summary refs log tree commit diff
path: root/docker
diff options
context:
space:
mode:
authorRichard van der Hoff <richard@matrix.org>2019-06-26 22:34:41 +0100
committerRichard van der Hoff <richard@matrix.org>2019-06-26 22:34:41 +0100
commita4daa899ec4cd195fc10936f68df5c78314b366c (patch)
tree35e88ff388b0f7652773a79930b732aa04f16bde /docker
parentchangelog (diff)
parentImprove docs on choosing server_name (#5558) (diff)
downloadsynapse-a4daa899ec4cd195fc10936f68df5c78314b366c.tar.xz
Merge branch 'develop' into rav/saml2_client
Diffstat (limited to 'docker')
-rw-r--r--docker/Dockerfile6
-rw-r--r--docker/Dockerfile-pgtests4
-rw-r--r--docker/README.md2
-rw-r--r--docker/conf/log.config7
-rwxr-xr-xdocker/run_pg_tests.sh2
-rwxr-xr-xdocker/start.py58
6 files changed, 49 insertions, 30 deletions
diff --git a/docker/Dockerfile b/docker/Dockerfile
index c35da67a2a..0939cadf39 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -11,7 +11,7 @@
 #    docker build -f docker/Dockerfile --build-arg PYTHON_VERSION=3.6 .
 #
 
-ARG PYTHON_VERSION=2
+ARG PYTHON_VERSION=3.7
 
 ###
 ### Stage 0: builder
@@ -57,6 +57,7 @@ RUN pip install --prefix="/install" --no-warn-script-location \
 
 FROM docker.io/python:${PYTHON_VERSION}-alpine3.8
 
+# xmlsec is required for saml support
 RUN apk add --no-cache --virtual .runtime_deps \
         libffi \
         libjpeg-turbo \
@@ -64,7 +65,8 @@ RUN apk add --no-cache --virtual .runtime_deps \
         libxslt \
         libpq \
         zlib \
-        su-exec
+        su-exec \
+        xmlsec
 
 COPY --from=builder /install /usr/local
 COPY ./docker/start.py /start.py
diff --git a/docker/Dockerfile-pgtests b/docker/Dockerfile-pgtests
index 7da8eeb9eb..3bfee845c6 100644
--- a/docker/Dockerfile-pgtests
+++ b/docker/Dockerfile-pgtests
@@ -3,10 +3,10 @@
 FROM matrixdotorg/sytest:latest
 
 # The Sytest image doesn't come with python, so install that
-RUN apt-get -qq install -y python python-dev python-pip
+RUN apt-get update && apt-get -qq install -y python3 python3-dev python3-pip
 
 # We need tox to run the tests in run_pg_tests.sh
-RUN pip install tox
+RUN python3 -m pip install tox
 
 ADD run_pg_tests.sh /pg_tests.sh
 ENTRYPOINT /pg_tests.sh
diff --git a/docker/README.md b/docker/README.md
index df5d0151e2..5a596eecb9 100644
--- a/docker/README.md
+++ b/docker/README.md
@@ -14,7 +14,7 @@ This image is designed to run either with an automatically generated
 configuration file or with a custom configuration that requires manual editing.
 
 An easy way to make use of this image is via docker-compose. See the
-[contrib/docker](../contrib/docker) section of the synapse project for
+[contrib/docker](https://github.com/matrix-org/synapse/tree/master/contrib/docker) section of the synapse project for
 examples.
 
 ### Without Compose (harder)
diff --git a/docker/conf/log.config b/docker/conf/log.config
index 1851995802..895e45d20b 100644
--- a/docker/conf/log.config
+++ b/docker/conf/log.config
@@ -16,14 +16,11 @@ handlers:
     filters: [context]
 
 loggers:
-    synapse:
-        level: {{ SYNAPSE_LOG_LEVEL or "WARNING" }}
-
     synapse.storage.SQL:
         # beware: increasing this to DEBUG will make synapse log sensitive
         # information such as access tokens.
-        level: {{ SYNAPSE_LOG_LEVEL or "WARNING" }}
+        level: INFO
 
 root:
-    level: {{ SYNAPSE_LOG_LEVEL or "WARNING" }}
+    level: {{ SYNAPSE_LOG_LEVEL or "INFO" }}
     handlers: [console]
diff --git a/docker/run_pg_tests.sh b/docker/run_pg_tests.sh
index e77424c41a..d18d1e4c8e 100755
--- a/docker/run_pg_tests.sh
+++ b/docker/run_pg_tests.sh
@@ -17,4 +17,4 @@ su -c '/usr/lib/postgresql/9.6/bin/pg_ctl -w -D /var/lib/postgresql/data start'
 # Run the tests
 cd /src
 export TRIAL_FLAGS="-j 4"
-tox --workdir=/tmp -e py27-postgres
+tox --workdir=/tmp -e py35-postgres
diff --git a/docker/start.py b/docker/start.py
index 2da555272a..a7a54dacf7 100755
--- a/docker/start.py
+++ b/docker/start.py
@@ -8,7 +8,10 @@ import glob
 import codecs
 
 # Utility functions
-convert = lambda src, dst, environ: open(dst, "w").write(jinja2.Template(open(src).read()).render(**environ))
+convert = lambda src, dst, environ: open(dst, "w").write(
+    jinja2.Template(open(src).read()).render(**environ)
+)
+
 
 def check_arguments(environ, args):
     for argument in args:
@@ -16,18 +19,22 @@ def check_arguments(environ, args):
             print("Environment variable %s is mandatory, exiting." % argument)
             sys.exit(2)
 
+
 def generate_secrets(environ, secrets):
     for name, secret in secrets.items():
         if secret not in environ:
             filename = "/data/%s.%s.key" % (environ["SYNAPSE_SERVER_NAME"], name)
             if os.path.exists(filename):
-                with open(filename) as handle: value = handle.read()
+                with open(filename) as handle:
+                    value = handle.read()
             else:
                 print("Generating a random secret for {}".format(name))
                 value = codecs.encode(os.urandom(32), "hex").decode()
-                with open(filename, "w") as handle: handle.write(value)
+                with open(filename, "w") as handle:
+                    handle.write(value)
             environ[secret] = value
 
+
 # Prepare the configuration
 mode = sys.argv[1] if len(sys.argv) > 1 else None
 environ = os.environ.copy()
@@ -36,12 +43,17 @@ args = ["python", "-m", "synapse.app.homeserver"]
 
 # In generate mode, generate a configuration, missing keys, then exit
 if mode == "generate":
-    check_arguments(environ, ("SYNAPSE_SERVER_NAME", "SYNAPSE_REPORT_STATS", "SYNAPSE_CONFIG_PATH"))
+    check_arguments(
+        environ, ("SYNAPSE_SERVER_NAME", "SYNAPSE_REPORT_STATS", "SYNAPSE_CONFIG_PATH")
+    )
     args += [
-        "--server-name", environ["SYNAPSE_SERVER_NAME"],
-        "--report-stats", environ["SYNAPSE_REPORT_STATS"],
-        "--config-path", environ["SYNAPSE_CONFIG_PATH"],
-        "--generate-config"
+        "--server-name",
+        environ["SYNAPSE_SERVER_NAME"],
+        "--report-stats",
+        environ["SYNAPSE_REPORT_STATS"],
+        "--config-path",
+        environ["SYNAPSE_CONFIG_PATH"],
+        "--generate-config",
     ]
     os.execv("/usr/local/bin/python", args)
 
@@ -51,15 +63,19 @@ else:
         config_path = environ["SYNAPSE_CONFIG_PATH"]
     else:
         check_arguments(environ, ("SYNAPSE_SERVER_NAME", "SYNAPSE_REPORT_STATS"))
-        generate_secrets(environ, {
-            "registration": "SYNAPSE_REGISTRATION_SHARED_SECRET",
-            "macaroon": "SYNAPSE_MACAROON_SECRET_KEY"
-        })
+        generate_secrets(
+            environ,
+            {
+                "registration": "SYNAPSE_REGISTRATION_SHARED_SECRET",
+                "macaroon": "SYNAPSE_MACAROON_SECRET_KEY",
+            },
+        )
         environ["SYNAPSE_APPSERVICES"] = glob.glob("/data/appservices/*.yaml")
-        if not os.path.exists("/compiled"): os.mkdir("/compiled")
+        if not os.path.exists("/compiled"):
+            os.mkdir("/compiled")
 
         config_path = "/compiled/homeserver.yaml"
-        
+
         # Convert SYNAPSE_NO_TLS to boolean if exists
         if "SYNAPSE_NO_TLS" in environ:
             tlsanswerstring = str.lower(environ["SYNAPSE_NO_TLS"])
@@ -69,19 +85,23 @@ else:
                 if tlsanswerstring in ("false", "off", "0", "no"):
                     environ["SYNAPSE_NO_TLS"] = False
                 else:
-                    print("Environment variable \"SYNAPSE_NO_TLS\" found but value \"" + tlsanswerstring + "\" unrecognized; exiting.")
+                    print(
+                        'Environment variable "SYNAPSE_NO_TLS" found but value "'
+                        + tlsanswerstring
+                        + '" unrecognized; exiting.'
+                    )
                     sys.exit(2)
 
         convert("/conf/homeserver.yaml", config_path, environ)
         convert("/conf/log.config", "/compiled/log.config", environ)
         subprocess.check_output(["chown", "-R", ownership, "/data"])
 
-
     args += [
-        "--config-path", config_path,
-
+        "--config-path",
+        config_path,
         # tell synapse to put any generated keys in /data rather than /compiled
-        "--keys-directory", "/data",
+        "--keys-directory",
+        "/data",
     ]
 
     # Generate missing keys and start synapse