Ansible Synapse deployment when password login is disabled
ad2ien opened this issue · comments
In prod we want simple login password to be disabled so users have the choice between PSC and EIMIS connect.
There's several steps in Synapse config:
- first config to get started
- create an admin user
- upload pictos for oidc buttons
- manage discovery rooms (create dummy-user, invite users from federation)
- an extraconfig step mainly to configure picto for oidc buttons after this step pods are restarted
DoD
in an env where password login is disable and the stack is already created, it's possible to go through the steps in which the admin user token is needed: auth-button and discovery-room
how?
- Ideally there's a way to configure oidc picto without having to restart the pods but don't know how to do that 🤷
- easy way: reset extraconfig map to enable password login and restart synapse before 1st step (if already deployed)
- better : only do
first-adminauth-buttondiscovery-roomwhen deploying from scratch
Additionally It would be nice to restart pods only if matrix-synapse or matrix-synapse-extraconfig configmap has been changed
also take advantage to remove
extraVolumes:
- name: s3-media-repo-module
configMap:
name: s3-media-repo-module
in extra config