diff --git a/synapse/app/_base.py b/synapse/app/_base.py
index 5b97a54d45..73ca52bd8c 100644
--- a/synapse/app/_base.py
+++ b/synapse/app/_base.py
@@ -15,19 +15,36 @@
import gc
import logging
+import signal
import sys
+import traceback
import psutil
from daemonize import Daemonize
from twisted.internet import error, reactor
+from twisted.protocols.tls import TLSMemoryBIOFactory
from synapse.app import check_bind_error
+from synapse.crypto import context_factory
from synapse.util import PreserveLoggingContext
from synapse.util.rlimit import change_resource_limit
logger = logging.getLogger(__name__)
+_sighup_callbacks = []
+
+
+def register_sighup(func):
+ """
+ Register a function to be called when a SIGHUP occurs.
+
+ Args:
+ func (function): Function to be called when sent a SIGHUP signal.
+ Will be called with a single argument, the homeserver.
+ """
+ _sighup_callbacks.append(func)
+
def start_worker_reactor(appname, config):
""" Run the reactor in the main process
@@ -136,9 +153,8 @@ def listen_metrics(bind_addresses, port):
from prometheus_client import start_http_server
for host in bind_addresses:
- reactor.callInThread(start_http_server, int(port),
- addr=host, registry=RegistryProxy)
- logger.info("Metrics now reporting on %s:%d", host, port)
+ logger.info("Starting metrics listener on %s:%d", host, port)
+ start_http_server(port, addr=host, registry=RegistryProxy)
def listen_tcp(bind_addresses, port, factory, reactor=reactor, backlog=50):
@@ -146,21 +162,23 @@ def listen_tcp(bind_addresses, port, factory, reactor=reactor, backlog=50):
Create a TCP socket for a port and several addresses
Returns:
- list (empty)
+ list[twisted.internet.tcp.Port]: listening for TCP connections
"""
+ r = []
for address in bind_addresses:
try:
- reactor.listenTCP(
- port,
- factory,
- backlog,
- address
+ r.append(
+ reactor.listenTCP(
+ port,
+ factory,
+ backlog,
+ address
+ )
)
except error.CannotListenError as e:
check_bind_error(e, address, bind_addresses)
- logger.info("Synapse now listening on TCP port %d", port)
- return []
+ return r
def listen_ssl(
@@ -187,5 +205,74 @@ def listen_ssl(
except error.CannotListenError as e:
check_bind_error(e, address, bind_addresses)
- logger.info("Synapse now listening on port %d (TLS)", port)
return r
+
+
+def refresh_certificate(hs):
+ """
+ Refresh the TLS certificates that Synapse is using by re-reading them from
+ disk and updating the TLS context factories to use them.
+ """
+
+ if not hs.config.has_tls_listener():
+ # attempt to reload the certs for the good of the tls_fingerprints
+ hs.config.read_certificate_from_disk(require_cert_and_key=False)
+ return
+
+ hs.config.read_certificate_from_disk(require_cert_and_key=True)
+ hs.tls_server_context_factory = context_factory.ServerContextFactory(hs.config)
+
+ if hs._listening_services:
+ logger.info("Updating context factories...")
+ for i in hs._listening_services:
+ # When you listenSSL, it doesn't make an SSL port but a TCP one with
+ # a TLS wrapping factory around the factory you actually want to get
+ # requests. This factory attribute is public but missing from
+ # Twisted's documentation.
+ if isinstance(i.factory, TLSMemoryBIOFactory):
+ addr = i.getHost()
+ logger.info(
+ "Replacing TLS context factory on [%s]:%i", addr.host, addr.port,
+ )
+ # We want to replace TLS factories with a new one, with the new
+ # TLS configuration. We do this by reaching in and pulling out
+ # the wrappedFactory, and then re-wrapping it.
+ i.factory = TLSMemoryBIOFactory(
+ hs.tls_server_context_factory,
+ False,
+ i.factory.wrappedFactory
+ )
+ logger.info("Context factories updated.")
+
+
+def start(hs, listeners=None):
+ """
+ Start a Synapse server or worker.
+
+ Args:
+ hs (synapse.server.HomeServer)
+ listeners (list[dict]): Listener configuration ('listeners' in homeserver.yaml)
+ """
+ try:
+ # Set up the SIGHUP machinery.
+ if hasattr(signal, "SIGHUP"):
+ def handle_sighup(*args, **kwargs):
+ for i in _sighup_callbacks:
+ i(hs)
+
+ signal.signal(signal.SIGHUP, handle_sighup)
+
+ register_sighup(refresh_certificate)
+
+ # Load the certificate from disk.
+ refresh_certificate(hs)
+
+ # It is now safe to start your Synapse.
+ hs.start_listening(listeners)
+ hs.get_datastore().start_profiling()
+ except Exception:
+ traceback.print_exc(file=sys.stderr)
+ reactor = hs.get_reactor()
+ if reactor.running:
+ reactor.stop()
+ sys.exit(1)
diff --git a/synapse/app/appservice.py b/synapse/app/appservice.py
index 8559e141af..33107f56d1 100644
--- a/synapse/app/appservice.py
+++ b/synapse/app/appservice.py
@@ -168,12 +168,7 @@ def start(config_options):
)
ps.setup()
- ps.start_listening(config.worker_listeners)
-
- def start():
- ps.get_datastore().start_profiling()
-
- reactor.callWhenRunning(start)
+ reactor.callWhenRunning(_base.start, ps, config.worker_listeners)
_base.start_worker_reactor("synapse-appservice", config)
diff --git a/synapse/app/client_reader.py b/synapse/app/client_reader.py
index f8a417cb60..a9d2147022 100644
--- a/synapse/app/client_reader.py
+++ b/synapse/app/client_reader.py
@@ -25,7 +25,6 @@ from synapse.app import _base
from synapse.config._base import ConfigError
from synapse.config.homeserver import HomeServerConfig
from synapse.config.logger import setup_logging
-from synapse.crypto import context_factory
from synapse.http.server import JsonResource
from synapse.http.site import SynapseSite
from synapse.metrics import RegistryProxy
@@ -173,17 +172,7 @@ def start(config_options):
)
ss.setup()
-
- def start():
- ss.config.read_certificate_from_disk()
- ss.tls_server_context_factory = context_factory.ServerContextFactory(config)
- ss.tls_client_options_factory = context_factory.ClientTLSOptionsFactory(
- config
- )
- ss.start_listening(config.worker_listeners)
- ss.get_datastore().start_profiling()
-
- reactor.callWhenRunning(start)
+ reactor.callWhenRunning(_base.start, ss, config.worker_listeners)
_base.start_worker_reactor("synapse-client-reader", config)
diff --git a/synapse/app/event_creator.py b/synapse/app/event_creator.py
index 656e0edc0f..b8e5196152 100644
--- a/synapse/app/event_creator.py
+++ b/synapse/app/event_creator.py
@@ -25,7 +25,6 @@ from synapse.app import _base
from synapse.config._base import ConfigError
from synapse.config.homeserver import HomeServerConfig
from synapse.config.logger import setup_logging
-from synapse.crypto import context_factory
from synapse.http.server import JsonResource
from synapse.http.site import SynapseSite
from synapse.metrics import RegistryProxy
@@ -194,17 +193,7 @@ def start(config_options):
)
ss.setup()
-
- def start():
- ss.config.read_certificate_from_disk()
- ss.tls_server_context_factory = context_factory.ServerContextFactory(config)
- ss.tls_client_options_factory = context_factory.ClientTLSOptionsFactory(
- config
- )
- ss.start_listening(config.worker_listeners)
- ss.get_datastore().start_profiling()
-
- reactor.callWhenRunning(start)
+ reactor.callWhenRunning(_base.start, ss, config.worker_listeners)
_base.start_worker_reactor("synapse-event-creator", config)
diff --git a/synapse/app/federation_reader.py b/synapse/app/federation_reader.py
index 3de2715132..6ee2b76dcd 100644
--- a/synapse/app/federation_reader.py
+++ b/synapse/app/federation_reader.py
@@ -26,7 +26,6 @@ from synapse.app import _base
from synapse.config._base import ConfigError
from synapse.config.homeserver import HomeServerConfig
from synapse.config.logger import setup_logging
-from synapse.crypto import context_factory
from synapse.federation.transport.server import TransportLayerServer
from synapse.http.site import SynapseSite
from synapse.metrics import RegistryProxy
@@ -87,6 +86,16 @@ class FederationReaderServer(HomeServer):
resources.update({
FEDERATION_PREFIX: TransportLayerServer(self),
})
+ if name == "openid" and "federation" not in res["names"]:
+ # Only load the openid resource separately if federation resource
+ # is not specified since federation resource includes openid
+ # resource.
+ resources.update({
+ FEDERATION_PREFIX: TransportLayerServer(
+ self,
+ servlet_groups=["openid"],
+ ),
+ })
root_resource = create_resource_tree(resources, NoResource())
@@ -99,7 +108,8 @@ class FederationReaderServer(HomeServer):
listener_config,
root_resource,
self.version_string,
- )
+ ),
+ reactor=self.get_reactor()
)
logger.info("Synapse federation reader now listening on port %d", port)
@@ -160,17 +170,7 @@ def start(config_options):
)
ss.setup()
-
- def start():
- ss.config.read_certificate_from_disk()
- ss.tls_server_context_factory = context_factory.ServerContextFactory(config)
- ss.tls_client_options_factory = context_factory.ClientTLSOptionsFactory(
- config
- )
- ss.start_listening(config.worker_listeners)
- ss.get_datastore().start_profiling()
-
- reactor.callWhenRunning(start)
+ reactor.callWhenRunning(_base.start, ss, config.worker_listeners)
_base.start_worker_reactor("synapse-federation-reader", config)
diff --git a/synapse/app/federation_sender.py b/synapse/app/federation_sender.py
index d944e0517f..a461442fdc 100644
--- a/synapse/app/federation_sender.py
+++ b/synapse/app/federation_sender.py
@@ -25,7 +25,6 @@ from synapse.app import _base
from synapse.config._base import ConfigError
from synapse.config.homeserver import HomeServerConfig
from synapse.config.logger import setup_logging
-from synapse.crypto import context_factory
from synapse.federation import send_queue
from synapse.http.site import SynapseSite
from synapse.metrics import RegistryProxy
@@ -192,17 +191,8 @@ def start(config_options):
)
ss.setup()
+ reactor.callWhenRunning(_base.start, ss, config.worker_listeners)
- def start():
- ss.config.read_certificate_from_disk()
- ss.tls_server_context_factory = context_factory.ServerContextFactory(config)
- ss.tls_client_options_factory = context_factory.ClientTLSOptionsFactory(
- config
- )
- ss.start_listening(config.worker_listeners)
- ss.get_datastore().start_profiling()
-
- reactor.callWhenRunning(start)
_base.start_worker_reactor("synapse-federation-sender", config)
diff --git a/synapse/app/frontend_proxy.py b/synapse/app/frontend_proxy.py
index d9ef6edc3c..d5b954361d 100644
--- a/synapse/app/frontend_proxy.py
+++ b/synapse/app/frontend_proxy.py
@@ -26,7 +26,6 @@ from synapse.app import _base
from synapse.config._base import ConfigError
from synapse.config.homeserver import HomeServerConfig
from synapse.config.logger import setup_logging
-from synapse.crypto import context_factory
from synapse.http.server import JsonResource
from synapse.http.servlet import RestServlet, parse_json_object_from_request
from synapse.http.site import SynapseSite
@@ -250,17 +249,7 @@ def start(config_options):
)
ss.setup()
-
- def start():
- ss.config.read_certificate_from_disk()
- ss.tls_server_context_factory = context_factory.ServerContextFactory(config)
- ss.tls_client_options_factory = context_factory.ClientTLSOptionsFactory(
- config
- )
- ss.start_listening(config.worker_listeners)
- ss.get_datastore().start_profiling()
-
- reactor.callWhenRunning(start)
+ reactor.callWhenRunning(_base.start, ss, config.worker_listeners)
_base.start_worker_reactor("synapse-frontend-proxy", config)
diff --git a/synapse/app/homeserver.py b/synapse/app/homeserver.py
index 250a17cef8..dbd9a83877 100755
--- a/synapse/app/homeserver.py
+++ b/synapse/app/homeserver.py
@@ -17,7 +17,6 @@
import gc
import logging
import os
-import signal
import sys
import traceback
@@ -28,7 +27,6 @@ from prometheus_client import Gauge
from twisted.application import service
from twisted.internet import defer, reactor
-from twisted.protocols.tls import TLSMemoryBIOFactory
from twisted.web.resource import EncodingResourceWrapper, NoResource
from twisted.web.server import GzipEncoderFactory
from twisted.web.static import File
@@ -49,7 +47,6 @@ from synapse.app import _base
from synapse.app._base import listen_ssl, listen_tcp, quit_with_error
from synapse.config._base import ConfigError
from synapse.config.homeserver import HomeServerConfig
-from synapse.crypto import context_factory
from synapse.federation.transport.server import TransportLayerServer
from synapse.http.additional_resource import AdditionalResource
from synapse.http.server import RootRedirect
@@ -86,7 +83,6 @@ def gz_wrap(r):
class SynapseHomeServer(HomeServer):
DATASTORE_CLASS = DataStore
- _listening_services = []
def _listener_http(self, config, listener_config):
port = listener_config["port"]
@@ -94,14 +90,13 @@ class SynapseHomeServer(HomeServer):
tls = listener_config.get("tls", False)
site_tag = listener_config.get("tag", port)
- if tls and config.no_tls:
- raise ConfigError(
- "Listener on port %i has TLS enabled, but no_tls is set" % (port,),
- )
-
resources = {}
for res in listener_config["resources"]:
for name in res["names"]:
+ if name == "openid" and "federation" in res["names"]:
+ # Skip loading openid resource if federation is defined
+ # since federation resource will include openid
+ continue
resources.update(self._configure_named_resource(
name, res.get("compress", False),
))
@@ -126,7 +121,7 @@ class SynapseHomeServer(HomeServer):
root_resource = create_resource_tree(resources, root_resource)
if tls:
- return listen_ssl(
+ ports = listen_ssl(
bind_addresses,
port,
SynapseSite(
@@ -137,10 +132,12 @@ class SynapseHomeServer(HomeServer):
self.version_string,
),
self.tls_server_context_factory,
+ reactor=self.get_reactor(),
)
+ logger.info("Synapse now listening on TCP port %d (TLS)", port)
else:
- return listen_tcp(
+ ports = listen_tcp(
bind_addresses,
port,
SynapseSite(
@@ -149,8 +146,12 @@ class SynapseHomeServer(HomeServer):
listener_config,
root_resource,
self.version_string,
- )
+ ),
+ reactor=self.get_reactor(),
)
+ logger.info("Synapse now listening on TCP port %d", port)
+
+ return ports
def _configure_named_resource(self, name, compress=False):
"""Build a resource map for a named resource
@@ -196,6 +197,11 @@ class SynapseHomeServer(HomeServer):
FEDERATION_PREFIX: TransportLayerServer(self),
})
+ if name == "openid":
+ resources.update({
+ FEDERATION_PREFIX: TransportLayerServer(self, servlet_groups=["openid"]),
+ })
+
if name in ["static", "client"]:
resources.update({
STATIC_PREFIX: File(
@@ -241,10 +247,10 @@ class SynapseHomeServer(HomeServer):
return resources
- def start_listening(self):
+ def start_listening(self, listeners):
config = self.get_config()
- for listener in config.listeners:
+ for listener in listeners:
if listener["type"] == "http":
self._listening_services.extend(
self._listener_http(config, listener)
@@ -260,14 +266,14 @@ class SynapseHomeServer(HomeServer):
)
)
elif listener["type"] == "replication":
- bind_addresses = listener["bind_addresses"]
- for address in bind_addresses:
- factory = ReplicationStreamProtocolFactory(self)
- server_listener = reactor.listenTCP(
- listener["port"], factory, interface=address
- )
+ services = listen_tcp(
+ listener["bind_addresses"],
+ listener["port"],
+ ReplicationStreamProtocolFactory(self),
+ )
+ for s in services:
reactor.addSystemEventTrigger(
- "before", "shutdown", server_listener.stopListening,
+ "before", "shutdown", s.stopListening,
)
elif listener["type"] == "metrics":
if not self.get_config().enable_metrics:
@@ -328,20 +334,11 @@ def setup(config_options):
# generating config files and shouldn't try to continue.
sys.exit(0)
- sighup_callbacks = []
synapse.config.logger.setup_logging(
config,
- use_worker_options=False,
- register_sighup=sighup_callbacks.append
+ use_worker_options=False
)
- def handle_sighup(*args, **kwargs):
- for i in sighup_callbacks:
- i(*args, **kwargs)
-
- if hasattr(signal, "SIGHUP"):
- signal.signal(signal.SIGHUP, handle_sighup)
-
events.USE_FROZEN_DICTS = config.use_frozen_dicts
database_engine = create_engine(config.database_config)
@@ -377,76 +374,73 @@ def setup(config_options):
hs.setup()
- def refresh_certificate(*args):
+ @defer.inlineCallbacks
+ def do_acme():
"""
- Refresh the TLS certificates that Synapse is using by re-reading them
- from disk and updating the TLS context factories to use them.
+ Reprovision an ACME certificate, if it's required.
+
+ Returns:
+ Deferred[bool]: Whether the cert has been updated.
"""
- logging.info("Reloading certificate from disk...")
- hs.config.read_certificate_from_disk()
- hs.tls_server_context_factory = context_factory.ServerContextFactory(config)
- hs.tls_client_options_factory = context_factory.ClientTLSOptionsFactory(
- config
+ acme = hs.get_acme_handler()
+
+ # Check how long the certificate is active for.
+ cert_days_remaining = hs.config.is_disk_cert_valid(
+ allow_self_signed=False
)
- logging.info("Certificate reloaded.")
-
- logging.info("Updating context factories...")
- for i in hs._listening_services:
- if isinstance(i.factory, TLSMemoryBIOFactory):
- i.factory = TLSMemoryBIOFactory(
- hs.tls_server_context_factory,
- False,
- i.factory.wrappedFactory
- )
- logging.info("Context factories updated.")
- sighup_callbacks.append(refresh_certificate)
+ # We want to reprovision if cert_days_remaining is None (meaning no
+ # certificate exists), or the days remaining number it returns
+ # is less than our re-registration threshold.
+ provision = False
+
+ if (cert_days_remaining is None):
+ provision = True
+
+ if cert_days_remaining > hs.config.acme_reprovision_threshold:
+ provision = True
+
+ if provision:
+ yield acme.provision_certificate()
+
+ defer.returnValue(provision)
+
+ @defer.inlineCallbacks
+ def reprovision_acme():
+ """
+ Provision a certificate from ACME, if required, and reload the TLS
+ certificate if it's renewed.
+ """
+ reprovisioned = yield do_acme()
+ if reprovisioned:
+ _base.refresh_certificate(hs)
@defer.inlineCallbacks
def start():
try:
- # Check if the certificate is still valid.
- cert_days_remaining = hs.config.is_disk_cert_valid()
-
+ # Run the ACME provisioning code, if it's enabled.
if hs.config.acme_enabled:
- # If ACME is enabled, we might need to provision a certificate
- # before starting.
acme = hs.get_acme_handler()
-
# Start up the webservices which we will respond to ACME
- # challenges with.
+ # challenges with, and then provision.
yield acme.start_listening()
+ yield do_acme()
- # We want to reprovision if cert_days_remaining is None (meaning no
- # certificate exists), or the days remaining number it returns
- # is less than our re-registration threshold.
- if (cert_days_remaining is None) or (
- not cert_days_remaining > hs.config.acme_reprovision_threshold
- ):
- yield acme.provision_certificate()
-
- # Read the certificate from disk and build the context factories for
- # TLS.
- hs.config.read_certificate_from_disk()
- hs.tls_server_context_factory = context_factory.ServerContextFactory(config)
- hs.tls_client_options_factory = context_factory.ClientTLSOptionsFactory(
- config
- )
+ # Check if it needs to be reprovisioned every day.
+ hs.get_clock().looping_call(
+ reprovision_acme,
+ 24 * 60 * 60 * 1000
+ )
+
+ _base.start(hs, config.listeners)
- # It is now safe to start your Synapse.
- hs.start_listening()
hs.get_pusherpool().start()
- hs.get_datastore().start_profiling()
hs.get_datastore().start_doing_background_updates()
- except Exception as e:
- # If a DeferredList failed (like in listening on the ACME listener),
- # we need to print the subfailure explicitly.
- if isinstance(e, defer.FirstError):
- e.subFailure.printTraceback(sys.stderr)
- sys.exit(1)
-
- # Something else went wrong when starting. Print it and bail out.
+ except Exception:
+ # Print the exception and bail out.
traceback.print_exc(file=sys.stderr)
+ if reactor.running:
+ reactor.stop()
sys.exit(1)
reactor.callWhenRunning(start)
@@ -455,7 +449,8 @@ def setup(config_options):
class SynapseService(service.Service):
- """A twisted Service class that will start synapse. Used to run synapse
+ """
+ A twisted Service class that will start synapse. Used to run synapse
via twistd and a .tac.
"""
def __init__(self, config):
diff --git a/synapse/app/media_repository.py b/synapse/app/media_repository.py
index 4ecf64031b..d4cc4e9443 100644
--- a/synapse/app/media_repository.py
+++ b/synapse/app/media_repository.py
@@ -26,7 +26,6 @@ from synapse.app import _base
from synapse.config._base import ConfigError
from synapse.config.homeserver import HomeServerConfig
from synapse.config.logger import setup_logging
-from synapse.crypto import context_factory
from synapse.http.site import SynapseSite
from synapse.metrics import RegistryProxy
from synapse.metrics.resource import METRICS_PREFIX, MetricsResource
@@ -160,17 +159,7 @@ def start(config_options):
)
ss.setup()
-
- def start():
- ss.config.read_certificate_from_disk()
- ss.tls_server_context_factory = context_factory.ServerContextFactory(config)
- ss.tls_client_options_factory = context_factory.ClientTLSOptionsFactory(
- config
- )
- ss.start_listening(config.worker_listeners)
- ss.get_datastore().start_profiling()
-
- reactor.callWhenRunning(start)
+ reactor.callWhenRunning(_base.start, ss, config.worker_listeners)
_base.start_worker_reactor("synapse-media-repository", config)
diff --git a/synapse/app/pusher.py b/synapse/app/pusher.py
index 83b0863f00..cbf0d67f51 100644
--- a/synapse/app/pusher.py
+++ b/synapse/app/pusher.py
@@ -224,11 +224,10 @@ def start(config_options):
)
ps.setup()
- ps.start_listening(config.worker_listeners)
def start():
+ _base.start(ps, config.worker_listeners)
ps.get_pusherpool().start()
- ps.get_datastore().start_profiling()
reactor.callWhenRunning(start)
diff --git a/synapse/app/synchrotron.py b/synapse/app/synchrotron.py
index 0354e82bf8..9163b56d86 100644
--- a/synapse/app/synchrotron.py
+++ b/synapse/app/synchrotron.py
@@ -445,12 +445,7 @@ def start(config_options):
)
ss.setup()
- ss.start_listening(config.worker_listeners)
-
- def start():
- ss.get_datastore().start_profiling()
-
- reactor.callWhenRunning(start)
+ reactor.callWhenRunning(_base.start, ss, config.worker_listeners)
_base.start_worker_reactor("synapse-synchrotron", config)
diff --git a/synapse/app/user_dir.py b/synapse/app/user_dir.py
index 176d55a783..d1ab9512cd 100644
--- a/synapse/app/user_dir.py
+++ b/synapse/app/user_dir.py
@@ -26,7 +26,6 @@ from synapse.app import _base
from synapse.config._base import ConfigError
from synapse.config.homeserver import HomeServerConfig
from synapse.config.logger import setup_logging
-from synapse.crypto import context_factory
from synapse.http.server import JsonResource
from synapse.http.site import SynapseSite
from synapse.metrics import RegistryProxy
@@ -220,17 +219,7 @@ def start(config_options):
)
ss.setup()
-
- def start():
- ss.config.read_certificate_from_disk()
- ss.tls_server_context_factory = context_factory.ServerContextFactory(config)
- ss.tls_client_options_factory = context_factory.ClientTLSOptionsFactory(
- config
- )
- ss.start_listening(config.worker_listeners)
- ss.get_datastore().start_profiling()
-
- reactor.callWhenRunning(start)
+ reactor.callWhenRunning(_base.start, ss, config.worker_listeners)
_base.start_worker_reactor("synapse-user-dir", config)
|
