fws
/
ansible-roles
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Update to 2020-04-17 11:00

Browse Source
master
Daniel Berteaud 5 years ago
parent 6b69268edd
commit 9820059096
24 changed files with 232 additions and 91 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 34
      roles/jitsi/defaults/main.yml
  2. 1
      roles/jitsi/meta/main.yml
  3. 6
      roles/jitsi/tasks/cleanup.yml
  4. 12
      roles/jitsi/tasks/conf.yml
  5. 11
      roles/jitsi/tasks/facts.yml
  6. 39
      roles/jitsi/tasks/install.yml
  7. 8
      roles/jitsi/tasks/iptables.yml
  8. 5
      roles/jitsi/tasks/services.yml
  9. 8
      roles/jitsi/templates/nginx.conf.j2
  10. 22
      roles/jitsi_videobridge/defaults/main.yml
  11. 5
      roles/jitsi_videobridge/handlers/main.yml
  12. 4
      roles/jitsi_videobridge/meta/main.yml
  13. 8
      roles/jitsi_videobridge/tasks/cleanup.yml
  14. 9
      roles/jitsi_videobridge/tasks/conf.yml
  15. 3
      roles/jitsi_videobridge/tasks/directories.yml
  16. 15
      roles/jitsi_videobridge/tasks/facts.yml
  17. 56
      roles/jitsi_videobridge/tasks/install.yml
  18. 9
      roles/jitsi_videobridge/tasks/iptables.yml
  19. 11
      roles/jitsi_videobridge/tasks/main.yml
  20. 5
      roles/jitsi_videobridge/tasks/services.yml
  21. 3
      roles/jitsi_videobridge/tasks/user.yml
  22. 27
      roles/jitsi_videobridge/templates/jitsi-videobridge.service.j2
  23. 19
      roles/jitsi_videobridge/templates/sip-communicator.properties.j2
  24. 3
      roles/jitsi_videobridge/templates/videobridge.conf.j2

34
roles/jitsi/defaults/main.yml
Unescape View File

@ -3,17 +3,12 @@
jitsi_root_dir: /opt/jitsi
jitsi_user: jitsi
jitsi_videobridge_version: 1132
jitsi_videobridge_archive_url: https://download.jitsi.org/jitsi-videobridge/linux/jitsi-videobridge-linux-x64-{{ jitsi_videobridge_version }}.zip
jitsi_videobridge_archive_sha1: 2e749f4667bc5650c0af59c23241ad094a24e1f2
jitsi_videobridge_harvester_port: 4443
# This one cannot be changed
jitsi_videobridge_rtp_port: 10000
jitsi_videobridge_src_ip:
# List of IP or CIDR for which web resources will be served
# It can be different from jitsi_videobridge_src_ip is web access is done through
# a reverse proxy
jitsi_web_src_ip:
- 0.0.0.0/0
jitsi_videobridge_git_url: https://github.com/jitsi/jitsi-videobridge.git
jitsi_jicofo_git_url: https://github.com/jitsi/jicofo.git
jitsi_jigasi_git_url: https://github.com/jitsi/jigasi.git
jitsi_meet_git_url: https://github.com/jitsi/jitsi-meet.git
@ -23,11 +18,10 @@ jitsi_xmpp_server: "{{ inventory_hostname }}"
# Port on which to connect to the XMPP server to register as a component
jitsi_xmpp_component_port: 5347
# XMPP password to connect to
jitsi_videobridge_xmpp_user: jvb
jitsi_videobridge_xmpp_domain: "{{ jitsi_auth_domain }}"
# A random pass will be created if not defined
# jitsi_videobridge_xmpp_pass:
# Account for videobridge
jitsi_jvb_xmpp_user: "{{ jitsi_videobridge_xmpp_user | default('jvb') }}"
jitsi_jvb_xmpp_domain: "{{ jitsi_videobridge_xmpp_domain | default(jitsi_auth_domain) }}"
# jitsi_jvb_xmpp_pass:
jitsi_stun_servers: []
# jitsi_stun_servers:
@ -45,10 +39,6 @@ jitsi_turn_secret: "{{ turnserver_auth_secret | default('p@ssw0rd') }}"
# than sso for desktop users. See all the jitsi_ldap_xxxx settings
jitsi_auth: False
# Secret to register on the XMPP server. A random one will be generated if not defined
# jitsi_videobridge_xmpp_secret: S3cr3t.
# jitsi_jicofo_xmpp_secret: p@ssw0rd
jitsi_jicofo_xmpp_user: jicofo
jitsi_jicofo_xmpp_domain: "{{ jitsi_auth_domain }}"
# Password for the focus user on the auth domain
@ -99,6 +89,8 @@ jitsi_meet_conf_base:
useStunTurn: True
stunServers: "{{ jitsi_stun_servers }}"
preferH264: True
dialInNumbersUrl: https://{{ jitsi_domain }}/phoneNumberList
dialInConfCodeUrl: https://{{ jitsi_domain }}/conferenceMapper
jitsi_meet_conf_extra: {}
jitsi_meet_conf: "{{ jitsi_meet_conf_base | combine(jitsi_meet_conf_extra, recursive=True) }}"
@ -232,7 +224,7 @@ jitsi_jigasi_xmpp_domain: "{{ jitsi_auth_domain }}"
# conferenceMapper is used for inbound SIP call
jitsi_confmapper_port: 8823
jitsi_confmapper_src_ip: []
jitsi_confmapper_base_conf:
jitsi_confmapper_conf_base:
numbers: {}
# numbers:
# FR:
@ -245,5 +237,5 @@ jitsi_confmapper_base_conf:
expire_seconds: 86400
id_max_length: 5
db_file: "{{ jitsi_root_dir }}/data/confmapper.sqlite"
jitsi_confmapper_extra_conf: {}
jitsi_confmapper_conf: "{{ jitsi_confmapper_base_conf | combine(jitsi_confmapper_extra_conf, recursive=True) }}"
jitsi_confmapper_conf_extra: {}
jitsi_confmapper_conf: "{{ jitsi_confmapper_conf_base | combine(jitsi_confmapper_conf_extra, recursive=True) }}"

1
roles/jitsi/meta/main.yml
Unescape View File

@ -4,4 +4,5 @@ dependencies:
- role: repo_nodejs
- role: maven
- role: prosody
when: jitsi_xmpp_server in ['127.0.0.1', 'localhost', inventory_hostname]
- role: nginx

6
roles/jitsi/tasks/cleanup.yml
Unescape View File

@ -3,6 +3,8 @@
- name: Remove temp files
file: path={{ item }} state=absent
loop:
- "{{ jitsi_root_dir }}/tmp/jitsi-videobridge-linux-x64-{{ jitsi_videobridge_version }}"
- "{{ jitsi_root_dir }}/tmp/jitsi-videobridge-linux-x64-{{ jitsi_videobridge_version }}.zip"
- "{{ jitsi_root_dir }}/tmp/jicofo-1.1-SNAPSHOT"
- "{{ jitsi_root_dir }}/tmp/jicofo/target"
- "{{ jitsi_root_dir }}/tmp/jigasi-linux-x64-1.1-SNAPSHOT"
- "{{ jitsi_root_dir }}/tmp/jigasi/target"
tags: jitsi

12
roles/jitsi/tasks/conf.yml
Unescape View File

@ -14,8 +14,8 @@
- name: register XMPP users
command: prosodyctl register {{ item.user }} {{ jitsi_auth_domain }} '{{ item.pass }}'
loop:
- user: "{{ jitsi_videobridge_xmpp_user }}"
pass: "{{ jitsi_videobridge_xmpp_pass }}"
- user: "{{ jitsi_jvb_xmpp_user }}"
pass: "{{ jitsi_jvb_xmpp_pass }}"
- user: "{{ jitsi_jicofo_xmpp_user }}"
pass: "{{ jitsi_jicofo_xmpp_pass }}"
- user: "{{ jitsi_jigasi_xmpp_user }}"
@ -24,14 +24,6 @@
when: jitsi_prosody_conf is defined and jitsi_prosody_conf.changed
tags: jitsi
- name: Deploy videobridge configuration
template: src=videobridge/{{ item }}.j2 dest={{ jitsi_root_dir }}/etc/videobridge/{{ item }} group={{ jitsi_user }} mode=640
loop:
- videobridge.conf
- sip-communicator.properties
notify: restart jitsi-videobridge
tags: jitsi
- name: Deploy jicofo configuration
template: src=jicofo/{{ item }}.j2 dest={{ jitsi_root_dir }}/etc/jicofo/{{ item }} group={{ jitsi_user }} mode=640
loop:

11
roles/jitsi/tasks/facts.yml
Unescape View File

@ -4,13 +4,13 @@
set_fact: jitsi_jigasi={{ (jitsi_jigasi_sip_user is defined and jitsi_jigasi_sip_secret is defined) | ternary(True, False) }}
tags: jitsi
- name: Generate a random pass for videobridge
- name: Generate a random secret for videobridge
block:
- import_tasks: ../includes/get_rand_pass.yml
vars:
- pass_file: "{{ jitsi_root_dir }}/meta/ansible_videobridge_xmpp_pass"
- set_fact: jitsi_videobridge_xmpp_pass={{ rand_pass }}
when: jitsi_videobridge_xmpp_pass is not defined
- set_fact: jitsi_jvb_xmpp_pass={{ rand_pass }}
when: jitsi_jvb_xmpp_pass is not defined
tags: jitsi
- name: Generate a random secret for jicofo
@ -79,11 +79,6 @@
register: jitsi_key_file
tags: jitsi
- name: Check if videobridge is built
stat: path={{ jitsi_root_dir }}/videobridge/jvb.sh
register: jitsi_videobridge_script
tags: jitsi
- name: Check if jicofo is built
stat: path={{ jitsi_root_dir }}/jicofo/jicofo.sh
register: jitsi_jicofo_script

39
roles/jitsi/tasks/install.yml
Unescape View File

@ -30,41 +30,6 @@
# Now, for every component, we will clone or update the repo.
# If the repo changed since the last run, we rebuild and restart the corresponding component
- name: Clone videobridge repo
git:
repo: "{{ jitsi_videobridge_git_url }}"
dest: "{{ jitsi_root_dir }}/tmp/videobridge"
force: True
become_user: "{{ jitsi_user }}"
register: jitsi_videobridge_git
tags: jitsi
- name: Install or update videobridge
block:
- name: Build videobridge
command: /opt/maven/apache-maven/bin/mvn package -DskipTests -Dassembly.skipAssembly=false
args:
chdir: "{{ jitsi_root_dir }}/tmp/videobridge"
become_user: "{{ jitsi_user }}"
- name: Extract videobridge archive
unarchive:
src: "{{ jitsi_root_dir }}/tmp/videobridge/target/jitsi-videobridge-2.1-SNAPSHOT-archive.zip"
dest: "{{ jitsi_root_dir }}/tmp/"
remote_src: True
- name: Move videobridge to its final directory
synchronize:
src: "{{ jitsi_root_dir }}/tmp/jitsi-videobridge-2.1-SNAPSHOT/"
dest: "{{ jitsi_root_dir }}/videobridge/"
recursive: True
delete: True
delegate_to: "{{ inventory_hostname }}"
notify: restart jitsi-videobridge
when: jitsi_videobridge_git.changed or not jitsi_videobridge_script.stat.exists
tags: jitsi
- name: Clone jicofo repo
git:
repo: "{{ jitsi_jicofo_git_url }}"
@ -139,13 +104,11 @@
- name: Deploy systemd unit
template: src={{ item }}.service.j2 dest=/etc/systemd/system/{{ item }}.service
loop:
- jitsi-videobridge
- jitsi-jicofo
- jitsi-jigasi
- jitsi-confmapper
register: jitsi_units
notify:
- restart jitsi-videobridge
- restart jitsi-jicofo
- restart jitsi-jigasi
- restart jitsi-confmapper
@ -204,6 +167,6 @@
get_url:
url: https://raw.githubusercontent.com/gronke/jitsi-conferencemapper-api/master/daemon.py
dest: "{{ jitsi_root_dir }}/confmapper/daemon.py"
mode: 755
mode: 0755
notify: restart jitsi-confmapper
tags: jitsi

8
roles/jitsi/tasks/iptables.yml
Unescape View File

@ -1,13 +1,5 @@
---
- name: Handle jitsi videobridge ports
iptables_raw:
name: jitsi_videobridge_ports
state: "{{ (jitsi_videobridge_src_ip | length > 0) | ternary('present','absent') }}"
rules: "-A INPUT -m state --state NEW -p udp --dport {{ jitsi_videobridge_rtp_port }} -s {{ jitsi_videobridge_src_ip | join(',') }} -j ACCEPT\n
-A INPUT -m state --state NEW -p tcp --dport {{ jitsi_videobridge_harvester_port }} -s {{ jitsi_videobridge_src_ip | join(',') }} -j ACCEPT"
tags: firewall,jitsi
- name: Handle jitsi confmapper port
iptables_raw:
name: jitsi_confmapper_ports

5
roles/jitsi/tasks/services.yml
Unescape View File

@ -1,10 +1,7 @@
---
- name: Start and enable services
service: name={{ item }} state=started enabled=True
loop:
- jitsi-videobridge
- jitsi-jicofo
service: name=jitsi-jicofo state=started enabled=True
tags: jitsi
- name: Start and enable jigasi

8
roles/jitsi/templates/nginx.conf.j2
Unescape View File

@ -23,6 +23,7 @@ server {
location ~ ^/(phoneNumberList|conferenceMapper) {
proxy_pass http://localhost:{{ jitsi_confmapper_port }};
proxy_socket_keepalive on;
# TODO : rate limit these endpoints to prevent room listing
}
# BOSH endpoint
@ -64,5 +65,12 @@ server {
}
location / {
ssi on;
limit_req zone=limit_req_std burst=100 nodelay;
limit_conn limit_conn_std 80;
}
{% for ip in jitsi_web_src_ip %}
allow {{ ip }};
{% endfor %}
deny all;
}

22
roles/jitsi_videobridge/defaults/main.yml
Unescape View File

@ -0,0 +1,22 @@
---
jitsi_root_dir: /opt/jitsi
jitsi_user: jitsi
jitsi_videobridge_git_url: https://github.com/jitsi/jitsi-videobridge.git
jitsi_videobridge_harvester_port: 4443
# This one cannot be changed
jitsi_videobridge_rtp_port: 10000
jitsi_videobridge_src_ip:
- 0.0.0.0/0
jitsi_videobridge_domain: "{{ jitsi_domain | default(inventory_hostname) }}"
jitsi_videobridge_auth_domain: "{{ jitsi_auth_domain | default('auth.' ~ jitsi_domain) }}"
# XMPP password to connect to
jitsi_videobridge_xmpp_server: "{{ jitsi_xmpp_server | default(inventory_hostname) }}"
jitsi_videobridge_xmpp_user: jvb
jitsi_videobridge_xmpp_domain: "{{ jitsi_videobridge_auth_domain }}"
# A random pass will be created if not defined
# jitsi_videobridge_xmpp_pass:

5
roles/jitsi_videobridge/handlers/main.yml
Unescape View File

@ -0,0 +1,5 @@
---
- name: restart jitsi-videobridge
service: name=jitsi-videobridge state=restarted

4
roles/jitsi_videobridge/meta/main.yml
Unescape View File

@ -0,0 +1,4 @@
---
dependencies:
- role: maven

8
roles/jitsi_videobridge/tasks/cleanup.yml
Unescape View File

@ -0,0 +1,8 @@
---
- name: Remove temp files
file: path={{ item }} state=absent
loop:
- "{{ jitsi_root_dir }}/tmp/jitsi-videobridge-2.1-SNAPSHOT"
- "{{ jitsi_root_dir }}/tmp/jitsi-videobridge/target"
tags: jitsi

9
roles/jitsi_videobridge/tasks/conf.yml
Unescape View File

@ -0,0 +1,9 @@
---
- name: Deploy videobridge configuration
template: src={{ item }}.j2 dest={{ jitsi_root_dir }}/etc/videobridge/{{ item }} group={{ jitsi_user }} mode=640
loop:
- videobridge.conf
- sip-communicator.properties
notify: restart jitsi-videobridge
tags: jitsi

3
roles/jitsi_videobridge/tasks/directories.yml
Unescape View File

@ -0,0 +1,3 @@
---
- include: ../jitsi/tasks/directories.yml

15
roles/jitsi_videobridge/tasks/facts.yml
Unescape View File

@ -0,0 +1,15 @@
---
- name: Generate a random pass for videobridge
block:
- import_tasks: ../includes/get_rand_pass.yml
vars:
- pass_file: "{{ jitsi_root_dir }}/meta/ansible_videobridge_xmpp_pass"
- set_fact: jitsi_videobridge_xmpp_pass={{ rand_pass }}
when: jitsi_videobridge_xmpp_pass is not defined
tags: jitsi
- name: Check if videobridge is built
stat: path={{ jitsi_root_dir }}/videobridge/jvb.sh
register: jitsi_videobridge_script
tags: jitsi

56
roles/jitsi_videobridge/tasks/install.yml
Unescape View File

@ -0,0 +1,56 @@
---
- name: Install dependencies
yum:
name:
- java-1.8.0-openjdk
- git
tags: jitsi
# Needed if you use a proxy, as maven does not honor the standard $http_proxy / $https_proxy env
- name: Configure maven for {{ jitsi_user }}
template: src=../jitsi/templates/maven.xml.j2 dest={{ jitsi_root_dir }}/.m2/settings.xml
tags: jitsi
# If the repo changed since the last run, we rebuild and restart the bridge
- name: Clone videobridge repo
git:
repo: "{{ jitsi_videobridge_git_url }}"
dest: "{{ jitsi_root_dir }}/tmp/videobridge"
force: True
become_user: "{{ jitsi_user }}"
register: jitsi_videobridge_git
tags: jitsi
- name: Install or update videobridge
block:
- name: Build videobridge
command: /opt/maven/apache-maven/bin/mvn package -DskipTests -Dassembly.skipAssembly=false
args:
chdir: "{{ jitsi_root_dir }}/tmp/videobridge"
become_user: "{{ jitsi_user }}"
- name: Extract videobridge archive
unarchive:
src: "{{ jitsi_root_dir }}/tmp/videobridge/target/jitsi-videobridge-2.1-SNAPSHOT-archive.zip"
dest: "{{ jitsi_root_dir }}/tmp/"
remote_src: True
- name: Move videobridge to its final directory
synchronize:
src: "{{ jitsi_root_dir }}/tmp/jitsi-videobridge-2.1-SNAPSHOT/"
dest: "{{ jitsi_root_dir }}/videobridge/"
recursive: True
delete: True
delegate_to: "{{ inventory_hostname }}"
notify: restart jitsi-videobridge
when: jitsi_videobridge_git.changed or not jitsi_videobridge_script.stat.exists
tags: jitsi
- name: Deploy systemd unit
template: src=jitsi-videobridge.service.j2 dest=/etc/systemd/system/jitsi-videobridge.service
register: jitsi_videobridge_unit
notify: restart jitsi-videobridge
tags: jitsi

9
roles/jitsi_videobridge/tasks/iptables.yml
Unescape View File

@ -0,0 +1,9 @@
---
- name: Handle jitsi videobridge ports
iptables_raw:
name: jitsi_videobridge_ports
state: "{{ (jitsi_videobridge_src_ip | length > 0) | ternary('present','absent') }}"
rules: "-A INPUT -m state --state NEW -p udp --dport {{ jitsi_videobridge_rtp_port }} -s {{ jitsi_videobridge_src_ip | join(',') }} -j ACCEPT\n
-A INPUT -m state --state NEW -p tcp --dport {{ jitsi_videobridge_harvester_port }} -s {{ jitsi_videobridge_src_ip | join(',') }} -j ACCEPT"
tags: firewall,jitsi

11
roles/jitsi_videobridge/tasks/main.yml
Unescape View File

@ -0,0 +1,11 @@
---
- include: user.yml
- include: directories.yml
- include: facts.yml
- include: install.yml
- include: conf.yml
- include: iptables.yml
when: iptables_manage | default(True)
- include: services.yml
- include: cleanup.yml

5
roles/jitsi_videobridge/tasks/services.yml
Unescape View File

@ -0,0 +1,5 @@
---
- name: Start and enable services
service: name=jitsi-videobridge state=started enabled=True
tags: jitsi

3
roles/jitsi_videobridge/tasks/user.yml
Unescape View File

@ -0,0 +1,3 @@
---
- include: ../jitsi/tasks/user.yml

27
roles/jitsi_videobridge/templates/jitsi-videobridge.service.j2
Unescape View File

@ -0,0 +1,27 @@
[Unit]
Description=Jitsi Videobridge
After=network.target
[Service]
Type=simple
SuccessExitStatus=143
EnvironmentFile={{ jitsi_root_dir }}/etc/videobridge/videobridge.conf
User={{ jitsi_user }}
Group={{ jitsi_user }}
PrivateTmp=true
PrivateDevices=true
ProtectHome=true
ProtectSystem=full
ReadOnlyDirectories={{ jitsi_root_dir }}/etc {{ jitsi_root_dir }}/videobridge
Restart=on-failure
StartLimitInterval=0
RestartSec=30
# more threads for this process
TasksMax=65000
# allow more open files for this process
LimitNPROC=65000
LimitNOFILE=65000
ExecStart={{ jitsi_root_dir }}/videobridge/jvb.sh ${JVB_OPTS}
[Install]
WantedBy=multi-user.target

19
roles/jitsi_videobridge/templates/sip-communicator.properties.j2
Unescape View File

@ -0,0 +1,19 @@
org.jitsi.impl.neomedia.transform.srtp.SRTPCryptoContext.checkReplay=false
org.jitsi.videobridge.TCP_HARVESTER_PORT={{ jitsi_videobridge_harvester_port }}
org.ice4j.ipv6.DISABLED=true
org.ice4j.ice.harvest.DISABLE_AWS_HARVESTER=true
{% if jitsi_external_ip is defined %}
org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS={{ ansible_default_ipv4.address }}
org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS={{ jitsi_external_ip }}
{% endif %}
org.jitsi.videobridge.ENABLE_STATISTICS=true
org.jitsi.videobridge.STATISTICS_TRANSPORT=muc
org.jitsi.videobridge.xmpp.user.xmppserver1.HOSTNAME={{ jitsi_xmpp_server }}
org.jitsi.videobridge.xmpp.user.xmppserver1.DOMAIN={{ jitsi_videobridge_xmpp_domain }}
org.jitsi.videobridge.xmpp.user.xmppserver1.USERNAME={{ jitsi_videobridge_xmpp_user }}
org.jitsi.videobridge.xmpp.user.xmppserver1.PASSWORD={{ jitsi_videobridge_xmpp_pass }}
org.jitsi.videobridge.xmpp.user.xmppserver1.MUC_JIDS=JvbBrewery@internal.{{ jitsi_auth_domain }}
org.jitsi.videobridge.xmpp.user.xmppserver1.MUC_NICKNAME={{ inventory_hostname | to_uuid }}

3
roles/jitsi_videobridge/templates/videobridge.conf.j2
Unescape View File

@ -0,0 +1,3 @@
JVB_OPTS="--apis=rest"
JAVA_SYS_PROPS="-Dnet.java.sip.communicator.SC_HOME_DIR_LOCATION={{ jitsi_root_dir }}/etc -Dnet.java.sip.communicator.SC_HOME_DIR_NAME=videobridge"
Write Preview
Loading…
Cancel
Save