From e08af6ff2a528cd16b2999c242242826f30b8866 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Sun, 29 Mar 2020 03:56:01 +0200
Subject: jisi meet: still not nice and not working at the moment

---
 roles/apps/jitsi/meet/defaults/main.yml    |   1 +
 roles/apps/jitsi/meet/tasks/main.yml       |  31 +++++--
 roles/apps/jitsi/meet/templates/pod.yml.j2 | 133 +++++++++++++++++++++++++----
 3 files changed, 141 insertions(+), 24 deletions(-)

diff --git a/roles/apps/jitsi/meet/defaults/main.yml b/roles/apps/jitsi/meet/defaults/main.yml
index c1700046..7fec62c3 100644
--- a/roles/apps/jitsi/meet/defaults/main.yml
+++ b/roles/apps/jitsi/meet/defaults/main.yml
@@ -7,5 +7,6 @@ jitsi_meet_hostnames:
   - meet.example.com
 
 jitsi_meet_http_port: 8400
+jitsi_meet_jvb_port: 10000
 
 jitsi_meet_timezone: Europe/Vienna
diff --git a/roles/apps/jitsi/meet/tasks/main.yml b/roles/apps/jitsi/meet/tasks/main.yml
index 387df3b8..2964b293 100644
--- a/roles/apps/jitsi/meet/tasks/main.yml
+++ b/roles/apps/jitsi/meet/tasks/main.yml
@@ -1,4 +1,28 @@
 ---
+- name: create jitsi-meet scripts subdirectories
+  loop:
+    - jicofo
+    - prosody
+    - web
+    - jvb
+  file:
+    path: "{{ jitsi_meet_base_path }}/{{ jitsi_meet_inst_name }}/scripts/{{ item }}"
+    state: directory
+
+- name: generate prosody cont-init.d script
+  copy:
+    content: |
+      #!/usr/bin/with-contenv bash
+      sed -e 's#^\(component_interface\s*=\)#-- \1#g' -i /config/prosody.cfg.lua
+    dest: "{{ jitsi_meet_base_path }}/{{ jitsi_meet_inst_name }}/scripts/prosody/cont-init.sh"
+    mode: 0755
+
+- name: generate pod manifests
+  template:
+    src: "pod.yml.j2"
+    dest: "/etc/kubernetes/manifests/jitsi-meet-{{ jitsi_meet_inst_name }}.yml"
+    mode: 0600
+
 - name: configure nginx vhost
   vars:
     nginx_vhost:
@@ -6,12 +30,7 @@
       template: generic-proxy-no-buffering-with-acme
       acme: true
       hostnames: "{{ jitsi_meet_hostnames }}"
+      client_max_body_size: "0"
       proxy_pass: "http://127.0.0.1:{{ jitsi_meet_http_port }}"
   include_role:
     name: nginx/vhost
-
-- name: generate pod manifests
-  template:
-    src: "pod.yml.j2"
-    dest: "/etc/kubernetes/manifests/jitsi-meet-{{ jitsi_meet_inst_name }}.yml"
-    mode: 0600
diff --git a/roles/apps/jitsi/meet/templates/pod.yml.j2 b/roles/apps/jitsi/meet/templates/pod.yml.j2
index 685a31f2..3efd007b 100644
--- a/roles/apps/jitsi/meet/templates/pod.yml.j2
+++ b/roles/apps/jitsi/meet/templates/pod.yml.j2
@@ -3,18 +3,37 @@ kind: Pod
 metadata:
   name: "jitsi-meet-{{ jitsi_meet_inst_name }}"
 spec:
+  initContainers:
+  - name: prepare-config
+    image: busybox
+    workingDir: /config
+    command:
+      - sh
+      - -c
+      - mkdir -p jicofo prosody web jvb
+    volumeMounts:
+    - name: config
+      mountPath: /config
   containers:
   - name: jicofo
     image: "jitsi/jicofo:{{ jitsi_meet_version }}"
+    resources:
+      limits:
+        memory: "5Gi"
+    volumeMounts:
+    - name: config
+      subPath: jicofo
+      mountPath: /config
     env:
     - name: XMPP_SERVER
-      value: localhost
+      value: 127.0.0.1
     - name: XMPP_DOMAIN
       value: meet.jitsi
     - name: XMPP_AUTH_DOMAIN
       value: auth.meet.jitsi
     - name: XMPP_INTERNAL_MUC_DOMAIN
       value: internal-muc.meet.jitsi
+
     - name: JICOFO_COMPONENT_SECRET
 {# TODO: hardcoded value #}
       value: "jicofo_component_secret"
@@ -23,12 +42,25 @@ spec:
     - name: JICOFO_AUTH_PASSWORD
 {# TODO: hardcoded value #}
       value: "jicofo_auth_password"
-    - name: TZ
-      value: {{ jitsi_meet_timezone }}
+
     - name: JVB_BREWERY_MUC
       value: jvbbrewery
+
+    - name: TZ
+      value: {{ jitsi_meet_timezone }}
+
   - name: prosody
     image: "jitsi/prosody:{{ jitsi_meet_version }}"
+    resources:
+      limits:
+        memory: "512Mi"
+    volumeMounts:
+    - name: scripts
+      subPath: prosody/cont-init.sh
+      mountPath: /etc/cont-init.d/99-k8s
+    - name: config
+      subPath: prosody
+      mountPath: /config
     env:
     - name: XMPP_DOMAIN
       value: meet.jitsi
@@ -38,33 +70,47 @@ spec:
       value: muc.meet.jitsi
     - name: XMPP_INTERNAL_MUC_DOMAIN
       value: internal-muc.meet.jitsi
+
     - name: JICOFO_COMPONENT_SECRET
 {# TODO: hardcoded value #}
       value: "jicofo_component_secret"
+    - name: JICOFO_AUTH_USER
+      value: focus
+    - name: JICOFO_AUTH_PASSWORD
+{# TODO: hardcoded value #}
+      value: "jicofo_auth_password"
+
     - name: JVB_AUTH_USER
       value: jvb
     - name: JVB_AUTH_PASSWORD
 {# TODO: hardcoded value #}
       value: "jvb_auth_password"
-    - name: JICOFO_AUTH_USER
-      value: focus
-{# TODO: hardcoded value #}
-      value: "jicofo_auth_password"
-    - name: TZ
-      value: {{ jitsi_meet_timezone }}
     - name: JVB_TCP_HARVESTER_DISABLED
       value: "true"
+
+    - name: TZ
+      value: {{ jitsi_meet_timezone }}
+
   - name: web
     image: "jitsi/web:{{ jitsi_meet_version }}"
+    resources:
+      limits:
+        memory: "1Gi"
+    ports:
+    - containerPort: 80
+      hostPort: {{ jitsi_meet_http_port }}
+    volumeMounts:
+    - name: config
+      subPath: web
+      mountPath: /config
     env:
     - name: DISABLE_HTTPS
       value: "1"
     - name: ENABLE_HTTP_REDIRECT
       value: "0"
+
     - name: XMPP_SERVER
-      value: localhost
-    - name: JICOFO_AUTH_USER
-      value: focus
+      value: 127.0.0.1
     - name: XMPP_DOMAIN
       value: meet.jitsi
     - name: XMPP_AUTH_DOMAIN
@@ -75,13 +121,64 @@ spec:
       value: http://127.0.0.1:5280
     - name: XMPP_MUC_DOMAIN
       value: muc.meet.jitsi
-    - name: TZ
-      value: {{ jitsi_meet_timezone }}
+
+    - name: JICOFO_AUTH_USER
+      value: focus
+
     - name: JVB_TCP_HARVESTER_DISABLED
       value: "true"
+
+    - name: TZ
+      value: {{ jitsi_meet_timezone }}
+
+  - name: jvb
+    image: "jitsi/jvb:{{ jitsi_meet_version }}"
     resources:
       limits:
-        memory: "1Gi"
-    ports:
-    - containerPort: 80
-      hostPort: {{ jitsi_meet_http_port }}
+        memory: "5Gi"
+    volumeMounts:
+    - name: config
+      subPath: jvb
+      mountPath: /config
+    env:
+    - name: XMPP_SERVER
+      value: 127.0.0.1
+    - name: XMPP_DOMAIN
+      value: meet.jitsi
+    - name: XMPP_AUTH_DOMAIN
+      value: auth.meet.jitsi
+    - name: XMPP_INTERNAL_MUC_DOMAIN
+      value: internal-muc.meet.jitsi
+
+    - name: JICOFO_AUTH_USER
+      value: focus
+    - name: JICOFO_AUTH_PASSWORD
+{# TODO: hardcoded value #}
+      value: "jicofo_auth_password"
+
+    - name: JVB_AUTH_USER
+      value: jvb
+    - name: JVB_AUTH_PASSWORD
+{# TODO: hardcoded value #}
+      value: "jvb_auth_password"
+    - name: JVB_BREWERY_MUC
+      value: jvbbrewery
+    - name: JVB_PORT
+      value: "10000"
+    - name: JVB_TCP_HARVESTER_DISABLED
+      value: "true"
+    - name: JVB_STUN_SERVERS
+      value: stun.l.google.com:19302,stun1.l.google.com:19302,stun2.l.google.com:19302
+    - name: DOCKER_HOST_ADDRESS
+      value: "{{ ansible_default_ipv4.address }}"
+
+    - name: TZ
+      value: {{ jitsi_meet_timezone }}
+
+  volumes:
+  - name: scripts
+    hostPath:
+      path: "{{ jitsi_meet_base_path }}/{{ jitsi_meet_inst_name }}/scripts"
+  - name: config
+    emptyDir:
+      medium: Memory
-- 
cgit v1.2.3