-
-
Notifications
You must be signed in to change notification settings - Fork 13.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
nixos/matrix-synapse: Add UNIX domain socket listener support #286172
Conversation
8f7c167
to
a038ca3
Compare
a038ca3
to
d53d528
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Otherwise LGTM. I've deployed this on my server now and it works fine. Had to manually change the replication listener and instance map to use the new path though because I'm setting those options myself.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Okay no, I found a big issue with the mode
setting. When not changing the mode from its default of 660 (which is 1224 in octal), the socket is created with s-w--w-r-T
permissions which is completely wrong (but apparently enough for replication to still work?). I had to set the mode to 438 (which is 666 in octal) to get srw-rw-rw-
permissions on the socket.
Apparently, Synapse interprets the mode as octal even if it's a (decimal) integer, so we would need to serialize this as mode: 0o660
or something similar in the generated yaml file.
EDIT: also the final homeserver.yaml
still contains port: null
for all UDS listeners and mode: 660
,path: null
for all TCP listeners.
Thanks for testing. I initially had the mode as I'm a bit surprised, that the final config still has |
Because it had quotes in the final config and was thus interpreted as a string? Would kinda suck though if that got propagated all the way down to the chmod call. How about
I don't really understand where this happens though, I skimmed a bit through the code of synapse and twisted and to me it seems that no more conversion hacks are done, so apparently a correct representation is assumed. Anyways, I think it's wrong that we even have to care and I think it's a bad idea to use a base10 integer when we need a base8 one. I think that a string with coercion (and a very strict regex check) is a better option here. |
This is the code path up to the Error during startup:
Traceback (most recent call last):
File "/nix/store/gxma1wp6xc25vp8lza0bkhm30abrl1l1-matrix-synapse-1.100.0/lib/python3.11/site-packages/synapse/app/_base.py", line 258, in wrapper
await cb(*args, **kwargs)
File "/nix/store/gxma1wp6xc25vp8lza0bkhm30abrl1l1-matrix-synapse-1.100.0/lib/python3.11/site-packages/synapse/app/homeserver.py", line 370, in start
await _base.start(hs)
File "/nix/store/gxma1wp6xc25vp8lza0bkhm30abrl1l1-matrix-synapse-1.100.0/lib/python3.11/site-packages/synapse/app/_base.py", line 594, in start
hs.start_listening()
File "/nix/store/gxma1wp6xc25vp8lza0bkhm30abrl1l1-matrix-synapse-1.100.0/lib/python3.11/site-packages/synapse/app/homeserver.py", line 258, in start_listening
self._listener_http(self.config, listener)
File "/nix/store/gxma1wp6xc25vp8lza0bkhm30abrl1l1-matrix-synapse-1.100.0/lib/python3.11/site-packages/synapse/app/homeserver.py", line 147, in _listener_http
ports = listen_http(
^^^^^^^^^^^^
File "/nix/store/gxma1wp6xc25vp8lza0bkhm30abrl1l1-matrix-synapse-1.100.0/lib/python3.11/site-packages/synapse/app/_base.py", line 441, in listen_http
ports = listen_unix(
^^^^^^^^^^^^
File "/nix/store/gxma1wp6xc25vp8lza0bkhm30abrl1l1-matrix-synapse-1.100.0/lib/python3.11/site-packages/synapse/app/_base.py", line 388, in listen_unix
cast(Port, reactor.listenUNIX(path, factory, backlog, mode, wantPID))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/nix/store/gmygp534ydqbs1iw63090m9vixkcydrq-python3-3.11.7-env/lib/python3.11/site-packages/twisted/internet/posixbase.py", line 265, in listenUNIX
p.startListening()
File "/nix/store/gmygp534ydqbs1iw63090m9vixkcydrq-python3-3.11.7-env/lib/python3.11/site-packages/twisted/internet/unix.py", line 416, in startListening
os.chmod(self.port, self.mode)
TypeError: 'str' object cannot be interpreted as an integer |
From what I've gathered the mode actually has to be an integer but its bits are directly set as the file mode. There is no special handling anywhere because python uses an octal literal as default for the mode, so the default value is actually |
Yeah, can confirm that code-wise. Rereading your previous comment, I think I misunderstood the "interprets it as octal" part and thought that you specified the decimal number which lead to the error not the other way round, sorry for that!
Quickly checked that you can indeed write But without being able to express octal numbers in Nix (and I'm not entirely sure if I'll like it then) I strongly dislike the |
My understanding is as follows:
I see two possible solutions:
|
d53d528
to
fa1adb5
Compare
This happened. The function name |
fa1adb5
to
4f1a231
Compare
I have absolutely no clue, why we now have null values in the resulting configuration. In my opinion, the recursive filtering should deal with that, but it does not. Maybe the custom listenerType causes problems. |
The problem is apparently, that |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should at least fix the listener to have the correct null
values.
e86151b
to
6f3bb46
Compare
I think I addressed all the feedback. Ready for another review. |
6f3bb46
to
efcfd50
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just a few documentation changes. Otherwise LGTM, I'm running this on my server now and it seems to work!
I'm still not entirely happy to see mode: 432
in my homeserver.yaml without any comment as to what this value means but I guess this isn't something we can really fix in any good way, so I guess we can keep it like that.
efcfd50
to
d711bd9
Compare
df57896
to
4d36712
Compare
So I just tried to replace the |
Replication via uds rather than tcp/ip appears to work though 👍 |
😱 Two new options lead me into the shittiest rabbit holes in a long time. It's barely funny anymore. |
The script has no support for UNIX domain sockets. It would need to be extended with https://github.com/msabramo/requests-unixsocket to support the |
So we now drop the registration script, if the clientListener has no bind addresses. 🤷 |
4cd351c
to
b9a7d8d
Compare
That's the third escalating PR against Matrix from you that I'm reviewing, so perhaps it's my fault after all. In that case I'm sorry %)
That's fine for me, I'm using OIDC anyways. However, I think it's a bit surprising if the script disappears when using UDS, so we should do e.g.
I'm fine with either option. |
As long as this leads to an evaluation error, this should probably be a hard assertion. WDYT? |
Exposes two options, `path` and `mode`, to configure the location and permissions on the socket file. The `mode` needs to be specified as string in octal and will be converted into a decimal integer, so it correctly passes through the YAML parser and arrives at the `os.chmod` call in the Twisted codebase. What a fun detour. Adds an assertion, that either `path` or `bind_addresses` and `port` are configured on every listener. Migrates the default replication listener of the main instance to a UNIX domain socket, because it is more efficient. Introduces the `enableRegistrationScript` option, to gracefully disable the user registration script, when the client listener listens on a UNIX domain socket, which is something the script does not support.
Using `filterAttrsRecursive` is not sufficient to account for a nested attribute set with list values, like used for listeners.
b9a7d8d
to
91d9c15
Compare
Updated the manual and added both an option and an assertion in the last iteration. |
Exposes two options,
path
andmode
, to configure the location and permissions on the socket file.Adds an assertion, that either
path
orbind_addresses
andport
are configured on every listener.Migrates the default replication listener of the main instance to a UNIX domain socket, because it is more efficient.
cc NixOS/infra#336
Description of changes
Things done
nix.conf
? (See Nix manual)sandbox = relaxed
sandbox = true
nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD"
. Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/
)Add a 👍 reaction to pull requests you find important.