diff options
Diffstat (limited to 'roles/apps/jitsi/meet')
-rw-r--r-- | roles/apps/jitsi/meet/defaults/main.yml | 14 | ||||
-rw-r--r-- | roles/apps/jitsi/meet/tasks/main.yml | 98 | ||||
-rw-r--r-- | roles/apps/jitsi/meet/templates/pod-spec.yml.j2 | 86 |
3 files changed, 162 insertions, 36 deletions
diff --git a/roles/apps/jitsi/meet/defaults/main.yml b/roles/apps/jitsi/meet/defaults/main.yml index 527f39b9..2580fe15 100644 --- a/roles/apps/jitsi/meet/defaults/main.yml +++ b/roles/apps/jitsi/meet/defaults/main.yml @@ -1,7 +1,7 @@ --- jitsi_meet_base_path: /srv/jitsi/meet -# jitsi_meet_version: 4101-2 +# jitsi_meet_version: stable-5963 jitsi_meet_inst_name: "{{ jitsi_meet_hostname }}" # jitsi_meet_hostname: meet.example.com @@ -14,6 +14,16 @@ jitsi_meet_timezone: Europe/Vienna ### generate these using: openssl rand -hex 16 # jitsi_meet_secrets: -# jicofo_component_secret: "" +# jicofo_component_secret: "" ### only needed for versions older than stable-5765-1 # jicofo_auth_password: "" # jvb_auth_password: "" +# streamuidisplay_auth_password: "" ### only needed if streamui is enabled + +# jitsi_meet_auth: +# enable_guests: true +# users: +# foo: secret + +# jitsi_meet_streamui: +# http_port: "{{ jitsi_meet_http_port + 1 }}" +# image_tag: latest diff --git a/roles/apps/jitsi/meet/tasks/main.yml b/roles/apps/jitsi/meet/tasks/main.yml index 8fcef577..e83c789e 100644 --- a/roles/apps/jitsi/meet/tasks/main.yml +++ b/roles/apps/jitsi/meet/tasks/main.yml @@ -1,21 +1,79 @@ --- - name: create jitsi-meet scripts subdirectories loop: - - jicofo - - prosody - - web - - jvb + - jicofo + - prosody + - web + - jvb file: path: "{{ jitsi_meet_base_path }}/{{ jitsi_meet_inst_name }}/scripts/{{ item }}" state: directory -- name: generate prosody cont-init.d script +- name: generate stream-ui specific cont-init scripts + when: jitsi_meet_streamui is defined + block: + - name: generate stream-ui specific cont-init scripts for prosody + copy: + content: | + #!/usr/bin/with-contenv bash + cat << EOF > /config/conf.d/stream-ui.cfg.lua + VirtualHost "stream-ui.meet.jitsi" + modules_enabled = { + "ping"; + } + authentication = "internal_hashed" + EOF + prosodyctl --config "/config/prosody.cfg.lua" register display stream-ui.meet.jitsi "{{ jitsi_meet_secrets.streamuidisplay_auth_password }}" + dest: "{{ jitsi_meet_base_path }}/{{ jitsi_meet_inst_name }}/scripts/prosody/streamui.sh" + mode: 0750 + + - name: generate stream-ui specific cont-init scripts for web + copy: + content: | + #!/usr/bin/with-contenv bash + cat << EOF >> /config/config.js + + // Hide Stream-UI Displays + config.hiddenDomain = 'stream-ui.meet.jitsi'; + EOF + dest: "{{ jitsi_meet_base_path }}/{{ jitsi_meet_inst_name }}/scripts/web/streamui.sh" + mode: 0755 + +- name: generate generic prosody cont-init script copy: content: | #!/usr/bin/with-contenv bash sed -e 's#^\(component_interface\s*=\)#-- \1#g' -i /config/prosody.cfg.lua + {% if jitsi_meet_auth is defined %} + + echo "authentication enabled:" + {% for username, password in jitsi_meet_auth.users.items() %} + echo " * registering user: {{ username }}" + prosodyctl --config "/config/prosody.cfg.lua" register "{{ username }}" $XMPP_DOMAIN "{{ password }}" + {% endfor %} + {% endif %} dest: "{{ jitsi_meet_base_path }}/{{ jitsi_meet_inst_name }}/scripts/prosody/cont-init.sh" - mode: 0755 + mode: 0750 + + +- name: configure base pod config hash items + set_fact: + kubernetes_standalone_pod_config_hash_items_base: + - path: "{{ jitsi_meet_base_path }}/{{ jitsi_meet_inst_name }}/scripts/prosody/cont-init.sh" + properties: + - checksum + kubernetes_standalone_pod_config_hash_items_streamui: [] + +- name: configure stream-ui pod config hash items + when: jitsi_meet_streamui is defined + set_fact: + kubernetes_standalone_pod_config_hash_items_streamui: + - path: "{{ jitsi_meet_base_path }}/{{ jitsi_meet_inst_name }}/scripts/prosody/streamui.sh" + properties: + - checksum + - path: "{{ jitsi_meet_base_path }}/{{ jitsi_meet_inst_name }}/scripts/prosody/streamui.sh" + properties: + - checksum - name: install pod manifest vars: @@ -23,14 +81,26 @@ name: "jitsi-meet-{{ jitsi_meet_inst_name }}" spec: "{{ lookup('template', 'pod-spec.yml.j2') }}" mode: "0600" - config_hash_items: - - path: "{{ jitsi_meet_base_path }}/{{ jitsi_meet_inst_name }}/scripts/prosody/cont-init.sh" - properties: - - checksum + config_hash_items: "{{ kubernetes_standalone_pod_config_hash_items_base + kubernetes_standalone_pod_config_hash_items_streamui }}" include_role: name: kubernetes/standalone/pod -## TODO: https://github.com/jitsi/jitsi-meet/blob/master/doc/turn.md + +- name: configure base http proxy locations + set_fact: + nginx_vhost_locations_base: + '/': + proxy_pass: "http://127.0.0.1:{{ jitsi_meet_http_port }}" + extra_directives: |- + client_max_body_size 0; + nginx_vhost_locations_streamui: {} + +- name: configure stream-ui http proxy locations + when: jitsi_meet_streamui is defined + set_fact: + nginx_vhost_locations_streamui: + '/stream-ui/': + proxy_pass: "http://127.0.0.1:{{ jitsi_meet_streamui.http_port }}/" - name: configure nginx vhost vars: @@ -40,10 +110,6 @@ acme: true hostnames: - "{{ jitsi_meet_hostname }}" - locations: - '/': - proxy_pass: "http://127.0.0.1:{{ jitsi_meet_http_port }}" - extra_directives: |- - client_max_body_size 0; + locations: "{{ nginx_vhost_locations_base | combine(nginx_vhost_locations_streamui) }}" include_role: name: nginx/vhost diff --git a/roles/apps/jitsi/meet/templates/pod-spec.yml.j2 b/roles/apps/jitsi/meet/templates/pod-spec.yml.j2 index 43eb0806..95f49982 100644 --- a/roles/apps/jitsi/meet/templates/pod-spec.yml.j2 +++ b/roles/apps/jitsi/meet/templates/pod-spec.yml.j2 @@ -22,6 +22,13 @@ containers: subPath: jicofo mountPath: /config env: +{% if jitsi_meet_auth is defined %} + - name: ENABLE_AUTH + value: "1" + - name: AUTH_TYPE + value: "internal" + +{% endif %} - name: XMPP_SERVER value: 127.0.0.1 - name: XMPP_DOMAIN @@ -33,8 +40,10 @@ containers: - name: XMPP_INTERNAL_MUC_DOMAIN value: internal-muc.meet.jitsi +{% if 'jicofo_component_secret' in jitsi_meet_secrets %} - name: JICOFO_COMPONENT_SECRET value: "{{ jitsi_meet_secrets.jicofo_component_secret }}" +{% endif %} - name: JICOFO_AUTH_USER value: focus - name: JICOFO_AUTH_PASSWORD @@ -57,6 +66,13 @@ containers: - name: scripts subPath: prosody/cont-init.sh mountPath: /etc/cont-init.d/99-k8s + readOnly: yes +{% if jitsi_meet_streamui is defined %} + - name: scripts + subPath: prosody/streamui.sh + mountPath: /etc/cont-init.d/90-streamui + readOnly: yes +{% endif %} - name: config subPath: prosody mountPath: /config @@ -66,17 +82,32 @@ containers: - name: ENABLE_LOBBY value: "1" +{% if jitsi_meet_auth is defined %} + - name: ENABLE_AUTH + value: "1" + - name: AUTH_TYPE + value: "internal" + - name: ENABLE_GUESTS + value: "{{ (jitsi_meet_auth.enable_guests | default(false)) | ternary('1', '0') }}" + +{% endif %} - name: XMPP_DOMAIN value: meet.jitsi - name: XMPP_AUTH_DOMAIN value: auth.meet.jitsi +{% if jitsi_meet_auth is defined and (jitsi_meet_auth.enable_guests | default(false)) %} + - name: XMPP_GUEST_DOMAIN + value: guest.meet.jitsi +{% endif %} - name: XMPP_MUC_DOMAIN value: muc.meet.jitsi - name: XMPP_INTERNAL_MUC_DOMAIN value: internal-muc.meet.jitsi +{% if 'jicofo_component_secret' in jitsi_meet_secrets %} - name: JICOFO_COMPONENT_SECRET value: "{{ jitsi_meet_secrets.jicofo_component_secret }}" +{% endif %} - name: JICOFO_AUTH_USER value: focus - name: JICOFO_AUTH_PASSWORD @@ -86,8 +117,6 @@ containers: value: jvb - name: JVB_AUTH_PASSWORD value: "{{ jitsi_meet_secrets.jvb_auth_password }}" - - name: JVB_TCP_HARVESTER_DISABLED - value: "true" - name: TZ value: {{ jitsi_meet_timezone }} @@ -105,6 +134,12 @@ containers: hostPort: {{ jitsi_meet_http_port }} hostIP: 127.0.0.1 volumeMounts: +{% if jitsi_meet_streamui is defined %} + - name: scripts + subPath: web/streamui.sh + mountPath: /etc/cont-init.d/90-streamui + readOnly: yes +{% endif %} - name: config subPath: web mountPath: /config @@ -115,28 +150,33 @@ containers: value: "1" - name: ENABLE_HTTP_REDIRECT value: "0" + - name: ENABLE_P2P value: "{{ jitsi_meet_p2p_enable | ternary('true', 'false') }}" - - name: XMPP_SERVER - value: 127.0.0.1 +{% if jitsi_meet_auth is defined %} + - name: ENABLE_AUTH + value: "1" + - name: ENABLE_GUESTS + value: "{{ (jitsi_meet_auth.enable_guests | default(false)) | ternary('1', '0') }}" + +{% endif %} - name: XMPP_DOMAIN value: meet.jitsi - name: XMPP_AUTH_DOMAIN value: auth.meet.jitsi - - name: XMPP_INTERNAL_MUC_DOMAIN - value: internal-muc.meet.jitsi - - name: XMPP_BOSH_URL_BASE - value: http://127.0.0.1:5280 +{% if jitsi_meet_auth is defined and (jitsi_meet_auth.enable_guests | default(false)) %} + - name: XMPP_GUEST_DOMAIN + value: guest.meet.jitsi +{% endif %} - name: XMPP_MUC_DOMAIN value: muc.meet.jitsi + - name: XMPP_BOSH_URL_BASE + value: http://127.0.0.1:5280 - name: JICOFO_AUTH_USER value: focus - - name: JVB_TCP_HARVESTER_DISABLED - value: "true" - - name: TZ value: {{ jitsi_meet_timezone }} @@ -159,24 +199,19 @@ containers: env: - name: XMPP_SERVER value: 127.0.0.1 - - name: XMPP_DOMAIN - value: meet.jitsi - name: XMPP_AUTH_DOMAIN value: auth.meet.jitsi - name: XMPP_INTERNAL_MUC_DOMAIN value: internal-muc.meet.jitsi - - name: JICOFO_AUTH_USER - value: focus - - name: JICOFO_AUTH_PASSWORD - value: "{{ jitsi_meet_secrets.jicofo_auth_password }}" - - name: JVB_AUTH_USER value: jvb - name: JVB_AUTH_PASSWORD value: "{{ jitsi_meet_secrets.jvb_auth_password }}" + - name: JVB_BREWERY_MUC value: jvbbrewery + - name: JVB_PORT value: "{{ jitsi_meet_jvb_port }}" - name: JVB_TCP_HARVESTER_DISABLED @@ -187,6 +222,21 @@ containers: - name: TZ value: {{ jitsi_meet_timezone }} +{% if jitsi_meet_streamui is defined %} +- name: stream-ui + image: "get.more.failed.systems/public_projects/jitsi-stream-ui:{{ jitsi_meet_streamui.image_tag }}" + resources: + requests: + memory: "256Mi" + limits: + memory: "1Gi" + ports: + - protocol: TCP + containerPort: 3000 + hostPort: {{ jitsi_meet_streamui.http_port }} + hostIP: 127.0.0.1 + +{% endif %} volumes: - name: scripts hostPath: |