Open nopeitsnothing opened 1 year ago
I have done the obvious of generating the token and putting it into the config
How are you obtaining the token?
Unrelated, the config option for retention is just retention
, not matrix_synapse_retention
however I would suggest not enabling the experiential message retention feature. It has known bugs that can cause database corruption https://github.com/matrix-org/synapse/issues/13476 and it also saves hardly any disk space.
Unrelated, the config option for retention is just
retention
, notmatrix_synapse_retention
however I would suggest not enabling the experiential message retention feature. It has known bugs that can cause database corruption matrix-org/synapse#13476 and it also saves hardly any disk space.
That was my exact goal, minimizing the database and lowering the retention threshold. Seems that must be what borked everything.
How are you obtaining the token?
I am obtaining the token through registering a new user on Synapse (using the playbook: --extra-vars='username=mjolnir.bot password=<redacted> admin=yes' --tags=register-user
) and then using Element web to get a token then synadm
with said token. The registered user is an admin in Postgres.
I should also add: the way it works is now by forcing me to use the second level domain (matrix.org) instead of the normal matrix.matrix.org. Not only that, but I can also log in fine through a client using the latter domain. There's no way to message others. Someone in chat suggested it has no delegation. I believe a previous database cannot be imported either, since trying that results in catastrophe as well.
Edit: I also did the register new user through playbook, and then tried using curl to get a token to plug into the config, but that didn't work.
then using Element web to get a token
That's fine. Just make sure you don't log out. The error says the token is invalid which most likely means you logged out which invalidates the token.
synadm
with said token
What are you doing with synadm
?
I should also add: the way it works is now by forcing me to use the second level domain (matrix.org) instead of the normal matrix.matrix.org. Not only that, but I can also log in fine through a client using the latter domain
What is forcing you to use the second level domain? Element? Mjolnir?
I believe a previous database cannot be imported either, since trying that results in catastrophe as well
Are you migrating from a Synapse server installed outside the playbook? If so, you need to import that database first, before you enable Mjolnir or try to register any users. What is the catastrophe?
That's fine. Just make sure you don't log out. The error says the token is invalid which most likely means you logged out which invalidates the token.
I was staying logged in while I used the admin token.
What are you doing with
synadm
?
I'm using synadm to create a secondary user to test the database works. It doesn't. The user is created but there is no delegation. The user can not message others, not even on the homeserver.
What is forcing you to use the second level domain? Element? Mjolnir?
I'm not sure.
Are you migrating from a Synapse server installed outside the playbook? If so, you need to import that database first, before you enable Mjolnir or try to register any users. What is the catastrophe?
I'm not migrating, I'm attempting to install Synapse on the server itself. I tried importing the old database, but it doesn't work.
Now, certbot is telling me I hit the limit and have to wait until tomorrow night to retry.
I have the old certificate, can I just plug that into the playbook instead of generating a new one?
Retrying:
TASK [custom/matrix-nginx-proxy : Attempt initial SSL certificate retrieval with standalone authenticator (directly)] **********************************************************************
fatal: [matrix.redacted.org]: FAILED! => changed=true
cmd: /usr/bin/env docker run --rm --name=matrix-certbot --user=998:1001 --cap-drop=ALL -p 80:8080 --mount type=bind,src=/matrix/ssl/config,dst=/etc/letsencrypt --mount type=bind,src=/matrix/ssl/log,dst=/var/log/letsencrypt docker.io/certbot/certbot:amd64-v1.31.0 certonly --non-interactive --work-dir=/tmp --http-01-port 8080 --key-type rsa --standalone --preferred-challenges http --agree-tos --email=contact@redacted.org -d matrix.redacted.org
delta: '0:00:03.390827'
end: '2022-11-10 03:11:55.177469'
msg: non-zero return code
rc: 1
start: '2022-11-10 03:11:51.786642'
stderr: |-
Saving debug log to /var/log/letsencrypt/letsencrypt.log
An unexpected error occurred:
Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours: matrix.redacted.org, retry after 2022-11-10T15:22:09Z: see https://letsencrypt.org/docs/duplicate-certificate-limit/
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
stderr_lines: <omitted>
stdout: Requesting a certificate for matrix.redacted.org
stdout_lines: <omitted>
...ignoring
TASK [custom/matrix-nginx-proxy : Attempt initial SSL certificate retrieval with standalone authenticator (via proxy)] *********************************************************************
fatal: [matrix.redacted.org]: FAILED! => changed=true
cmd: /usr/bin/env docker run --rm --name=matrix-certbot --user=998:1001 --cap-drop=ALL -p 127.0.0.1:2402:8080 --network=matrix --mount type=bind,src=/matrix/ssl/config,dst=/etc/letsencrypt --mount type=bind,src=/matrix/ssl/log,dst=/var/log/letsencrypt docker.io/certbot/certbot:amd64-v1.31.0 certonly --non-interactive --work-dir=/tmp --http-01-port 8080 --key-type rsa --standalone --preferred-challenges http --agree-tos --email=contact@redacted.org -d matrix.redacted.org
delta: '0:00:03.682674'
end: '2022-11-10 03:11:59.210333'
msg: non-zero return code
rc: 1
start: '2022-11-10 03:11:55.527659'
stderr: |-
Saving debug log to /var/log/letsencrypt/letsencrypt.log
An unexpected error occurred:
Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours: matrix.redacted.org, retry after 2022-11-10T15:22:09Z: see https://letsencrypt.org/docs/duplicate-certificate-limit/
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
stderr_lines: <omitted>
stdout: Requesting a certificate for matrix.redacted.org
stdout_lines: <omitted>
...ignoring
TASK [custom/matrix-nginx-proxy : Fail if all SSL certificate retrieval attempts failed] ***************************************************************************************************
fatal: [matrix.redacted.org]: FAILED! => changed=false
msg: |-
Failed to obtain a certificate directly (by listening on port 80)
and also failed to obtain by relying on the server at port 80 to proxy the request.
See above for details.
You may wish to set up proxying of /.well-known/acme-challenge to 2402 or,
more easily, stop the server on port 80 while this playbook runs.
PLAY RECAP *********************************************************************************************************************************************************************************
matrix.redacted.org : ok=211 changed=6 unreachable=0 failed=1 skipped=1930 rescued=0 ignored=2
Playbook Configuration:
My
vars.yml
file looks like this:Matrix Server:
Ansible:
Problem description: Running the playbook with almost no additional customizations, I attempted to self-build the Postgres Docker image. Turns out, that's a terrible idea because now there are things going on, I don't even know what to make of it.
Additional context I attempted to self-build the Postgres image and borked everything. Now I have tried everything, including the removal of Docker itself to nuke the networks, so I could try to reset literally everything and start from scratch. Again, turns out you can't do that, and it's a bad time.
Journalctl
Nov 08 12:41:54 [server] matrix-bot-mjolnir[563716]: [Error: Error during MatrixClient request GET /_matrix/client/r0/joined_rooms: 401 Unauthorized -- {"errcode":"M_UNKNOWN_TOKEN","error":"Invalid access token passed.","soft_logout":false}]
Sounds very straightforward, but trust me, I have done the obvious of generating the token and putting it into the config. Doesn't work: