iartamonov/matrix-docker-ansible-deploy
1
0
Fork 0
mirror of https://github.com/spantaleev/matrix-docker-ansible-deploy.git synced 2026-03-31 20:24:12 +03:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: iartamonov:720a1b1a316825d9e9dcce1d3171f0b7889d91d3
Branches Tags
iartamonov:master iartamonov:create-pull-request/i18n iartamonov:renovate/requests-2.x iartamonov:migration-validation-system iartamonov:copilot/update-exim-relay-docs iartamonov:renovate/matrixdotorg-sygnal-0.x iartamonov:synapse-user-register-wait-for iartamonov:remove-zulip-bridge iartamonov:stabilize-mas iartamonov:element-call-stack iartamonov:element-call-integration iartamonov:synapse-cache-tuning iartamonov:HarHarLinks/hookshot-encryption
..
compare: iartamonov:master
Branches Tags
iartamonov:master iartamonov:create-pull-request/i18n iartamonov:renovate/requests-2.x iartamonov:migration-validation-system iartamonov:copilot/update-exim-relay-docs iartamonov:renovate/matrixdotorg-sygnal-0.x iartamonov:synapse-user-register-wait-for iartamonov:remove-zulip-bridge iartamonov:stabilize-mas iartamonov:element-call-stack iartamonov:element-call-integration iartamonov:synapse-cache-tuning iartamonov:HarHarLinks/hookshot-encryption

8 Commits
720a1b1a31 ... master

Author SHA1 Message Date
renovate[bot]
8145a6e492 chore(deps): update dependency sable to v1.13.1-0 2026-03-31 18:23:40 +03:00
renovate[bot]
3a120f5c25 chore(deps): update ghcr.io/element-hq/lk-jwt-service docker tag to v0.4.2 2026-03-31 18:23:20 +03:00
renovate[bot]
539136dce6 chore(deps): update dependency ntfy to v2.21.0-0 2026-03-31 08:49:16 +03:00
Slavi Pantaleev
94a0a6c6ec fix(mas): keep Synapse stopped after syn2mas migration 
Avoid reopening a transition window where Synapse can accept new registrations or other auth changes
after syn2mas completes but before the MAS cutover is finalized.

Inspired by and continuing the work done in: https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/5097
 2026-03-31 08:49:03 +03:00
renovate[bot]
060db8f428 chore(deps): update dependency jitsi to v10888 2026-03-31 01:39:18 +03:00
Jean-Benoît Grimaldi
e5804c4203 fix(mas): Don't fail if OpenID connect is setup in synapse while upgrading to MAS 2026-03-30 20:54:51 +03:00
renovate[bot]
8a3adae240 chore(deps): update dependency livekit_server to v1.10.1-0 2026-03-30 20:45:44 +03:00
renovate[bot]
c897c8f5de chore(deps): update dependency pygments to v2.20.0 2026-03-29 21:05:18 +03:00
7 changed files with 20 additions and 12 deletions
Expand all files Collapse all files

2
docs/configuring-playbook-matrix-authentication-service.md
View File

@@ -398,6 +398,8 @@ To perform a real migration, run the `matrix-authentication-service-mas-cli-syn2
just run-tags matrix-authentication-service-mas-cli-syn2mas
```
After `syn2mas` completes, Synapse will intentionally remain stopped to avoid new registrations or other authentication changes from being accepted before the migration is completed. Continue with the next steps in this guide before re-running the installation.
Having performed a `syn2mas` migration once, trying to do it again will report errors (e.g. "Error: The MAS database is not empty: rows found in at least `users`. Please drop and recreate the database, then try again.").
## Verify that Matrix Authentication Service is installed correctly

2
i18n/requirements.txt
View File

@@ -14,7 +14,7 @@ mdit-py-plugins==0.5.0
mdurl==0.1.2
myst-parser==5.0.0
packaging==26.0
Pygments==2.19.2
Pygments==2.20.0
PyYAML==6.0.3
requests==2.33.0
setuptools==82.0.1

8
requirements.yml
View File

@@ -39,13 +39,13 @@
version: v0.5.1-2
name: hydrogen
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git
version: v10741-2
version: v10888-0
name: jitsi
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-livekit-server.git
version: v1.9.12-1
version: v1.10.1-0
name: livekit_server
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-ntfy.git
version: v2.20.1-0
version: v2.21.0-0
name: ntfy
- src: git+https://github.com/devture/com.devture.ansible.role.playbook_help.git
version: ea8c5cc750c4e23d004c9a836dfd9eda82d45ff4
@@ -75,7 +75,7 @@
version: v0.19.1-3
name: prometheus_postgres_exporter
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-sable.git
version: v1.6.0-3
version: v1.13.1-0
name: sable
- src: git+https://github.com/devture/com.devture.ansible.role.systemd_docker_base.git
version: v1.5.0-0

14
roles/custom/matrix-authentication-service/tasks/mas_cli_syn2mas.yml
View File

@@ -110,11 +110,17 @@
ansible.builtin.debug:
var: matrix_authentication_service_mas_cli_syn2mas_command_result
- name: Ensure Synapse is started (if it previously was)
- name: Inject syn2mas post-migration note
when: "not matrix_authentication_service_syn2mas_migrate_dry_run and matrix_authentication_service_mas_cli_syn2mas_command_result.changed"
ansible.builtin.service:
name: matrix-synapse
state: started
ansible.builtin.set_fact:
devture_playbook_runtime_messages_list: |
{{
devture_playbook_runtime_messages_list | default([])
+
[
"Synapse was intentionally not restarted after `syn2mas`. Continue with the next steps in the Matrix Authentication Service migration guide before re-running the installation."
]
}}
- name: Ensure Matrix Authentication Service is started (if it previously was)
when: "not matrix_authentication_service_syn2mas_migrate_dry_run and matrix_authentication_service_mas_ensure_stopped_result.changed"

2
roles/custom/matrix-livekit-jwt-service/defaults/main.yml
View File

@@ -25,7 +25,7 @@ matrix_livekit_jwt_service_container_additional_networks_auto: []
matrix_livekit_jwt_service_container_additional_networks_custom: []
# renovate: datasource=docker depName=ghcr.io/element-hq/lk-jwt-service
matrix_livekit_jwt_service_version: 0.4.1
matrix_livekit_jwt_service_version: 0.4.2
matrix_livekit_jwt_service_container_image_self_build: false
matrix_livekit_jwt_service_container_repo: "https://github.com/element-hq/lk-jwt-service.git"

2
roles/custom/matrix-synapse/tasks/validate_config.yml
View File

@@ -210,7 +210,7 @@
- name: Fail if OpenID Connect is enabled for Synapse when auth is delegated to Matrix Authentication Service
ansible.builtin.fail:
msg: "When Synapse is delegating authentication to Matrix Authentication Service (`matrix_synapse_matrix_authentication_service_enabled: true`), it doesn't make sense to enable OpenID Connect (`matrix_synapse_oidc_enabled: true`), because it is not Synapse that is handling authentication. Synapse will refuse to start otherwise."
when: matrix_synapse_matrix_authentication_service_enabled and matrix_synapse_oidc_enabled
when: matrix_synapse_matrix_authentication_service_enabled and matrix_synapse_oidc_enabled and not matrix_authentication_service_migration_in_progress
- name: Fail if CAS config is enabled for Synapse when auth is delegated to Matrix Authentication Service
ansible.builtin.fail:

2
roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2
View File

@@ -2987,7 +2987,7 @@ background_updates:
#default_batch_size: 50
{% if matrix_synapse_matrix_authentication_service_enabled %}
{% if matrix_synapse_matrix_authentication_service_enabled and not matrix_authentication_service_migration_in_progress %}
matrix_authentication_service:
enabled: true
endpoint: {{ matrix_synapse_matrix_authentication_service_endpoint | to_json }}