summaryrefslogtreecommitdiff
path: root/roles/apps/jitsi
diff options
context:
space:
mode:
authorChristian Pointner <equinox@spreadspace.org>2020-03-29 03:56:01 +0200
committerChristian Pointner <equinox@spreadspace.org>2020-03-29 03:56:01 +0200
commite08af6ff2a528cd16b2999c242242826f30b8866 (patch)
tree99047b8b866f6181e2db85a8f5701904e7285abc /roles/apps/jitsi
parentnginx: add support for stream proxies (diff)
jisi meet: still not nice and not working at the moment
Diffstat (limited to 'roles/apps/jitsi')
-rw-r--r--roles/apps/jitsi/meet/defaults/main.yml1
-rw-r--r--roles/apps/jitsi/meet/tasks/main.yml31
-rw-r--r--roles/apps/jitsi/meet/templates/pod.yml.j2133
3 files changed, 141 insertions, 24 deletions
diff --git a/roles/apps/jitsi/meet/defaults/main.yml b/roles/apps/jitsi/meet/defaults/main.yml
index c1700046..7fec62c3 100644
--- a/roles/apps/jitsi/meet/defaults/main.yml
+++ b/roles/apps/jitsi/meet/defaults/main.yml
@@ -7,5 +7,6 @@ jitsi_meet_hostnames:
- meet.example.com
jitsi_meet_http_port: 8400
+jitsi_meet_jvb_port: 10000
jitsi_meet_timezone: Europe/Vienna
diff --git a/roles/apps/jitsi/meet/tasks/main.yml b/roles/apps/jitsi/meet/tasks/main.yml
index 387df3b8..2964b293 100644
--- a/roles/apps/jitsi/meet/tasks/main.yml
+++ b/roles/apps/jitsi/meet/tasks/main.yml
@@ -1,4 +1,28 @@
---
+- name: create jitsi-meet scripts subdirectories
+ loop:
+ - jicofo
+ - prosody
+ - web
+ - jvb
+ file:
+ path: "{{ jitsi_meet_base_path }}/{{ jitsi_meet_inst_name }}/scripts/{{ item }}"
+ state: directory
+
+- name: generate prosody cont-init.d script
+ copy:
+ content: |
+ #!/usr/bin/with-contenv bash
+ sed -e 's#^\(component_interface\s*=\)#-- \1#g' -i /config/prosody.cfg.lua
+ dest: "{{ jitsi_meet_base_path }}/{{ jitsi_meet_inst_name }}/scripts/prosody/cont-init.sh"
+ mode: 0755
+
+- name: generate pod manifests
+ template:
+ src: "pod.yml.j2"
+ dest: "/etc/kubernetes/manifests/jitsi-meet-{{ jitsi_meet_inst_name }}.yml"
+ mode: 0600
+
- name: configure nginx vhost
vars:
nginx_vhost:
@@ -6,12 +30,7 @@
template: generic-proxy-no-buffering-with-acme
acme: true
hostnames: "{{ jitsi_meet_hostnames }}"
+ client_max_body_size: "0"
proxy_pass: "http://127.0.0.1:{{ jitsi_meet_http_port }}"
include_role:
name: nginx/vhost
-
-- name: generate pod manifests
- template:
- src: "pod.yml.j2"
- dest: "/etc/kubernetes/manifests/jitsi-meet-{{ jitsi_meet_inst_name }}.yml"
- mode: 0600
diff --git a/roles/apps/jitsi/meet/templates/pod.yml.j2 b/roles/apps/jitsi/meet/templates/pod.yml.j2
index 685a31f2..3efd007b 100644
--- a/roles/apps/jitsi/meet/templates/pod.yml.j2
+++ b/roles/apps/jitsi/meet/templates/pod.yml.j2
@@ -3,18 +3,37 @@ kind: Pod
metadata:
name: "jitsi-meet-{{ jitsi_meet_inst_name }}"
spec:
+ initContainers:
+ - name: prepare-config
+ image: busybox
+ workingDir: /config
+ command:
+ - sh
+ - -c
+ - mkdir -p jicofo prosody web jvb
+ volumeMounts:
+ - name: config
+ mountPath: /config
containers:
- name: jicofo
image: "jitsi/jicofo:{{ jitsi_meet_version }}"
+ resources:
+ limits:
+ memory: "5Gi"
+ volumeMounts:
+ - name: config
+ subPath: jicofo
+ mountPath: /config
env:
- name: XMPP_SERVER
- value: localhost
+ value: 127.0.0.1
- name: XMPP_DOMAIN
value: meet.jitsi
- name: XMPP_AUTH_DOMAIN
value: auth.meet.jitsi
- name: XMPP_INTERNAL_MUC_DOMAIN
value: internal-muc.meet.jitsi
+
- name: JICOFO_COMPONENT_SECRET
{# TODO: hardcoded value #}
value: "jicofo_component_secret"
@@ -23,12 +42,25 @@ spec:
- name: JICOFO_AUTH_PASSWORD
{# TODO: hardcoded value #}
value: "jicofo_auth_password"
- - name: TZ
- value: {{ jitsi_meet_timezone }}
+
- name: JVB_BREWERY_MUC
value: jvbbrewery
+
+ - name: TZ
+ value: {{ jitsi_meet_timezone }}
+
- name: prosody
image: "jitsi/prosody:{{ jitsi_meet_version }}"
+ resources:
+ limits:
+ memory: "512Mi"
+ volumeMounts:
+ - name: scripts
+ subPath: prosody/cont-init.sh
+ mountPath: /etc/cont-init.d/99-k8s
+ - name: config
+ subPath: prosody
+ mountPath: /config
env:
- name: XMPP_DOMAIN
value: meet.jitsi
@@ -38,33 +70,47 @@ spec:
value: muc.meet.jitsi
- name: XMPP_INTERNAL_MUC_DOMAIN
value: internal-muc.meet.jitsi
+
- name: JICOFO_COMPONENT_SECRET
{# TODO: hardcoded value #}
value: "jicofo_component_secret"
+ - name: JICOFO_AUTH_USER
+ value: focus
+ - name: JICOFO_AUTH_PASSWORD
+{# TODO: hardcoded value #}
+ value: "jicofo_auth_password"
+
- name: JVB_AUTH_USER
value: jvb
- name: JVB_AUTH_PASSWORD
{# TODO: hardcoded value #}
value: "jvb_auth_password"
- - name: JICOFO_AUTH_USER
- value: focus
-{# TODO: hardcoded value #}
- value: "jicofo_auth_password"
- - name: TZ
- value: {{ jitsi_meet_timezone }}
- name: JVB_TCP_HARVESTER_DISABLED
value: "true"
+
+ - name: TZ
+ value: {{ jitsi_meet_timezone }}
+
- name: web
image: "jitsi/web:{{ jitsi_meet_version }}"
+ resources:
+ limits:
+ memory: "1Gi"
+ ports:
+ - containerPort: 80
+ hostPort: {{ jitsi_meet_http_port }}
+ volumeMounts:
+ - name: config
+ subPath: web
+ mountPath: /config
env:
- name: DISABLE_HTTPS
value: "1"
- name: ENABLE_HTTP_REDIRECT
value: "0"
+
- name: XMPP_SERVER
- value: localhost
- - name: JICOFO_AUTH_USER
- value: focus
+ value: 127.0.0.1
- name: XMPP_DOMAIN
value: meet.jitsi
- name: XMPP_AUTH_DOMAIN
@@ -75,13 +121,64 @@ spec:
value: http://127.0.0.1:5280
- name: XMPP_MUC_DOMAIN
value: muc.meet.jitsi
- - name: TZ
- value: {{ jitsi_meet_timezone }}
+
+ - name: JICOFO_AUTH_USER
+ value: focus
+
- name: JVB_TCP_HARVESTER_DISABLED
value: "true"
+
+ - name: TZ
+ value: {{ jitsi_meet_timezone }}
+
+ - name: jvb
+ image: "jitsi/jvb:{{ jitsi_meet_version }}"
resources:
limits:
- memory: "1Gi"
- ports:
- - containerPort: 80
- hostPort: {{ jitsi_meet_http_port }}
+ memory: "5Gi"
+ volumeMounts:
+ - name: config
+ subPath: jvb
+ mountPath: /config
+ env:
+ - name: XMPP_SERVER
+ value: 127.0.0.1
+ - name: XMPP_DOMAIN
+ value: meet.jitsi
+ - name: XMPP_AUTH_DOMAIN
+ value: auth.meet.jitsi
+ - name: XMPP_INTERNAL_MUC_DOMAIN
+ value: internal-muc.meet.jitsi
+
+ - name: JICOFO_AUTH_USER
+ value: focus
+ - name: JICOFO_AUTH_PASSWORD
+{# TODO: hardcoded value #}
+ value: "jicofo_auth_password"
+
+ - name: JVB_AUTH_USER
+ value: jvb
+ - name: JVB_AUTH_PASSWORD
+{# TODO: hardcoded value #}
+ value: "jvb_auth_password"
+ - name: JVB_BREWERY_MUC
+ value: jvbbrewery
+ - name: JVB_PORT
+ value: "10000"
+ - name: JVB_TCP_HARVESTER_DISABLED
+ value: "true"
+ - name: JVB_STUN_SERVERS
+ value: stun.l.google.com:19302,stun1.l.google.com:19302,stun2.l.google.com:19302
+ - name: DOCKER_HOST_ADDRESS
+ value: "{{ ansible_default_ipv4.address }}"
+
+ - name: TZ
+ value: {{ jitsi_meet_timezone }}
+
+ volumes:
+ - name: scripts
+ hostPath:
+ path: "{{ jitsi_meet_base_path }}/{{ jitsi_meet_inst_name }}/scripts"
+ - name: config
+ emptyDir:
+ medium: Memory