Update to 2020-04-22 19:00

5 years ago · da3261498f
parent cdc9a83c45
commit da3261498f
14 changed files with 71 additions and 81 deletions
--- a/roles/jitsi/defaults/main.yml
+++ b/roles/jitsi/defaults/main.yml
@ -39,7 +39,7 @@ jitsi_turn_secret: "{{ turnserver_auth_secret | default('p@ssw0rd') }}"
 #    than sso for desktop users. See all the jitsi_ldap_xxxx settings
 jitsi_auth: False

-jitsi_jicofo_xmpp_user: jicofo
+jitsi_jicofo_xmpp_user: focus
 jitsi_jicofo_xmpp_domain: "{{ jitsi_auth_domain }}"
 # Password for the focus user on the auth domain
 # jitsi_jicofo_xmpp_pass: p@ssw0rd
@ -69,7 +69,6 @@ jitsi_meet_conf_base:
  clientNode: http://jitsi.org/jitsimeet
  disableAudioLevels: True
  testing:
-    enableFirefoxSimulcast: False
    p2pTestMode: False
  enableNoAudioDetection: True
  enableNoisyMicDetection: True
--- a/roles/jitsi/tasks/cleanup.yml
+++ b/roles/jitsi/tasks/cleanup.yml
@ -4,7 +4,7 @@
  file: path={{ item }} state=absent
  loop:
    - "{{ jitsi_root_dir }}/tmp/jicofo-1.1-SNAPSHOT"
-    - "{{ jitsi_root_dir }}/tmp/jicofo/target"
+    - "{{ jitsi_root_dir }}/src/jicofo/target"
    - "{{ jitsi_root_dir }}/tmp/jigasi-linux-x64-1.1-SNAPSHOT"
-    - "{{ jitsi_root_dir }}/tmp/jigasi/target"
+    - "{{ jitsi_root_dir }}/src/jigasi/target"
  tags: jitsi
--- a/roles/jitsi/tasks/directories.yml
+++ b/roles/jitsi/tasks/directories.yml
@ -12,13 +12,13 @@
      owner: "{{ jitsi_user }}"
      group: "{{ jitsi_user }}"
      mode: 700
-    - dir: "{{ jitsi_root_dir }}/tmp/videobridge"
+    - dir: "{{ jitsi_root_dir }}/src/videobridge"
      owner: "{{ jitsi_user }}"
-    - dir: "{{ jitsi_root_dir }}/tmp/jicofo"
+    - dir: "{{ jitsi_root_dir }}/src/jicofo"
      owner: "{{ jitsi_user }}"
-    - dir: "{{ jitsi_root_dir }}/tmp/jigasi"
+    - dir: "{{ jitsi_root_dir }}/src/jigasi"
      owner: "{{ jitsi_user }}"
-    - dir: "{{ jitsi_root_dir }}/tmp/meet"
+    - dir: "{{ jitsi_root_dir }}/src/meet"
      owner: "{{ jitsi_user }}"
    - dir: "{{ jitsi_root_dir }}/videobridge"
    - dir: "{{ jitsi_root_dir }}/jicofo"
--- a/roles/jitsi/tasks/install.yml
+++ b/roles/jitsi/tasks/install.yml
@ -33,7 +33,7 @@
 - name: Clone jicofo repo
  git:
    repo: "{{ jitsi_jicofo_git_url }}"
-    dest: "{{ jitsi_root_dir }}/tmp/jicofo"
+    dest: "{{ jitsi_root_dir }}/src/jicofo"
    force: True
  become_user: "{{ jitsi_user }}"
  register: jitsi_jicofo_git
@ -44,12 +44,12 @@
    - name: Build jicofo
      command: /opt/maven/apache-maven/bin/mvn package -DskipTests -Dassembly.skipAssembly=false
      args:
-        chdir: "{{ jitsi_root_dir }}/tmp/jicofo"
+        chdir: "{{ jitsi_root_dir }}/src/jicofo"
      become_user: "{{ jitsi_user }}"

    - name: Extract jicofo archive
      unarchive:
-        src: "{{ jitsi_root_dir }}/tmp/jicofo/target/jicofo-1.1-SNAPSHOT-archive.zip"
+        src: "{{ jitsi_root_dir }}/src/jicofo/target/jicofo-1.1-SNAPSHOT-archive.zip"
        dest: "{{ jitsi_root_dir }}/tmp/"
        remote_src: True

@ -67,7 +67,7 @@
 - name: Clone jigasi repo
  git:
    repo: "{{ jitsi_jigasi_git_url }}"
-    dest: "{{ jitsi_root_dir }}/tmp/jigasi"
+    dest: "{{ jitsi_root_dir }}/src/jigasi"
    force: True
  become_user: "{{ jitsi_user }}"
  register: jitsi_jigasi_git
@ -78,12 +78,12 @@
    - name: Build jigasi
      command: /opt/maven/apache-maven/bin/mvn package -DskipTests -Dassembly.skipAssembly=false
      args:
-        chdir: "{{ jitsi_root_dir }}/tmp/jigasi"
+        chdir: "{{ jitsi_root_dir }}/src/jigasi"
      become_user: "{{ jitsi_user }}"

    - name: Extract jigasi archive
      unarchive:
-        src: "{{ jitsi_root_dir }}/tmp/jigasi/target/jigasi-linux-x64-1.1-SNAPSHOT.zip"
+        src: "{{ jitsi_root_dir }}/src/jigasi/target/jigasi-linux-x64-1.1-SNAPSHOT.zip"
        dest: "{{ jitsi_root_dir }}/tmp/"
        remote_src: True

@ -122,7 +122,7 @@
 - name: Clone jitsi meet
  git:
    repo: "{{ jitsi_meet_git_url }}"
-    dest: "{{ jitsi_root_dir }}/tmp/meet"
+    dest: "{{ jitsi_root_dir }}/src/meet"
    force: True
  register: jitsi_meet_git
  become_user: "{{ jitsi_user }}"
@ -132,13 +132,13 @@
  tags: jitsi
  block:
    - name: Install jitsi meet node dependencies
-      npm: path={{ jitsi_root_dir }}/tmp/meet
+      npm: path={{ jitsi_root_dir }}/src/meet
      become_user: "{{ jitsi_user }}"

    - name: Build jitsi meet
      command: make
      args:
-        chdir: "{{ jitsi_root_dir }}/tmp/meet"
+        chdir: "{{ jitsi_root_dir }}/src/meet"
      become_user: "{{ jitsi_user }}"

    - name: Deploy new jitsi meet version
@ -148,16 +148,7 @@
        cp -r *.js *.html connection_optimization favicon.ico fonts images libs static sounds LICENSE lang {{ jitsi_root_dir }}/meet/
        cp css/all.css {{ jitsi_root_dir }}/meet/css/
      args:
-        chdir: "{{ jitsi_root_dir }}/tmp/meet"
-
-    - name: Install prosody plugins
-      synchronize:
-        src: "{{ jitsi_root_dir }}/tmp/meet/resources/prosody-plugins/"
-        dest: "{{ jitsi_root_dir }}/prosody/"
-        recursive: True
-        delete: True
-      delegate_to: "{{ inventory_hostname }}"
-      notify: reload prosody
+        chdir: "{{ jitsi_root_dir }}/src/meet"

 - name: Install dehydrated hook
  template: src=dehydrated_hook.sh.j2 dest=/etc/dehydrated/hooks_deploy_cert.d/jitsi.sh mode=755
--- a/roles/jitsi/templates/jicofo/sip-communicator.properties.j2
+++ b/roles/jitsi/templates/jicofo/sip-communicator.properties.j2
@ -4,3 +4,6 @@ org.jitsi.jicofo.auth.URL=shibboleth:default
 org.jitsi.jicofo.auth.URL=XMPP:{{ jitsi_domain }}
 {% endif %}
 org.jitsi.jicofo.BRIDGE_MUC=JvbBrewery@internal.{{ jitsi_auth_domain }}
+{% if jitsi_jigasi %}
+org.jitsi.jicofo.jigasi.BREWERY=JigasiBrewery@internal.{{ jitsi_auth_domain }}
+{% endif %}
--- a/roles/jitsi/templates/jigasi/jigasi.conf.j2
+++ b/roles/jitsi/templates/jigasi/jigasi.conf.j2
@ -1,7 +1,3 @@
 # {{ ansible_managed }}
-JIGASI_HOST={{ jitsi_xmpp_server }}
-JIGASI_DOMAIN={{ jitsi_domain }}
-JIGASI_SUBDOMAIN=callcontrol
-JIGASI_SECRET='{{ jitsi_jigasi_xmpp_secret }}'
 JIGASI_OPTS=''
 JAVA_SYS_PROPS=''
--- a/roles/jitsi/templates/jigasi/sip-communicator.properties.j2
+++ b/roles/jitsi/templates/jigasi/sip-communicator.properties.j2
@ -6,23 +6,38 @@ net.java.sip.communicator.impl.protocol.SingleCallInProgressPolicy.enabled=false
 # Disable packet capture
 net.java.sip.communicator.packetlogging.PACKET_LOGGING_ENABLED=false

+# Enable brewery
+org.jitsi.jigasi.BREWERY_ENABLED=true
+org.jitsi.jigasi.MUC_SERVICE_ADDRESS=conference.{{ jitsi_domain }}
+
 {% if jitsi_jigasi %}
 # SIP acount
-net.java.sip.communicator.impl.protocol.sip.account=account
-net.java.sip.communicator.impl.protocol.sip.account.ACCOUNT_UID=SIP\:{{ jitsi_jigasi_sip_user }}
-net.java.sip.communicator.impl.protocol.sip.account.PASSWORD={{ jitsi_jigasi_sip_secret | b64encode }}
-net.java.sip.communicator.impl.protocol.sip.account.PROTOCOL_NAME=SIP
-net.java.sip.communicator.impl.protocol.sip.account.SERVER_ADDRESS={{ jitsi_jigasi_sip_server }}
-net.java.sip.communicator.impl.protocol.sip.account.USER_ID={{ jitsi_jigasi_sip_user }}
-net.java.sip.communicator.impl.protocol.sip.account.KEEP_ALIVE_INTERVAL=25
-net.java.sip.communicator.impl.protocol.sip.account.KEEP_ALIVE_METHOD=OPTIONS
-net.java.sip.communicator.impl.protocol.sip.account.VOICEMAIL_ENABLED=false
-net.java.sip.communicator.impl.protocol.sip.account.OVERRIDE_ENCODINGS=false
+net.java.sip.communicator.impl.protocol.sip.acc=acc
+net.java.sip.communicator.impl.protocol.sip.acc.ACCOUNT_UID=SIP\:{{ jitsi_jigasi_sip_user }}
+net.java.sip.communicator.impl.protocol.sip.acc.PASSWORD={{ jitsi_jigasi_sip_secret | b64encode }}
+net.java.sip.communicator.impl.protocol.sip.acc.PROTOCOL_NAME=SIP
+net.java.sip.communicator.impl.protocol.sip.acc.SERVER_ADDRESS={{ jitsi_jigasi_sip_server }}
+net.java.sip.communicator.impl.protocol.sip.acc.USER_ID={{ jitsi_jigasi_sip_user }}
+net.java.sip.communicator.impl.protocol.sip.acc.KEEP_ALIVE_INTERVAL=25
+net.java.sip.communicator.impl.protocol.sip.acc.KEEP_ALIVE_METHOD=OPTIONS
+net.java.sip.communicator.impl.protocol.sip.acc.VOICEMAIL_ENABLED=false
+net.java.sip.communicator.impl.protocol.sip.acc.OVERRIDE_ENCODINGS=false
+net.java.sip.communicator.impl.protocol.sip.acc.DOMAIN_BASE={{ jitsi_domain }}
 {% else %}
-# No SIP account configured, jigasi will be disabled
+# No SIP acc configured, jigasi will be disabled
 {% endif %}

 # XMPP account
+net.java.sip.communicator.impl.protocol.jabber.acc=acc
+net.java.sip.communicator.impl.protocol.jabber.acc.ACCOUNT_UID=Jabber:jigasi@{{ jitsi_auth_domain }}
+net.java.sip.communicator.impl.protocol.jabber.acc.USER_ID=jigasi@{{ jitsi_auth_domain }}
+net.java.sip.communicator.impl.protocol.jabber.acc.IS_SERVER_OVERRIDDEN=true
+net.java.sip.communicator.impl.protocol.jabber.acc.SERVER_ADDRESS={{ inventory_hostname }}
+net.java.sip.communicator.impl.protocol.jabber.acc.PASSWORD={{ jitsi_jigasi_xmpp_pass | b64encode }}
+net.java.sip.communicator.impl.protocol.jabber.acc.RESOURCE_PRIORITY=30
+net.java.sip.communicator.impl.protocol.jabber.acc.BREWERY=JigasiBrewery@internal.{{ jitsi_auth_domain }}
+net.java.sip.communicator.impl.protocol.jabber.acc.DOMAIN_BASE={{ jitsi_domain }}
+
 org.jitsi.jigasi.xmpp.acc.USER_ID=jigasi@auth.{{ jitsi_domain }}
 org.jitsi.jigasi.xmpp.acc.PASS={{ jitsi_jigasi_xmpp_pass }}
 org.jitsi.jigasi.xmpp.acc.ANONYMOUS_AUTH=false
--- a/roles/jitsi/templates/jitsi-jigasi.service.j2
+++ b/roles/jitsi/templates/jitsi-jigasi.service.j2
@ -18,10 +18,7 @@ RestartSec=30
 ExecStart=/opt/jitsi/jigasi/jigasi.sh \
            --configdir={{ jitsi_root_dir }}/etc \
            --configdirname=jigasi \
-            --host=${JIGASI_HOST} \
-            --domain=${JIGASI_DOMAIN} \
-            --subdomain=callcontrol \
-            --secret=${JIGASI_SECRET} \
+            --nocomponent=true \
            ${JIGASI_OPT}

 [Install]
--- a/roles/jitsi/templates/prosody.cfg.lua.j2
+++ b/roles/jitsi/templates/prosody.cfg.lua.j2
@ -1,5 +1,7 @@

 muc_mapper_domain_base = "{{ jitsi_domain }}";
+admins = { "{{ jitsi_jicofo_xmpp_user }}@{{ jitsi_auth_domain }}" }
+http_default_host = "{{ jitsi_domain }}"

 {% if jitsi_turn_secret is defined %}
 turncredentials_secret = "{{ jitsi_turn_secret }}";
@ -55,25 +57,14 @@ VirtualHost "{{ jitsi_domain }}"
  }
  c2s_require_encryption = false
  allow_unencrypted_plain_auth = true
+  speakerstats_component = "speakerstats.{{ jitsi_domain }}"
+  conference_duration_component = "conferenceduration.{{ jitsi_domain }}"

 {% if jitsi_auth == 'ldap' %}
 -- Guest virtual domain
 VirtualHost "guest.{{ jitsi_domain }}"
  authentication = "anonymous"
  c2s_require_encryption = false
-  ssl = {
-    key = "{{ jitsi_key_path }}";
-    certificate = "{{ jitsi_cert_path }}";
-  }
-  modules_enabled = {
-    "bosh";
-    "pubsub";
-    "ping";
-    "websocket";
-    "turncredentials";
-    "speakerstats";
-    "conference_duration";
-  }
 {% endif %}

 VirtualHost "{{ jitsi_auth_domain }}"
@ -81,27 +72,23 @@ VirtualHost "{{ jitsi_auth_domain }}"
    key = "{{ jitsi_key_path }}";
    certificate = "{{ jitsi_cert_path }}";
  }
-  authentication = "internal_plain"
+  authentication = "internal_hashed"
  c2s_require_encryption = false

-admins = { "{{ jitsi_jicofo_xmpp_user }}@{{ jitsi_auth_domain }}" }
-
 Component "conference.{{ jitsi_domain }}" "muc"
+  storage = "memory"
+  modules_enabled = { "ping"; }
+  muc_room_locking = false
+  muc_room_default_public_jids = true

 Component "internal.{{ jitsi_auth_domain }}" "muc"
  storage = "memory"
  modules_enabled = { "ping"; }
-  admins = {
-    "{{ jitsi_jicofo_xmpp_user }}@{{ jitsi_jicofo_xmpp_domain }}",
-    "{{ jitsi_videobridge_xmpp_user }}@{{ jitsi_videobridge_xmpp_domain }}"
-  }
+  muc_room_cache_size = 1000

 Component "focus.{{ jitsi_domain }}"
  component_secret = "{{ jitsi_jicofo_xmpp_secret }}"

-Component "callcontrol.{{ jitsi_domain }}"
-  component_secret = "{{ jitsi_jigasi_xmpp_secret }}"
-
 Component "speakerstats.{{ jitsi_domain }}" "speakerstats_component"
  muc_component = "conference.{{ jitsi_domain }}"

--- a/roles/jitsi_videobridge/defaults/main.yml
+++ b/roles/jitsi_videobridge/defaults/main.yml
@ -6,7 +6,6 @@ jitsi_user: jitsi
 jitsi_videobridge_git_url: https://github.com/jitsi/jitsi-videobridge.git

 jitsi_videobridge_harvester_port: 4443
-# This one cannot be changed
 jitsi_videobridge_rtp_port: 10000
 jitsi_videobridge_src_ip:
  - 0.0.0.0/0
--- a/roles/jitsi_videobridge/tasks/cleanup.yml
+++ b/roles/jitsi_videobridge/tasks/cleanup.yml
@ -4,5 +4,5 @@
  file: path={{ item }} state=absent
  loop:
    - "{{ jitsi_root_dir }}/tmp/jitsi-videobridge-2.1-SNAPSHOT"
-    - "{{ jitsi_root_dir }}/tmp/jitsi-videobridge/target"
+    - "{{ jitsi_root_dir }}/src/jitsi-videobridge/target"
  tags: jitsi
--- a/roles/jitsi_videobridge/tasks/install.yml
+++ b/roles/jitsi_videobridge/tasks/install.yml
@ -16,7 +16,7 @@
 - name: Clone videobridge repo
  git:
    repo: "{{ jitsi_videobridge_git_url }}"
-    dest: "{{ jitsi_root_dir }}/tmp/videobridge"
+    dest: "{{ jitsi_root_dir }}/src/videobridge"
    force: True
  become_user: "{{ jitsi_user }}"
  register: jitsi_videobridge_git
@ -27,12 +27,12 @@
    - name: Build videobridge
      command: /opt/maven/apache-maven/bin/mvn package -DskipTests -Dassembly.skipAssembly=false
      args:
-        chdir: "{{ jitsi_root_dir }}/tmp/videobridge"
+        chdir: "{{ jitsi_root_dir }}/src/videobridge"
      become_user: "{{ jitsi_user }}"

    - name: Extract videobridge archive
      unarchive:
-        src: "{{ jitsi_root_dir }}/tmp/videobridge/target/jitsi-videobridge-2.1-SNAPSHOT-archive.zip"
+        src: "{{ jitsi_root_dir }}/src/videobridge/target/jitsi-videobridge-2.1-SNAPSHOT-archive.zip"
        dest: "{{ jitsi_root_dir }}/tmp/"
        remote_src: True

--- a/roles/jitsi_videobridge/templates/sip-communicator.properties.j2
+++ b/roles/jitsi_videobridge/templates/sip-communicator.properties.j2
@ -1,7 +1,8 @@
 org.jitsi.impl.neomedia.transform.srtp.SRTPCryptoContext.checkReplay=false
+org.jitsi.videobridge.SINGLE_PORT_HARVESTER_PORT={{ jitsi_videobridge_rtp_port }}
 org.jitsi.videobridge.TCP_HARVESTER_PORT={{ jitsi_videobridge_harvester_port }}
+org.jitsi.videobridge.DISABLE_TCP_HARVESTER=false
 org.ice4j.ipv6.DISABLED=true
-org.ice4j.ice.harvest.DISABLE_AWS_HARVESTER=true
 {% if jitsi_external_ip is defined %}
 org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS={{ ansible_default_ipv4.address }}
 org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS={{ jitsi_external_ip }}
@ -9,11 +10,12 @@ org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS={{ jitsi_external_ip }}

 org.jitsi.videobridge.ENABLE_STATISTICS=true
 org.jitsi.videobridge.STATISTICS_TRANSPORT=muc
+org.jitsi.videobridge.STATISTICS_INTERVAL=5000

-org.jitsi.videobridge.xmpp.user.xmppserver1.HOSTNAME={{ jitsi_xmpp_server }}
-org.jitsi.videobridge.xmpp.user.xmppserver1.DOMAIN={{ jitsi_videobridge_xmpp_domain }}
-org.jitsi.videobridge.xmpp.user.xmppserver1.USERNAME={{ jitsi_videobridge_xmpp_user }}
-org.jitsi.videobridge.xmpp.user.xmppserver1.PASSWORD={{ jitsi_videobridge_xmpp_pass }}
-org.jitsi.videobridge.xmpp.user.xmppserver1.MUC_JIDS=JvbBrewery@internal.{{ jitsi_auth_domain }}
-org.jitsi.videobridge.xmpp.user.xmppserver1.MUC_NICKNAME={{ inventory_hostname | to_uuid }}
+org.jitsi.videobridge.xmpp.user.acc1.HOSTNAME={{ jitsi_xmpp_server }}
+org.jitsi.videobridge.xmpp.user.acc1.DOMAIN={{ jitsi_videobridge_xmpp_domain }}
+org.jitsi.videobridge.xmpp.user.acc1.USERNAME={{ jitsi_videobridge_xmpp_user }}
+org.jitsi.videobridge.xmpp.user.acc1.PASSWORD={{ jitsi_videobridge_xmpp_pass }}
+org.jitsi.videobridge.xmpp.user.acc1.MUC_JIDS=JvbBrewery@internal.{{ jitsi_auth_domain }}
+org.jitsi.videobridge.xmpp.user.acc1.MUC_NICKNAME={{ inventory_hostname }}

--- a/roles/squid/files/acl/software_various.domains
+++ b/roles/squid/files/acl/software_various.domains
@ -216,6 +216,7 @@ coverartarchive.org

 # Zabbix
 repo.zabbix.com
+git.zabbix.com

 # Maxming GeoIP
 updates.maxmind.com