config blocks are read only from the last configuration file loaded using --config-path, resulting in most of the block missing.

[duanin2]

Description

Synapse fails at startup with an error message saying that the key email.notif_from is missing, but it exists in the configuration file.

Steps to reproduce

• Set any configuration block by splitting it and setting each part in a different configuration file, with at least one required option of the block set in a file other than the last one
• Load all the resulting config files using --config-path (like the NixOS module, when the extraConfigFiles option is used)
• Experience a startup failure, until the block is overwritten completely in the last file or set in only one of the files

Homeserver

duanin2.top

Synapse Version

1.114.0

Installation Method

Other (please mention below)

Installed using NixOS Modules

Database

PostgreSQL(single server, no porting, no backup restores)

Workers

Single process

Platform

NixOS unstable on a Raspberry Pi 5.

Configuration

No response

Edit: I have a separate config file for secrets, like the SMTP password, in order to not include them in my public NixOS-Config repository on GitHub, and the nix store.

Relevant log output

This server is configured to use 'matrix.org' as its trusted key server via the
'trusted_key_servers' config option. 'matrix.org' is a good choice for a key
server since it is long-lived, stable and trusted. However, some admins may
wish to use another server for this purpose.
To suppress this warning and continue using 'matrix.org', admins should set
'suppress_key_server_warning' to 'true' in homeserver.yaml.
--------------------------------------------------------------------------------
Error in configuration:
  Password reset emails are enabled on this homeserver due to a partial
'email' block. However, the following required keys are missing:
    email.notif_from

Anything else that would be useful to know?

Relevant nix configuration lines
Resulting configuration file lines:

email:
  enable_notifs: true
  force_tls: true
  notif_delay_before_mail: 1h
  notif_for_new_users: false
  notif_from: Your %(app)s homeserver <[email protected]>
  smtp_host: duanin2.top
  smtp_user: [email protected]

[daedric7]

Can you try with quotes ?

notif_from: "Your %(app)s homeserver <[email protected]>"

[duanin2]

It seems the issue is actually caused by having the config separated in two parts to make sure I don't have sensitive information like the SMTP password world-readable in the nix store, but having an email section in both files is causing it to only read the section from the second file with the secrets. I should have probably mentioned that before.

[duanin2]

I have just realized, that my entire database config only worked was because I have overwritten the config written by nix in the secrets config file.
So I've tried moving the actual config from the secrets config to the nix config and now I get this error:

This server is configured to use 'matrix.org' as its trusted key server via the
'trusted_key_servers' config option. 'matrix.org' is a good choice for a key
server since it is long-lived, stable and trusted. However, some admins may
wish to use another server for this purpose.
To suppress this warning and continue using 'matrix.org', admins should set
'suppress_key_server_warning' to 'true' in homeserver.yaml.
--------------------------------------------------------------------------------
root: [main] ***** STARTING SERVER *****
root: [main] Server /nix/store/25f46gz3xc4fy8nl0564c10q6c9hnr49-matrix-synapse-1.114.0/bin/synapse_homeserver version 1.114.0
root: [main] Copyright (c) 2023 New Vector, Inc
root: [main] Licensed under the AGPL 3.0 license. Website: https://github.com/element-hq/synapse
root: [main] Server hostname: duanin2.top
root: [main] Instance name: master
root: [main] Twisted reactor: EPollReactor
synapse.app.homeserver: [main] Setting up server
synapse.server: [main] Setting up.
synapse.app._base: [main] Exception during startup
synapse.app._base: [main] Exception during startup
  Traceback (most recent call last):
    File "/nix/store/25f46gz3xc4fy8nl0564c10q6c9hnr49-matrix-synapse-1.114.0/lib/python3.12/site-packages/synapse/app/homeserver.py", line 373, in setup
      hs.setup()
    File "/nix/store/25f46gz3xc4fy8nl0564c10q6c9hnr49-matrix-synapse-1.114.0/lib/python3.12/site-packages/synapse/server.py", line 355, in setup
      self.datastores = Databases(self.DATASTORE_CLASS, self)
                        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    File "/nix/store/25f46gz3xc4fy8nl0564c10q6c9hnr49-matrix-synapse-1.114.0/lib/python3.12/site-packages/synapse/storage/databases/__init__.py", line 70, in __init__
      engine = create_engine(database_config.config)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    File "/nix/store/25f46gz3xc4fy8nl0564c10q6c9hnr49-matrix-synapse-1.114.0/lib/python3.12/site-packages/synapse/storage/engines/__init__.py", line 53, in create_engine
      name = database_config["name"]
             ~~~~~~~~~~~~~~~^^^^^^^^
  KeyError: 'name'
**********************************************************************************
Error during initialisation:
    Traceback (most recent call last):
      File "/nix/store/25f46gz3xc4fy8nl0564c10q6c9hnr49-matrix-synapse-1.114.0/lib/python3.12/site-packages/synapse/app/homeserver.py", line 373, in setup
        hs.setup()
      File "/nix/store/25f46gz3xc4fy8nl0564c10q6c9hnr49-matrix-synapse-1.114.0/lib/python3.12/site-packages/synapse/server.py", line 355, in setup
        self.datastores = Databases(self.DATASTORE_CLASS, self)
                          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
      File "/nix/store/25f46gz3xc4fy8nl0564c10q6c9hnr49-matrix-synapse-1.114.0/lib/python3.12/site-packages/synapse/storage/databases/__init__.py", line 70, in __init__
        engine = create_engine(database_config.config)
                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
      File "/nix/store/25f46gz3xc4fy8nl0564c10q6c9hnr49-matrix-synapse-1.114.0/lib/python3.12/site-packages/synapse/storage/engines/__init__.py", line 53, in create_engine
        name = database_config["name"]
               ~~~~~~~~~~~~~~~^^^^^^^^
    KeyError: 'name'

There may be more information in the logs.
**********************************************************************************

So it's actually an issue with Synapse reading any config blocks only from the last file it finds them in in the order they are presented with the --config-path argument.

[duanin2]

It seems like this is a problem, which would be solved if #11203 was solved. So should I close this issue?

[daedric7]

It seems you're using multiple config files in a way that it's not supported. It would be necessary to see those multiple files (redacted) to be sure. If it is indeed #11203 then you must copy entire config blocks into the second or following config files, partials won't work.

[clokep]

I think it is a duplicate of #11203.

[duanin2]

File 1:

admin_contact: mailto:[email protected]
app_service_config_files: []
database:
  args:
    cp_max: 10
    cp_min: 5
    database: matrix-synapse
    dbname: synapse
    host: localhost
    user: synapse_user
  name: psycopg2
dynamic_thumbnails: false
email:
  enable_notifs: true
  force_tls: true
  notif_delay_before_mail: 1h
  notif_for_new_users: false
  notif_from: '"Your %(app)s homeserver <[email protected]>"'
  smtp_host: duanin2.top
  smtp_user: [email protected]
enable_metrics: true
enable_registration: true
enable_registration_captcha: true
instance_map: {}
listeners:
- bind_addresses:
  - 127.0.0.1
  port: 8008
  resources:
  - compress: true
    names:
    - client
    - federation
  tls: false
  type: http
  x_forwarded: true
log_config: /nix/store/5n0ip7n74761j2365bzn6fq4b7szj1cn-synapse-log-synapse.yaml
max_image_pixels: 32M
max_upload_size: 50M
media_store_path: /var/lib/matrix-synapse/media_store
pid_file: /run/matrix-synapse.pid
presence:
  enabled: true
public_baseurl: https://matrix.duanin2.top
redis:
  enabled: false
report_stats: false
server_name: duanin2.top
signing_key_path: /var/lib/matrix-synapse/homeserver.signing.key
trusted_key_servers:
- server_name: matrix.org
  verify_keys:
    ed25519:auto: Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw
turn_shared_secret: ''
turn_uris: []
url_preview_enabled: true
url_preview_ip_range_blacklist:
- 192.168.1.0/24
- 127.0.0.0/8
- ::1/128
- fe80::/64
url_preview_ip_range_whitelist: []
url_preview_url_blacklist: []

File 2:

database:
  args:
    password: ****
registration_shared_secret: ****
recaptcha_public_key: ****
recaptcha_private_key: ****
email:
  smtp_pass: "****"

[devonh]

This sounds exactly like what #11203 is proposing, albeit described in a different manner.
Closing this issue as a duplicate.