we change Synapse from listening on `localhost:8008` to listening on a
|
||||
socket. We'll do most of our workers work in `conf.d/listeners.yaml`, so let's
|
||||
put the new configuration for the main proccess there:
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue