Feature: add synapse worker support

group_vars/matrix_servers

@@ -864,6 +864,22 @@ matrix_postgres_db_name: "homeserver"
 
 
 
+######################################################################
+#
+# matrix-redis
+#
+######################################################################
+
+matrix_redis_enabled: "{{ matrix_synapse_workers_enabled }}"
+
+######################################################################
+#
+# /matrix-redis
+#
+######################################################################
+
+
+
 ######################################################################
 #
 # matrix-client-element
@@ -1003,6 +1019,11 @@ matrix_synapse_systemd_wanted_services_list: |
     (['matrix-mailer.service'] if matrix_mailer_enabled else [])
   }}
 
+# Worker support with redis
+matrix_synapse_redis_enabled: "{{ matrix_redis_enabled }}"
+matrix_synapse_redis_host: "{{ 'matrix-redis' if matrix_redis_enabled else '' }}"
+matrix_synapse_redis_password: "{{ matrix_redis_connection_password if matrix_redis_enabled else '' }}"
+
 ######################################################################
 #
 # /matrix-synapse

roles/matrix-nginx-proxy/defaults/main.yml

@@ -247,3 +247,81 @@ matrix_ssl_log_dir_path: "{{ matrix_ssl_base_path }}/log"
 # nginx status page configurations.
 matrix_nginx_proxy_proxy_matrix_nginx_status_enabled: false
 matrix_nginx_proxy_proxy_matrix_nginx_status_allowed_addresses: ['{{ ansible_default_ipv4.address }}']
+
+
+# worker
+matrix_nginx_proxy_synapse_workers_enabled: "{{ matrix_synapse_workers_enabled }}"
+matrix_nginx_proxy_synapse_workers_enabled_list: "{{ matrix_synapse_workers_enabled_list }}"
+matrix_nginx_proxy_synapse_generic_worker_locations: [
+  # Sync requests
+  '^/_matrix/client/(v2_alpha|r0)/sync$',
+  '^/_matrix/client/(api/v1|v2_alpha|r0)/events$',
+  '^/_matrix/client/(api/v1|r0)/initialSync$',
+  '^/_matrix/client/(api/v1|r0)/rooms/[^/]+/initialSync$',
+
+  # Federation requests
+  '^/_matrix/federation/v1/event/',
+  '^/_matrix/federation/v1/state/',
+  '^/_matrix/federation/v1/state_ids/',
+  '^/_matrix/federation/v1/backfill/',
+  '^/_matrix/federation/v1/get_missing_events/',
+  '^/_matrix/federation/v1/publicRooms',
+  '^/_matrix/federation/v1/query/',
+  '^/_matrix/federation/v1/make_join/',
+  '^/_matrix/federation/v1/make_leave/',
+  '^/_matrix/federation/v1/send_join/',
+  '^/_matrix/federation/v2/send_join/',
+  '^/_matrix/federation/v1/send_leave/',
+  '^/_matrix/federation/v2/send_leave/',
+  '^/_matrix/federation/v1/invite/',
+  '^/_matrix/federation/v2/invite/',
+  '^/_matrix/federation/v1/query_auth/',
+  '^/_matrix/federation/v1/event_auth/',
+  '^/_matrix/federation/v1/exchange_third_party_invite/',
+  '^/_matrix/federation/v1/user/devices/',
+  '^/_matrix/federation/v1/get_groups_publicised$',
+  '^/_matrix/key/v2/query',
+
+  # Inbound federation transaction request
+  '^/_matrix/federation/v1/send/',
+
+  # Client API requests
+  '^/_matrix/client/(api/v1|r0|unstable)/publicRooms$',
+  '^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/joined_members$',
+  '^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/context/.*$',
+  '^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/members$',
+  '^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/state$',
+  '^/_matrix/client/(api/v1|r0|unstable)/account/3pid$',
+  '^/_matrix/client/(api/v1|r0|unstable)/keys/query$',
+  '^/_matrix/client/(api/v1|r0|unstable)/keys/changes$',
+  '^/_matrix/client/versions$',
+  '^/_matrix/client/(api/v1|r0|unstable)/voip/turnServer$',
+  '^/_matrix/client/(api/v1|r0|unstable)/joined_groups$',
+  '^/_matrix/client/(api/v1|r0|unstable)/publicised_groups$',
+  '^/_matrix/client/(api/v1|r0|unstable)/publicised_groups/',
+
+  # Registration/login requests
+  '^/_matrix/client/(api/v1|r0|unstable)/login$',
+  '^/_matrix/client/(r0|unstable)/register$',
+  '^/_matrix/client/(r0|unstable)/auth/.*/fallback/web$',
+
+  # Event sending requests
+  '^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/send',
+  '^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/state/',
+  '^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/(join|invite|leave|ban|unban|kick)$',
+  '^/_matrix/client/(api/v1|r0|unstable)/join/',
+  '^/_matrix/client/(api/v1|r0|unstable)/profile/',
+]
+
+matrix_nginx_proxy_synapse_media_repository_locations: [
+  '^/_matrix/media/',
+  '^/_synapse/admin/v1/purge_media_cache$',
+  '^/_synapse/admin/v1/room/.*/media.*$',
+  '^/_synapse/admin/v1/user/.*/media.*$',
+  '^/_synapse/admin/v1/media/.*$',
+  '^/_synapse/admin/v1/quarantine_media/.*$',
+]
+
+matrix_nginx_proxy_synapse_user_dir_locations: [
+  '^/_matrix/client/(api/v1|r0|unstable)/user_directory/search$',
+]

roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2

@@ -101,6 +101,61 @@
 	}
 	{% endif %}
 
+	{% if matrix_nginx_proxy_synapse_workers_enabled %}
+		{# Synapse Workers #}
+
+		{% if generic_worker_workers %}
+			{# https://github.com/matrix-org/synapse/blob/master/docs/workers.md#synapseappgeneric_worker #}
+			{% for location in matrix_nginx_proxy_synapse_generic_worker_locations %}
+			location ~ {{ location }} {
+				proxy_pass http://generic_worker_upstream$request_uri;
+				proxy_set_header Host $host;
+				proxy_set_header X-Forwarded-For $remote_addr;
+			}
+			{% endfor %}
+			{# ToDo: add GET ^/_matrix/federation/v1/groups/ #}
+		{% endif %}
+
+		{% if media_repository_workers %}
+			{# https://github.com/matrix-org/synapse/blob/master/docs/workers.md#synapseappmedia_repository #}
+			{% for location in matrix_nginx_proxy_synapse_media_repository_locations %}
+			location ~ {{ location }} {
+				proxy_pass http://media_repository_upstream$request_uri;
+				proxy_set_header Host $host;
+				proxy_set_header X-Forwarded-For $remote_addr;
+			}
+			{% endfor %}
+		{% endif %}
+
+		{% if user_dir_workers %}
+			{# https://github.com/matrix-org/synapse/blob/master/docs/workers.md#synapseappuser_dir #}
+			{% for location in matrix_nginx_proxy_synapse_user_dir_locations %}
+			location ~ {{ location }} {
+				proxy_pass http://user_dir_upstream$request_uri;
+				proxy_set_header Host $host;
+				proxy_set_header X-Forwarded-For $remote_addr;
+			}
+			{% endfor %}
+		{% endif %}
+
+		{% if frontend_proxy_workers %}
+			{# https://github.com/matrix-org/synapse/blob/master/docs/workers.md#synapseappfrontend_proxy #}
+			location ~ ^/_matrix/client/(api/v1|r0|unstable)/keys/upload {
+				proxy_pass http://frontend_proxy_upstream$request_uri;
+				proxy_set_header Host $host;
+				proxy_set_header X-Forwarded-For $remote_addr;
+			}
+			{% if not matrix_synapse_use_presence %}
+			location ~ ^/_matrix/client/(api/v1|r0|unstable)/presence/[^/]+/status {
+				proxy_pass http://frontend_proxy_upstream$request_uri;
+				proxy_set_header Host $host;
+				proxy_set_header X-Forwarded-For $remote_addr;
+			}
+			{% endif %}
+		{% endif %}
+	{% endif %}
+
+
 	{% for configuration_block in matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks %}
 		{{- configuration_block }}
 	{% endfor %}
@@ -174,6 +229,53 @@
 	}
 {% endmacro %}
 
+{% set generic_worker_workers = matrix_nginx_proxy_synapse_workers_enabled_list|selectattr('worker', 'equalto', 'generic_worker')|list %}
+{% set media_repository_workers = matrix_nginx_proxy_synapse_workers_enabled_list|selectattr('worker', 'equalto', 'media_repository')|list %}
+{% set user_dir_workers = matrix_nginx_proxy_synapse_workers_enabled_list|selectattr('worker', 'equalto', 'user_dir')|list %}
+{% set frontend_proxy_workers = matrix_nginx_proxy_synapse_workers_enabled_list|selectattr('worker', 'equalto', 'frontend_proxy')|list %}
+{% if matrix_nginx_proxy_synapse_workers_enabled %}
+	{# Setup upstream for groups of workers #}
+
+	{% if generic_worker_workers %}
+	upstream generic_worker_upstream {
+		# ensures that requests from the same client will always be passed
+		# to the same server (except when this server is unavailable)
+		ip_hash;
+
+		{% for worker in generic_worker_workers %}
+		server "matrix-synapse:{{ worker.port }}";
+		{% endfor %}
+	}
+	{% endif %}
+
+	{% if frontend_proxy_workers %}
+	upstream frontend_proxy_upstream {
+		# Round Robin
+		{% for worker in frontend_proxy_workers %}
+		server "matrix-synapse:{{ worker.port }}";
+		{% endfor %}
+	}
+	{% endif %}
+
+	{% if media_repository_workers %}
+	upstream media_repository_upstream {
+		# Round Robin
+		{% for worker in media_repository_workers %}
+		server "matrix-synapse:{{ worker.port }}";
+		{% endfor %}
+	}
+	{% endif %}
+
+	{% if user_dir_workers %}
+	upstream user_dir_upstream {
+		# Round Robin
+		{% for worker in user_dir_workers %}
+		server "matrix-synapse:{{ worker.port }}";
+		{% endfor %}
+	}
+	{% endif %}
+{% endif %}
+
 server {
 	listen {{ 8080 if matrix_nginx_proxy_enabled else 80 }};
 	server_name {{ matrix_nginx_proxy_proxy_matrix_hostname }};
@@ -255,6 +357,20 @@ server {
 		ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
 	{% endif %}
 
+	{% if matrix_nginx_proxy_synapse_workers_enabled %}
+		{% if generic_worker_workers %}
+			{# https://github.com/matrix-org/synapse/blob/master/docs/workers.md#synapseappgeneric_worker #}
+			{% for location in matrix_nginx_proxy_synapse_generic_worker_locations %}
+			location ~ {{ location }} {
+				proxy_pass http://generic_worker_upstream$request_uri;
+				proxy_set_header Host $host;
+				proxy_set_header X-Forwarded-For $remote_addr;
+			}
+			{% endfor %}
+			{# ToDo: add GET ^/_matrix/federation/v1/groups/ #}
+		{% endif %}
+	{% endif %}
+
 	location / {
 		{% if matrix_nginx_proxy_enabled %}
 			{# Use the embedded DNS resolver in Docker containers to discover the service #}

roles/matrix-postgres/defaults/main.yml

@@ -22,6 +22,10 @@ matrix_postgres_docker_image_force_pull: "{{ matrix_postgres_docker_image_to_use
 # A list of extra arguments to pass to the container
 matrix_postgres_container_extra_arguments: []
 
+# A list of extra arguments to pass to the postgres process
+# e.g. "-c 'max_connections=200'"
+matrix_postgres_process_extra_arguments: []
+
 # Controls whether the matrix-postgres container exposes a port (tcp/5432 in the
 # container) that can be used to access the database from outside the container (e.g. with psql)
 #

roles/matrix-postgres/templates/systemd/matrix-postgres.service.j2

@@ -26,7 +26,11 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-postgres \
 			{% for arg in matrix_postgres_container_extra_arguments %}
 			{{ arg }} \
 			{% endfor %}
-			{{ matrix_postgres_docker_image_to_use }}
+			{{ matrix_postgres_docker_image_to_use }} \
+			postgres \
+			{% for arg in matrix_postgres_process_extra_arguments %}
+			{{ arg }} \
+			{% endfor %}
 
 ExecStop=-{{ matrix_host_command_docker }} stop matrix-postgres
 ExecStop=-{{ matrix_host_command_docker }} rm matrix-postgres

roles/matrix-redis/defaults/main.yml

@@ -0,0 +1,22 @@
+matrix_redis_enabled: true
+
+matrix_redis_connection_password: ""
+
+matrix_redis_base_path: "{{ matrix_base_data_path }}/redis"
+matrix_redis_data_path: "{{ matrix_redis_base_path }}/data"
+
+matrix_redis_docker_image_v5: "redis:5.0-alpine"
+matrix_redis_docker_image_v6: "redis:6.0-alpine"
+matrix_redis_docker_image_latest: "{{ matrix_redis_docker_image_v6 }}"
+matrix_redis_docker_image_to_use: '{{ matrix_redis_docker_image_latest }}'
+
+matrix_redis_docker_image_force_pull: "{{ matrix_redis_docker_image_to_use.endswith(':latest') }}"
+
+# A list of extra arguments to pass to the container
+matrix_redis_container_extra_arguments: []
+
+# Controls whether the matrix-redis container exposes a port (tcp/6379 in the container)
+# that can be used to access redis from outside the container
+#
+# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:6379"), or empty string to not expose.
+matrix_redis_container_redis_bind_port: ""

roles/matrix-redis/tasks/init.yml

@@ -0,0 +1,3 @@
+- set_fact:
+    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-redis'] }}"
+  when: matrix_redis_enabled|bool

roles/matrix-redis/tasks/main.yml

@@ -0,0 +1,9 @@
+- import_tasks: "{{ role_path }}/tasks/init.yml"
+  tags:
+    - always
+
+- import_tasks: "{{ role_path }}/tasks/setup_redis.yml"
+  when: run_setup|bool
+  tags:
+    - setup-all
+    - setup-redis