| 18 Feb 2022 |
 @andreas.schraegle:helsinki-systems.de | In reply to @hexa:lossy.network
no dependency resolution when you go systemctl restart matrix-synapse matrix-synapse-worker-client1 [...] you can tell switch-to-configuration to stop and start instead of restart, that might work. | 13:30:55 |
 hexa | I think I have more confidence in a loop with in-active in prestart | 13:34:06 |
| hexa | Wondering when exactly systemd handles dependencies, possibly inside targets? | 13:35:05 |
| @andreas.schraegle:helsinki-systems.de | das_j isn't here, he might be able to tell you | 13:37:56 |
| hexa | a quick brainstorming how worker definitions could be looking: https://md.darmstadt.ccc.de/synapse-at-work?both | 22:57:50 |
| hexa | more input welcome | 22:57:56 |
| hexa | * more input very welcome | 22:57:58 |
 f0x | added some more assertions | 23:43:07 |
| f0x | I think it would be great to support both option designs, perhaps make them mutually exclusive though | 23:44:23 |
| f0x | we would also need some way of handling the load balancing considerations when having multiple sync or federationReceiver workers | 23:46:46 |
| f0x | im considering writing some kind of proxy to handle the access token parsing for efficient /sync loadbalancing, because doing that in pure nginx became impossible with the new temporary tokens afaik | 23:52:57 |
| f0x | https://github.com/sandhose/matrix-doc/blob/sandhose/msc/refresh-token/proposals/2918-refreshtokens.md these are entirely opaque whereas the old (long) access tokens actually encoded the MXID | 23:57:27 |
| f0x | so you would need to do an http request or database access to figure out who the token is for | 23:57:41 |
| 19 Feb 2022 |
| hexa | In reply to @f0x:pixie.town
we would also need some way of handling the load balancing considerations when having multiple sync or federationReceiver workers ideally yes, but until that is possible we should resort to simpler measure, like hashing the src address of incoming requests | 01:07:27 |
| f0x | oh that's pretty good actually | 01:08:17 |
| hexa | also I think there was something proxy-adjacent linked recently, I think by sorunome? | 01:09:37 |
| hexa | https://github.com/Sorunome/matrix-synchrotron-balancer | 01:09:43 |
| hexa | though that looks dated? | 01:09:46 |
 Dandellion | its old and uses the trick with usernames in AS tokens IIRC | 01:09:59 |
| hexa | so no good | 01:10:31 |
| f0x | In reply to @dandellion:dodsorf.as
its old and uses the trick with usernames in AS tokens IIRC it does use a whoami request so should still work | 01:12:04 |
| f0x | maybe other parts changed though | 01:12:33 |
| f0x | using a hash of the authorization header could work too? | 01:12:52 |
| Dandellion | huh you're right | 01:13:11 |
| hexa | yeah, so how do you access that in nginx? | 01:16:07 |
| f0x | $http_Authorization apparently | 01:17:51 |
| hexa | neat | 01:17:58 |
| hexa | so it's just hash $http_Authorization and we'd be good? | 01:18:30 |
| f0x | i have no idea but it's worth a try :P | 01:18:55 |
| hexa | so I wonder, you're saying that ideally we'd support both | 01:21:05 |
