matrix-docker-ansible-deploy icon indicating copy to clipboard operation
matrix-docker-ansible-deploy copied to clipboard

Published 20 hours ago verified publisher icon spantaleev

Self-check, checks Matrix Federation API even when federation is disabled

Open Zepmann opened this issue 3 years ago • 0 comments

Current behavior (based on disabled federation]

Configuration in a host_vars vars.yml file:

matrix_synapse_federation_port_enabled: false
matrix_nginx_proxy_proxy_matrix_federation_api_enabled: false

Run and result:

$ ansible-playbook -i inventory/hosts setup.yml --tags=self-check
(...)
TASK [matrix-synapse : Check Matrix Federation API] ***************************************************************************************************************************************************************************************
fatal: [<REDACTED> -> 127.0.0.1]: FAILED! => changed=false 
  elapsed: 30
  msg: 'Status code was -1 and not [200]: Request failed: <urlopen error timed out>'
  redirected: false
  status: -1
  url: https://<REDACTED>:8448/_matrix/federation/v1/version
...ignoring

TASK [matrix-synapse : Fail if Matrix Federation API not working] *************************************************************************************************************************************************************************
fatal: [<REDACTED> -> 127.0.0.1]: FAILED! => changed=false 
  msg: 'Failed checking Matrix Federation API is up at `<REDACTED>` (checked endpoint: `https://<REDACTED>:8448/_matrix/federation/v1/version`). Is Synapse running? Is port 8448 open in your firewall? Full error: {''redirected'': False, ''url'': ''https://<REDACTED>:8448/_matrix/federation/v1/version'', ''status'': -1, ''elapsed'': 30, ''changed'': False, ''failed'': True, ''msg'': ''Status code was -1 and not [200]: Request failed: <urlopen error timed out>''}'
(...) failed=1 (...)

Expected behavior

Same configuration.

Run and result:

$ ansible-playbook -i inventory/hosts setup.yml --tags=self-check
(...) failed=0 (...)

Notes

This setting:

matrix_synapse_federation_port_enabled: false

should probably be leading, since the Matrix Federation API check only checks API availability on the federation port. If the setting is false, the check should be skipped since the federation port is simply not used.

This setting:

matrix_nginx_proxy_proxy_matrix_federation_api_enabled: false

Should not influence the decision to perform the check. Another path can be used to expose the federation port to the outside world.

On another note, port 8448 is still exposed by the Docker container even if it is not used.

Zepmann avatar Apr 19 '22 14:04 Zepmann