You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
74 lines
2.7 KiB
74 lines
2.7 KiB
4 years ago
|
---
|
||
|
|
||
|
- name: Install Coturn
|
||
|
yum: name=coturn state=present
|
||
|
register: turn_installed
|
||
|
tags: turn
|
||
|
|
||
|
- name: Create tmpfiles
|
||
|
command: systemd-tmpfiles --create
|
||
|
when: turn_installed.changed
|
||
|
tags: turn
|
||
|
|
||
|
- name: Deploy main configuration
|
||
|
template: src=coturn.conf.j2 dest=/etc/coturn/coturn.conf group=coturn mode=640
|
||
|
notify: restart coturn
|
||
|
tags: turn
|
||
|
|
||
|
- name: Deploy dehydrated hook
|
||
|
copy: src=dehydrated_deploy_hook dest=/etc/dehydrated/hooks_deploy_cert.d/20coturn.sh mode=755
|
||
|
tags: turn
|
||
|
|
||
|
- name: Remove turnserver rules
|
||
|
iptables_raw:
|
||
|
name: turnserver_ports
|
||
|
state: absent
|
||
|
when: iptables_manage | default(True)
|
||
|
tags: turn,firewall
|
||
|
|
||
|
- name: Handle coturn ports
|
||
|
iptables_raw:
|
||
|
name: coturn_ports
|
||
|
state: "{{ (turn_src_ip | length > 0) | ternary('present','absent') }}"
|
||
|
rules: |
|
||
|
-A INPUT -m state --state NEW -p tcp -m multiport --dports {{ [turn_port,turn_alt_port] | join(',') }} -s {{ turn_src_ip | join(',') }} -j ACCEPT
|
||
|
-A INPUT -p udp -m multiport --dports {{ [turn_port,turn_alt_port] | join(',') }} -s {{ turn_src_ip | join(',') }} -j ACCEPT
|
||
|
-A INPUT -m state --state NEW -p tcp -m multiport --dports {{ [turn_tls_port,turn_alt_tls_port] | join(',') }} -s {{ turn_src_ip | join(',') }} -j ACCEPT
|
||
|
-A INPUT -p udp -m multiport --dports {{ [turn_tls_port,turn_alt_tls_port] | join(',') }} -s {{ turn_src_ip | join(',') }} -j ACCEPT
|
||
|
-A INPUT -p tcp --dport 49152:65535 -s {{ turn_src_ip | join(',') }} -j ACCEPT
|
||
|
-A INPUT -p udp --dport 49152:65535 -s {{ turn_src_ip | join(',') }} -j ACCEPT
|
||
|
when: iptables_manage | default(True)
|
||
|
tags: turn,firewall
|
||
|
|
||
|
- name: Start and enable the service
|
||
|
service: name=coturn state=started enabled=True
|
||
|
tags: turn
|
||
|
|
||
|
- name: Add long term users
|
||
|
command: turnadmin --add --user={{ item.name }} --password={{ item.pass | quote }} --realm={{ turn_realm | default(ansible_domain) }}
|
||
|
loop: "{{ turn_lt_users }}"
|
||
|
tags: turn
|
||
|
|
||
|
- name: Remove users with unknown realm
|
||
|
shell: |
|
||
|
for U in $(turnadmin --list | grep -v '\[{{ turn_realm | default(ansible_domain) }}\]'); do
|
||
|
user=$(echo $U | cut -d'[' -f1)
|
||
|
realm=$(echo $U | perl -pe 's/.*\[(.*)\]/$1/')
|
||
|
turnadmin --delete --user=$user --realm=$realm
|
||
|
done
|
||
|
changed_when: False
|
||
|
tags: turn
|
||
|
|
||
|
- name: List long term users
|
||
|
shell: turnadmin --list | grep -vP '^0:\s+(log file opened|SQLite connection)' | cut -d'[' -f1
|
||
|
register: turn_lt_existing_users
|
||
|
changed_when: False
|
||
|
tags: turn
|
||
|
|
||
|
- name: Remove unmanaged long term users
|
||
|
command: turnadmin --delete --user={{ item }} --realm={{ turn_realm | default(ansible_domain) }}
|
||
|
when: item not in turn_lt_users | map(attribute='name') | list
|
||
|
loop: "{{ turn_lt_existing_users.stdout_lines }}"
|
||
|
tags: turn
|
||
|
|