Refactor the start script to better handle mandatory parameters

This commit is contained in:
kaiyou 2018-02-08 20:41:41 +01:00
parent 084afbb6a0
commit b8a4dceb3c
3 changed files with 35 additions and 24 deletions

View file

@ -90,7 +90,7 @@ Otherwise, a dynamic configuration file will be used. The following environment
variables are available for configuration: variables are available for configuration:
* ``SYNAPSE_SERVER_NAME`` (mandatory), the current server public hostname. * ``SYNAPSE_SERVER_NAME`` (mandatory), the current server public hostname.
* ``SYNAPSE_REPORT_STATS``, (mandatory, ``yes`` or ``not``), enable anonymous * ``SYNAPSE_REPORT_STATS``, (mandatory, ``yes`` or ``no``), enable anonymous
statistics reporting back to the Matrix project which helps us to get funding. statistics reporting back to the Matrix project which helps us to get funding.
* ``SYNAPSE_NO_TLS``, set this variable to disable TLS in Synapse (use this if * ``SYNAPSE_NO_TLS``, set this variable to disable TLS in Synapse (use this if
you run your own TLS-capable reverse proxy). you run your own TLS-capable reverse proxy).

View file

@ -13,6 +13,7 @@ services:
# See the readme for a full documentation of the environment settings # See the readme for a full documentation of the environment settings
environment: environment:
- SYNAPSE_SERVER_NAME=my.matrix.host - SYNAPSE_SERVER_NAME=my.matrix.host
- SYNAPSE_REPORT_STATS=no
- SYNAPSE_ENABLE_REGISTRATION=yes - SYNAPSE_ENABLE_REGISTRATION=yes
volumes: volumes:
# You may either store all the files in a local folder # You may either store all the files in a local folder

View file

@ -6,42 +6,52 @@ import sys
import subprocess import subprocess
import glob import glob
# Utility functions
convert = lambda src, dst, environ: open(dst, "w").write(jinja2.Template(open(src).read()).render(**environ)) convert = lambda src, dst, environ: open(dst, "w").write(jinja2.Template(open(src).read()).render(**environ))
def check_arguments(environ, args):
for argument in args:
if argument not in environ:
print("Environment variable %s is mandatory, exiting." % argument)
sys.exit(2)
def generate_secrets(environ, secrets):
for secret in secrets:
if secret not in environ:
print("Generating a random secret for {}".format(secret))
environ[secret] = os.urandom(32).encode("hex")
# Prepare the configuration
mode = sys.argv[1] if len(sys.argv) > 1 else None mode = sys.argv[1] if len(sys.argv) > 1 else None
environ = os.environ.copy() environ = os.environ.copy()
# Check mandatory parameters and build the base start arguments
if "SYNAPSE_SERVER_NAME" not in environ:
print("Environment variable SYNAPSE_SERVER_NAME is mandatory, exiting.")
sys.exit(2)
ownership = "{}:{}".format(environ.get("UID", 991), environ.get("GID", 991)) ownership = "{}:{}".format(environ.get("UID", 991), environ.get("GID", 991))
args = ["python", "-m", "synapse.app.homeserver", args = ["python", "-m", "synapse.app.homeserver"]
"--server-name", environ.get("SYNAPSE_SERVER_NAME"),
"--report-stats", environ.get("SYNAPSE_REPORT_STATS", "no"),
"--config-path", environ.get("SYNAPSE_CONFIG_PATH", "/compiled/homeserver.yaml")]
# Generate any missing shared secret
for secret in ("SYNAPSE_REGISTRATION_SHARED_SECRET", "SYNAPSE_MACAROON_SECRET_KEY"):
if secret not in environ:
print("Generating a random secret for {}".format(secret))
environ[secret] = os.urandom(32).encode("hex")
# Load appservices configurations
environ["SYNAPSE_APPSERVICES"] = glob.glob("/data/appservices/*.yaml")
# In generate mode, generate a configuration, missing keys, then exit # In generate mode, generate a configuration, missing keys, then exit
if mode == "generate": if mode == "generate":
os.execv("/usr/local/bin/python", args + ["--generate-config"]) check_arguments(environ, ("SYNAPSE_SERVER_NAME", "SYNAPSE_REPORT_STATS", "SYNAPSE_CONFIG_PATH"))
args += [
"--server-name", environ["SYNAPSE_SERVER_NAME"],
"--report-stats", environ["SYNAPSE_REPORT_STATS"],
"--config-path", environ["SYNAPSE_CONFIG_PATH"],
"--generate-config"
]
os.execv("/usr/local/bin/python", args)
# In normal mode, generate missing keys if any, then run synapse # In normal mode, generate missing keys if any, then run synapse
else: else:
# Parse the configuration file # Parse the configuration file
if "SYNAPSE_CONFIG_PATH" not in environ: if "SYNAPSE_CONFIG_PATH" in environ:
args += ["--config-path", environ["SYNAPSE_CONFIG_PATH"]]
else:
check_arguments(environ, ("SYNAPSE_SERVER_NAME", "SYNAPSE_REPORT_STATS"))
generate_secrets(environ, ("SYNAPSE_REGISTRATION_SHARED_SECRET", "SYNAPSE_MACAROON_SECRET_KEY"))
environ["SYNAPSE_APPSERVICES"] = glob.glob("/data/appservices/*.yaml")
if not os.path.exists("/compiled"): os.mkdir("/compiled") if not os.path.exists("/compiled"): os.mkdir("/compiled")
convert("/conf/homeserver.yaml", "/compiled/homeserver.yaml", environ) convert("/conf/homeserver.yaml", "/compiled/homeserver.yaml", environ)
convert("/conf/log.config", "/compiled/%s.log.config" % environ.get("SYNAPSE_SERVER_NAME"), environ) convert("/conf/log.config", "/compiled/%s.log.config" % environ["SYNAPSE_SERVER_NAME"], environ)
subprocess.check_output(["chown", "-R", ownership, "/data"])
args += ["--config-path", "/compiled/homeserver.yaml"]
# Generate missing keys and start synapse # Generate missing keys and start synapse
subprocess.check_output(args + ["--generate-keys"]) subprocess.check_output(args + ["--generate-keys"])
subprocess.check_output(["chown", "-R", ownership, "/data"])
os.execv("/sbin/su-exec", ["su-exec", ownership] + args) os.execv("/sbin/su-exec", ["su-exec", ownership] + args)