-
-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Synapse workers #456
Merged
Merged
Synapse workers #456
Changes from 47 commits
Commits
Show all changes
88 commits
Select commit
Hold shift + click to select a range
353bc7c
Add initial support for synapse workers
eMPee584 a14b9c0
Add to synapse nginx template conditional URL rewrites for workers
eMPee584 cf452fd
Fix corner-cases found through testing (aka ansible is nuts)
eMPee584 66a4073
Publish synapse worker ports, need to be accessible to nginx
eMPee584 e4763c2
nginx config: route traffic to workers on matrix-synapse
eMPee584 5f63d28
Move synapse worker ports up 10k
eMPee584 765c046
add missing ; to matrix-synapse.conf.j2
JohannesKleine 46984a4
Nginx conf: more testing less b0rk
eMPee584 567d031
Merge branch 'synapse-workers' into feature/add-worker-support
maxklenk 59d1fb7
only apply worker redirects if workers are enabled
maxklenk 53ccc78
remove duplicated key
maxklenk 06bc430
refactor to use new workers and routes they serve
maxklenk a25a429
add redis support
maxklenk 9a3d84b
Merge branch 'master' into feature/add-worker-support
maxklenk 4fdfc0a
add missing ratelimiting options required for load testing
maxklenk 8800253
fix redis config if no password is set
maxklenk 1e68d8b
allow to pass arguments to the postgres process
maxklenk 132daba
fix worker routes
maxklenk fc2edcb
fix media routing
maxklenk 93a8ea7
Merge remote-tracking branch 'master' into feature/add-worker-support
eMPee584 40024e9
Prevent workers failing if their config doesn't exist
eMPee584 e9241f5
Improve synapse-workers systemd service template
eMPee584 36e9be6
matrix_synapse_workers_{avail,enabled}_list: sort non-generic workers
eMPee584 d2e61af
Add worker_name to synapse worker config template
eMPee584 501efee
synapse workers: supply systemd with actual worker PIDs (requires jq)
eMPee584 a4125d5
synapse workers: polishing, cleansing and installation of jq dependency
eMPee584 87bd64c
Merge remote-tracking branch 'origin/master' into synapse-workers
eMPee584 2d1b9f2
synapse workers: reworkings + get endpoints from upstream docs via awk
eMPee584 e078e29
synapse workers: fix self name in workers-doc-to-yaml.awk script
eMPee584 cce90b1
synapse workers: fix undefined variable cases when removing workers
eMPee584 e5072c2
synapse workers/nginx: handle media_repository worker endpoints on fe…
eMPee584 1e97131
synapse workers: handle auth fallback endpoint on main process only
eMPee584 b05d298
synapse workers nginx rule: add client_max_body_size on media endpoints
eMPee584 dd402be
synapse workers: add rudimentary documentation on worker support
eMPee584 f3d2797
synapse workers: make awk script invocation handle paths with spaces
eMPee584 5598a89
synapse workers doc: link to relevant synapse issue list search
eMPee584 4678c5d
Merge remote-tracking branch 'origin/master' into synapse-workers
eMPee584 b73ac96
Merge remote-tracking branch 'origin/master' into synapse-workers
eMPee584 e314613
Add files created by workers-doc-to-yaml.awk to .gitignore
eMPee584 851c25c
matrix-synapse nginx template: fix invalid jinja comment syntax
eMPee584 d5932ca
synapse role workers setup: execute the endpoint extraction locally
eMPee584 414b812
synapse role workers setup: make configs clean action remote compatible
eMPee584 af08f18
synapse workers default config: disable user_dir worker for now
eMPee584 f201bca
synapse workers: define and expose METRICS port for each worker
eMPee584 e892ac4
synapse workers: untangle config template and specify bind address
eMPee584 3156d96
synapse workers-doc-to-yaml.awk: escape slash for non-gnu awk versions
eMPee584 b6b95fe
synapse workers-doc-to-yaml script: compatibility++ with non-gnu awk
eMPee584 cd81005
Merge remote-tracking branch 'origin/master' into synapse-workers
eMPee584 f2c7d79
Drop probably incorrect comment from synapse homeserver.yaml.j2
eMPee584 c8f051a
Track workers endpoint list in repo instead of regenerating on user side
eMPee584 183adec
Merge remote-tracking branch 'origin/master' into synapse-workers
eMPee584 edc21f1
Restrict publishing worker (metrics) ports to localhost
eMPee584 92ee3d7
Fix matrix-remove-all for when Synapse workers are enabled
spantaleev cc5cf0d
Load roles/matrix-synapse/vars/workers.yml earlier to not break --tag…
spantaleev 5ca6821
Do not handle /_matrix/federation on client-server port, nor /_matrix…
spantaleev f66a6b0
Be more specific with the Redis version being used
spantaleev 63301b0
Improvements around Synapse worker/metrics ports exposure
spantaleev c05d3d0
Disable systemd services while stopping them
spantaleev 4d62a75
Get matrix-corporal to play nicely with a Synapse worker setup
spantaleev da50fb2
Whitelist /_matrix/key requests for going to generic workers on the f…
spantaleev 7079670
Run Synapse workers in their own containers
spantaleev 01747c8
Prevent Synapse warning about enabling metric listeners with enable_m…
spantaleev 1462409
Fix worker listening addresses
spantaleev 66cdc7b
Clean up worker.yaml generation a bit and make it more flexible
spantaleev d3ecc6f
Fix bridges failing to upload media when Synapse workers are enabled
spantaleev 70dcdd4
Simplify matrix-remove-all
spantaleev 778b668
Merge branch 'master' into synapse-workers
spantaleev a535226
Stop/disable unnecessary worker services before deleting them
spantaleev a9af368
Merge branch 'master' into synapse-workers
spantaleev d98a1ce
Merge branch 'master' into synapse-workers
spantaleev a31c960
Merge branch 'master' into synapse-workers
spantaleev a49dab7
Merge branch 'master' into synapse-workers
spantaleev 39c2d72
Merge branch 'master' into synapse-workers
spantaleev 1cd2a21
Merge branch 'master' into synapse-workers
spantaleev e7f3f7c
Enable /devices endpoint for generic workers
spantaleev 5cfeae8
Merge branch 'master' into synapse-workers
spantaleev 453a4ec
Relocate tasks related to Synapse workers
spantaleev 43059bb
Fix metrics listeners for Synapse workers
spantaleev 85a05f3
Allow Synapse worker list to be generated dynamically
spantaleev 61e427d
Do not let people enable more than 1 federation_sender worker
spantaleev daae74b
Merge branch 'master' into synapse-workers
spantaleev d33483b
Document that Synapse pusher worker instances are shardable
spantaleev d6c4d41
Define instanceId property on workers
spantaleev 1789620
Merge branch 'master' into synapse-workers
spantaleev 2f732e4
Update Synapse worker endpoints
spantaleev eaea215
Allow Synapse workers to be used with an external nginx webserver
spantaleev 9dc87bb
Add Synapse worker presets for easier configuration
spantaleev b754c27
Announce Synapse workers support
spantaleev File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
matrix_redis_enabled: true | ||
eMPee584 marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
||
matrix_redis_connection_password: "" | ||
|
||
matrix_redis_base_path: "{{ matrix_base_data_path }}/redis" | ||
matrix_redis_data_path: "{{ matrix_redis_base_path }}/data" | ||
|
||
matrix_redis_docker_image_v5: "redis:5.0-alpine" | ||
matrix_redis_docker_image_v6: "redis:6.0-alpine" | ||
matrix_redis_docker_image_latest: "{{ matrix_redis_docker_image_v6 }}" | ||
matrix_redis_docker_image_to_use: '{{ matrix_redis_docker_image_latest }}' | ||
|
||
matrix_redis_docker_image_force_pull: "{{ matrix_redis_docker_image_to_use.endswith(':latest') }}" | ||
|
||
# A list of extra arguments to pass to the container | ||
matrix_redis_container_extra_arguments: [] | ||
|
||
# Controls whether the matrix-redis container exposes a port (tcp/6379 in the container) | ||
# that can be used to access redis from outside the container | ||
# | ||
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:6379"), or empty string to not expose. | ||
matrix_redis_container_redis_bind_port: "" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
- set_fact: | ||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-redis'] }}" | ||
when: matrix_redis_enabled|bool |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
- import_tasks: "{{ role_path }}/tasks/init.yml" | ||
tags: | ||
- always | ||
|
||
- import_tasks: "{{ role_path }}/tasks/setup_redis.yml" | ||
when: run_setup|bool | ||
tags: | ||
- setup-all | ||
- setup-redis |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
https://github.com/matrix-org/synapse/blob/develop/docs/workers.md According to the official docs, it is recommended to balance the federation API by
ip
(as done here), but balancing the client API/sync
(etc) byAuthorization
header (as the IP might change, but the session persists). If i see it correctly, there is no such "fancy" balancing done here (yet)?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No. Which
key
for the http://nginx.org/en/docs/http/ngx_http_upstream_module.html#hash directive would you propose for that?The average user might have two devices online with different IPs. Balancing by IP would get the traffic of both be handled by different workers, balancing by authorization would make them go to the same.
It might marginally improve the load because of less cache faults.. Than again, no idea how well the new
redis
IPC catches that.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
hash $http_authorization
should balance connections by the value of the Authorization header. For a single-user multi-device setups, there is little benefit, but if you have e.g. 10 users with each 2-3 sessions, each user w/ all their sessions would be bound to one backend, enabling fast/sync
s and not stalling other users too much if someone does an/initialsync
- this applies only to the/[initial]sync
endpoints (and 2-3 others), the rest of the CS-API-endpoints can be balanced by source IP aswell.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How would you make all of the user's sessions land on the same worker? Doesn't each session gets its own access token and thus has its own unique
Authorization
header.The best that should be possible with this is to have each session land the same worker, but not have all these sessions (for the same user) do that.
Unless there's something smart which could parse the macaroon out of the
Authorization
header, read the user id out of it and then balance based on that value.I see that
workers.md
says the same:Well, how does one solve that exercise (in nginx), I don't know.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
https://github.com/bungle/awesome-resty#authentication-and-authorization has a macroon lib, so in principle it might be possible using OpenResty (nginx distribution with lots of lua modules)
E but I think keeping it simple for now is still such a huge improvement over no worker support. Making it more fancy down the line can always be done in a diff PR