diff --git a/.env.sample b/.env.sample index 9c0c782..4bb0c9e 100644 --- a/.env.sample +++ b/.env.sample @@ -71,7 +71,7 @@ ENABLE_REGISTRATION=false ### Matrix Authentication Service (MAS) — Element X / OIDC-native auth #COMPOSE_FILE="$COMPOSE_FILE:compose.mas.yml" -#MAS_ENABLED=1 # !!! Leave commented if you plan to migrate an existing homeserver +#MAS_ENABLED=1 # Leave commented if you plan to migrate an existing homeserver #PASSWORD_LOGIN_ENABLED=false #SECRET_MAS_ENCRYPTION_VERSION=v1 # length=64 charset=hex #SECRET_MAS_SYNAPSE_SHARED_VERSION=v1 # length=64 charset=hex diff --git a/README.md b/README.md index ed026b4..bb7e781 100644 --- a/README.md +++ b/README.md @@ -79,11 +79,9 @@ Requires PostgreSQL on Synapse and a dedicated MAS database. Backup Postgres (an ``` Use the real service name from `docker service ls` (suffix `_app`). -4. **Migration:** with MAS still running and Synapse at zero replicas, +4. **Migration:** with MAS still running and Synapse at zero replicas, run `run_mas_migration` from your machine. The homeserver snapshot at `/tmp/homeserver.yaml` in `mas` must still be present from step 1. ```bash - abra app run YOURAPPDOMAIN mas -- mas-cli syn2mas migrate \ - --config /etc/mas/config.yaml \ - --synapse-config /tmp/homeserver.yaml + abra app cmd YOURAPPDOMAIN run_mas_migration ``` 5. **Cutover:** in `.env`, set `MAS_ENABLED=1`, `PASSWORD_LOGIN_ENABLED=false`, remove legacy Keycloak/SSO envs, then `abra app deploy YOURAPPDOMAIN` (Synapse comes back with MAS delegation). `syn2mas` does not write to the Synapse database; if you abort before serving traffic through MAS, you can often drop and recreate the MAS DB and revert env. diff --git a/abra.sh b/abra.sh index 3d9e95a..263e352 100644 --- a/abra.sh +++ b/abra.sh @@ -80,6 +80,28 @@ prepare_mas_migration () { trap - EXIT cleanup_prepare_mas_migration + + echo "" + echo "=== Next migration step: stop Synapse (downtime) ===" + echo "Run on a host whose Docker CLI targets this Swarm (same machine you use for 'abra app deploy')." + if [ -n "${STACK_NAME:-}" ]; then + echo " docker service scale ${STACK_NAME}_app=0" + else + echo "STACK_NAME is not set here; resolve the Synapse service name with 'docker service ls' on that host, then:" + echo "docker service scale _app=0" + fi +} + +# Run syn2mas migrate for real (writes MAS data). Run from your operator machine as MAS image is distroless. +# Requires /tmp/homeserver.yaml in the mas container (e.g. from prepare_mas_migration) and +# Synapse scaled down before migrate. +run_mas_migration () { + local syn_cfg=/tmp/homeserver.yaml + + echo "Running mas-cli syn2mas migrate in mas via abra app run..." + abra app run -t "$DOMAIN" mas -- mas-cli syn2mas migrate \ + --config /etc/mas/config.yaml \ + --synapse-config "$syn_cfg" } set_admin () { diff --git a/compose.yml b/compose.yml index c4e6caa..c3303e2 100644 --- a/compose.yml +++ b/compose.yml @@ -108,7 +108,7 @@ services: restart_policy: condition: on-failure labels: - - "coop-cloud.${STACK_NAME}.version=7.1.0+v1.149.1" + - "coop-cloud.${STACK_NAME}.version=7.1.1+v1.149.1" - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT}" healthcheck: test: ["CMD", "curl", "-f", "http://localhost:8008/health"]