From 1196ee32b35587af82e7bf60dc60f2ba56c5f93c Mon Sep 17 00:00:00 2001 From: Victor Goff Date: Wed, 28 Aug 2019 04:34:49 -0400 Subject: Typographical corrections in docker/README (#5921) --- docker/README.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'docker') diff --git a/docker/README.md b/docker/README.md index 46bb9d2d99..d5879c2f2c 100644 --- a/docker/README.md +++ b/docker/README.md @@ -17,7 +17,7 @@ By default, the image expects a single volume, located at ``/data``, that will h * the appservices configuration. You are free to use separate volumes depending on storage endpoints at your -disposal. For instance, ``/data/media`` coud be stored on a large but low +disposal. For instance, ``/data/media`` could be stored on a large but low performance hdd storage while other files could be stored on high performance endpoints. @@ -27,8 +27,8 @@ configuration file there. Multiple application services are supported. ## Generating a configuration file -The first step is to genearte a valid config file. To do this, you can run the -image with the `generate` commandline option. +The first step is to generate a valid config file. To do this, you can run the +image with the `generate` command line option. You will need to specify values for the `SYNAPSE_SERVER_NAME` and `SYNAPSE_REPORT_STATS` environment variable, and mount a docker volume to store @@ -59,7 +59,7 @@ The following environment variables are supported in `generate` mode: * `SYNAPSE_CONFIG_PATH`: path to the file to be generated. Defaults to `/homeserver.yaml`. * `SYNAPSE_DATA_DIR`: where the generated config will put persistent data - such as the datatase and media store. Defaults to `/data`. + such as the database and media store. Defaults to `/data`. * `UID`, `GID`: the user id and group id to use for creating the data directories. Defaults to `991`, `991`. @@ -115,7 +115,7 @@ not given). To migrate from a dynamic configuration file to a static one, run the docker container once with the environment variables set, and `migrate_config` -commandline option. For example: +command line option. For example: ``` docker run -it --rm \ -- cgit 1.4.1 From 894c1a575979a52114fac09ab3814f4fe023659a Mon Sep 17 00:00:00 2001 From: Michael Kaye <1917473+michaelkaye@users.noreply.github.com> Date: Tue, 3 Sep 2019 16:36:01 +0100 Subject: Docker packaging should not su-exec or chmod if already running as UID/GID (#5970) Adjust su-exec to only be used if needed. If UID == getuid() and GID == getgid() then we do not need to su-exec, and chmod will not work. --- changelog.d/5970.docker | 1 + docker/start.py | 84 ++++++++++++++++++++++++++++--------------------- 2 files changed, 50 insertions(+), 35 deletions(-) create mode 100644 changelog.d/5970.docker (limited to 'docker') diff --git a/changelog.d/5970.docker b/changelog.d/5970.docker new file mode 100644 index 0000000000..c9d04da9cd --- /dev/null +++ b/changelog.d/5970.docker @@ -0,0 +1 @@ +Avoid changing UID/GID if they are already correct. diff --git a/docker/start.py b/docker/start.py index 40a861f200..260f2d9943 100755 --- a/docker/start.py +++ b/docker/start.py @@ -41,8 +41,8 @@ def generate_config_from_template(config_dir, config_path, environ, ownership): config_dir (str): where to put generated config files config_path (str): where to put the main config file environ (dict): environment dictionary - ownership (str): ":" string which will be used to set - ownership of the generated configs + ownership (str|None): ":" string which will be used to set + ownership of the generated configs. If None, ownership will not change. """ for v in ("SYNAPSE_SERVER_NAME", "SYNAPSE_REPORT_STATS"): if v not in environ: @@ -105,24 +105,24 @@ def generate_config_from_template(config_dir, config_path, environ, ownership): log("Generating log config file " + log_config_file) convert("/conf/log.config", log_config_file, environ) - subprocess.check_output(["chown", "-R", ownership, "/data"]) - # Hopefully we already have a signing key, but generate one if not. - subprocess.check_output( - [ - "su-exec", - ownership, - "python", - "-m", - "synapse.app.homeserver", - "--config-path", - config_path, - # tell synapse to put generated keys in /data rather than /compiled - "--keys-directory", - config_dir, - "--generate-keys", - ] - ) + args = [ + "python", + "-m", + "synapse.app.homeserver", + "--config-path", + config_path, + # tell synapse to put generated keys in /data rather than /compiled + "--keys-directory", + config_dir, + "--generate-keys", + ] + + if ownership is not None: + subprocess.check_output(["chown", "-R", ownership, "/data"]) + args = ["su-exec", ownership] + args + + subprocess.check_output(args) def run_generate_config(environ, ownership): @@ -130,7 +130,7 @@ def run_generate_config(environ, ownership): Args: environ (dict): env var dict - ownership (str): "userid:groupid" arg for chmod + ownership (str|None): "userid:groupid" arg for chmod. If None, ownership will not change. Never returns. """ @@ -149,9 +149,6 @@ def run_generate_config(environ, ownership): log("Creating log config %s" % (log_config_file,)) convert("/conf/log.config", log_config_file, environ) - # make sure that synapse has perms to write to the data dir. - subprocess.check_output(["chown", ownership, data_dir]) - args = [ "python", "-m", @@ -170,12 +167,33 @@ def run_generate_config(environ, ownership): "--open-private-ports", ] # log("running %s" % (args, )) - os.execv("/usr/local/bin/python", args) + + if ownership is not None: + args = ["su-exec", ownership] + args + os.execv("/sbin/su-exec", args) + + # make sure that synapse has perms to write to the data dir. + subprocess.check_output(["chown", ownership, data_dir]) + else: + os.execv("/usr/local/bin/python", args) def main(args, environ): mode = args[1] if len(args) > 1 else None - ownership = "{}:{}".format(environ.get("UID", 991), environ.get("GID", 991)) + desired_uid = int(environ.get("UID", "991")) + desired_gid = int(environ.get("GID", "991")) + if (desired_uid == os.getuid()) and (desired_gid == os.getgid()): + ownership = None + else: + ownership = "{}:{}".format(desired_uid, desired_gid) + + log( + "Container running as UserID %s:%s, ENV (or defaults) requests %s:%s" + % (os.getuid(), os.getgid(), desired_uid, desired_gid) + ) + + if ownership is None: + log("Will not perform chmod/su-exec as UserID already matches request") # In generate mode, generate a configuration and missing keys, then exit if mode == "generate": @@ -227,16 +245,12 @@ def main(args, environ): log("Starting synapse with config file " + config_path) - args = [ - "su-exec", - ownership, - "python", - "-m", - "synapse.app.homeserver", - "--config-path", - config_path, - ] - os.execv("/sbin/su-exec", args) + args = ["python", "-m", "synapse.app.homeserver", "--config-path", config_path] + if ownership is not None: + args = ["su-exec", ownership] + args + os.execv("/sbin/su-exec", args) + else: + os.execv("/usr/local/bin/python", args) if __name__ == "__main__": -- cgit 1.4.1 From 2def5ea0da4b8134384adcd48e1e312f2f7e65c9 Mon Sep 17 00:00:00 2001 From: Michael Kaye <1917473+michaelkaye@users.noreply.github.com> Date: Thu, 19 Sep 2019 22:29:47 +0100 Subject: Docker: support SYNAPSE_WORKER envvar (#6058) * Allow passing SYNAPSE_WORKER envvar * changelog.d * Document SYNAPSE_WORKER. Attempting to imply that you don't need to change this default unless you're in worker mode. Also aware that there's a bigger problem of attempting to document a complete working configuration of workers using docker, as we currently only document to use `synctl` for worker mode, and synctl doesn't work that way in docker. --- changelog.d/6058.docker | 1 + docker/README.md | 2 ++ docker/start.py | 3 ++- 3 files changed, 5 insertions(+), 1 deletion(-) create mode 100644 changelog.d/6058.docker (limited to 'docker') diff --git a/changelog.d/6058.docker b/changelog.d/6058.docker new file mode 100644 index 0000000000..30be6933c9 --- /dev/null +++ b/changelog.d/6058.docker @@ -0,0 +1 @@ +Provide SYNAPSE_WORKER envvar to specify python module. diff --git a/docker/README.md b/docker/README.md index d5879c2f2c..4b712f3f5c 100644 --- a/docker/README.md +++ b/docker/README.md @@ -89,6 +89,8 @@ The following environment variables are supported in run mode: `/data`. * `SYNAPSE_CONFIG_PATH`: path to the config file. Defaults to `/homeserver.yaml`. +* `SYNAPSE_WORKER`: module to execute, used when running synapse with workers. + Defaults to `synapse.app.homeserver`, which is suitable for non-worker mode. * `UID`, `GID`: the user and group id to run Synapse as. Defaults to `991`, `991`. * `TZ`: the [timezone](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones) the container will run with. Defaults to `UTC`. diff --git a/docker/start.py b/docker/start.py index 260f2d9943..e41ea20e70 100755 --- a/docker/start.py +++ b/docker/start.py @@ -182,6 +182,7 @@ def main(args, environ): mode = args[1] if len(args) > 1 else None desired_uid = int(environ.get("UID", "991")) desired_gid = int(environ.get("GID", "991")) + synapse_worker = environ.get("SYNAPSE_WORKER", "synapse.app.homeserver") if (desired_uid == os.getuid()) and (desired_gid == os.getgid()): ownership = None else: @@ -245,7 +246,7 @@ def main(args, environ): log("Starting synapse with config file " + config_path) - args = ["python", "-m", "synapse.app.homeserver", "--config-path", config_path] + args = ["python", "-m", synapse_worker, "--config-path", config_path] if ownership is not None: args = ["su-exec", ownership] + args os.execv("/sbin/su-exec", args) -- cgit 1.4.1