diff --git a/docker/complement/conf/start_for_complement.sh b/docker/complement/conf/start_for_complement.sh
index 5560ab8b95..9e49a982e7 100755
--- a/docker/complement/conf/start_for_complement.sh
+++ b/docker/complement/conf/start_for_complement.sh
@@ -89,39 +89,39 @@ fi
# Add Complement's appservice registration directory, if there is one
# (It can be absent when there are no application services in this test!)
-if [ -d /complement/appservice ]; then
- export SYNAPSE_AS_REGISTRATION_DIR=/complement/appservice
-fi
+# if [ -d /complement/appservice ]; then
+# export SYNAPSE_AS_REGISTRATION_DIR=/complement/appservice
+# fi
# Generate a TLS key, then generate a certificate by having Complement's CA sign it
# Note that both the key and certificate are in PEM format (not DER).
# First generate a configuration file to set up a Subject Alternative Name.
-cat > /conf/server.tls.conf <<EOF
-.include /etc/ssl/openssl.cnf
-
-[SAN]
-subjectAltName=DNS:${SERVER_NAME}
-EOF
+# cat > /conf/server.tls.conf <<EOF
+# .include /etc/ssl/openssl.cnf
+#
+# [SAN]
+# subjectAltName=DNS:${SERVER_NAME}
+# EOF
# Generate an RSA key
-openssl genrsa -out /conf/server.tls.key 2048
+# openssl genrsa -out /conf/server.tls.key 2048
# Generate a certificate signing request
-openssl req -new -config /conf/server.tls.conf -key /conf/server.tls.key -out /conf/server.tls.csr \
- -subj "/CN=${SERVER_NAME}" -reqexts SAN
+# openssl req -new -config /conf/server.tls.conf -key /conf/server.tls.key -out /conf/server.tls.csr \
+# -subj "/CN=${SERVER_NAME}" -reqexts SAN
# Make the Complement Certificate Authority sign and generate a certificate.
-openssl x509 -req -in /conf/server.tls.csr \
- -CA /complement/ca/ca.crt -CAkey /complement/ca/ca.key -set_serial 1 \
- -out /conf/server.tls.crt -extfile /conf/server.tls.conf -extensions SAN
+# openssl x509 -req -in /conf/server.tls.csr \
+# -CA /complement/ca/ca.crt -CAkey /complement/ca/ca.key -set_serial 1 \
+# -out /conf/server.tls.crt -extfile /conf/server.tls.conf -extensions SAN
# Assert that we have a Subject Alternative Name in the certificate.
# (grep will exit with 1 here if there isn't a SAN in the certificate.)
-openssl x509 -in /conf/server.tls.crt -noout -text | grep DNS:
+# openssl x509 -in /conf/server.tls.crt -noout -text | grep DNS:
-export SYNAPSE_TLS_CERT=/conf/server.tls.crt
-export SYNAPSE_TLS_KEY=/conf/server.tls.key
+# export SYNAPSE_TLS_CERT=/conf/server.tls.crt
+# export SYNAPSE_TLS_KEY=/conf/server.tls.key
# Run the script that writes the necessary config files and starts supervisord, which in turn
# starts everything else
diff --git a/docker/complement/conf/workers-shared-extra.yaml.j2 b/docker/complement/conf/workers-shared-extra.yaml.j2
index 63acf86a46..b768da592d 100644
--- a/docker/complement/conf/workers-shared-extra.yaml.j2
+++ b/docker/complement/conf/workers-shared-extra.yaml.j2
@@ -24,8 +24,8 @@ registration_shared_secret: complement
## Federation ##
# trust certs signed by Complement's CA
-federation_custom_ca_list:
-- /complement/ca/ca.crt
+#federation_custom_ca_list:
+#- /complement/ca/ca.crt
# unblacklist RFC1918 addresses
federation_ip_range_blacklist: []
diff --git a/docker/configure_workers_and_start.py b/docker/configure_workers_and_start.py
index 3f2f5c2daf..401f240392 100755
--- a/docker/configure_workers_and_start.py
+++ b/docker/configure_workers_and_start.py
@@ -566,6 +566,32 @@ def generate_base_homeserver_config() -> None:
os.environ["SYNAPSE_HTTP_PORT"] = str(MAIN_PROCESS_HTTP_LISTENER_PORT)
subprocess.run(["/usr/local/bin/python", "/start.py", "migrate_config"], check=True)
+ worker_base = "main"
+ mem_limit = os.environ.get(f"MEM_{worker_base}")
+ if mem_limit is None:
+ raise ValueError(
+ f"No memory limit for {worker_base}!")
+
+ extra = {
+ "caches": {
+ "global_factor": 100.0,
+ "sync_response_cache_duration": "2m",
+ "expire_caches": True,
+ "cache_entry_ttl": "30m",
+ "cache_autotuning": {
+ "max_cache_memory_usage": f"{int(mem_limit)}M",
+ "target_cache_memory_usage": f"{int(mem_limit) - 125}M",
+ "min_cache_ttl": "1m",
+ },
+ }
+ }
+
+ # append the memory limit YAML...
+ with open("/conf/homeserver.yaml", "a") as fout:
+ fout.write("\n")
+ yaml.dump(extra, fout)
+ fout.flush()
+
def parse_worker_types(
requested_worker_types: List[str],
@@ -791,6 +817,23 @@ def generate_worker_files(
# Replace placeholder names in the config template with the actual worker name.
worker_config = insert_worker_name_for_worker_config(worker_config, worker_name)
+ worker_base = re.sub(r"[0-9]+", "", worker_name)
+ mem_limit = os.environ.get(f"MEM_{worker_base}")
+ if mem_limit is None:
+ raise ValueError(f"No memory limit for {worker_base}! of {requested_worker_types}")
+
+ worker_config["caches"] = {
+ "global_factor": 100.0,
+ "sync_response_cache_duration": "2m",
+ "expire_caches": True,
+ "cache_entry_ttl": "30m",
+ "cache_autotuning": {
+ "max_cache_memory_usage": f"{int(mem_limit)}M",
+ "target_cache_memory_usage": f"{int(mem_limit) - 125}M",
+ "min_cache_ttl": "1m",
+ },
+ }
+
worker_config.update(
{"name": worker_name, "port": str(worker_port), "config_path": config_path}
)
diff --git a/scripts-dev/complement.sh b/scripts-dev/complement.sh
index 1b1761202f..e770336c12 100755
--- a/scripts-dev/complement.sh
+++ b/scripts-dev/complement.sh
@@ -180,7 +180,7 @@ if [ -z "$skip_docker_build" ]; then
# Build the unified Complement image (from the worker Synapse image we just built).
echo_if_github "::group::Build Docker image: complement/Dockerfile"
- docker build -t complement-synapse \
+ docker build -t synapse-pt10k \
-f "docker/complement/Dockerfile" "docker/complement"
echo_if_github "::endgroup::"
|
