blob: e355d1264cb85c366697296b8c93ee132d47ab1d (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
|
---
- name: Basic Setup
hosts: glt-stream
roles:
- role: apt-repo/base
- role: core/base
- role: core/sshd/base
- role: core/zsh
- role: core/ntp
- role: apt-repo/spreadspace
- role: x509/acmetool/base
- role: nginx/base
- name: storage/lvm/volume
lvm_volume:
vg: "{{ host_name }}"
lv: www
size: 10G
fs: ext4
dest: /srv/www
post_tasks:
- name: create base directory for static www content
file:
path: /srv/www/stream
state: directory
- name: configure default vhost stream.linuxtage.at
vars:
nginx_vhost:
default: yes
name: stream
template: generic
tls:
certificate_provider: acmetool
hostnames:
- stream.linuxtage.at
extra_directives: |-
add_header Access-Control-Allow-Headers "origin,range,accept-encoding,referer";
add_header Access-Control-Allow-Methods "GET,HEAD,OPTIONS";
add_header Access-Control-Allow-Origin "*";
add_header Access-Control-Expose-Headers "Server,range,Content-Length,Content-Range,Date";
{% for room_id in [1,2,3] %}
location /stats/saal{{ room_id }}/ {
include snippets/proxy-nobuff.conf;
proxy_set_header Host $host;
include snippets/proxy-forward-headers.conf;
proxy_pass http://127.0.0.1:{{ 4200 + room_id }}/;
}
{% endfor %}
locations:
'/':
root: /srv/www/stream
index: index.html
'/preped':
root: /srv/www/stream
autoindex: {}
include_role:
name: nginx/vhost
- name: install golang
apt:
name: go
state: present
- name: create base directory for stats
file:
path: /srv/www/stats
state: directory
- name: add user for stats
user:
name: stats
system: yes
home: /srv/www/stats
- name: create data and gocache directories for stats
loop:
- data
- .gocache
file:
path: "/srv/www/stats/{{ item }}"
state: directory
group: stats
mode: 0775
- name: install stats collector script
copy:
src: "{{ global_files_dir }}/glt/stream-stats.go"
dest: /srv/www/stats/stream-stats.go
- name: install start script for collector
copy:
content: |
#!/bin/bash
ROOM=$1
case "$ROOM" in
saal1)
PORT=4201
;;
saal2)
PORT=4202
;;
saal3)
PORT=4203
;;
*)
echo "unknown room"
exit 1
;;
esac
exec /usr/bin/go run /srv/www/stats/stream-stats.go 127.0.0.1:$PORT /srv/www/stats/data/glt21-$ROOM.json
dest: /srv/www/stats/run.sh
mode: 0755
- name: install systemd unit for stats collector
copy:
content: |
[Unit]
Description=GLT21 Stream Stats Collector (%I)
[Service]
Type=simple
User=stats
Environment="GOCACHE=/srv/www/stats/.gocache"
ExecStart=/srv/www/stats/run.sh %i
Restart=always
RestartSecs=1s
StartLimitBurst=10
StartLimitIntervalSec=5s
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
ProtectSystem=strict
ReadWritePaths=/srv/www/stats/data /srv/www/stats/.gocache
ProtectHome=yes
ProtectKernelTunables=yes
ProtectControlGroups=yes
RestrictRealtime=yes
RestrictAddressFamilies=AF_INET
[Install]
WantedBy=multi-user.target
dest: /etc/systemd/system/stream-stats@.service
- name: make sure stats collector service units are enabled and started
loop:
- saal1
- saal2
- saal3
systemd:
name: "stream-stats@{{ item }}.service"
daemon_reload: yes
enabled: yes
state: started
|