From 94a0a6c6ec10ecee5853c9bca86d4562f7ed896a Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 31 Mar 2026 08:47:39 +0300 Subject: [PATCH] fix(mas): keep Synapse stopped after syn2mas migration Avoid reopening a transition window where Synapse can accept new registrations or other auth changes after syn2mas completes but before the MAS cutover is finalized. Inspired by and continuing the work done in: https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/5097 --- ...uring-playbook-matrix-authentication-service.md | 2 ++ .../tasks/mas_cli_syn2mas.yml | 14 ++++++++++---- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/docs/configuring-playbook-matrix-authentication-service.md b/docs/configuring-playbook-matrix-authentication-service.md index eff0d9e8f..92140d127 100644 --- a/docs/configuring-playbook-matrix-authentication-service.md +++ b/docs/configuring-playbook-matrix-authentication-service.md @@ -398,6 +398,8 @@ To perform a real migration, run the `matrix-authentication-service-mas-cli-syn2 just run-tags matrix-authentication-service-mas-cli-syn2mas ``` +After `syn2mas` completes, Synapse will intentionally remain stopped to avoid new registrations or other authentication changes from being accepted before the migration is completed. Continue with the next steps in this guide before re-running the installation. + Having performed a `syn2mas` migration once, trying to do it again will report errors (e.g. "Error: The MAS database is not empty: rows found in at least `users`. Please drop and recreate the database, then try again."). ## Verify that Matrix Authentication Service is installed correctly diff --git a/roles/custom/matrix-authentication-service/tasks/mas_cli_syn2mas.yml b/roles/custom/matrix-authentication-service/tasks/mas_cli_syn2mas.yml index 676db8e65..a15435a64 100644 --- a/roles/custom/matrix-authentication-service/tasks/mas_cli_syn2mas.yml +++ b/roles/custom/matrix-authentication-service/tasks/mas_cli_syn2mas.yml @@ -110,11 +110,17 @@ ansible.builtin.debug: var: matrix_authentication_service_mas_cli_syn2mas_command_result -- name: Ensure Synapse is started (if it previously was) +- name: Inject syn2mas post-migration note when: "not matrix_authentication_service_syn2mas_migrate_dry_run and matrix_authentication_service_mas_cli_syn2mas_command_result.changed" - ansible.builtin.service: - name: matrix-synapse - state: started + ansible.builtin.set_fact: + devture_playbook_runtime_messages_list: | + {{ + devture_playbook_runtime_messages_list | default([]) + + + [ + "Synapse was intentionally not restarted after `syn2mas`. Continue with the next steps in the Matrix Authentication Service migration guide before re-running the installation." + ] + }} - name: Ensure Matrix Authentication Service is started (if it previously was) when: "not matrix_authentication_service_syn2mas_migrate_dry_run and matrix_authentication_service_mas_ensure_stopped_result.changed"