Merge "Update colibri for all the JVBs"

changes/24/858224/1
Zuul 5 months ago committed by Gerrit Code Review
commit d442287c06

@ -1,3 +1,5 @@
meetpad_jvb_xmpp_server: "{{ hostvars['meetpad01.opendev.org'].ansible_host }}"
iptables_extra_public_udp_ports:
- 10000
iptables_extra_allowed_groups:
- {'protocol': 'tcp', 'port': '9090', 'group': 'meetpad'}

@ -6,3 +6,4 @@ iptables_extra_public_udp_ports:
- 10000
iptables_extra_allowed_groups:
- {'protocol': 'tcp', 'port': '5222', 'group': 'jvb'}
- {'protocol': 'tcp', 'port': '9090', 'group': 'meetpad'}

@ -11,6 +11,7 @@ services:
network_mode: host
volumes:
- ${CONFIG}/jvb:/config
- ${DEFAULTS}/jvb/jvb.conf:/defaults/jvb.conf
environment:
- DOCKER_HOST_ADDRESS
- PUBLIC_URL
@ -25,4 +26,7 @@ services:
- JVB_TCP_PORT
- JVB_STUN_SERVERS
- JVB_ENABLE_APIS
- JVB_KEYSTORE_PATH
- JVB_KEYSTORE_PASSWORD
- JVB_WS_SERVER_ID
- TZ

@ -136,6 +136,7 @@ services:
network_mode: host
volumes:
- ${CONFIG}/jvb:/config
- ${DEFAULTS}/jvb/jvb.conf:/defaults/jvb.conf
environment:
- DOCKER_HOST_ADDRESS
- PUBLIC_URL
@ -150,6 +151,9 @@ services:
- JVB_TCP_PORT
- JVB_STUN_SERVERS
- JVB_ENABLE_APIS
- JVB_KEYSTORE_PATH
- JVB_KEYSTORE_PASSWORD
- JVB_WS_SERVER_ID
- TZ
depends_on:
- prosody

@ -0,0 +1,117 @@
// This file originates from
// https://github.com/jitsi/docker-jitsi-meet/blob/stable-7648-4/jvb/rootfs/defaults/jvb.conf
// We have modified it to run an ssl https server instead of a normal http
// server.
{{ $COLIBRI_REST_ENABLED := .Env.COLIBRI_REST_ENABLED | default "false" | toBool -}}
{{ $ENABLE_COLIBRI_WEBSOCKET := .Env.ENABLE_COLIBRI_WEBSOCKET | default "1" | toBool -}}
{{ $ENABLE_OCTO := .Env.ENABLE_OCTO | default "0" | toBool -}}
{{ $ENABLE_MULTI_STREAM := .Env.ENABLE_MULTI_STREAM | default "true" | toBool -}}
{{ $JVB_DISABLE_STUN := .Env.JVB_DISABLE_STUN | default "0" | toBool -}}
{{ $JVB_STUN_SERVERS := .Env.JVB_STUN_SERVERS | default "meet-jit-si-turnrelay.jitsi.net:443" -}}
{{ $JVB_AUTH_USER := .Env.JVB_AUTH_USER | default "jvb" -}}
{{ $JVB_BREWERY_MUC := .Env.JVB_BREWERY_MUC | default "jvbbrewery" -}}
{{ $JVB_MUC_NICKNAME := .Env.JVB_MUC_NICKNAME | default .Env.HOSTNAME -}}
{{ $JVB_ADVERTISE_PRIVATE_CANDIDATES := .Env.JVB_ADVERTISE_PRIVATE_CANDIDATES | default "true" | toBool -}}
{{ $PUBLIC_URL_DOMAIN := .Env.PUBLIC_URL | default "https://localhost:8443" | trimPrefix "https://" | trimSuffix "/" -}}
{{ $SHUTDOWN_REST_ENABLED := .Env.SHUTDOWN_REST_ENABLED | default "false" | toBool -}}
{{ $WS_DOMAIN := .Env.JVB_WS_DOMAIN | default $PUBLIC_URL_DOMAIN -}}
{{ $WS_SERVER_ID := .Env.JVB_WS_SERVER_ID | default .Env.JVB_WS_SERVER_ID_FALLBACK -}}
{{ $XMPP_AUTH_DOMAIN := .Env.XMPP_AUTH_DOMAIN | default "auth.meet.jitsi" -}}
{{ $XMPP_INTERNAL_MUC_DOMAIN := .Env.XMPP_INTERNAL_MUC_DOMAIN | default "internal-muc.meet.jitsi" -}}
{{ $XMPP_PORT := .Env.XMPP_PORT | default "5222" -}}
{{ $XMPP_SERVER := .Env.XMPP_SERVER | default "xmpp.meet.jitsi" -}}
{{ $XMPP_SERVERS := splitList "," $XMPP_SERVER -}}
{{/* assign env from context, preserve during range when . is re-assigned */}}
{{ $ENV := .Env -}}
videobridge {
ice {
udp {
port = {{ .Env.JVB_PORT | default 10000 }}
}
advertise-private-candidates = {{ $JVB_ADVERTISE_PRIVATE_CANDIDATES }}
}
apis {
xmpp-client {
configs {
{{ range $index, $element := $XMPP_SERVERS -}}
{{ $SERVER := splitn ":" 2 $element }}
shard{{ $index }} {
HOSTNAME = "{{ $SERVER._0 }}"
PORT = "{{ $SERVER._1 | default $XMPP_PORT }}"
DOMAIN = "{{ $XMPP_AUTH_DOMAIN }}"
USERNAME = "{{ $JVB_AUTH_USER }}"
PASSWORD = "{{ $ENV.JVB_AUTH_PASSWORD }}"
MUC_JIDS = "{{ $JVB_BREWERY_MUC }}@{{ $XMPP_INTERNAL_MUC_DOMAIN }}"
MUC_NICKNAME = "{{ $JVB_MUC_NICKNAME }}"
DISABLE_CERTIFICATE_VERIFICATION = true
}
{{ end -}}
}
}
rest {
enabled = {{ $COLIBRI_REST_ENABLED }}
}
}
rest {
shutdown {
enabled = {{ $SHUTDOWN_REST_ENABLED }}
}
}
stats {
enabled = true
}
websockets {
enabled = {{ $ENABLE_COLIBRI_WEBSOCKET }}
domain = "{{ $WS_DOMAIN }}"
tls = true
server-id = "{{ $WS_SERVER_ID }}"
}
multi-stream {
enabled = {{ $ENABLE_MULTI_STREAM }}
}
http-servers {
private {
host = 0.0.0.0
}
public {
host = 0.0.0.0
tls-port = 9090
key-store-path={{ .Env.JVB_KEYSTORE_PATH }}
key-store-password={{ .Env.JVB_KEYSTORE_PASSWORD }}
}
}
{{ if $ENABLE_OCTO -}}
octo {
enabled = true
bind-address = "{{ .Env.JVB_OCTO_BIND_ADDRESS | default "0.0.0.0" }}"
public-address = "{{ .Env.JVB_OCTO_PUBLIC_ADDRESS }}"
bind-port = "{{ .Env.JVB_OCTO_BIND_PORT | default "4096" }}"
region = "{{ .Env.JVB_OCTO_REGION | default "europe" }}"
}
{{ end -}}
}
ice4j {
harvest {
mapping {
stun {
{{ if not $JVB_DISABLE_STUN -}}
addresses = [ "{{ join "\",\"" (splitList "," $JVB_STUN_SERVERS) }}" ]
{{ else -}}
enabled = false
{{ end -}}
}
static-mappings = [
{{ if .Env.DOCKER_HOST_ADDRESS -}}
{
local-address = "{{ .Env.LOCAL_ADDRESS }}"
public-address = "{{ .Env.DOCKER_HOST_ADDRESS }}"
}
{{ end -}}
]
}
}
}

@ -74,7 +74,7 @@ location ~ ^/colibri-ws/([a-zA-Z0-9-\._]+)/(.*) {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_pass http://$1:9090/colibri-ws/$1/$2$is_args$args;
proxy_pass https://$1:9090/colibri-ws/$1/$2$is_args$args;
}
{{ end }}

@ -21,12 +21,14 @@
state: directory
path: "/var/jitsi-meet/{{ item }}"
loop:
- jvb
- web
- web/nginx
- web/nginx/site-confs
- defaults
- defaults/web
- defaults/web/nginx
- defaults/jvb
# These files are interpreted by the container at startup and are templated
# using the frep tool. Ideally we'll keep the content in templates to a
@ -39,6 +41,10 @@
copy:
src: settings-config.js
dest: /var/jitsi-meet/defaults/web/settings-config.js
- name: Write jvb.conf config template
copy:
src: jvb.conf
dest: /var/jitsi-meet/defaults/jvb/jvb.conf
# This file appears to be consumed as is by the jitsi meet web process.
# No funny templating or replacement.
@ -47,6 +53,31 @@
src: interface_config.js
dest: /var/jitsi-meet/defaults/web/interface_config.js
# This prepares a keystore for the JVB websocket connection
- name: Install java for keytool
package:
name: openjdk-11-jre-headless
state: present
- name: Create keystore if it isn't present
command:
cmd: >
keytool -genkeypair
-alias {{ inventory_hostname }}.key
-keyalg RSA
-keysize 2048
-validity 3652
-keystore /var/jitsi-meet/jvb/jvb-keystore.store
-storepass {{ meetpad_jvb_keystore_password }}
stdin: |
Infra Root
OpenDev
Open Infra Foundation
Austin
Texas
US
yes
creates: /var/jitsi-meet/jvb/jvb-keystore.store
- name: Run docker-compose pull
shell:
cmd: docker-compose pull

@ -4,12 +4,16 @@
# Customized for OpenDev, all overrides go here (and remember to comment out
# any defaults from the example):
CONFIG=/var/jitsi-meet
DEFAULTS=/var/jitsi-meet/defaults
PUBLIC_URL=https://meetpad.opendev.org
XMPP_SERVER={{ meetpad_jvb_xmpp_server }}
XMPP_AUTH_DOMAIN=auth.localhost
XMPP_INTERNAL_MUC_DOMAIN=internal-muc.localhost
JVB_AUTH_PASSWORD={{ meetpad_jvb_auth_password }}
JVB_PORT=10000
JVB_KEYSTORE_PATH=/config/jvb-keystore.store
JVB_KEYSTORE_PASSWORD={{ meetpad_jvb_keystore_password }}
JVB_WS_SERVER_ID={{ inventory_hostname }}
# shellcheck disable=SC2034

@ -17,6 +17,9 @@ XMPP_INTERNAL_MUC_DOMAIN=internal-muc.localhost
XMPP_GUEST_DOMAIN=guest.localhost
JVB_AUTH_PASSWORD={{ meetpad_jvb_auth_password }}
JVB_PORT=10000
JVB_KEYSTORE_PATH=/config/jvb-keystore.store
JVB_KEYSTORE_PASSWORD={{ meetpad_jvb_keystore_password }}
JVB_WS_SERVER_ID={{ inventory_hostname }}
JICOFO_COMPONENT_SECRET={{ meetpad_jicofo_component_secret }}
JICOFO_AUTH_PASSWORD={{ meetpad_jicofo_auth_password }}
JIGASI_XMPP_PASSWORD={{ meetpad_jigasi_xmpp_password }}

@ -1 +1,2 @@
meetpad_jvb_auth_password: 8c64807830bcc7581821d3157899e3b0
meetpad_jvb_keystore_password: ateeweegoLee3aig5eish8aeraetiG

@ -1,4 +1,5 @@
meetpad_jvb_auth_password: 8c64807830bcc7581821d3157899e3b0
meetpad_jvb_keystore_password: ateeweegoLee3aig5eish8aeraetiG
meetpad_jicofo_component_secret: 3bcd6b4494d99de7ff7b64b931d394f6
meetpad_jicofo_auth_password: e0d9bceec264b78d8bf0022787f92498
meetpad_jigasi_xmpp_password: 2a8fb7ff7c59f09d94960f3fa15001fb

Loading…
Cancel
Save