Custom lobbies

CHANGELOG.md

@@ -9,12 +9,15 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Added
 
+-   **Cloud** Support multipart uploads for builds
 -   **Infra** Support configuring multiple S3 providers
 -   **Infra** Support multipart uploads
 -   **Infra** Replace Promtail-based log shipping with native Loki Docker driver
--   **Infra** Add local Traefik Cloudflare proxy daemon for connecting to Cloudflare Access services
+-   **Infra** Local Traefik Cloudflare proxy daemon for connecting to Cloudflare Access services
+-   **Infra** Upload service builds to default S3 provider instead of hardcoded bucket
 -   **Bolt** Support for connecting to Redis databases with `bolt redis sh`
--   **Bolt** Add confirmation before running any command in the production namespace
+-   **Bolt** Confirmation before running any command in the production namespace
+-   **Bolt** `--start-at` flag for all infra commands
 
 ### Changed
 
@@ -25,12 +28,16 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 -   **Infra** Update Consul to 1.16.0
 -   **Infra** Update Imagor to 1.4.7
 -   **Infra** Update NATS server to 2.9.20
--   **Infra** Update Node Exporter server to 1.6.1
--   **Infra** Update Nomad to 1.6.1
+-   **Infra** Update Node Exporter server to 1.6.0
+-   **Infra** Update Nomad to 1.6.0
 -   **Infra** Update Prometheus server to 2.46.0
 -   **Infra** Update Redis Exporter to 1.52.0
 -   **Infra** Update Redis to 7.0.12
 -   **Infra** Update Treafik to 2.10.4
+-   **Bolt** PostHog events are now captured in a background task
+-   **Bolt** Auto-install rsync on Salt Master
+-   **Bolt** Recursively add dependencies from overridden services when using additional roots
+-   **KV** Significantly rate limit of all endpoints
 
 ### Security
 
@@ -40,4 +47,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 -   **Portal** Skip captcha if no Turnstile key provided
 -   **Infra** Resolve [RUSTSEC-2023-0044](https://rustsec.org/advisories/RUSTSEC-2023-0044)
+-   **Infra** Missing dpenedency on mounting volumn before setting permissions of /var/* for Cockroach, ClickHouse, Prometheus, and Traffic Server
+-   **Chrip** Empty message parameters now have placeholder so NATS doesn't throw an error
+-   **Chrip** Messages with no parameters no longer have a trailing dot
 -   **Bolt** Correctly resolve project root when building services natively
+-   **Bolt** Correctly determine executable path for `ExecServiceDriver::UploadedBinaryArtifact` with different Cargo names
+

docs/getting_started/INTERNAL_DASHBOARDS.md

@@ -6,14 +6,14 @@ Exposed tunnels & applications are configured [here](/lib/bolt/core/src/dep/terr
 
 Replace `MAIN_DOMAIN` with the value of `dns.domain.main`.
 
--   [Consul](https://consul.MAIN_DOMAIN))
--   [Nomad](https://nomad.MAIN_DOMAIN))
--   [Cockroach](https://cockroach-http.MAIN_DOMAIN))
--   [ClickHouse](https://clickhouse-http.MAIN_DOMAIN))
--   [Prometheus (svc)](https://prometheus-svc.MAIN_DOMAIN))
--   [Prometheus (job)](https://prometheus-job.MAIN_DOMAIN))
--   [Minio](https://minio-console.MAIN_DOMAIN))
--   [Traefik (proxied)](https://ing-px.MAIN_DOMAIN))
--   [Traefik (job)](https://ing-job.MAIN_DOMAIN))
+-   [Consul](https://consul.MAIN_DOMAIN)
+-   [Nomad](https://nomad.MAIN_DOMAIN)
+-   [Cockroach](https://cockroach-http.MAIN_DOMAIN)
+-   [ClickHouse](https://clickhouse-http.MAIN_DOMAIN)
+-   [Prometheus (svc)](https://prometheus-svc.MAIN_DOMAIN)
+-   [Prometheus (job)](https://prometheus-job.MAIN_DOMAIN)
+-   [Minio](https://minio-console.MAIN_DOMAIN)
+-   [Traefik (proxied)](https://ing-px.MAIN_DOMAIN)
+-   [Traefik (job)](https://ing-job.MAIN_DOMAIN)
     -   This does not support regional dashboards at the moment (SVC-2584)
     -   Will choose a random region until fixed

docs/infrastructure/nats/TROUBLESHOOTING.md

@@ -0,0 +1,10 @@
+# Troubleshooting
+
+## Checking the health of the cluster manually...
+
+1. `bolt ssh pool nats`
+2. `nix-shell -p natscli`
+3. `nats --server=10.0.44.2:4222 --user admin --password password context save default`
+4. `nats context select default`
+5. `nats server report connections`
+

docs/infrastructure/saltstack/TROUBLESHOOTING.md

@@ -31,3 +31,15 @@ Try a few things to figure this out:
 -   Run `pstree -p my-pid` on the `salt-minion` process to see what subcommand is being ran
 -   Read the `salt-minion` logs with `journalctl -u salt-minion`
 -   Try applying specific SLS files with `salt apply 'my-minion' --sls my_file`
+
+## Error when bootstrapping Minion: `RSA key format is not supported`
+
+```bash
+# Uninstall Salt
+bolt ssh name staging-lnd-atl-crdb-05-2 'systemctl stop salt-minion; apt remove -y salt-cloud salt-common salt-minion; rm -rf /etc/salt /opt/saltstack /var/log/salt /var/cache/salt /run/salt /usr/bin/salt-*; echo Done'
+
+# Re-run install_salt_minion
+(cd infra/tf/pools && terraform state rm 'module.install_salt_minion["staging-lnd-atl-crdb-05-2"]')
+bolt tf apply pools
+```
+

errors/mm/auto-create-failed.md

@@ -0,0 +1,9 @@
+---
+name = "MATCHMAKER_AUTO_CREATE_FAILED"
+description = "Could not find a valid game mode and region pair for automatic lobby creation."
+http_status = 400
+---
+
+# Matchmaker Auto Create Failed
+
+Could not find a valid game mode and region pair for automatic lobby creation.

errors/mm/custom-lobbies-disabled.md

@@ -0,0 +1,9 @@
+---
+name = "MATCHMAKER_CUSTOM_LOBBIES_DISABLED"
+description = "Custom lobbies are not allowed for the selected game mode."
+http_status = 400
+---
+
+# Matchmaker Custom Lobbies Disabled
+
+Custom lobbies are not allowed for the selected game mode.

errors/mm/custom-lobby-config-invalid.md

@@ -0,0 +1,10 @@
+---
+name = "MATCHMAKER_CUSTOM_LOBBY_CONFIG_INVALID"
+description = "The given custom lobby config is invalid: {reason}"
+description_basic = "The given custom lobby config is invalid."
+http_status = 400
+---
+
+# Matchmaker Custom Lobby Config Invalid
+
+The given custom lobby config is invalid. This is most likely because it exceeds the maximum size limit of 16KiB.

errors/mm/custom-lobby-limit-reached.md

@@ -0,0 +1,9 @@
+---
+name = "MATCHMAKER_CUSTOM_LOBBY_LIMIT_REACHED"
+description = "User cannot create any more custom lobbies."
+http_status = 400
+---
+
+# Matchmaker Custom Lobby Limit Reached
+
+User cannot create any more custom lobbies.

errors/mm/find-disabled.md

@@ -0,0 +1,9 @@
+---
+name = "MATCHMAKER_FIND_DISABLED"
+description = "The find endpoint has been disabled by the developer."
+http_status = 400
+---
+
+# Matchmaker Find Disabled
+
+The find endpoint has been disabled by the developer.

errors/mm/identity-required.md

@@ -0,0 +1,12 @@
+---
+name = "MATCHMAKER_IDENTITY_REQUIRED"
+description = "This resource can not be accessed without an identity."
+http_status = 400
+---
+
+# Matchmaker Identity Required
+
+This resource can not be accessed without an identity.
+
+If you are a developer seeing this error, make sure your API calls to matchmaker endpoints include a bearer
+token with game user entitlements.

errors/mm/join-disabled.md

@@ -0,0 +1,9 @@
+---
+name = "MATCHMAKER_JOIN_DISABLED"
+description = "The join endpoint has been disabled by the developer."
+http_status = 400
+---
+
+# Matchmaker Join Disabled
+
+The join endpoint has been disabled by the developer.

errors/mm/region-not-enabled-for-game-mode.md

@@ -4,7 +4,7 @@ description = "Region not enabled for game mode."
 http_status = 400
 ---
 
-# Matchmaker Region Not Enabled
+# Matchmaker Region Not Enabled For Game Mode
 
 The region is not enabled for the game mode.
 

errors/mm/region-not-found.md

@@ -0,0 +1,9 @@
+---
+name = "MATCHMAKER_REGION_NOT_FOUND"
+description = "One or more of the provided regions was not found."
+http_status = 400
+---
+
+# Matchmaker Region Not Found
+
+The region(s) provided were not found.

errors/mm/registration-required.md

@@ -0,0 +1,12 @@
+---
+name = "MATCHMAKER_REGISTRATION_REQUIRED"
+description = "This resource can not be accessed without a registered identity."
+http_status = 400
+---
+
+# Matchmaker Registration Required
+
+This resource can not be accessed without a registered identity.
+
+If you are a developer seeing this error, make sure your API calls to matchmaker endpoints include a bearer
+token with game user entitlements, and the given game user is registered on Rivet.

errors/mm/verification-failed.md

@@ -0,0 +1,9 @@
+---
+name = "MATCHMAKER_VERIFICATION_FAILED"
+description = "The user did not pass external matchmaker verification."
+http_status = 400
+---
+
+# Matchmaker Verification Failed
+
+The user did not pass external matchmaker verification.

errors/mm/verification-request-failed.md

@@ -0,0 +1,13 @@
+---
+name = "MATCHMAKER_VERIFICATION_REQUEST_FAILED"
+description = "The external matchmaker verification system failed or returned an invalid response."
+http_status = 400
+---
+
+# Matchmaker Verification Failed
+
+The external matchmaker verification system failed or returned an invalid response. This is not an error that
+has been caused by the user.
+
+If you are a developer seeing this error, check to see if your external matchmaker verification server is
+correctly responding to Rivet's requests.

fern/api/definition/cloud/games/builds.yml

@@ -44,15 +44,15 @@ types:
         docs: A tag given to the game build.
         type: string
       image_file: uploadCommons.PrepareFile
+      multipart_upload:
+        type: optional<boolean>
 
   CreateGameBuildResponse:
     properties:
       build_id:
         type: uuid
       upload_id:
         type: uuid
-      image_presigned_request:
-        docs: >-
-          **Deprecated: use image_presigned_requests instead**
-        type: uploadCommons.PresignedRequest
-      image_presigned_requests: list<uploadCommons.PresignedRequest>
+      image_presigned_request: optional<uploadCommons.PresignedRequest>
+      image_presigned_requests: optional<list<uploadCommons.PresignedRequest>>
+

fern/api/definition/cloud/version/matchmaker/game_mode.yml

@@ -18,6 +18,15 @@ types:
         type: optional<integer>
       docker:
         type: optional<GameModeRuntimeDocker>
+      listable:
+        type: optional<boolean>
+
+      find_config:
+        type: optional<GameModeFindConfig>
+      join_config:
+        type: optional<GameModeJoinConfig>
+      create_config:
+        type: optional<GameModeCreateConfig>
 
       # Region overrides
       tier:
@@ -76,3 +85,58 @@ types:
     properties:
       min: integer
       max: integer
+
+  GameModeIdentityRequirement:
+    docs: >-
+      The registration requirement for a user when joining/finding/creating a
+      lobby. "None" allows for connections without an identity.
+    enum:
+      - none
+      - guest
+      - registered
+
+  GameModeVerificationConfig:
+    # TODO: Add link to tutorial in docs
+    docs: >-
+      Configuration that tells Rivet where to send validation requests and with
+      what headers. When set, Rivet will send the `verification_data` property
+      (given by the user in the find/join/create endpoint) to the given url
+      along with the headers provided and some information about the requested
+      lobby. The response of this request will determine if the user can join
+      that lobby or not.
+    properties:
+      url: string
+      headers: map<string, string>
+
+  GameModeFindConfig:
+    docs: >-
+      Configures the requirements and authentication for the /find endpoint.
+      If this value is not set in the config, the /find endpoint is still enabled.
+    properties:
+      enabled:
+        docs: Sets whether or not the /find endpoint is enabled.
+        type: boolean
+      identity_requirement: GameModeIdentityRequirement
+      verification_config: optional<GameModeVerificationConfig>
+
+  GameModeJoinConfig:
+    docs: >-
+      Configures the requirements and authentication for the /join endpoint.
+      If this value is not set in the config, the /join endpoint is still enabled.
+    properties:
+      enabled:
+        docs: Sets whether or not the /join endpoint is enabled.
+        type: boolean
+      identity_requirement: GameModeIdentityRequirement
+      verification_config: optional<GameModeVerificationConfig>
+
+  GameModeCreateConfig:
+    docs: >-
+      Configures the requirements and authentication for the /create endpoint.
+      If this value is not set in the config, the /create endpoint is NOT enabled.
+    properties:
+      identity_requirement: GameModeIdentityRequirement
+      verification_config: optional<GameModeVerificationConfig>
+      enable_public: boolean
+      enable_private: boolean
+      max_lobbies_per_identity: optional<integer>

fern/api/definition/matchmaker/common.yml

@@ -86,3 +86,8 @@ types:
           Pass this token through the socket to the lobby server. The lobby server
           will validate this token with `PlayerConnected.player_token`
         type: commons.JWT
+
+  CustomLobbyPublicity:
+    enum:
+      - public
+      - private

fern/api/definition/matchmaker/lobbies.yml

@@ -49,6 +49,7 @@ service:
             regions: optional<list<string>>
             prevent_auto_create_lobby: optional<boolean>
             captcha: optional<captchaConfig.Config>
+            verification_data: optional<unknown>
       response: FindLobbyResponse
 
     join:
@@ -64,8 +65,26 @@ service:
           properties:
             lobby_id: string
             captcha: optional<captchaConfig.Config>
+            verification_data: optional<unknown>
       response: JoinLobbyResponse
 
+    create:
+      path: /create
+      method: POST
+      docs: |
+        Creates a custom lobby.
+      request:
+        name: CreateLobbyRequest
+        body:
+          properties:
+            game_mode: string
+            region: optional<string>
+            captcha: optional<captchaConfig.Config>
+            publicity: localCommons.CustomLobbyPublicity
+            lobby_config: optional<unknown>
+            verification_data: optional<unknown>
+      response: CreateLobbyResponse
+
     list:
       path: /list
       method: GET
@@ -85,6 +104,12 @@ types:
       ports: map<string, matchmakerCommons.JoinPort>
       player: matchmakerCommons.JoinPlayer
 
+  CreateLobbyResponse:
+    properties:
+      lobby: matchmakerCommons.JoinLobby
+      ports: map<string, matchmakerCommons.JoinPort>
+      player: matchmakerCommons.JoinPlayer
+
   ListLobbiesResponse:
     properties:
       game_modes: list<localCommons.GameModeInfo>