diff options
-rw-r--r-- | dan/host_vars/sk-cloudia.yml | 83 | ||||
-rw-r--r-- | dan/sk-cloudia.yml | 1 | ||||
-rw-r--r-- | inventory/host_vars/sk-cloudia/coturn.yml | 12 | ||||
-rw-r--r-- | inventory/host_vars/sk-cloudia/vars.yml | 1 | ||||
-rw-r--r-- | roles/apps/coturn/defaults/main.yml | 16 | ||||
-rw-r--r-- | roles/apps/coturn/tasks/main.yml | 30 | ||||
-rw-r--r-- | roles/apps/coturn/templates/pod.yml.j2 | 37 | ||||
-rw-r--r-- | roles/apps/coturn/templates/turnserver.conf.j2 | 27 |
8 files changed, 168 insertions, 39 deletions
diff --git a/dan/host_vars/sk-cloudia.yml b/dan/host_vars/sk-cloudia.yml index 92b2e9d8..cb562756 100644 --- a/dan/host_vars/sk-cloudia.yml +++ b/dan/host_vars/sk-cloudia.yml @@ -1,40 +1,45 @@ $ANSIBLE_VAULT;1.2;AES256;dan -37323937636238366563323164653661623037363564336634656237363666666131636136316266 -3830643465336465326466373032626434386532326431370a386461333562666161636363333166 -35646237656536376562376236343639623630643236363537633234356461333530323131306161 -6262656630326161320a656239316333663263616435343466646236633233393061653138363138 -62306437636361616261636438613630393563613464303930613532666337363930353531383337 -39306132343833313863633832306536383930383038323536383232653939386339376166323435 -66306464393138643338613034333837613139356666616138366138633963383432626331323637 -35343037383935666634333836326233333534633966336434356431616335646266646139336533 -65356663363462313033303761653364643335653235396563383132326666656334616334643533 -35646633316238316361656362366237666566666666323136663064383566343333313536373765 -33323036616639323837396637396431323735386633393939383733373735383566623238313961 -35363939623336333030393337346137666664376463316135356464376336643339633136373530 -32613139666539306363616166386364333065656331623232646564343038653136386361353435 -36626135393135653066386265383463336464613138343533353231623430316466643934363963 -37393561373331346536333537323934643262656239316164386465303830363337343066353732 -62396264643831356261643663386231623566333863343030306531626365393435336462643662 -65643039353633346363363437373636663335613231636531653464636233393737316332663130 -30366632393964326235333939383465653666386235313036626564366339366430663136396335 -38626337663065396532336239346138356664623831396234663864623165353463663761386530 -31366332393034333833393639343838326533643365663239373337363331616532343662306231 -39363634373438666563626463383338316132333431353339366463626463336632643639336366 -35626435353130626161386565376639383335666535323466353235393538363061383433313931 -62356138353333623830333366616633343330376664633938303462346433343438333665653432 -35653135333262616566313362383732313038363437663966353161333335373336343733383336 -30656330346639306161393138303239633337323431633732373630636162613033366162333566 -36346564666339316130666466353536333139613136393335656638373336336239383139626634 -63333931663736336238653432636436393039383035326163383135303039313066666331306132 -30333536623239343464656561393439383039323364393533633561653061303866633433346161 -65626439666538643861636333366666336233636163356435336631393532366639306537303437 -33613037373566313065333430356435643066336130633562633938373634333836393766636561 -65633238313761346465396563613231653034313931653735306165656562396137333837616530 -66636437323863343835333232623462616561653962326237333439653764616437376334643337 -39396138323662316364303661303730363963306531636464666236663765333036373536663161 -64313132363331653734353337376331643736336236363166373965636563636263623738316163 -66326232623065633636366438346331373331373533636637353063616364373161303530396665 -37353137613338356665666636326163663666343036316533393633653666353766646362356436 -64636233303963356664353061663330613461363363356337326138393264623335663835663935 -33623535313534346438663735396237633437616564373439373361323934316363663435393036 -313236383162313066303936366437646137 +32316534633463613730326466393338623965366462663938343530666238323633373330653533 +3736313331326633636432313135626631316135376462390a626334306165396166373965363730 +66366264663839363765393361633937363736333466323031613839383138306232356136323738 +3763303136356230610a383330373630666261646166643735333563663836383034306432343639 +62656265663066393437633538646561316634626233646666616532616166636330663861323561 +62323261356139653231386338663832643633643966343463323433316335353465303337313862 +65663631373861343830666164343931373233336662616233653835646466666533653939623836 +36363166373532646434653763303837613232366333393961653236633264653835386463396165 +35303735653961633634663437333332306138666463323362613234653064323763613235653839 +34336434373831653162363665643666333466356564373365326366646536393137303661653030 +35323838393333613439343139623535373964303063613735356364623837646334626462303761 +62393039326562323131623636326163393037646264396533326239396236343764646264303633 +34666261646464313964346630303132393238326530363433626661313836636632653434393935 +61643162363561346338393763313236623961383930396231626531393362653932626365386163 +30363463303564316565393862613666313234623832646361353762636334643838636663343162 +31626162323238663031623135613636353765373761353836373732333264313937666537303763 +62373931616533383131303935643265616565663063376665623965326535613164323039353931 +38643061623934623233346632326432643835633230656137643839343663643666323162303939 +38653361366161353031356134336236346662646563306366333635393763306530623663396465 +36356365333036376438333166363839313561623238633366663734656466343063343661343061 +34643534353738363361363465363239633665613562316136313964636139623865326465396539 +34303034346665316531336262666433336364313364306131646266376263376566326231663532 +37316638303337613334343034353332323735643235373963646134646163306166346337336233 +62333362346238663663646464336133613931373661616634363739373930323539613962393966 +37373234373437636131316432623732616534383430633262636331363165643536663763353462 +38666666343237636634383164636136323535323265666163373033373034353930366535333733 +30363133623365366232393464393365636565346231383531376235626464336536653062346132 +30613634653039303332373330356235386538636233353463393963333134396437383565323032 +38663937653635313135626166343831333839623830323836646232383661376235356436356439 +30653764366261303839643139376238653365633635353337373738383862633963366333656234 +66663765656235336136303639303164326236306164633133336330666364396161663438663965 +37356364373263373732353466636263643034373962633065346666346433343732663461373236 +30643765646262333431393762366130326532623232306138323733353762303834336333626439 +32643561326238653861633964376430633366623833336262323164633661343832663932303238 +64663936303634326338646464323330326234626537333063366233303663323736336566356563 +64333738353230313336306534646163393639356662666261363134633135643465383132313162 +32633035653332333631323034613262333064346164646263336539346463396233633835363038 +38633032333035333435343237636636343937616338323963333232373038373762633466363661 +32623865663236386666326531303936313466373465366665303136643531633237313835353338 +32336163363732626161663032653135663237386465323431303339333663653938623735383532 +39613761643763613433373836326637663461636339653239393832616139306361346139303135 +62393535303263363838646633393133346132373934626165383961653938666262656461656335 +32373934616563316262386138616261613233643532353133303136656132303639633636376162 +39303766623966343433 diff --git a/dan/sk-cloudia.yml b/dan/sk-cloudia.yml index c24d4a1e..b02b1d38 100644 --- a/dan/sk-cloudia.yml +++ b/dan/sk-cloudia.yml @@ -15,3 +15,4 @@ - role: apps/nextcloud - role: apps/collabora/code - role: apps/etherpad-lite + - role: apps/coturn diff --git a/inventory/host_vars/sk-cloudia/coturn.yml b/inventory/host_vars/sk-cloudia/coturn.yml new file mode 100644 index 00000000..bfcdd745 --- /dev/null +++ b/inventory/host_vars/sk-cloudia/coturn.yml @@ -0,0 +1,12 @@ +--- +coturn_version: 4.5.1.1 +coturn_realm: elev8.at +coturn_hostnames: + - stun.elev8.at + - turn.elev8.at + +coturn_max_bps: 1048576 ## 8Mbit/s +coturn_bps_capacity: 13107200 ## 100Mbit/s +coturn_threads: 4 + +coturn_auth_secret: "{{ vault_coturn_auth_secret }}" diff --git a/inventory/host_vars/sk-cloudia/vars.yml b/inventory/host_vars/sk-cloudia/vars.yml index e191fc21..19549d8b 100644 --- a/inventory/host_vars/sk-cloudia/vars.yml +++ b/inventory/host_vars/sk-cloudia/vars.yml @@ -35,6 +35,7 @@ kubernetes_version: 1.17.2 kubernetes_container_runtime: containerd kubernetes_standalone_max_pods: 42 kubernetes_standalone_resolv_conf: /var/run/systemd/resolve/resolv.conf +kubernetes_standalone_pod_cidr: 192.168.255.0/24 kubernetes_standalone_cni_variant: with-localonly-portmap kubernetes_cri_socket: "unix:///run/containerd/containerd.sock" diff --git a/roles/apps/coturn/defaults/main.yml b/roles/apps/coturn/defaults/main.yml new file mode 100644 index 00000000..cf5558bf --- /dev/null +++ b/roles/apps/coturn/defaults/main.yml @@ -0,0 +1,16 @@ +--- +coturn_uid: 930 +coturn_gid: 930 +coturn_base_path: /srv/storage/coturn + +coturn_version: 4.5.1.1 +coturn_realm: example.com +coturn_hostnames: + - stun.example.com + - turn.example.com + +coturn_max_bps: 0 +coturn_bps_capacity: 0 +coturn_threads: 0 + +# coturn_auth_secret: change-me diff --git a/roles/apps/coturn/tasks/main.yml b/roles/apps/coturn/tasks/main.yml new file mode 100644 index 00000000..4631d1b7 --- /dev/null +++ b/roles/apps/coturn/tasks/main.yml @@ -0,0 +1,30 @@ +--- +- name: add group for coturn + group: + name: coturn + gid: "{{ coturn_gid }}" + +- name: add user for coturn + user: + name: coturn + uid: "{{ coturn_uid }}" + group: coturn + password: "!" + +- name: create coturn config subdirectory + file: + path: "{{ coturn_base_path }}/{{ coturn_realm }}/config" + state: directory + +- name: create coturn config + template: + src: turnserver.conf.j2 + dest: "{{ coturn_base_path }}/{{ coturn_realm }}/config/turnserver.conf" + group: coturn + mode: 0640 + +- name: generate pod manifests + template: + src: "pod.yml.j2" + dest: "/etc/kubernetes/manifests/coturn-{{ coturn_realm }}.yml" + mode: 0600 diff --git a/roles/apps/coturn/templates/pod.yml.j2 b/roles/apps/coturn/templates/pod.yml.j2 new file mode 100644 index 00000000..7c127c13 --- /dev/null +++ b/roles/apps/coturn/templates/pod.yml.j2 @@ -0,0 +1,37 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "coturn-{{ coturn_realm }}" +spec: + securityContext: + allowPrivilegeEscalation: false + runAsUser: {{ coturn_uid }} + runAsGroup: {{ coturn_gid }} + hostNetwork: true + containers: + - name: coturn + image: "instrumentisto/coturn:{{ coturn_version }}" + args: + - --log-file=stdout + resources: + limits: + memory: "1Gi" + volumeMounts: + - name: config + mountPath: /etc/coturn/ + readOnly: true + - name: run + mountPath: /var/run + - name: lib + mountPath: /var/lib/coturn + volumes: + - name: config + hostPath: + path: "{{ coturn_base_path }}/{{ coturn_realm }}/config/" + type: Directory + - name: run + emptyDir: + medium: Memory + - name: lib + emptyDir: + medium: Memory diff --git a/roles/apps/coturn/templates/turnserver.conf.j2 b/roles/apps/coturn/templates/turnserver.conf.j2 new file mode 100644 index 00000000..9462f148 --- /dev/null +++ b/roles/apps/coturn/templates/turnserver.conf.j2 @@ -0,0 +1,27 @@ +realm={{ coturn_realm }} +fingerprint + +listening-port=3478 +# tls-listening-port=5349 + +# cert=/etc/coturn/ssl/cert.pem +# pkey=/etc/coturn/ssl/privkey.pem +# dh-file=/etc/coturn/ssl/dhparam.pem +# cipher-list="ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES128:!RSA:!ADH:!AECDH:!MD5" +# no-tlsv1 +# no-tlsv1_1 +no-tls +no-dtls + +use-auth-secret +static-auth-secret={{ coturn_auth_secret }} +stale-nonce=600 + +max-bps={{ coturn_max_bps }} +bps-capacity={{ coturn_bps_capacity }} +relay-threads={{ coturn_threads }} + +no-multicast-peers +denied-peer-ip={{ kubernetes_standalone_pod_cidr | ipaddr('network') }}-{{ kubernetes_standalone_pod_cidr | ipaddr('broadcast') }} + +no-cli |