From da3261498f52e8bfe4229d501d2923d33d079ef2 Mon Sep 17 00:00:00 2001 From: Daniel Berteaud Date: Wed, 22 Apr 2020 19:00:11 +0200 Subject: [PATCH] Update to 2020-04-22 19:00 --- roles/jitsi/defaults/main.yml | 3 +- roles/jitsi/tasks/cleanup.yml | 4 +-- roles/jitsi/tasks/directories.yml | 8 ++--- roles/jitsi/tasks/install.yml | 29 ++++++----------- .../jicofo/sip-communicator.properties.j2 | 3 ++ roles/jitsi/templates/jigasi/jigasi.conf.j2 | 4 --- .../jigasi/sip-communicator.properties.j2 | 37 +++++++++++++++------- roles/jitsi/templates/jitsi-jigasi.service.j2 | 5 +-- roles/jitsi/templates/prosody.cfg.lua.j2 | 33 ++++++------------- roles/jitsi_videobridge/defaults/main.yml | 1 - roles/jitsi_videobridge/tasks/cleanup.yml | 2 +- roles/jitsi_videobridge/tasks/install.yml | 6 ++-- .../templates/sip-communicator.properties.j2 | 16 ++++++---- roles/squid/files/acl/software_various.domains | 1 + 14 files changed, 71 insertions(+), 81 deletions(-) diff --git a/roles/jitsi/defaults/main.yml b/roles/jitsi/defaults/main.yml index bb42b4e..ea04ed7 100644 --- a/roles/jitsi/defaults/main.yml +++ b/roles/jitsi/defaults/main.yml @@ -39,7 +39,7 @@ jitsi_turn_secret: "{{ turnserver_auth_secret | default('p@ssw0rd') }}" # than sso for desktop users. See all the jitsi_ldap_xxxx settings jitsi_auth: False -jitsi_jicofo_xmpp_user: jicofo +jitsi_jicofo_xmpp_user: focus jitsi_jicofo_xmpp_domain: "{{ jitsi_auth_domain }}" # Password for the focus user on the auth domain # jitsi_jicofo_xmpp_pass: p@ssw0rd @@ -69,7 +69,6 @@ jitsi_meet_conf_base: clientNode: http://jitsi.org/jitsimeet disableAudioLevels: True testing: - enableFirefoxSimulcast: False p2pTestMode: False enableNoAudioDetection: True enableNoisyMicDetection: True diff --git a/roles/jitsi/tasks/cleanup.yml b/roles/jitsi/tasks/cleanup.yml index 80960cf..d893f00 100644 --- a/roles/jitsi/tasks/cleanup.yml +++ b/roles/jitsi/tasks/cleanup.yml @@ -4,7 +4,7 @@ file: path={{ item }} state=absent loop: - "{{ jitsi_root_dir }}/tmp/jicofo-1.1-SNAPSHOT" - - "{{ jitsi_root_dir }}/tmp/jicofo/target" + - "{{ jitsi_root_dir }}/src/jicofo/target" - "{{ jitsi_root_dir }}/tmp/jigasi-linux-x64-1.1-SNAPSHOT" - - "{{ jitsi_root_dir }}/tmp/jigasi/target" + - "{{ jitsi_root_dir }}/src/jigasi/target" tags: jitsi diff --git a/roles/jitsi/tasks/directories.yml b/roles/jitsi/tasks/directories.yml index c50c5c0..eae4058 100644 --- a/roles/jitsi/tasks/directories.yml +++ b/roles/jitsi/tasks/directories.yml @@ -12,13 +12,13 @@ owner: "{{ jitsi_user }}" group: "{{ jitsi_user }}" mode: 700 - - dir: "{{ jitsi_root_dir }}/tmp/videobridge" + - dir: "{{ jitsi_root_dir }}/src/videobridge" owner: "{{ jitsi_user }}" - - dir: "{{ jitsi_root_dir }}/tmp/jicofo" + - dir: "{{ jitsi_root_dir }}/src/jicofo" owner: "{{ jitsi_user }}" - - dir: "{{ jitsi_root_dir }}/tmp/jigasi" + - dir: "{{ jitsi_root_dir }}/src/jigasi" owner: "{{ jitsi_user }}" - - dir: "{{ jitsi_root_dir }}/tmp/meet" + - dir: "{{ jitsi_root_dir }}/src/meet" owner: "{{ jitsi_user }}" - dir: "{{ jitsi_root_dir }}/videobridge" - dir: "{{ jitsi_root_dir }}/jicofo" diff --git a/roles/jitsi/tasks/install.yml b/roles/jitsi/tasks/install.yml index fc79f4b..947f4da 100644 --- a/roles/jitsi/tasks/install.yml +++ b/roles/jitsi/tasks/install.yml @@ -33,7 +33,7 @@ - name: Clone jicofo repo git: repo: "{{ jitsi_jicofo_git_url }}" - dest: "{{ jitsi_root_dir }}/tmp/jicofo" + dest: "{{ jitsi_root_dir }}/src/jicofo" force: True become_user: "{{ jitsi_user }}" register: jitsi_jicofo_git @@ -44,12 +44,12 @@ - name: Build jicofo command: /opt/maven/apache-maven/bin/mvn package -DskipTests -Dassembly.skipAssembly=false args: - chdir: "{{ jitsi_root_dir }}/tmp/jicofo" + chdir: "{{ jitsi_root_dir }}/src/jicofo" become_user: "{{ jitsi_user }}" - name: Extract jicofo archive unarchive: - src: "{{ jitsi_root_dir }}/tmp/jicofo/target/jicofo-1.1-SNAPSHOT-archive.zip" + src: "{{ jitsi_root_dir }}/src/jicofo/target/jicofo-1.1-SNAPSHOT-archive.zip" dest: "{{ jitsi_root_dir }}/tmp/" remote_src: True @@ -67,7 +67,7 @@ - name: Clone jigasi repo git: repo: "{{ jitsi_jigasi_git_url }}" - dest: "{{ jitsi_root_dir }}/tmp/jigasi" + dest: "{{ jitsi_root_dir }}/src/jigasi" force: True become_user: "{{ jitsi_user }}" register: jitsi_jigasi_git @@ -78,12 +78,12 @@ - name: Build jigasi command: /opt/maven/apache-maven/bin/mvn package -DskipTests -Dassembly.skipAssembly=false args: - chdir: "{{ jitsi_root_dir }}/tmp/jigasi" + chdir: "{{ jitsi_root_dir }}/src/jigasi" become_user: "{{ jitsi_user }}" - name: Extract jigasi archive unarchive: - src: "{{ jitsi_root_dir }}/tmp/jigasi/target/jigasi-linux-x64-1.1-SNAPSHOT.zip" + src: "{{ jitsi_root_dir }}/src/jigasi/target/jigasi-linux-x64-1.1-SNAPSHOT.zip" dest: "{{ jitsi_root_dir }}/tmp/" remote_src: True @@ -122,7 +122,7 @@ - name: Clone jitsi meet git: repo: "{{ jitsi_meet_git_url }}" - dest: "{{ jitsi_root_dir }}/tmp/meet" + dest: "{{ jitsi_root_dir }}/src/meet" force: True register: jitsi_meet_git become_user: "{{ jitsi_user }}" @@ -132,13 +132,13 @@ tags: jitsi block: - name: Install jitsi meet node dependencies - npm: path={{ jitsi_root_dir }}/tmp/meet + npm: path={{ jitsi_root_dir }}/src/meet become_user: "{{ jitsi_user }}" - name: Build jitsi meet command: make args: - chdir: "{{ jitsi_root_dir }}/tmp/meet" + chdir: "{{ jitsi_root_dir }}/src/meet" become_user: "{{ jitsi_user }}" - name: Deploy new jitsi meet version @@ -148,16 +148,7 @@ cp -r *.js *.html connection_optimization favicon.ico fonts images libs static sounds LICENSE lang {{ jitsi_root_dir }}/meet/ cp css/all.css {{ jitsi_root_dir }}/meet/css/ args: - chdir: "{{ jitsi_root_dir }}/tmp/meet" - - - name: Install prosody plugins - synchronize: - src: "{{ jitsi_root_dir }}/tmp/meet/resources/prosody-plugins/" - dest: "{{ jitsi_root_dir }}/prosody/" - recursive: True - delete: True - delegate_to: "{{ inventory_hostname }}" - notify: reload prosody + chdir: "{{ jitsi_root_dir }}/src/meet" - name: Install dehydrated hook template: src=dehydrated_hook.sh.j2 dest=/etc/dehydrated/hooks_deploy_cert.d/jitsi.sh mode=755 diff --git a/roles/jitsi/templates/jicofo/sip-communicator.properties.j2 b/roles/jitsi/templates/jicofo/sip-communicator.properties.j2 index 11c3ac0..e25516c 100644 --- a/roles/jitsi/templates/jicofo/sip-communicator.properties.j2 +++ b/roles/jitsi/templates/jicofo/sip-communicator.properties.j2 @@ -4,3 +4,6 @@ org.jitsi.jicofo.auth.URL=shibboleth:default org.jitsi.jicofo.auth.URL=XMPP:{{ jitsi_domain }} {% endif %} org.jitsi.jicofo.BRIDGE_MUC=JvbBrewery@internal.{{ jitsi_auth_domain }} +{% if jitsi_jigasi %} +org.jitsi.jicofo.jigasi.BREWERY=JigasiBrewery@internal.{{ jitsi_auth_domain }} +{% endif %} diff --git a/roles/jitsi/templates/jigasi/jigasi.conf.j2 b/roles/jitsi/templates/jigasi/jigasi.conf.j2 index 36f5e10..df691bb 100644 --- a/roles/jitsi/templates/jigasi/jigasi.conf.j2 +++ b/roles/jitsi/templates/jigasi/jigasi.conf.j2 @@ -1,7 +1,3 @@ # {{ ansible_managed }} -JIGASI_HOST={{ jitsi_xmpp_server }} -JIGASI_DOMAIN={{ jitsi_domain }} -JIGASI_SUBDOMAIN=callcontrol -JIGASI_SECRET='{{ jitsi_jigasi_xmpp_secret }}' JIGASI_OPTS='' JAVA_SYS_PROPS='' diff --git a/roles/jitsi/templates/jigasi/sip-communicator.properties.j2 b/roles/jitsi/templates/jigasi/sip-communicator.properties.j2 index 6125a8f..d325bec 100644 --- a/roles/jitsi/templates/jigasi/sip-communicator.properties.j2 +++ b/roles/jitsi/templates/jigasi/sip-communicator.properties.j2 @@ -6,23 +6,38 @@ net.java.sip.communicator.impl.protocol.SingleCallInProgressPolicy.enabled=false # Disable packet capture net.java.sip.communicator.packetlogging.PACKET_LOGGING_ENABLED=false +# Enable brewery +org.jitsi.jigasi.BREWERY_ENABLED=true +org.jitsi.jigasi.MUC_SERVICE_ADDRESS=conference.{{ jitsi_domain }} + {% if jitsi_jigasi %} # SIP acount -net.java.sip.communicator.impl.protocol.sip.account=account -net.java.sip.communicator.impl.protocol.sip.account.ACCOUNT_UID=SIP\:{{ jitsi_jigasi_sip_user }} -net.java.sip.communicator.impl.protocol.sip.account.PASSWORD={{ jitsi_jigasi_sip_secret | b64encode }} -net.java.sip.communicator.impl.protocol.sip.account.PROTOCOL_NAME=SIP -net.java.sip.communicator.impl.protocol.sip.account.SERVER_ADDRESS={{ jitsi_jigasi_sip_server }} -net.java.sip.communicator.impl.protocol.sip.account.USER_ID={{ jitsi_jigasi_sip_user }} -net.java.sip.communicator.impl.protocol.sip.account.KEEP_ALIVE_INTERVAL=25 -net.java.sip.communicator.impl.protocol.sip.account.KEEP_ALIVE_METHOD=OPTIONS -net.java.sip.communicator.impl.protocol.sip.account.VOICEMAIL_ENABLED=false -net.java.sip.communicator.impl.protocol.sip.account.OVERRIDE_ENCODINGS=false +net.java.sip.communicator.impl.protocol.sip.acc=acc +net.java.sip.communicator.impl.protocol.sip.acc.ACCOUNT_UID=SIP\:{{ jitsi_jigasi_sip_user }} +net.java.sip.communicator.impl.protocol.sip.acc.PASSWORD={{ jitsi_jigasi_sip_secret | b64encode }} +net.java.sip.communicator.impl.protocol.sip.acc.PROTOCOL_NAME=SIP +net.java.sip.communicator.impl.protocol.sip.acc.SERVER_ADDRESS={{ jitsi_jigasi_sip_server }} +net.java.sip.communicator.impl.protocol.sip.acc.USER_ID={{ jitsi_jigasi_sip_user }} +net.java.sip.communicator.impl.protocol.sip.acc.KEEP_ALIVE_INTERVAL=25 +net.java.sip.communicator.impl.protocol.sip.acc.KEEP_ALIVE_METHOD=OPTIONS +net.java.sip.communicator.impl.protocol.sip.acc.VOICEMAIL_ENABLED=false +net.java.sip.communicator.impl.protocol.sip.acc.OVERRIDE_ENCODINGS=false +net.java.sip.communicator.impl.protocol.sip.acc.DOMAIN_BASE={{ jitsi_domain }} {% else %} -# No SIP account configured, jigasi will be disabled +# No SIP acc configured, jigasi will be disabled {% endif %} # XMPP account +net.java.sip.communicator.impl.protocol.jabber.acc=acc +net.java.sip.communicator.impl.protocol.jabber.acc.ACCOUNT_UID=Jabber:jigasi@{{ jitsi_auth_domain }} +net.java.sip.communicator.impl.protocol.jabber.acc.USER_ID=jigasi@{{ jitsi_auth_domain }} +net.java.sip.communicator.impl.protocol.jabber.acc.IS_SERVER_OVERRIDDEN=true +net.java.sip.communicator.impl.protocol.jabber.acc.SERVER_ADDRESS={{ inventory_hostname }} +net.java.sip.communicator.impl.protocol.jabber.acc.PASSWORD={{ jitsi_jigasi_xmpp_pass | b64encode }} +net.java.sip.communicator.impl.protocol.jabber.acc.RESOURCE_PRIORITY=30 +net.java.sip.communicator.impl.protocol.jabber.acc.BREWERY=JigasiBrewery@internal.{{ jitsi_auth_domain }} +net.java.sip.communicator.impl.protocol.jabber.acc.DOMAIN_BASE={{ jitsi_domain }} + org.jitsi.jigasi.xmpp.acc.USER_ID=jigasi@auth.{{ jitsi_domain }} org.jitsi.jigasi.xmpp.acc.PASS={{ jitsi_jigasi_xmpp_pass }} org.jitsi.jigasi.xmpp.acc.ANONYMOUS_AUTH=false diff --git a/roles/jitsi/templates/jitsi-jigasi.service.j2 b/roles/jitsi/templates/jitsi-jigasi.service.j2 index 6ff1e65..eebd69f 100644 --- a/roles/jitsi/templates/jitsi-jigasi.service.j2 +++ b/roles/jitsi/templates/jitsi-jigasi.service.j2 @@ -18,10 +18,7 @@ RestartSec=30 ExecStart=/opt/jitsi/jigasi/jigasi.sh \ --configdir={{ jitsi_root_dir }}/etc \ --configdirname=jigasi \ - --host=${JIGASI_HOST} \ - --domain=${JIGASI_DOMAIN} \ - --subdomain=callcontrol \ - --secret=${JIGASI_SECRET} \ + --nocomponent=true \ ${JIGASI_OPT} [Install] diff --git a/roles/jitsi/templates/prosody.cfg.lua.j2 b/roles/jitsi/templates/prosody.cfg.lua.j2 index 2be433b..0ceec1e 100644 --- a/roles/jitsi/templates/prosody.cfg.lua.j2 +++ b/roles/jitsi/templates/prosody.cfg.lua.j2 @@ -1,5 +1,7 @@ muc_mapper_domain_base = "{{ jitsi_domain }}"; +admins = { "{{ jitsi_jicofo_xmpp_user }}@{{ jitsi_auth_domain }}" } +http_default_host = "{{ jitsi_domain }}" {% if jitsi_turn_secret is defined %} turncredentials_secret = "{{ jitsi_turn_secret }}"; @@ -55,25 +57,14 @@ VirtualHost "{{ jitsi_domain }}" } c2s_require_encryption = false allow_unencrypted_plain_auth = true + speakerstats_component = "speakerstats.{{ jitsi_domain }}" + conference_duration_component = "conferenceduration.{{ jitsi_domain }}" {% if jitsi_auth == 'ldap' %} -- Guest virtual domain VirtualHost "guest.{{ jitsi_domain }}" authentication = "anonymous" c2s_require_encryption = false - ssl = { - key = "{{ jitsi_key_path }}"; - certificate = "{{ jitsi_cert_path }}"; - } - modules_enabled = { - "bosh"; - "pubsub"; - "ping"; - "websocket"; - "turncredentials"; - "speakerstats"; - "conference_duration"; - } {% endif %} VirtualHost "{{ jitsi_auth_domain }}" @@ -81,27 +72,23 @@ VirtualHost "{{ jitsi_auth_domain }}" key = "{{ jitsi_key_path }}"; certificate = "{{ jitsi_cert_path }}"; } - authentication = "internal_plain" + authentication = "internal_hashed" c2s_require_encryption = false -admins = { "{{ jitsi_jicofo_xmpp_user }}@{{ jitsi_auth_domain }}" } - Component "conference.{{ jitsi_domain }}" "muc" + storage = "memory" + modules_enabled = { "ping"; } + muc_room_locking = false + muc_room_default_public_jids = true Component "internal.{{ jitsi_auth_domain }}" "muc" storage = "memory" modules_enabled = { "ping"; } - admins = { - "{{ jitsi_jicofo_xmpp_user }}@{{ jitsi_jicofo_xmpp_domain }}", - "{{ jitsi_videobridge_xmpp_user }}@{{ jitsi_videobridge_xmpp_domain }}" - } + muc_room_cache_size = 1000 Component "focus.{{ jitsi_domain }}" component_secret = "{{ jitsi_jicofo_xmpp_secret }}" -Component "callcontrol.{{ jitsi_domain }}" - component_secret = "{{ jitsi_jigasi_xmpp_secret }}" - Component "speakerstats.{{ jitsi_domain }}" "speakerstats_component" muc_component = "conference.{{ jitsi_domain }}" diff --git a/roles/jitsi_videobridge/defaults/main.yml b/roles/jitsi_videobridge/defaults/main.yml index ff0dc7b..c45c8e6 100644 --- a/roles/jitsi_videobridge/defaults/main.yml +++ b/roles/jitsi_videobridge/defaults/main.yml @@ -6,7 +6,6 @@ jitsi_user: jitsi jitsi_videobridge_git_url: https://github.com/jitsi/jitsi-videobridge.git jitsi_videobridge_harvester_port: 4443 -# This one cannot be changed jitsi_videobridge_rtp_port: 10000 jitsi_videobridge_src_ip: - 0.0.0.0/0 diff --git a/roles/jitsi_videobridge/tasks/cleanup.yml b/roles/jitsi_videobridge/tasks/cleanup.yml index 44fd7b3..d9d9061 100644 --- a/roles/jitsi_videobridge/tasks/cleanup.yml +++ b/roles/jitsi_videobridge/tasks/cleanup.yml @@ -4,5 +4,5 @@ file: path={{ item }} state=absent loop: - "{{ jitsi_root_dir }}/tmp/jitsi-videobridge-2.1-SNAPSHOT" - - "{{ jitsi_root_dir }}/tmp/jitsi-videobridge/target" + - "{{ jitsi_root_dir }}/src/jitsi-videobridge/target" tags: jitsi diff --git a/roles/jitsi_videobridge/tasks/install.yml b/roles/jitsi_videobridge/tasks/install.yml index 52b1dde..71d7c12 100644 --- a/roles/jitsi_videobridge/tasks/install.yml +++ b/roles/jitsi_videobridge/tasks/install.yml @@ -16,7 +16,7 @@ - name: Clone videobridge repo git: repo: "{{ jitsi_videobridge_git_url }}" - dest: "{{ jitsi_root_dir }}/tmp/videobridge" + dest: "{{ jitsi_root_dir }}/src/videobridge" force: True become_user: "{{ jitsi_user }}" register: jitsi_videobridge_git @@ -27,12 +27,12 @@ - name: Build videobridge command: /opt/maven/apache-maven/bin/mvn package -DskipTests -Dassembly.skipAssembly=false args: - chdir: "{{ jitsi_root_dir }}/tmp/videobridge" + chdir: "{{ jitsi_root_dir }}/src/videobridge" become_user: "{{ jitsi_user }}" - name: Extract videobridge archive unarchive: - src: "{{ jitsi_root_dir }}/tmp/videobridge/target/jitsi-videobridge-2.1-SNAPSHOT-archive.zip" + src: "{{ jitsi_root_dir }}/src/videobridge/target/jitsi-videobridge-2.1-SNAPSHOT-archive.zip" dest: "{{ jitsi_root_dir }}/tmp/" remote_src: True diff --git a/roles/jitsi_videobridge/templates/sip-communicator.properties.j2 b/roles/jitsi_videobridge/templates/sip-communicator.properties.j2 index bbae8df..759408b 100644 --- a/roles/jitsi_videobridge/templates/sip-communicator.properties.j2 +++ b/roles/jitsi_videobridge/templates/sip-communicator.properties.j2 @@ -1,7 +1,8 @@ org.jitsi.impl.neomedia.transform.srtp.SRTPCryptoContext.checkReplay=false +org.jitsi.videobridge.SINGLE_PORT_HARVESTER_PORT={{ jitsi_videobridge_rtp_port }} org.jitsi.videobridge.TCP_HARVESTER_PORT={{ jitsi_videobridge_harvester_port }} +org.jitsi.videobridge.DISABLE_TCP_HARVESTER=false org.ice4j.ipv6.DISABLED=true -org.ice4j.ice.harvest.DISABLE_AWS_HARVESTER=true {% if jitsi_external_ip is defined %} org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS={{ ansible_default_ipv4.address }} org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS={{ jitsi_external_ip }} @@ -9,11 +10,12 @@ org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS={{ jitsi_external_ip }} org.jitsi.videobridge.ENABLE_STATISTICS=true org.jitsi.videobridge.STATISTICS_TRANSPORT=muc +org.jitsi.videobridge.STATISTICS_INTERVAL=5000 -org.jitsi.videobridge.xmpp.user.xmppserver1.HOSTNAME={{ jitsi_xmpp_server }} -org.jitsi.videobridge.xmpp.user.xmppserver1.DOMAIN={{ jitsi_videobridge_xmpp_domain }} -org.jitsi.videobridge.xmpp.user.xmppserver1.USERNAME={{ jitsi_videobridge_xmpp_user }} -org.jitsi.videobridge.xmpp.user.xmppserver1.PASSWORD={{ jitsi_videobridge_xmpp_pass }} -org.jitsi.videobridge.xmpp.user.xmppserver1.MUC_JIDS=JvbBrewery@internal.{{ jitsi_auth_domain }} -org.jitsi.videobridge.xmpp.user.xmppserver1.MUC_NICKNAME={{ inventory_hostname | to_uuid }} +org.jitsi.videobridge.xmpp.user.acc1.HOSTNAME={{ jitsi_xmpp_server }} +org.jitsi.videobridge.xmpp.user.acc1.DOMAIN={{ jitsi_videobridge_xmpp_domain }} +org.jitsi.videobridge.xmpp.user.acc1.USERNAME={{ jitsi_videobridge_xmpp_user }} +org.jitsi.videobridge.xmpp.user.acc1.PASSWORD={{ jitsi_videobridge_xmpp_pass }} +org.jitsi.videobridge.xmpp.user.acc1.MUC_JIDS=JvbBrewery@internal.{{ jitsi_auth_domain }} +org.jitsi.videobridge.xmpp.user.acc1.MUC_NICKNAME={{ inventory_hostname }} diff --git a/roles/squid/files/acl/software_various.domains b/roles/squid/files/acl/software_various.domains index 080b1ed..3218c1e 100644 --- a/roles/squid/files/acl/software_various.domains +++ b/roles/squid/files/acl/software_various.domains @@ -216,6 +216,7 @@ coverartarchive.org # Zabbix repo.zabbix.com +git.zabbix.com # Maxming GeoIP updates.maxmind.com