Feat/horizontal scaling (#291)

.github/workflows/integration_test.yaml

@@ -13,7 +13,7 @@ jobs:
       trivy-image-config: "trivy.yaml"
       juju-channel: 3.1/stable
       channel: 1.28-strict/stable
-      modules: '["test_charm", "test_nginx", "test_s3", "test_redis"]'
+      modules: '["test_charm", "test_nginx", "test_s3", "test_scaling"]'
       self-hosted-runner: true
       self-hosted-runner-label: "edge"
       tmate-debug: true

.licenserc.yaml

@@ -12,6 +12,7 @@ header:
     - '**/.gitkeep'
     - '**/*.cfg'
     - '**/*.conf'
+    - '**/*.conf.template'
     - '**/*.j2'
     - '**/*.json'
     - '**/*.md'

docs/reference/integrations.md

@@ -78,6 +78,7 @@ _Interface_: redis
 _Supported charms_: [redis-k8s](https://charmhub.io/redis-k8s)
 
 Integrating Synapse with Redis is required by horizontal scaling the charm.
+If the integration is not present, the charm will be blocked.
 
 See more information in [Scaling synapse via workers](https://matrix-org.github.io/synapse/latest/workers.html) in documentation repository for Synapse.
 

nginx_rock/etc/abuse_report_location.conf

@@ -0,0 +1 @@
+return 404;

nginx_rock/etc/abuse_report_location.conf.template

@@ -0,0 +1,11 @@
+# Extracted from
+# https://github.com/matrix-org/mjolnir/blob/main/test/nginx.conf
+# Abuse reports should be sent to Mjolnir.
+# The r0 endpoint is deprecated but still used by many clients.
+# As of this writing, the v3 endpoint is the up-to-date version.
+# Alias the regexps, to ensure that they're not rewritten.
+set $room_id $2;
+set $event_id $3;
+# main-unit will be replace via charm by the main unit address
+# E.g.: synapse-0.model.endpoints
+proxy_pass http://main-unit:9999/api/1/report/$room_id/$event_id;

nginx_rock/etc/main_location.conf

@@ -0,0 +1 @@
+return 404;

nginx_rock/etc/main_location.conf.template

@@ -0,0 +1,10 @@
+proxy_read_timeout 300;
+# main-unit will be replace via charm by the main unit address
+# E.g.: synapse-0.model.endpoints
+proxy_pass http://main-unit:8008;
+proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
+proxy_set_header Host $http_host;
+proxy_set_header X-Real-IP $remote_addr;
+client_max_body_size 50M;
+proxy_http_version 1.1;

nginx_rock/etc/nginx.conf

@@ -54,27 +54,270 @@ http {
       return 204;
     }
 
-    # Extracted from
-    # https://github.com/matrix-org/mjolnir/blob/main/test/nginx.conf
+    # The worker endpoints were extracted from the following documentation:
+    # https://matrix-org.github.io/synapse/latest/workers.html#synapseappgeneric_worker
     location ~ ^/_matrix/client/(r0|v3)/rooms/([^/]*)/report/(.*)$ {
-      # Abuse reports should be sent to Mjölnir.
-      # The r0 endpoint is deprecated but still used by many clients.
-      # As of this writing, the v3 endpoint is the up-to-date version.
-      # Alias the regexps, to ensure that they're not rewritten.
-      set $room_id $2;
-      set $event_id $3;
-      proxy_pass http://127.0.0.1:9999/api/1/report/$room_id/$event_id;
+      include abuse_report_location.conf;
+    }
+
+    location ~ ^/_matrix/client/(r0|v3)/sync$ {
+      include worker_location.conf;
+    }
+
+    location ~ ^/_matrix/client/(api/v1|r0|v3)/events$ {
+      include worker_location.conf;
+    }
+
+    location ~ ^/_matrix/client/(api/v1|r0|v3)/initialSync$ {
+      include worker_location.conf;
+    }
+
+    location ~ ^/_matrix/client/(api/v1|r0|v3)/rooms/[^/]+/initialSync$ {
+      include worker_location.conf;
+    }
+
+    location ~ ^/_matrix/federation/v1/event/ {
+      include worker_location.conf;
+    }
+
+    location ~ ^/_matrix/federation/v1/state/ {
+      include worker_location.conf;
+    }
+
+    location ~ ^/_matrix/federation/v1/state_ids/ {
+      include worker_location.conf;
+    }
+
+    location ~ ^/_matrix/federation/v1/backfill/ {
+      include worker_location.conf;
+    }
+
+    location ~ ^/_matrix/federation/v1/get_missing_events/ {
+      include worker_location.conf;
+    }
+
+    location ~ ^/_matrix/federation/v1/publicRooms {
+      include worker_location.conf;
+    }
+
+    location ~ ^/_matrix/federation/v1/query/ {
+      include worker_location.conf;
+    }
+
+    location ~ ^/_matrix/federation/v1/make_join/ {
+      include worker_location.conf;
+    }
+
+    location ~ ^/_matrix/federation/v1/make_leave/ {
+      include worker_location.conf;
+    }
+
+    location ~ ^/_matrix/federation/(v1|v2)/send_join/ {
+      include worker_location.conf;
+    }
+
+    location ~ ^/_matrix/federation/(v1|v2)/send_leave/ {
+      include worker_location.conf;
+    }
+
+    location ~ ^/_matrix/federation/(v1|v2)/invite/ {
+      include worker_location.conf;
+    }
+
+    location ~ ^/_matrix/federation/v1/event_auth/ {
+      include worker_location.conf;
+    }
+
+    location ~ ^/_matrix/federation/v1/timestamp_to_event/ {
+      include worker_location.conf;
+    }
+
+    location ~ ^/_matrix/federation/v1/exchange_third_party_invite/ {
+      include worker_location.conf;
+    }
+
+    location ~ ^/_matrix/federation/v1/user/devices/ {
+      include worker_location.conf;
+    }
+
+    location ~ ^/_matrix/key/v2/query {
+      include worker_location.conf;
+    }
+
+    location ~ ^/_matrix/federation/v1/hierarchy/ {
+      include worker_location.conf;
+    }
+
+    location ~ ^/_matrix/federation/v1/send/ {
+      include worker_location.conf;
+    }
+
+    location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/createRoom$ {
+      include worker_location.conf;
+    }
+
+    location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/publicRooms$ {
+      include worker_location.conf;
+    }
+
+    location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/joined_members$ {
+      include worker_location.conf;
+    }
+
+    location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/context/.*$ {
+      include worker_location.conf;
+    }
+
+    location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/members$ {
+      include worker_location.conf;
+    }
+
+    location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state$ {
+      include worker_location.conf;
+    }
+
+    location ~ ^/_matrix/client/v1/rooms/.*/hierarchy$ {
+      include worker_location.conf;
+    }
+
+    location ~ ^/_matrix/client/(v1|unstable)/rooms/.*/relations/ {
+      include worker_location.conf;
+    }
+
+    location ~ ^/_matrix/client/v1/rooms/.*/threads$ {
+      include worker_location.conf;
+    }
+
+    location ~ ^/_matrix/client/unstable/org.matrix.msc2716/rooms/.*/batch_send$ {
+      include worker_location.conf;
+    }
+
+    location ~ ^/_matrix/client/unstable/im.nheko.summary/rooms/.*/summary$ {
+      include worker_location.conf;
+    }
+
+    location ~ ^/_matrix/client/(r0|v3|unstable)/account/3pid$ {
+      include worker_location.conf;
+    }
+
+    location ~ ^/_matrix/client/(r0|v3|unstable)/account/whoami$ {
+      include worker_location.conf;
+    }
+
+    location ~ ^/_matrix/client/(r0|v3|unstable)/devices$ {
+      include worker_location.conf;
+    }
+
+    location ~ ^/_matrix/client/versions$ {
+      include worker_location.conf;
+    }
+
+    location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/voip/turnServer$ {
+      include worker_location.conf;
+    }
+
+    location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/event/ {
+      include worker_location.conf;
+    }
+
+    location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/joined_rooms$ {
+      include worker_location.conf;
+    }
+
+    location ~ ^/_matrix/client/v1/rooms/.*/timestamp_to_event$ {
+      include worker_location.conf;
+    }
+
+    location ~ ^/_matrix/client/(api/v1|r0|v3|unstable/.*)/rooms/.*/aliases {
+      include worker_location.conf;
+    }
+
+    location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/search$ {
+      include worker_location.conf;
+    }
+
+    location ~ ^/_matrix/client/(r0|v3|unstable)/user/.*/filter(/|$) {
+      include worker_location.conf;
+    }
+
+    location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/directory/room/.*$ {
+      include worker_location.conf;
+    }
+
+    location ~ ^/_matrix/client/(r0|v3|unstable)/capabilities$ {
+      include worker_location.conf;
+    }
+
+    location ~ ^/_matrix/client/(r0|v3|unstable)/keys/query$ {
+      include worker_location.conf;
+    }
+
+    location ~ ^/_matrix/client/(r0|v3|unstable)/keys/changes$ {
+      include worker_location.conf;
+    }
+
+    location ~ ^/_matrix/client/(r0|v3|unstable)/keys/claim$ {
+      include worker_location.conf;
+    }
+
+    location ~ ^/_matrix/client/(r0|v3|unstable)/room_keys/ {
+      include worker_location.conf;
+    }
+
+    location ~ ^/_matrix/client/(r0|v3|unstable)/keys/upload/ {
+      include worker_location.conf;
+    }
+
+    location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/login$ {
+      include worker_location.conf;
+    }
+
+    location ~ ^/_matrix/client/(r0|v3|unstable)/register$ {
+      include worker_location.conf;
+    }
+
+    location ~ ^/_matrix/client/(r0|v3|unstable)/register/available$ {
+      include worker_location.conf;
+    }
+
+    location ~ ^/_matrix/client/v1/register/m.login.registration_token/validity$ {
+      include worker_location.conf;
+    }
+
+    location ~ ^/_matrix/client/(r0|v3|unstable)/password_policy$ {
+      include worker_location.conf;
+    }
+
+    location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/redact {
+      include worker_location.conf;
+    }
+
+    location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/send {
+      include worker_location.conf;
+    }
+
+    location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state/ {
+      include worker_location.conf;
+    }
+
+    location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/(join|invite|leave|ban|unban|kick)$ {
+      include worker_location.conf;
+    }
+
+    location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/join/ {
+      include worker_location.conf;
+    }
+
+    location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/knock/ {
+      include worker_location.conf;
+    }
+
+    location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/profile/ {
+      include worker_location.conf;
     }
 
     location  / {
-      proxy_read_timeout 300;
-      proxy_pass http://127.0.0.1:8008;
-      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-      proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
-      proxy_set_header Host $http_host;
-      proxy_set_header X-Real-IP $remote_addr;
-      client_max_body_size 50M;
-      proxy_http_version 1.1;
+      include main_location.conf;
     }
   }
 }

nginx_rock/etc/worker_location.conf

@@ -0,0 +1,8 @@
+proxy_read_timeout 300;
+proxy_pass http://localhost:8008;
+proxy_set_header X-Forwarded-For $remote_addr;
+proxy_set_header X-Forwarded-Proto $scheme;
+proxy_set_header Host $host;
+proxy_set_header X-Real-IP $remote_addr;
+client_max_body_size 50M;
+proxy_http_version 1.1;

nginx_rock/rockcraft.yaml

@@ -22,6 +22,11 @@ parts:
     source: etc
     organize:
       nginx.conf: etc/nginx/nginx.conf
+      worker_location.conf: etc/nginx/worker_location.conf
+      abuse_report_location.conf.template: etc/nginx/abuse_report_location.conf.template
+      abuse_report_location.conf: etc/nginx/abuse_report_location.conf
+      main_location.conf.template: etc/nginx/main_location.conf.template
+      main_location.conf: etc/nginx/main_location.conf
   nginx:
     stage-packages:
       - nginx

src-docs/admin_access_token.py.md

@@ -8,7 +8,6 @@ The Admin Access Token service.
 **Global Variables**
 ---------------
 - **JUJU_HAS_SECRETS**
-- **PEER_RELATION_NAME**
 - **SECRET_ID**
 - **SECRET_KEY**
 
@@ -20,7 +19,7 @@ The Admin Access Token Service.
 
 Attrs:  _app: instance of Juju application.  _model: instance of Juju model. 
 
-<a href="../src/admin_access_token.py#L34"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
+<a href="../src/admin_access_token.py#L33"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
 
 ### <kbd>function</kbd> `__init__`
 
@@ -42,7 +41,7 @@ Initialize the service.
 
 ---
 
-<a href="../src/admin_access_token.py#L44"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
+<a href="../src/admin_access_token.py#L43"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
 
 ### <kbd>function</kbd> `get`