panda/jitsi-quick
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

updated

Browse source
This commit is contained in:
panda 2022-11-04 00:12:37 +01:00
parent 52ae65763b
commit e940f4c817
16 changed files with 693 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
README.md
View file

@ -1,2 +1 @@
# jitsi-quick
# jitsi-quick

170
ansible-jitsi.yml Normal file
View file

@ -0,0 +1,170 @@
# playbook.yml:
---
- name: "common config"
hosts: localhost
connection: local
vars_files:
- variables.yml
tasks:
- name: "check the variable: hostname"
fail: msg="The variable 'hostname' in variables.yml, has to be set to somethings else than CHANGEME"
when: '"CHANGEME" in hostname'
- name: change hostname on myserver to {{ hostname }}
hostname:
name: "{{ hostname }}"
- name: add myself to /etc/hosts
lineinfile:
dest: /etc/hosts
regexp: '^127\.0\.0\.1[ \t]+localhost'
line: '127.0.0.1 localhost {{ hostname }}'
state: present
- name: Set timezone to {{ timezone }}
timezone:
name: "{{ timezone }}"
# - name: "copy influxdb.repo"
# copy:
# backup: yes
# src: "{{ playbook_dir }}/repo/influxdb.repo"
# dest: /etc/yum.repos.d/influxdb.repo
# owner: root
# group: root
# mode: '0644'
# when: ansible_distribution == 'Amazon'
#
# - name: download repo
# shell: sed -i "s/\$releasever/$(rpm -E %{rhel})/g" /etc/yum.repos.d/influxdb.repo
# when: ansible_distribution == 'Amazon'
#
#
# - name: Update cache and install a list of COMMON packages with a list variable
# ansible.builtin.yum:
# name: "{{ packages }}"
# update_cache: true
# vars:
# packages:
# - telegraf
# - wget
# when: ansible_distribution == 'CentOS'
#
# - name: Install docker on CentOS (tested on 7)
# ansible.builtin.yum:
# name: "{{ packages }}"
# vars:
# packages:
# - containerd.io
# - docker-ce
# - docker-ce-cli
# when: ansible_distribution == 'CentOS'
#
# - name: Install docker on AmazonLinux (tested on v2)
# ansible.builtin.yum:
# name: "{{ packages }}"
# vars:
# packages:
# - docker
# when: ansible_distribution == 'Amazon'
- name: "telegraf"
hosts: localhost
connection: local
roles:
- telegraf
# when: (ansible_distribution == 'Debian') or (ansible_distribution == 'Ubuntu')
- name: "docker"
hosts: localhost
connection: local
roles:
- docker
# when: (ansible_distribution == 'Debian') or (ansible_distribution == 'Ubuntu')
- name: "copy telegraf.conf"
copy:
backup: yes
src: "{{ playbook_dir }}/repo/telegraf.conf"
dest: /etc/telegraf/telegraf.conf
owner: root
group: root
mode: '0644'
- name: "copy telegraf.d/jitsi.conf"
copy:
backup: yes
src: "{{ playbook_dir }}/repo/telegraf_jitsi.conf"
dest: /etc/telegraf/telegraf.d/jitsi.conf
owner: root
group: root
mode: '0644'
- name: Reload telegraf and enable it onboot
ansible.builtin.service:
name: telegraf
state: reloaded
enabled: yes
### Blocco usato per recuperare automaticamente l'ultima versione stabile di docker-jitsi-meet in quanto un clone del repo senza tag fa usare versioni unstable
### e' stato commentato in quanto la versione viene definita nelle variabili in modo da poterla tracciare e validare il playbook
#
# - name: retrieve docker-jitsi-meet latest stable tag
# shell: curl -s https://api.github.com/repos/jitsi/docker-jitsi-meet/releases/latest | grep tag_name | cut -d '"' -f 4
# register: jitsi_latest_stable
# delegate_to: 127.0.0.1
# run_once: true
#
# - set_fact:
# jitsi_latest_stable={{ jitsi_latest_stable.stdout }}
- name: checkout docker-jitsi-meet git repo latest stable tag {{ jitsi_latest_stable }}
ansible.builtin.git:
repo: 'https://github.com/jitsi/docker-jitsi-meet'
dest: /root/docker-jitsi-meet
version: "{{ jitsi_latest_stable }}"
## Per aggiunta plugin moderazione
#
# - name: checkout moderation plugin git repo
# ansible.builtin.git:
# repo: 'https://github.com/nvonahsen/jitsi-token-moderation-plugin'
# dest: /root/jitsi-token-moderation-plugin
- name: copy configfile
template:
src: repo/env.j2
dest: /root/docker-jitsi-meet/.env
- name: generate new passwords for internal jitsi components
ansible.builtin.shell: /root/docker-jitsi-meet/gen-passwords.sh
args:
chdir: /root/docker-jitsi-meet/
- name: pull, build and start jitsi
ansible.builtin.shell: docker-compose up -d
args:
chdir: /root/docker-jitsi-meet/
- name: pausa di 45 secondi per la fine del deploy di jitsi
ansible.builtin.pause:
seconds: 45
## Per aggiunta plugin moderazione
#
# - name: stop jitsi
# ansible.builtin.shell: docker-compose stop
# args:
# chdir: /root/docker-jitsi-meet/
#
# - name: copy moderation plugin to it's correct folder
# ansible.builtin.shell: cp jitsi-token-moderation-plugin/mod_token_moderation.lua .jitsi-meet-cfg/prosody/prosody-plugins-custom/ && chown 101 .jitsi-meet-cfg/prosody/prosody-plugins-custom/mod_token_moderation.lua
# args:
# chdir: /root/
#
# - name: start jitsi
# ansible.builtin.shell: docker-compose start
# args:
# chdir: /root/docker-jitsi-meet/

229
repo/env.j2 Normal file
View file

@ -0,0 +1,229 @@
# shellcheck disable=SC2034
################################################################################
################################################################################
# Welcome to the Jitsi Meet Docker setup!
#
# This sample .env file contains some basic options to get you started.
# The full options reference can be found here:
# https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker
################################################################################
################################################################################
#
# Basic configuration options
#
# Directory where all configuration will be stored
CONFIG=~/.jitsi-meet-cfg
# Exposed HTTP port
HTTP_PORT={{ jitsi_http_port }}
# Exposed HTTPS port
HTTPS_PORT={{ jitsi_https_port }}
# System me zone
TZ=Europe/Rome
# Public URL for the web service (required)
PUBLIC_URL=https://{{ jitsi_http_domain }}
# IP address of the Docker host
# See the "Running behind NAT or on a LAN environment" section in the Handbook:
# https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker#running-behind-nat-or-on-a-lan-environment
DOCKER_HOST_ADDRESS={{ ansible_default_ipv4.address }}
#
# JaaS Components (beta)
# https://jaas.8x8.vc
#
# Enable JaaS Components (hosted Jigasi)
#ENABLE_JAAS_COMPONENTS=0
#
# Let's Encrypt configuration
#
# Enable Let's Encrypt certificate generation
ENABLE_LETSENCRYPT=1
# Domain for which to generate the certificate
LETSENCRYPT_DOMAIN={{ jitsi_http_domain }}
# E-Mail for receiving important account notifications (mandatory)
LETSENCRYPT_EMAIL={{ jitsi_letsencrypt_email }}
# Use the staging server (for avoiding rate limits while testing)
LETSENCRYPT_USE_STAGING=0
# Show a prejoin page before entering a conference
ENABLE_PREJOIN_PAGE=0
# Enable the welcome page
ENABLE_WELCOME_PAGE=0
#
# Etherpad integration (for document sharing)
#
# Set etherpad-lite URL in docker local network (uncomment to enable)
#ETHERPAD_URL_BASE=http://etherpad.meet.jitsi:9001
# Set etherpad-lite public URL, including /p/ pad path fragment (uncomment to enable)
#ETHERPAD_PUBLIC_URL=https://etherpad.my.domain/p/
# Name your etherpad instance!
ETHERPAD_TITLE=Video Chat
# The default text of a pad
ETHERPAD_DEFAULT_PAD_TEXT="Welcome to Web Chat!\n\n"
# Name of the skin for etherpad
ETHERPAD_SKIN_NAME=colibris
# Skin variants for etherpad
ETHERPAD_SKIN_VARIANTS="super-light-toolbar super-light-editor light-background full-width-editor"
#
# Basic Jigasi configuration options (needed for SIP gateway support)
#
# SIP URI for incoming / outgoing calls
#JIGASI_SIP_URI=test@sip2sip.info
# Password for the specified SIP account as a clear text
#JIGASI_SIP_PASSWORD=passw0rd
# SIP server (use the SIP account domain if in doubt)
#JIGASI_SIP_SERVER=sip2sip.info
# SIP server port
#JIGASI_SIP_PORT=5060
# SIP server transport
#JIGASI_SIP_TRANSPORT=UDP
#
# Authentication configuration (see handbook for details)
#
# Enable authentication
ENABLE_AUTH=0
# Enable guest access
ENABLE_GUESTS=1
# Select authentication type: internal, jwt, ldap or matrix
AUTH_TYPE=jwt
# JWT authentication
#
# Application identifier
#JWT_APP_ID={{ jitsi_jwt_app_id }}
# Application secret known only to your token generator
#JWT_APP_SECRET={{ jitsi_jwt_app_secret }}
# (Optional) Set asap_accepted_issuers as a comma separated list
#JWT_ACCEPTED_ISSUERS={{ jitsi_jwt_accepted_audiences }}
# (Optional) Set asap_accepted_audiences as a comma separated list
#JWT_ACCEPTED_AUDIENCES=my_server1,my_server2
# LDAP authentication (for more information see the Cyrus SASL saslauthd.conf man page)
#
# LDAP url for connection
#LDAP_URL=ldaps://ldap.domain.com/
# LDAP base DN. Can be empty
#LDAP_BASE=DC=example,DC=domain,DC=com
# LDAP user DN. Do not specify this parameter for the anonymous bind
#LDAP_BINDDN=CN=binduser,OU=users,DC=example,DC=domain,DC=com
# LDAP user password. Do not specify this parameter for the anonymous bind
#LDAP_BINDPW=LdapUserPassw0rd
# LDAP filter. Tokens example:
# %1-9 - if the input key is user@mail.domain.com, then %1 is com, %2 is domain and %3 is mail
# %s - %s is replaced by the complete service string
# %r - %r is replaced by the complete realm string
#LDAP_FILTER=(sAMAccountName=%u)
# LDAP authentication method
#LDAP_AUTH_METHOD=bind
# LDAP version
#LDAP_VERSION=3
# LDAP TLS using
#LDAP_USE_TLS=1
# List of SSL/TLS ciphers to allow
#LDAP_TLS_CIPHERS=SECURE256:SECURE128:!AES-128-CBC:!ARCFOUR-128:!CAMELLIA-128-CBC:!3DES-CBC:!CAMELLIA-128-CBC
# Require and verify server certificate
#LDAP_TLS_CHECK_PEER=1
# Path to CA cert file. Used when server certificate verify is enabled
#LDAP_TLS_CACERT_FILE=/etc/ssl/certs/ca-certificates.crt
# Path to CA certs directory. Used when server certificate verify is enabled
#LDAP_TLS_CACERT_DIR=/etc/ssl/certs
# Wether to use starttls, implies LDAPv3 and requires ldap:// instead of ldaps://
# LDAP_START_TLS=1
#
# Security
#
# Set these to strong passwords to avoid intruders from impersonating a service account
# The service(s) won't start unless these are specified
# Running ./gen-passwords.sh will update .env with strong passwords
# You may skip the Jigasi and Jibri passwords if you are not using those
# DO NOT reuse passwords
#
# XMPP password for Jicofo client connections
JICOFO_AUTH_PASSWORD=
# XMPP password for JVB client connections
JVB_AUTH_PASSWORD=
# XMPP password for Jigasi MUC client connections
JIGASI_XMPP_PASSWORD=
# XMPP recorder password for Jibri client connections
JIBRI_RECORDER_PASSWORD=
# XMPP password for Jibri client connections
JIBRI_XMPP_PASSWORD=
## Per aggiunta plugin moderazione:
#XMPP_MUC_MODULES=token_moderation
#
# Docker Compose options
#
# Container restart policy
RESTART_POLICY=unless-stopped
# Jitsi image version (useful for local development)
#JITSI_IMAGE_VERSION=latest
ENABLE_HTTP_REDIRECT=1
ENABLE_IPV6=0
COLIBRI_REST_ENABLED=true
#Per modifica toolbar:
#TOOLBAR_BUTTONS=camera,closedcaptions,desktop,download,feedback,filmstrip,fullscreen,hangup,help,invite,microphone,mute-everyone,mute-video-everyone,participants-pane,profile,raisehand,security,settings,shareaudio,shortcuts,stats,tileview,toggle-camera,videoquality

6
repo/influxdb.repo Normal file
View file

@ -0,0 +1,6 @@
[influxdb]
name = InfluxDB Repository - RHEL \$releasever
baseurl = https://repos.influxdata.com/rhel/\$releasever/\$basearch/stable
enabled = 1
gpgcheck = 1
gpgkey = https://repos.influxdata.com/influxdb.key

12
repo/telegraf.conf Normal file
View file

@ -0,0 +1,12 @@
[global_tags]
[agent]
interval = "10s"
round_interval = true
metric_batch_size = 1000
metric_buffer_limit = 10000
collection_jitter = "0s"
flush_interval = "10s"
flush_jitter = "0s"
precision = ""
hostname = ""
omit_hostname = false

12
repo/telegraf_jitsi.conf Normal file
View file

@ -0,0 +1,12 @@
[[inputs.http]]
name_override = "jitsi_stats"
urls = [
"http://127.0.0.1:8080/colibri/stats"
]
data_format = "json"
[[outputs.influxdb]]
urls = ["http://192.168.100.10:8086"] # required
database = "telegraf" # required
retention_policy = ""
write_consistency = "any"
timeout = "5s"

18
roles/docker/tasks/amazon.yml Normal file
View file

@ -0,0 +1,18 @@
- name: Install docker on AmazonLinux (tested on v2)
ansible.builtin.yum:
name: "{{ packages }}"
vars:
packages:
- docker
- name: download compose
shell: curl -s https://api.github.com/repos/docker/compose/releases/latest | grep browser_download_url | grep docker-compose-linux-x86_64 | grep -v sha256 | cut -d '"' -f 4 | wget -O /usr/local/bin/docker-compose -qi -
- name: make compose executable
shell: chmod +x /usr/local/bin/docker-compose
- name: Reload docker and enable it onboot
ansible.builtin.service:
name: docker
state: reloaded
enabled: yes

20
roles/docker/tasks/centos.yml Normal file
View file

@ -0,0 +1,20 @@
- name: Install docker on CentOS (tested on 7)
ansible.builtin.yum:
name: "{{ packages }}"
vars:
packages:
- containerd.io
- docker-ce
- docker-ce-cli
- name: download compose
shell: curl -s https://api.github.com/repos/docker/compose/releases/latest | grep browser_download_url | grep docker-compose-linux-x86_64 | grep -v sha256 | cut -d '"' -f 4 | wget -O /usr/local/bin/docker-compose -qi -
- name: make compose executable
shell: chmod +x /usr/local/bin/docker-compose
- name: Reload docker and enable it onboot
ansible.builtin.service:
name: docker
state: reloaded
enabled: yes

42
roles/docker/tasks/debian.yml Normal file
View file

@ -0,0 +1,42 @@
- name: Include variables
include_vars:
file: "../../../variables.yml"
- name: Install docker prerequsistes
apt:
pkg:
- apt-transport-https
- ca-certificates
- curl
- software-properties-common
- gnupg-agent
- name: Add docker repo key
shell: curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add -
- name: add repo for docker
shell: echo "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list
- name: Update repositories cache
apt:
update_cache: yes
- name: install docker
apt:
pkg:
- docker-ce
#install compose:
- name: download compose
# shell: curl -L https://github.com/docker/compose/releases/download/{{ compose_ver }}/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
shell: curl -s https://api.github.com/repos/docker/compose/releases/latest | grep browser_download_url | grep docker-compose-linux-x86_64 | grep -v sha256 | cut -d '"' -f 4 | wget -O /usr/local/bin/docker-compose -qi -
- name: make compose executable
shell: chmod +x /usr/local/bin/docker-compose
- name: Reload docker and enable it onboot
ansible.builtin.service:
name: docker
state: reloaded
enabled: yes

13
roles/docker/tasks/main.yml Normal file
View file

@ -0,0 +1,13 @@
---
- include: ubuntu.yml
when: ansible_distribution == 'Ubuntu'
- include: debian.yml
when: ansible_distribution == 'Debian'
- include: centos.yml
when: ansible_distribution == 'CentOS'
- include: amazon.yml
when: ansible_distribution == 'Amazon'

41
roles/docker/tasks/ubuntu.yml Normal file
View file

@ -0,0 +1,41 @@
- name: Include variables
include_vars:
file: "../../../variables.yml"
- name: Install docker prerequsistes
apt:
pkg:
- apt-transport-https
- ca-certificates
- curl
- software-properties-common
- name: Add docker repo key
shell: curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
- name: add repo for docker
shell: echo "deb [arch=amd64] https://download.docker.com/linux/ubuntu bionic stable" | tee /etc/apt/sources.list.d/docker.list
- name: Update repositories cache
apt:
update_cache: yes
- name: telegraf
apt:
pkg:
- docker-ce
#install compose:
- name: download compose
# shell: curl -L https://github.com/docker/compose/releases/download/{{ compose_ver }}/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
shell: curl -s https://api.github.com/repos/docker/compose/releases/latest | grep browser_download_url | grep docker-compose-linux-x86_64 | grep -v sha256 | cut -d '"' -f 4 | wget -O /usr/local/bin/docker-compose -qi -
- name: make compose executable
shell: chmod +x /usr/local/bin/docker-compose
- name: Reload docker and enable it onboot
ansible.builtin.service:
name: docker
state: reloaded
enabled: yes

20
roles/telegraf/tasks/amazon.yml Normal file
View file

@ -0,0 +1,20 @@
- name: "copy influxdb.repo"
copy:
backup: yes
src: "{{ playbook_dir }}/repo/influxdb.repo"
dest: /etc/yum.repos.d/influxdb.repo
owner: root
group: root
mode: '0644'
- name: download repo
shell: sed -i "s/\$releasever/$(rpm -E %{rhel})/g" /etc/yum.repos.d/influxdb.repo
- name: Update cache and install a list of COMMON packages with a list variable
ansible.builtin.yum:
name: "{{ packages }}"
update_cache: true
vars:
packages:
- telegraf
- wget

8
roles/telegraf/tasks/centos.yml Normal file
View file

@ -0,0 +1,8 @@
- name: Update cache and install a list of COMMON packages with a list variable
ansible.builtin.yum:
name: "{{ packages }}"
update_cache: true
vars:
packages:
- telegraf
- wget

61
roles/telegraf/tasks/debian.yml Normal file
View file

@ -0,0 +1,61 @@
- name: Install telegraf prerequsistes
apt:
pkg:
- apt-transport-https
- curl
- name: Add influx repo key
shell: curl -sL https://repos.influxdata.com/influxdb.key | apt-key add -
#- name: Check system version
# shell: source /etc/os-release
# args:
# executable: /bin/bash
#
#- set_fact: VERSION_ID="{{ lookup('env','VERSION_ID') }}"
- name: memorize debian version variable
shell: cat /etc/debian_version | cut -d. -f1
register: debian_version
- set_fact:
debian_version={{ debian_version.stdout }}
- name: add repo for debian 7
when: "{{ debian_version }} == 7"
shell: echo "deb https://repos.influxdata.com/debian wheezy stable" | tee /etc/apt/sources.list.d/influxdb.list
- name: add repo for debian 8
when: "{{ debian_version }} == 8"
shell: echo "deb https://repos.influxdata.com/debian jessie stable" | tee /etc/apt/sources.list.d/influxdb.list
- name: add repo for debian 9
when: "{{ debian_version }} == 9"
shell: echo "deb https://repos.influxdata.com/debian stretch stable" | tee /etc/apt/sources.list.d/influxdb.list
- name: Update repositories cache
apt:
update_cache: yes
- name: telegraf
apt:
pkg:
- telegraf
#- name: create telegraf basic config
# shell: telegraf -sample-config -input-filter cpu:mem:swap:net:netstat:disk:diskio:docker:system:processes:kernel:sysstat:conntrack:nstat:iptables:sensors -output-filter influxdb > /etc/telegraf/telegraf.conf
- name: restart telegraf
systemd:
state: restarted
name: telegraf
- name: restart telegraf
systemd:
enabled: yes
name: telegraf
- name: display help next steps
vars:
contents: "{{ lookup('file', 'repo/telegraf_settings') }}"
debug: msg="{{ contents.split('\n') }}"

11
roles/telegraf/tasks/main.yml Normal file
View file

@ -0,0 +1,11 @@
---
- include: debian.yml
when: ansible_distribution == 'Debian'
- include: centos.yml
when: ansible_distribution == 'CentOS'
- include: amazon.yml
when: ansible_distribution == 'Amazon'

29
variables.yml Normal file
View file

@ -0,0 +1,29 @@
#CAMBIARE:
hostname: jitsi-test01
#
timezone: Europe/Rome
#
jitsi_latest_stable: stable-7648-3
#
jitsi_http_port: 80
jitsi_https_port: 443
jitsi_http_domain: test.domain.net
jitsi_letsencrypt_email: something@domain.net
#per generare le password eseguire:
#tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1
#generare una password e mettere il nome dell'istanza in fondo, es per mauriziano: awgb3g012hvbkh3[...]8t2y_jitsi_mauriziano
#
#jitsi_jwt_app_id: "AAAAA"
#generare una password
#
#jitsi_jwt_app_secret: "BBBBB"
#generare una password per ogni utilizzatore e mettere in fondo il nome, es per mauriziano awgb3g012hvbkh3[...]8t2y_mauriziano
#questo serve perche' sulle istanze shared avremo piu' clienti e cosi' possiamo invalidare gli accessi e capire chi sta usando quale accesso
#separare le diverse stringhe con una virgola, no spazi
#
#jitsi_jwt_accepted_audiences: "CCCCC,DDDDD"