jpp/ansible-roles
1
0
Fork 0
mirror of https://git.lapiole.org/dani/ansible-roles.git synced 2025-07-27 00:05:44 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update to 2021-12-01 19:13

Browse Source
This commit is contained in:
Daniel Berteaud
2021-12-01 19:13:34 +01:00
commit 4c4556c660
2153 changed files with 60999 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
roles/jitsi/tasks/cleanup.yml Normal file
View File

@@ -0,0 +1,10 @@
---
- name: Remove temp files
file: path={{ item }} state=absent
loop:
- "{{ jitsi_root_dir }}/tmp/jicofo-1.1-SNAPSHOT"
- "{{ jitsi_root_dir }}/src/jicofo/target"
- "{{ jitsi_root_dir }}/tmp/jigasi-linux-x64-1.1-SNAPSHOT"
- "{{ jitsi_root_dir }}/src/jigasi/target"
tags: jitsi

72
roles/jitsi/tasks/conf.yml Normal file
View File

@@ -0,0 +1,72 @@
---
- name: Deploy prosody configuration
template: src=prosody.cfg.lua.j2 dest=/etc/prosody/ansible_conf.d/jitsi.cfg.lua group=prosody mode=640
register: jitsi_prosody_conf
when: jitsi_xmpp_server in ['localhost', '127.0.0.1', inventory_hostname]
tags: jitsi
- name: Register XMPP accounts
block:
- name: Reload prosody
service: name=prosody state=restarted
- name: register XMPP users
command: prosodyctl register {{ item.user }} {{ jitsi_auth_domain }} '{{ item.pass }}'
loop:
- user: "{{ jitsi_jvb_xmpp_user }}"
pass: "{{ jitsi_jvb_xmpp_pass }}"
- user: "{{ jitsi_jicofo_xmpp_user }}"
pass: "{{ jitsi_jicofo_xmpp_pass }}"
- user: "{{ jitsi_jigasi_xmpp_user }}"
pass: "{{ jitsi_jigasi_xmpp_pass }}"
- user: "{{ jitsi_jibri_xmpp_user }}"
pass: "{{ jitsi_jibri_xmpp_pass }}"
- name: Register recorder XMPP account
command: prosodyctl register {{ jitsi_jibri_recorder_xmpp_user }} recorder.{{ jitsi_domain }} '{{ jitsi_jibri_recorder_xmpp_pass }}'
- name: add focus component in focus user roster
command: prosodyctl mod_roster_command subscribe focus.{{ jitsi_domain }} {{ jitsi_jicofo_xmpp_user }}@{{ jitsi_auth_domain }}
when: jitsi_prosody_conf is defined and jitsi_prosody_conf.changed
tags: jitsi
- name: Deploy jicofo configuration
template: src=jicofo/{{ item }}.j2 dest={{ jitsi_root_dir }}/etc/jicofo/{{ item }} group={{ jitsi_user }} mode=640
loop:
- jicofo.conf
- sip-communicator.properties
notify: restart jitsi-jicofo
tags: jitsi
- name: Deploy jigasi configuration
template: src=jigasi/{{ item }}.j2 dest={{ jitsi_root_dir }}/etc/jigasi/{{ item }} group={{ jitsi_user }} mode=640
loop:
- jigasi.conf
- sip-communicator.properties
notify: restart jitsi-jigasi
tags: jitsi
- name: Deploy meet configuration
template: src={{ item.src }}.j2 dest={{jitsi_root_dir }}/meet/{{ item.dest }}
loop:
- src: meet.js
dest: config.js
- src: meet_interface.js
dest: interface_config.js
tags: jitsi
- name: Deploy nginx configuration
template: src=nginx.conf.j2 dest=/etc/nginx/ansible_conf.d/10-jitsi.conf
notify: reload nginx
tags: jitsi
- name: Deploy conference mapper configuration
template: src=confmapper.json.j2 dest={{ jitsi_root_dir }}/etc/confmapper/config.json
notify: restart jitsi-confmapper
tags: jitsi
- name: Link conference mapper configuration
file: path={{ jitsi_root_dir }}/confmapper/config.json src={{ jitsi_root_dir }}/etc/confmapper/config.json state=link
tags: jitsi

54
roles/jitsi/tasks/directories.yml Normal file
View File

@@ -0,0 +1,54 @@
---
- name: Create directories
file: path={{ item.dir }} state=directory owner={{ item.owner | default(omit) }} group={{ item.group | default(omit) }} mode={{ item.mode | default(omit) }}
loop:
- dir: "{{ jitsi_root_dir }}"
mode: 755
- dir: "{{ jitsi_root_dir }}/.m2"
owner: "{{ jitsi_user }}"
group: "{{ jitsi_user }}"
- dir: "{{ jitsi_root_dir }}/tmp"
owner: "{{ jitsi_user }}"
group: "{{ jitsi_user }}"
mode: 700
- dir: "{{ jitsi_root_dir }}/src/videobridge"
owner: "{{ jitsi_user }}"
- dir: "{{ jitsi_root_dir }}/src/jicofo"
owner: "{{ jitsi_user }}"
- dir: "{{ jitsi_root_dir }}/src/jigasi"
owner: "{{ jitsi_user }}"
- dir: "{{ jitsi_root_dir }}/src/meet"
owner: "{{ jitsi_user }}"
- dir: "{{ jitsi_root_dir }}/videobridge"
- dir: "{{ jitsi_root_dir }}/jibri"
- dir: "{{ jitsi_root_dir }}/jicofo"
- dir: "{{ jitsi_root_dir }}/jigasi"
- dir: "{{ jitsi_root_dir }}/meet"
- dir: "{{ jitsi_root_dir }}/meta"
mode: 700
- dir: "{{ jitsi_root_dir }}/archives"
mode: 700
- dir: "{{ jitsi_root_dir }}/etc/"
mode: 755
- dir: "{{ jitsi_root_dir }}/etc/videobridge"
owner: "{{ jitsi_user }}"
group: "{{ jitsi_user }}"
mode: 700
- dir: "{{ jitsi_root_dir }}/etc/jicofo"
owner: "{{ jitsi_user }}"
group: "{{ jitsi_user }}"
mode: 700
- dir: "{{ jitsi_root_dir }}/etc/jigasi"
owner: "{{ jitsi_user }}"
group: "{{ jitsi_user }}"
mode: 700
- dir: "{{ jitsi_root_dir }}/etc/confmapper"
- dir: "{{ jitsi_root_dir }}/data"
mode: 755
- dir: "{{ jitsi_root_dir }}/data/confmapper"
owner: "{{ jitsi_user }}"
group: "{{ jitsi_user }}"
mode: 700
- dir: "{{ jitsi_root_dir }}/confmapper"
tags: jitsi

104
roles/jitsi/tasks/facts.yml Normal file
View File

@@ -0,0 +1,104 @@
---
- name: Set if jigasi is used
set_fact: jitsi_jigasi={{ (jitsi_jigasi_sip_user is defined and jitsi_jigasi_sip_secret is defined) | ternary(True, False) }}
tags: jitsi
- name: Generate a random secret for videobridge
block:
- import_tasks: ../includes/get_rand_pass.yml
vars:
- pass_file: "{{ jitsi_root_dir }}/meta/ansible_videobridge_xmpp_pass"
- set_fact: jitsi_jvb_xmpp_pass={{ rand_pass }}
when: jitsi_jvb_xmpp_pass is not defined
tags: jitsi
- name: Generate a random password for the focus account
block:
- import_tasks: ../includes/get_rand_pass.yml
vars:
- pass_file: "{{ jitsi_root_dir }}/meta/ansible_jicofo_xmpp_pass"
- set_fact: jitsi_jicofo_xmpp_pass={{ rand_pass }}
when: jitsi_jicofo_xmpp_pass is not defined
tags: jitsi
- name: Generate a random secret for jigasi
block:
- import_tasks: ../includes/get_rand_pass.yml
vars:
- pass_file: "{{ jitsi_root_dir }}/meta/ansible_jigasi_xmpp_secret"
- set_fact: jitsi_jigasi_xmpp_secret={{ rand_pass }}
when: jitsi_jigasi_xmpp_secret is not defined
tags: jitsi
- name: Generate a random password for jigasi XMPP account
block:
- import_tasks: ../includes/get_rand_pass.yml
vars:
- pass_file: "{{ jitsi_root_dir }}/meta/ansible_jigasi_xmpp_pass"
- set_fact: jitsi_jigasi_xmpp_pass={{ rand_pass }}
when: jitsi_jigasi_xmpp_pass is not defined
tags: jitsi
- name: Generate a random password for jibri XMPP account
block:
- import_tasks: ../includes/get_rand_pass.yml
vars:
- pass_file: "{{ jitsi_root_dir }}/meta/ansible_jibri_xmpp_pass"
- set_fact: jitsi_jibri_xmpp_pass={{ rand_pass }}
when: jitsi_jibri_xmpp_pass is not defined
tags: jitsi
- name: Generate a random password for recorder XMPP account
block:
- import_tasks: ../includes/get_rand_pass.yml
vars:
- pass_file: "{{ jitsi_root_dir }}/meta/ansible_jibri_recorder_xmpp_pass"
- set_fact: jitsi_jibri_recorder_xmpp_pass={{ rand_pass }}
when: jitsi_jibri_recorder_xmpp_pass is not defined
tags: jitsi
- name: Set certificate path
set_fact: jitsi_cert_path='/etc/prosody/certs/jitsi.crt'
when: jitsi_cert_path is not defined
tags: jitsi
- name: Set key path
set_fact: jitsi_key_path='/etc/prosody/certs/jitsi.key'
when: jitsi_key_path is not defined
tags: jitsi
- name: Set anonymous domain for jitsi meet
block:
- set_fact:
jitsi_anonymousdomain:
hosts:
anonymousdomain: guest.{{ jitsi_domain }}
- set_fact: jitsi_meet_conf={{ jitsi_anonymousdomain | combine(jitsi_meet_conf, recursive=True) }}
when: jitsi_auth == 'ldap'
tags: jisti
- name: Check if cert file exist
stat: path={{ jitsi_cert_path }}
register: jitsi_cert_file
tags: jitsi
- name: Check if key file exist
stat: path={{ jitsi_key_path }}
register: jitsi_key_file
tags: jitsi
- name: Check if jicofo is built
stat: path={{ jitsi_root_dir }}/jicofo/jicofo.sh
register: jitsi_jicofo_script
tags: jitsi
- name: Check if jigasi is built
stat: path={{ jitsi_root_dir }}/jigasi/jigasi.sh
register: jitsi_jigasi_script
tags: jitsi
- name: Check if meet is installed
stat: path={{ jitsi_root_dir }}/meet/index.html
register: jitsi_meet_index
tags: jitsi

194
roles/jitsi/tasks/install.yml Normal file
View File

@@ -0,0 +1,194 @@
---
- name: Install dependencies
yum:
name:
- java-1.8.0-openjdk
- java-1.8.0-openjdk-devel
- git
- nodejs # needed to build meet
- libXScrnSaver # needed for jigasi
- python3 # needed for confmapper
- make
tags: jitsi
# If you use an Let's Encrypt cert, it might not be there yet. In this case, create a link
# to the default prosody cert so the service can be started. The cert will be obtained after that and
# will override the links
- name: Link cert to the default one
file: path={{ jitsi_cert_path }} src=/etc/prosody/certs/localhost.crt state=link
when: not jitsi_cert_file.stat.exists
tags: jitsi
- name: Link key to the default one
file: path={{ jitsi_key_path }} src=/etc/prosody/certs/localhost.key state=link
when: not jitsi_key_file.stat.exists
tags: jitsi
# This file used to contain proxy settings for maven
# now this is handled in a maven general dir, so remove it from here
- name: Remove local maven configuration
file: path={{ jitsi_root_dir }}/.m2/settings.xml state=absent
tags: jitsi
# Now, for every component, we will clone or update the repo.
# If the repo changed since the last run, we rebuild and restart the corresponding component
- name: Clone jicofo repo
git:
repo: "{{ jitsi_jicofo_git_url }}"
dest: "{{ jitsi_root_dir }}/src/jicofo"
force: True
become_user: "{{ jitsi_user }}"
register: jitsi_jicofo_git
tags: jitsi
- name: Install or update jicofo
block:
- name: Build jicofo
command: /opt/maven/apache-maven/bin/mvn package -DskipTests -Dassembly.skipAssembly=false
args:
chdir: "{{ jitsi_root_dir }}/src/jicofo"
become_user: "{{ jitsi_user }}"
- name: Extract jicofo archive
unarchive:
src: "{{ jitsi_root_dir }}/src/jicofo/target/jicofo-1.1-SNAPSHOT-archive.zip"
dest: "{{ jitsi_root_dir }}/tmp/"
remote_src: True
- name: Move jicofo to its final directory
synchronize:
src: "{{ jitsi_root_dir }}/tmp/jicofo-1.1-SNAPSHOT/"
dest: "{{ jitsi_root_dir }}/jicofo/"
recursive: True
delete: True
compress: False
delegate_to: "{{ inventory_hostname }}"
notify: restart jitsi-jicofo
when: (jitsi_jicofo_git.changed and jitsi_manage_upgrade) or not jitsi_jicofo_script.stat.exists
tags: jitsi
- name: Clone jigasi repo
git:
repo: "{{ jitsi_jigasi_git_url }}"
dest: "{{ jitsi_root_dir }}/src/jigasi"
force: True
become_user: "{{ jitsi_user }}"
register: jitsi_jigasi_git
tags: jitsi
- name: Install or update jigasi
block:
- name: Build jigasi
command: /opt/maven/apache-maven/bin/mvn package -DskipTests -Dassembly.skipAssembly=false
args:
chdir: "{{ jitsi_root_dir }}/src/jigasi"
become_user: "{{ jitsi_user }}"
- name: Extract jigasi archive
unarchive:
src: "{{ jitsi_root_dir }}/src/jigasi/target/jigasi-linux-x64-1.1-SNAPSHOT.zip"
dest: "{{ jitsi_root_dir }}/tmp/"
remote_src: True
- name: Link libunix-java lib
file: src=libunix-0.5.1.so dest={{ jitsi_root_dir }}/tmp/jigasi-linux-x64-1.1-SNAPSHOT/lib/libunix-java.so state=link
- name: Move jigasi to its final directory
synchronize:
src: "{{ jitsi_root_dir }}/tmp/jigasi-linux-x64-1.1-SNAPSHOT/"
dest: "{{ jitsi_root_dir }}/jigasi/"
recursive: True
delete: True
compress: False
delegate_to: "{{ inventory_hostname }}"
notify: restart jitsi-jigasi
when: (jitsi_jigasi_git.changed and jitsi_manage_upgrade) or not jitsi_jigasi_script.stat.exists
tags: jitsi
- name: Deploy systemd unit
template: src={{ item }}.service.j2 dest=/etc/systemd/system/{{ item }}.service
loop:
- jitsi-jicofo
- jitsi-jigasi
- jitsi-confmapper
register: jitsi_units
notify:
- restart jitsi-jicofo
- restart jitsi-jigasi
- restart jitsi-confmapper
tags: jitsi
- name: Reload systemd
systemd: daemon_reload=True
when: jitsi_units.results | selectattr('changed', 'equalto', True) | list | length > 0
tags: jitsi
- name: Clone jitsi meet
git:
repo: "{{ jitsi_meet_git_url }}"
dest: "{{ jitsi_root_dir }}/src/meet"
force: True
register: jitsi_meet_git
become_user: "{{ jitsi_user }}"
tags: jitsi
- name: Install or update jitsi meet
block:
- name: Clear node_modules cache
file: path={{ jitsi_root_dir }}/src/meet/node_modules state=absent
- name: Install jitsi meet node dependencies
npm: path={{ jitsi_root_dir }}/src/meet
become_user: "{{ jitsi_user }}"
- name: Build jitsi meet
command: make
args:
chdir: "{{ jitsi_root_dir }}/src/meet"
become_user: "{{ jitsi_user }}"
- name: Reset git (so next run won't detect a change)
command: git checkout {{ jitsi_root_dir }}/src/meet/resources/load-test/package-lock.json
changed_when: False
args:
chdir: "{{ jitsi_root_dir }}/src/meet"
become_user: "{{ jitsi_user }}"
- name: Deploy new jitsi meet version
shell: |
rm -rf {{ jitsi_root_dir }}/meet/*
mkdir -p {{ jitsi_root_dir }}/meet/css
cp -r *.js *.html resources/*.txt connection_optimization favicon.ico fonts images libs static sounds LICENSE lang {{ jitsi_root_dir }}/meet/
cp css/all.css {{ jitsi_root_dir }}/meet/css/
args:
chdir: "{{ jitsi_root_dir }}/src/meet"
when: (jitsi_meet_git.changed and jitsi_manage_upgrade) or not jitsi_meet_index.stat.exists
tags: jitsi
- name: Update languages
include_tasks: update_lang.yml
loop: "{{ jitsi_meet_custom_lang.keys() | list }}"
tags: jitsi
- name: Install dehydrated hook
template: src=dehydrated_hook.sh.j2 dest=/etc/dehydrated/hooks_deploy_cert.d/jitsi.sh mode=755
tags: jitsi
- name: Install the conference mapping daemon
get_url:
url: https://raw.githubusercontent.com/gronke/jitsi-conferencemapper-api/master/daemon.py
dest: "{{ jitsi_root_dir }}/confmapper/daemon.py"
mode: 0755
notify: restart jitsi-confmapper
tags: jitsi
- name: Ensure prosody module dir exists
file: path=/opt/prosody/modules/ state=directory
tags: jitsi
- name: Install byass_pwd module for prosody
template: src=mod_jibri_bypass_pwd.lua.j2 dest=/opt/prosody/modules/mod_jibri_bypass_pwd.lua
notify: reload prosody
tags: jitsi

8
roles/jitsi/tasks/iptables.yml Normal file
View File

@@ -0,0 +1,8 @@
---
- name: Handle jitsi confmapper port
iptables_raw:
name: jitsi_confmapper_ports
state: "{{ (jitsi_confmapper_src_ip | length > 0) | ternary('present','absent') }}"
rules: "-A INPUT -m state --state NEW -p tcp --dport {{ jitsi_confmapper_port }} -s {{ jitsi_confmapper_src_ip | join(',') }} -j ACCEPT"
tags: firewall,jitsi

11
roles/jitsi/tasks/main.yml Normal file
View File

@@ -0,0 +1,11 @@
---
- include: user.yml
- include: directories.yml
- include: facts.yml
- include: install.yml
- include: conf.yml
- include: iptables.yml
when: iptables_manage | default(True)
- include: services.yml
- include: cleanup.yml

13
roles/jitsi/tasks/services.yml Normal file
View File

@@ -0,0 +1,13 @@
---
- name: Start and enable services
service: name=jitsi-jicofo state=started enabled=True
tags: jitsi
- name: Start and enable jigasi
service: name=jitsi-jigasi state={{ jitsi_jigasi | ternary('started', 'stopped') }} enabled={{ jitsi_jigasi }}
tags: jitsi
- name: Start and enable confmapper
service: name=jitsi-confmapper state={{ jitsi_jigasi | ternary('started', 'stopped') }} enabled={{ jitsi_jigasi }}
tags: jitsi

17
roles/jitsi/tasks/update_lang.yml Normal file
View File

@@ -0,0 +1,17 @@
---
- name: Read default lang file
command: cat {{ jitsi_root_dir }}/src/meet/lang/main-{{ item }}.json
register: jitsi_meet_default_lang
changed_when: False
tags: jitsi
- name: Merge with custom strings
set_fact:
jitsi_meet_lang: "{{ jitsi_meet_default_lang.stdout | from_json | combine(jitsi_meet_custom_lang[item] | default({}), recursive=True) }}"
tags: jitsi
- name: Save new lang file
copy: content={{ jitsi_meet_lang | to_nice_json }} dest={{ jitsi_root_dir }}/meet/lang/main-{{ item }}.json
tags: jitsi

5
roles/jitsi/tasks/user.yml Normal file
View File

@@ -0,0 +1,5 @@
---
- name: Create jitsi user account
user: name={{ jitsi_user }} home={{ jitsi_root_dir }} system=True
tags: jitsi