This repository has been archived by the owner on Apr 26, 2024. It is now read-only.
-
-
Notifications
You must be signed in to change notification settings - Fork 2.1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add a dockerfile for running a set of Synapse worker processes (#9162)
This PR adds a Dockerfile and some supporting files to the `docker/` directory. The Dockerfile's intention is to spin up a container with: * A Synapse main process. * Any desired worker processes, defined by a `SYNAPSE_WORKERS` environment variable supplied at runtime. * A redis for worker communication. * A nginx for routing traffic. * A supervisord to start all worker processes and monitor them if any go down. Note that **this is not currently intended to be used in production**. If you'd like to use Synapse workers with Docker, instead make use of the official image, with one worker per container. The purpose of this dockerfile is currently to allow testing Synapse in worker mode with the [Complement](https://github.com/matrix-org/complement/) test suite. `configure_workers_and_start.py` is where most of the magic happens in this PR. It reads from environment variables (documented in the file) and creates all necessary config files for the processes. It is the entrypoint of the Dockerfile, and thus is run any time the docker container is spun up, recreating all config files in case you want to use a different set of workers. One can specify which workers they'd like to use by setting the `SYNAPSE_WORKERS` environment variable (as a comma-separated list of arbitrary worker names) or by setting it to `*` for all worker processes. We will be using the latter in CI. Huge thanks to @MatMaul for helping get this all working 🎉 This PR is paired with its equivalent on the Complement side: matrix-org/complement#62. Note, for the purpose of testing this PR before it's merged: You'll need to (re)build the base Synapse docker image for everything to work (`matrixdotorg/synapse:latest`). Then build the worker-based docker image on top (`matrixdotorg/synapse:workers`).
- Loading branch information
1 parent
f16c6cf
commit 7e460ec
Showing
11 changed files
with
867 additions
and
6 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| Add a dockerfile for running Synapse in worker-mode under Complement. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,23 @@ | ||
| # Inherit from the official Synapse docker image | ||
| FROM matrixdotorg/synapse | ||
|
|
||
| # Install deps | ||
| RUN apt-get update | ||
| RUN apt-get install -y supervisor redis nginx | ||
|
|
||
| # Remove the default nginx sites | ||
| RUN rm /etc/nginx/sites-enabled/default | ||
|
|
||
| # Copy Synapse worker, nginx and supervisord configuration template files | ||
| COPY ./docker/conf-workers/* /conf/ | ||
|
|
||
| # Expose nginx listener port | ||
| EXPOSE 8080/tcp | ||
|
|
||
| # Volume for user-editable config files, logs etc. | ||
| VOLUME ["/data"] | ||
|
|
||
| # A script to read environment variables and create the necessary | ||
| # files to run the desired worker configuration. Will start supervisord. | ||
| COPY ./docker/configure_workers_and_start.py /configure_workers_and_start.py | ||
| ENTRYPOINT ["/configure_workers_and_start.py"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,140 @@ | ||
| # Running tests against a dockerised Synapse | ||
|
|
||
| It's possible to run integration tests against Synapse | ||
| using [Complement](https://github.com/matrix-org/complement). Complement is a Matrix Spec | ||
| compliance test suite for homeservers, and supports any homeserver docker image configured | ||
| to listen on ports 8008/8448. This document contains instructions for building Synapse | ||
| docker images that can be run inside Complement for testing purposes. | ||
|
|
||
| Note that running Synapse's unit tests from within the docker image is not supported. | ||
|
|
||
| ## Testing with SQLite and single-process Synapse | ||
|
|
||
| > Note that `scripts-dev/complement.sh` is a script that will automatically build | ||
| > and run an SQLite-based, single-process of Synapse against Complement. | ||
| The instructions below will set up Complement testing for a single-process, | ||
| SQLite-based Synapse deployment. | ||
|
|
||
| Start by building the base Synapse docker image. If you wish to run tests with the latest | ||
| release of Synapse, instead of your current checkout, you can skip this step. From the | ||
| root of the repository: | ||
|
|
||
| ```sh | ||
| docker build -t matrixdotorg/synapse -f docker/Dockerfile . | ||
| ``` | ||
|
|
||
| This will build an image with the tag `matrixdotorg/synapse`. | ||
|
|
||
| Next, build the Synapse image for Complement. You will need a local checkout | ||
| of Complement. Change to the root of your Complement checkout and run: | ||
|
|
||
| ```sh | ||
| docker build -t complement-synapse -f "dockerfiles/Synapse.Dockerfile" dockerfiles | ||
| ``` | ||
|
|
||
| This will build an image with the tag `complement-synapse`, which can be handed to | ||
| Complement for testing via the `COMPLEMENT_BASE_IMAGE` environment variable. Refer to | ||
| [Complement's documentation](https://github.com/matrix-org/complement/#running) for | ||
| how to run the tests, as well as the various available command line flags. | ||
|
|
||
| ## Testing with PostgreSQL and single or multi-process Synapse | ||
|
|
||
| The above docker image only supports running Synapse with SQLite and in a | ||
| single-process topology. The following instructions are used to build a Synapse image for | ||
| Complement that supports either single or multi-process topology with a PostgreSQL | ||
| database backend. | ||
|
|
||
| As with the single-process image, build the base Synapse docker image. If you wish to run | ||
| tests with the latest release of Synapse, instead of your current checkout, you can skip | ||
| this step. From the root of the repository: | ||
|
|
||
| ```sh | ||
| docker build -t matrixdotorg/synapse -f docker/Dockerfile . | ||
| ``` | ||
|
|
||
| This will build an image with the tag `matrixdotorg/synapse`. | ||
|
|
||
| Next, we build a new image with worker support based on `matrixdotorg/synapse:latest`. | ||
| Again, from the root of the repository: | ||
|
|
||
| ```sh | ||
| docker build -t matrixdotorg/synapse-workers -f docker/Dockerfile-workers . | ||
| ``` | ||
|
|
||
| This will build an image with the tag` matrixdotorg/synapse-workers`. | ||
|
|
||
| It's worth noting at this point that this image is fully functional, and | ||
| can be used for testing against locally. See instructions for using the container | ||
| under | ||
| [Running the Dockerfile-worker image standalone](#running-the-dockerfile-worker-image-standalone) | ||
| below. | ||
|
|
||
| Finally, build the Synapse image for Complement, which is based on | ||
| `matrixdotorg/synapse-workers`. You will need a local checkout of Complement. Change to | ||
| the root of your Complement checkout and run: | ||
|
|
||
| ```sh | ||
| docker build -t matrixdotorg/complement-synapse-workers -f dockerfiles/SynapseWorkers.Dockerfile dockerfiles | ||
| ``` | ||
|
|
||
| This will build an image with the tag `complement-synapse`, which can be handed to | ||
| Complement for testing via the `COMPLEMENT_BASE_IMAGE` environment variable. Refer to | ||
| [Complement's documentation](https://github.com/matrix-org/complement/#running) for | ||
| how to run the tests, as well as the various available command line flags. | ||
|
|
||
| ## Running the Dockerfile-worker image standalone | ||
|
|
||
| For manual testing of a multi-process Synapse instance in Docker, | ||
| [Dockerfile-workers](Dockerfile-workers) is a Dockerfile that will produce an image | ||
| bundling all necessary components together for a workerised homeserver instance. | ||
|
|
||
| This includes any desired Synapse worker processes, a nginx to route traffic accordingly, | ||
| a redis for worker communication and a supervisord instance to start up and monitor all | ||
| processes. You will need to provide your own postgres container to connect to, and TLS | ||
| is not handled by the container. | ||
|
|
||
| Once you've built the image using the above instructions, you can run it. Be sure | ||
| you've set up a volume according to the [usual Synapse docker instructions](README.md). | ||
| Then run something along the lines of: | ||
|
|
||
| ``` | ||
| docker run -d --name synapse \ | ||
| --mount type=volume,src=synapse-data,dst=/data \ | ||
| -p 8008:8008 \ | ||
| -e SYNAPSE_SERVER_NAME=my.matrix.host \ | ||
| -e SYNAPSE_REPORT_STATS=no \ | ||
| -e POSTGRES_HOST=postgres \ | ||
| -e POSTGRES_USER=postgres \ | ||
| -e POSTGRES_PASSWORD=somesecret \ | ||
| -e SYNAPSE_WORKER_TYPES=synchrotron,media_repository,user_dir \ | ||
| -e SYNAPSE_WORKERS_WRITE_LOGS_TO_DISK=1 \ | ||
| matrixdotorg/synapse-workers | ||
| ``` | ||
|
|
||
| ...substituting `POSTGRES*` variables for those that match a postgres host you have | ||
| available (usually a running postgres docker container). | ||
|
|
||
| The `SYNAPSE_WORKER_TYPES` environment variable is a comma-separated list of workers to | ||
| use when running the container. All possible worker names are defined by the keys of the | ||
| `WORKERS_CONFIG` variable in [this script](configure_workers_and_start.py), which the | ||
| Dockerfile makes use of to generate appropriate worker, nginx and supervisord config | ||
| files. | ||
|
|
||
| Sharding is supported for a subset of workers, in line with the | ||
| [worker documentation](../docs/workers.md). To run multiple instances of a given worker | ||
| type, simply specify the type multiple times in `SYNAPSE_WORKER_TYPES` | ||
| (e.g `SYNAPSE_WORKER_TYPES=event_creator,event_creator...`). | ||
|
|
||
| Otherwise, `SYNAPSE_WORKER_TYPES` can either be left empty or unset to spawn no workers | ||
| (leaving only the main process). The container is configured to use redis-based worker | ||
| mode. | ||
|
|
||
| Logs for workers and the main process are logged to stdout and can be viewed with | ||
| standard `docker logs` tooling. Worker logs contain their worker name | ||
| after the timestamp. | ||
|
|
||
| Setting `SYNAPSE_WORKERS_WRITE_LOGS_TO_DISK=1` will cause worker logs to be written to | ||
| `<data_dir>/logs/<worker_name>.log`. Logs are kept for 1 week and rotate every day at 00: | ||
| 00, according to the container's clock. Logging for the main process must still be | ||
| configured by modifying the homeserver's log config in your Synapse data volume. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,27 @@ | ||
| # This file contains the base config for the reverse proxy, as part of ../Dockerfile-workers. | ||
| # configure_workers_and_start.py uses and amends to this file depending on the workers | ||
| # that have been selected. | ||
|
|
||
| {{ upstream_directives }} | ||
|
|
||
| server { | ||
| # Listen on an unoccupied port number | ||
| listen 8008; | ||
| listen [::]:8008; | ||
|
|
||
| server_name localhost; | ||
|
|
||
| # Nginx by default only allows file uploads up to 1M in size | ||
| # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml | ||
| client_max_body_size 100M; | ||
|
|
||
| {{ worker_locations }} | ||
|
|
||
| # Send all other traffic to the main process | ||
| location ~* ^(\\/_matrix|\\/_synapse) { | ||
| proxy_pass http://localhost:8080; | ||
| proxy_set_header X-Forwarded-For $remote_addr; | ||
| proxy_set_header X-Forwarded-Proto $scheme; | ||
| proxy_set_header Host $host; | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,9 @@ | ||
| # This file contains the base for the shared homeserver config file between Synapse workers, | ||
| # as part of ./Dockerfile-workers. | ||
| # configure_workers_and_start.py uses and amends to this file depending on the workers | ||
| # that have been selected. | ||
|
|
||
| redis: | ||
| enabled: true | ||
|
|
||
| {{ shared_worker_config }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,41 @@ | ||
| # This file contains the base config for supervisord, as part of ../Dockerfile-workers. | ||
| # configure_workers_and_start.py uses and amends to this file depending on the workers | ||
| # that have been selected. | ||
| [supervisord] | ||
| nodaemon=true | ||
| user=root | ||
|
|
||
| [program:nginx] | ||
| command=/usr/sbin/nginx -g "daemon off;" | ||
| priority=500 | ||
| stdout_logfile=/dev/stdout | ||
| stdout_logfile_maxbytes=0 | ||
| stderr_logfile=/dev/stderr | ||
| stderr_logfile_maxbytes=0 | ||
| username=www-data | ||
| autorestart=true | ||
|
|
||
| [program:redis] | ||
| command=/usr/bin/redis-server /etc/redis/redis.conf --daemonize no | ||
| priority=1 | ||
| stdout_logfile=/dev/stdout | ||
| stdout_logfile_maxbytes=0 | ||
| stderr_logfile=/dev/stderr | ||
| stderr_logfile_maxbytes=0 | ||
| username=redis | ||
| autorestart=true | ||
|
|
||
| [program:synapse_main] | ||
| command=/usr/local/bin/python -m synapse.app.homeserver --config-path="{{ main_config_path }}" --config-path=/conf/workers/shared.yaml | ||
| priority=10 | ||
| # Log startup failures to supervisord's stdout/err | ||
| # Regular synapse logs will still go in the configured data directory | ||
| stdout_logfile=/dev/stdout | ||
| stdout_logfile_maxbytes=0 | ||
| stderr_logfile=/dev/stderr | ||
| stderr_logfile_maxbytes=0 | ||
| autorestart=unexpected | ||
| exitcodes=0 | ||
|
|
||
| # Additional process blocks | ||
| {{ worker_config }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,26 @@ | ||
| # This is a configuration template for a single worker instance, and is | ||
| # used by Dockerfile-workers. | ||
| # Values will be change depending on whichever workers are selected when | ||
| # running that image. | ||
|
|
||
| worker_app: "{{ app }}" | ||
| worker_name: "{{ name }}" | ||
|
|
||
| # The replication listener on the main synapse process. | ||
| worker_replication_host: 127.0.0.1 | ||
| worker_replication_http_port: 9093 | ||
|
|
||
| worker_listeners: | ||
| - type: http | ||
| port: {{ port }} | ||
| {% if listener_resources %} | ||
| resources: | ||
| - names: | ||
| {%- for resource in listener_resources %} | ||
| - {{ resource }} | ||
| {%- endfor %} | ||
| {% endif %} | ||
|
|
||
| worker_log_config: {{ worker_log_config_filepath }} | ||
|
|
||
| {{ worker_extra_conf }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.