The ungleich Matrix infrastructure¶
- Table of contents
- The ungleich Matrix infrastructure
This document concerns the infrastructure side of our MaaS offer and is intended for ungleich staff. See Ungleich Matrix-as-a-Service (MaaS) page for end-user/customer documentation. Common operations can be found on: [[https://redmine.ungleich.ch/projects/open-infrastructure/wiki/Common_operations_on_X-as-a-Service]].
Status¶
This document is A DRAFT. This service is not in production. Ask @Timothée Floure for details.
Environment¶
Our Matrix deployments make use of the Synapse (reference) Matrix homeserver and Riot web client. We use Debian buster as base Operating system, leveraging the matrix-synapse package from the buster-backports repository. The riot client (= static files) is directly fetched from upstream releases on github.
The matrix deployments run on ipv6only VMs, HTTP traffic - including federation - being proxy by the ungleich v4-to-v6 proxy. Federation is delegated using a /.well-known/
URI as described in the customer FAQ.
Tooling¶
The whole MaaS setup is defined in the manifest/matrix-as-a-service of dot-cdist file, which wraps the __ungleich_matrix type. This type leverages:
- __matrix_synapse
- __matrix_riot
- __ungleich_nginx_static_type
- _postgres_role and _postgres_database from upstream cdist.
The matterbridge application service can be deployed with the __matterbridge type.
Matrix Federation Tester: https://federationtester.matrix.org/
Synapse Admin UI¶
- Available on: https://admin.matrix.ungleich.cloud
- Leverages https://github.com/Awesome-Technologies/synapse-admin/
- Static deployment hence hosted on staticweb.
- Allows manual admin management of users and rooms.
- Use direct address of homeserver for login:
https://XXXX.matrix.ungleich.cloud
Monitoring¶
Autodiscovered from consul in monitoring LAN.
Ungleich Deployments¶
We maintain our own deployments alongside the customer MaaS, both for our own usage and for testing.
matrix-staging.ungleich.ch¶
Staging instance used to tests the deployment pipeline and Matrix updates.
matrix.ungleich.ch¶
Production instance for ungleich. Some rooms are bridged to the chat.ungleich.ch mattermost instance. The bridge makes use of the #matterbridge:ungleich.ch
local matrix user (i.e. not from LDAP) and matterbridge
mattermost user (linked to matterbridge AT ungleich ch).
Customer Deployments¶
That's too sensitive to be public: this way !
Shared TURN server¶
Coturn is running at matrix-turn.ungleich.ch. See matrix-as-a-service
manifest in dot-cdist for details.
create mass users on matrix host¶
- info.txt
FirstName LastName Email user_id1 pw1 FirstName LastName Email user_id2 pw2 FirstName LastName Email user_id3 pw3
- creating user shall script
while read A B C D E do pw=$E name=$A" "$B ad=$C id="@"$D data='{"password":"'${pw}'", "displayname": "'${name}'", "threepids": [ { "medium": "email", "address": "'${ad}'" }], "admin": false, "deactivated": false, "avatar_url": null }' h='Authorization: Bearer <AccessToken>' curl -v -X PUT -H "$h" -d "$data" http://localhost:8008/_synapse/admin/v2/users/$id:politikergespraeche.germanzero.org sleep 2 done < info.txt
invite mass users on matrix host¶
- info.txt
FirstName LastName Email user_id1 pw1 FirstName LastName Email user_id2 pw2 FirstName LastName Email user_id3 pw3
- get user token
--> user : admin room user : to invite user, admin must be in room.
curl -XPOST -d '{"type":"m.login.password", "user":"[user_id]", "password":"[user_password]"}' "http://localhost:8008/_matrix/client/r0/login"
- inviting user script
matrixserver="testbr.lab.ungleich.ch" generate_post_data() { cat <<EOF { "user_id":"@$D:$matrixserver" } EOF } roomID=( 'roomID1 wihtout !' 'roomID2 wihtout !' ) errcode="M_LIMIT_EXCEEDED" for rm_id in ${roomID[*]} do while read A B C D E do echo $rm_id res2="" res=$(curl -XPOST -d "$(generate_post_data)" "http://localhost:8008/_matrix/client/r0/rooms/%21$rm_id%3Apolitikergespraeche.germanzero.org/invite?access_token=<ACCESS_TOKEN>") echo $res #avoid error { "errcode": "M_LIMIT_EXCEEDED", "error": "Too Many Requests", "retry_after_ms": 2895 } if [[ $res =~ $errcode ]];then sleep 5 res2=$(curl -XPOST -d "$(generate_post_data)" "http://localhost:8008/_matrix/client/r0/rooms/%21$rm_id%3Apolitikergespraeche.germanzero.org/invite?access_token=<ACCESS_TOKEN>") fi if [[ $res2 =~ $errcode ]];then echo "===error===" echo $res2 exit 1 fi sleep 1 done < info.txt done
Admin interface at admin.matrix.ungleich.cloud¶
It's based on synapse-admin:"https://github.com/Awesome-Technologies/synapse-admin" and is just a static JS app. It's deployed on staticweb.ungleich.ch.
Update procedure¶
# Clone sources git clone https://github.com/Awesome-Technologies/synapse-admin.git # Checkout latest tag git checkout tags/x.y.z # Fetch dependencies yarn install # Generate static files yarn build # Then: copy over content of build/ to staticweb
Updated by Timothée Floure over 3 years ago · 22 revisions