complement hacks!!!
This commit is contained in:
parent
3d70cc393f
commit
de402248a8
|
@ -89,39 +89,39 @@ fi
|
|||
|
||||
# Add Complement's appservice registration directory, if there is one
|
||||
# (It can be absent when there are no application services in this test!)
|
||||
if [ -d /complement/appservice ]; then
|
||||
export SYNAPSE_AS_REGISTRATION_DIR=/complement/appservice
|
||||
fi
|
||||
# if [ -d /complement/appservice ]; then
|
||||
# export SYNAPSE_AS_REGISTRATION_DIR=/complement/appservice
|
||||
# fi
|
||||
|
||||
# Generate a TLS key, then generate a certificate by having Complement's CA sign it
|
||||
# Note that both the key and certificate are in PEM format (not DER).
|
||||
|
||||
# First generate a configuration file to set up a Subject Alternative Name.
|
||||
cat > /conf/server.tls.conf <<EOF
|
||||
.include /etc/ssl/openssl.cnf
|
||||
|
||||
[SAN]
|
||||
subjectAltName=DNS:${SERVER_NAME}
|
||||
EOF
|
||||
# cat > /conf/server.tls.conf <<EOF
|
||||
# .include /etc/ssl/openssl.cnf
|
||||
#
|
||||
# [SAN]
|
||||
# subjectAltName=DNS:${SERVER_NAME}
|
||||
# EOF
|
||||
|
||||
# Generate an RSA key
|
||||
openssl genrsa -out /conf/server.tls.key 2048
|
||||
# openssl genrsa -out /conf/server.tls.key 2048
|
||||
|
||||
# Generate a certificate signing request
|
||||
openssl req -new -config /conf/server.tls.conf -key /conf/server.tls.key -out /conf/server.tls.csr \
|
||||
-subj "/CN=${SERVER_NAME}" -reqexts SAN
|
||||
# openssl req -new -config /conf/server.tls.conf -key /conf/server.tls.key -out /conf/server.tls.csr \
|
||||
# -subj "/CN=${SERVER_NAME}" -reqexts SAN
|
||||
|
||||
# Make the Complement Certificate Authority sign and generate a certificate.
|
||||
openssl x509 -req -in /conf/server.tls.csr \
|
||||
-CA /complement/ca/ca.crt -CAkey /complement/ca/ca.key -set_serial 1 \
|
||||
-out /conf/server.tls.crt -extfile /conf/server.tls.conf -extensions SAN
|
||||
# openssl x509 -req -in /conf/server.tls.csr \
|
||||
# -CA /complement/ca/ca.crt -CAkey /complement/ca/ca.key -set_serial 1 \
|
||||
# -out /conf/server.tls.crt -extfile /conf/server.tls.conf -extensions SAN
|
||||
|
||||
# Assert that we have a Subject Alternative Name in the certificate.
|
||||
# (grep will exit with 1 here if there isn't a SAN in the certificate.)
|
||||
openssl x509 -in /conf/server.tls.crt -noout -text | grep DNS:
|
||||
# openssl x509 -in /conf/server.tls.crt -noout -text | grep DNS:
|
||||
|
||||
export SYNAPSE_TLS_CERT=/conf/server.tls.crt
|
||||
export SYNAPSE_TLS_KEY=/conf/server.tls.key
|
||||
# export SYNAPSE_TLS_CERT=/conf/server.tls.crt
|
||||
# export SYNAPSE_TLS_KEY=/conf/server.tls.key
|
||||
|
||||
# Run the script that writes the necessary config files and starts supervisord, which in turn
|
||||
# starts everything else
|
||||
|
|
|
@ -24,8 +24,8 @@ registration_shared_secret: complement
|
|||
## Federation ##
|
||||
|
||||
# trust certs signed by Complement's CA
|
||||
federation_custom_ca_list:
|
||||
- /complement/ca/ca.crt
|
||||
#federation_custom_ca_list:
|
||||
#- /complement/ca/ca.crt
|
||||
|
||||
# unblacklist RFC1918 addresses
|
||||
federation_ip_range_blacklist: []
|
||||
|
|
|
@ -566,6 +566,32 @@ def generate_base_homeserver_config() -> None:
|
|||
os.environ["SYNAPSE_HTTP_PORT"] = str(MAIN_PROCESS_HTTP_LISTENER_PORT)
|
||||
subprocess.run(["/usr/local/bin/python", "/start.py", "migrate_config"], check=True)
|
||||
|
||||
worker_base = "main"
|
||||
mem_limit = os.environ.get(f"MEM_{worker_base}")
|
||||
if mem_limit is None:
|
||||
raise ValueError(
|
||||
f"No memory limit for {worker_base}!")
|
||||
|
||||
extra = {
|
||||
"caches": {
|
||||
"global_factor": 100.0,
|
||||
"sync_response_cache_duration": "2m",
|
||||
"expire_caches": True,
|
||||
"cache_entry_ttl": "30m",
|
||||
"cache_autotuning": {
|
||||
"max_cache_memory_usage": f"{int(mem_limit)}M",
|
||||
"target_cache_memory_usage": f"{int(mem_limit) - 125}M",
|
||||
"min_cache_ttl": "1m",
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
# append the memory limit YAML...
|
||||
with open("/conf/homeserver.yaml", "a") as fout:
|
||||
fout.write("\n")
|
||||
yaml.dump(extra, fout)
|
||||
fout.flush()
|
||||
|
||||
|
||||
def parse_worker_types(
|
||||
requested_worker_types: List[str],
|
||||
|
@ -791,6 +817,23 @@ def generate_worker_files(
|
|||
# Replace placeholder names in the config template with the actual worker name.
|
||||
worker_config = insert_worker_name_for_worker_config(worker_config, worker_name)
|
||||
|
||||
worker_base = re.sub(r"[0-9]+", "", worker_name)
|
||||
mem_limit = os.environ.get(f"MEM_{worker_base}")
|
||||
if mem_limit is None:
|
||||
raise ValueError(f"No memory limit for {worker_base}! of {requested_worker_types}")
|
||||
|
||||
worker_config["caches"] = {
|
||||
"global_factor": 100.0,
|
||||
"sync_response_cache_duration": "2m",
|
||||
"expire_caches": True,
|
||||
"cache_entry_ttl": "30m",
|
||||
"cache_autotuning": {
|
||||
"max_cache_memory_usage": f"{int(mem_limit)}M",
|
||||
"target_cache_memory_usage": f"{int(mem_limit) - 125}M",
|
||||
"min_cache_ttl": "1m",
|
||||
},
|
||||
}
|
||||
|
||||
worker_config.update(
|
||||
{"name": worker_name, "port": str(worker_port), "config_path": config_path}
|
||||
)
|
||||
|
|
|
@ -180,7 +180,7 @@ if [ -z "$skip_docker_build" ]; then
|
|||
|
||||
# Build the unified Complement image (from the worker Synapse image we just built).
|
||||
echo_if_github "::group::Build Docker image: complement/Dockerfile"
|
||||
docker build -t complement-synapse \
|
||||
docker build -t synapse-pt10k \
|
||||
-f "docker/complement/Dockerfile" "docker/complement"
|
||||
echo_if_github "::endgroup::"
|
||||
|
||||
|
|
Loading…
Reference in New Issue