diff options
-rw-r--r-- | dan/ele-coturn.yml | 2 | ||||
-rw-r--r-- | dan/host_vars/ele-coturn.yml | 22 | ||||
-rw-r--r-- | inventory/host_vars/ele-coturn.yml | 22 | ||||
-rw-r--r-- | inventory/host_vars/glt-coturn.yml | 2 | ||||
-rw-r--r-- | inventory/host_vars/sk-cloudio/coturn.yml | 2 | ||||
-rw-r--r-- | roles/apps/coturn/defaults/main.yml | 2 | ||||
-rw-r--r-- | roles/apps/coturn/tasks/main.yml | 4 | ||||
-rw-r--r-- | roles/apps/coturn/tasks/privileged-ports-hack.yml | 31 | ||||
-rw-r--r-- | roles/apps/coturn/templates/pod-spec.yml.j2 | 8 |
9 files changed, 32 insertions, 63 deletions
diff --git a/dan/ele-coturn.yml b/dan/ele-coturn.yml index e398f90e..fd41e9d3 100644 --- a/dan/ele-coturn.yml +++ b/dan/ele-coturn.yml @@ -11,4 +11,4 @@ - role: kubernetes/standalone/base - role: apt-repo/spreadspace - role: acmetool/base -# - role: apps/coturn + - role: apps/coturn diff --git a/dan/host_vars/ele-coturn.yml b/dan/host_vars/ele-coturn.yml index 29713376..fb339ee8 100644 --- a/dan/host_vars/ele-coturn.yml +++ b/dan/host_vars/ele-coturn.yml @@ -1,10 +1,14 @@ $ANSIBLE_VAULT;1.2;AES256;dan -37613062633231323434353831353063666539366565663236343338356332316664663761376263 -3135343931363536376334353563383438333363393632300a393234356266326436613832353835 -38613731366265343336653662306664636264616135383961323436323362616630663662306536 -3437393033376461620a326630613439383761326566383863306635616265383135326237336164 -62396565373135626332373231626336613565353539326339643862323433623032613233366364 -36646465323465653936623565383066333034343538353961393938316239353336653339393635 -31643234646531643530656261393163353061646436643030623461356439643064346562353563 -62363865363666613361643733613838636236613865303961353437626164626530666364613039 -3765 +32316636613333326364373864323438663836303063613434613938666136363261643666333361 +6662383239313331333137323337383533356534383634360a613736333731356363353230313265 +32306663393863656461346432633030353133633735643739366439366532353137323337396539 +6333313766393536360a653364373132386262343766613836393265376163363132326263383439 +30313463316362626163356637343361373866353130363437393938623836653264636564316666 +64376438633065346338356265383139306230646238363733326231353339383361623333376437 +35663430383030376331363636313531343331396639373134653334366335353865353339353331 +66343035373831356264363763653862366135363834336364626365316362383862356562656462 +64333732363535396532316464333630333661366336383665346232323239653163626532653662 +64383138396636353431393965303632326364336661323162643661663662303836643236616532 +32303764303836613663636331373265353439373238643762636462346632333635373239363465 +62653732333130646565346637653561376635663735666366666434613832666532343133346437 +64353339353530393537623162653232613839343733353962613038333462393166 diff --git a/inventory/host_vars/ele-coturn.yml b/inventory/host_vars/ele-coturn.yml index 51a0793a..94fe4ae5 100644 --- a/inventory/host_vars/ele-coturn.yml +++ b/inventory/host_vars/ele-coturn.yml @@ -20,6 +20,10 @@ kubelet_storage: size: 5G fs: ext4 + +acmetool_directory_server: "{{ acmetool_directory_server_le_live_v2 }}" + + kubernetes_version: 1.21.2 kubernetes_container_runtime: docker kubernetes_standalone_max_pods: 100 @@ -27,13 +31,13 @@ kubernetes_standalone_pod_cidr: 192.168.255.0/24 kubernetes_standalone_cni_variant: with-portmap -# coturn_version: 4.5.2 -# coturn_realm: elev8.at -# coturn_hostnames: -# - stun.elev8.at -# - turn.elev8.at +coturn_version: 4.5.2-r2 +coturn_realm: elev8.at +coturn_hostnames: + - stun.elev8.at + - turn.elev8.at -# coturn_auth_secret: "{{ vault_coturn_auth_secret }}" -# coturn_listening_port: 3478 -# coturn_tls_listening_port: 443 -# coturn_install_nginx_vhost: no +coturn_auth_secret: "{{ vault_coturn_auth_secret }}" +coturn_listening_port: 3478 +coturn_tls_listening_port: 443 +coturn_install_nginx_vhost: no diff --git a/inventory/host_vars/glt-coturn.yml b/inventory/host_vars/glt-coturn.yml index f598384d..9cff4891 100644 --- a/inventory/host_vars/glt-coturn.yml +++ b/inventory/host_vars/glt-coturn.yml @@ -20,7 +20,7 @@ kubernetes_standalone_pod_cidr: 192.168.255.0/24 kubernetes_standalone_cni_variant: with-portmap -coturn_version: 4.5.2 +coturn_version: 4.5.2-r2 coturn_realm: linuxtage.at coturn_hostnames: - cdn13.linuxtage.at diff --git a/inventory/host_vars/sk-cloudio/coturn.yml b/inventory/host_vars/sk-cloudio/coturn.yml index c4853eb2..ae4a187c 100644 --- a/inventory/host_vars/sk-cloudio/coturn.yml +++ b/inventory/host_vars/sk-cloudio/coturn.yml @@ -1,7 +1,7 @@ --- coturn_base_path: /srv/storage/coturn -coturn_version: 4.5.2 +coturn_version: 4.5.2-r2 coturn_realm: elevate.at coturn_hostnames: - stun.elevate.at diff --git a/roles/apps/coturn/defaults/main.yml b/roles/apps/coturn/defaults/main.yml index 34629dbd..842e7f05 100644 --- a/roles/apps/coturn/defaults/main.yml +++ b/roles/apps/coturn/defaults/main.yml @@ -3,7 +3,7 @@ coturn_uid: 930 coturn_gid: 930 coturn_base_path: /srv/coturn -# coturn_version: 4.5.1.1 +# coturn_version: 4.5.2-r2 # coturn_realm: example.com # coturn_hostnames: # - stun.example.com diff --git a/roles/apps/coturn/tasks/main.yml b/roles/apps/coturn/tasks/main.yml index a35734a8..838385ea 100644 --- a/roles/apps/coturn/tasks/main.yml +++ b/roles/apps/coturn/tasks/main.yml @@ -77,10 +77,6 @@ acmetool_cert_name: "coturn-{{ coturn_realm }}" acmetool_cert_hostnames: "{{ coturn_hostnames }}" -- name: apply hacky fix to support binding to privileged ports - when: (coturn_listening_port < 1024) or (coturn_tls_listening_port < 1024) - import_tasks: privileged-ports-hack.yml - - name: install pod manifest vars: kubernetes_standalone_pod: diff --git a/roles/apps/coturn/tasks/privileged-ports-hack.yml b/roles/apps/coturn/tasks/privileged-ports-hack.yml deleted file mode 100644 index 6025b7e7..00000000 --- a/roles/apps/coturn/tasks/privileged-ports-hack.yml +++ /dev/null @@ -1,31 +0,0 @@ ---- -### This hack is necessary because: https://github.com/kubernetes/kubernetes/issues/56374 and https://github.com/moby/moby/issues/8460. -### AFAIK there are two possible workarounds at the moment: -## - Setting sysctl net.ipv4.ip_unprivileged_port_start=0. -## This does not work because kubelet would not allow this for containers using host networking (and actually this would be a bad idea anyway). -## - Adding the CAP_NET_BIND_SERVICE capability on the turnserver binary file inside the container. -## This is what we are doing here - at least until the upstream container includes this: https://github.com/instrumentisto/coturn-docker-image/issues/40 - -- name: create build directory for custom image - file: - path: "{{ coturn_base_path }}/{{ coturn_realm }}/build" - state: directory - -- name: generate Dockerfile for custom image - copy: - content: | - FROM instrumentisto/coturn:{{ coturn_version }} - RUN apk --no-cache add libcap && setcap CAP_NET_BIND_SERVICE=+ep /usr/bin/turnserver - dest: "{{ coturn_base_path }}/{{ coturn_realm }}/build/Dockerfile" - register: coturn_custom_image_docker - -- name: build custom image - docker_image: - name: "instrumentisto/coturn/{{ coturn_realm }}:{{ coturn_version }}" - state: present - force_source: "{{ coturn_custom_image_docker is changed }}" - source: build - build: - path: "{{ coturn_base_path }}/{{ coturn_realm }}/build" - network: host - pull: yes diff --git a/roles/apps/coturn/templates/pod-spec.yml.j2 b/roles/apps/coturn/templates/pod-spec.yml.j2 index a0842784..20612e4b 100644 --- a/roles/apps/coturn/templates/pod-spec.yml.j2 +++ b/roles/apps/coturn/templates/pod-spec.yml.j2 @@ -12,13 +12,9 @@ terminationGracePeriodSeconds: 0 hostNetwork: true containers: - name: coturn -{% if (coturn_listening_port < 1024) or (coturn_tls_listening_port < 1024) %} - image: "instrumentisto/coturn/{{ coturn_realm }}:{{ coturn_version }}" -{% else %} - image: "instrumentisto/coturn:{{ coturn_version }}" -{% endif %} + image: "coturn/coturn:{{ coturn_version }}" args: - - --log-file=stdout + - --log-file=stdout resources: limits: memory: "1Gi" |