Update to 2021-12-01 19:13

roles/jitsi_videobridge/defaults/main.yml

@@ -0,0 +1,23 @@
+---
+
+jitsi_root_dir: /opt/jitsi
+jitsi_user: jitsi
+
+jitsi_videobridge_git_url: https://github.com/jitsi/jitsi-videobridge.git
+
+# Should ansible manage upgrades or only initial install
+jitsi_videobridge_manage_upgrade: "{{ jitsi_manage_upgrade | default(True) }}"
+
+jitsi_videobridge_rtp_port: 10000
+jitsi_videobridge_src_ip:
+  - 0.0.0.0/0
+
+jitsi_videobridge_domain: "{{ jitsi_domain | default(inventory_hostname) }}"
+jitsi_videobridge_auth_domain: "{{ jitsi_auth_domain | default('auth.' ~ jitsi_domain) }}"
+
+# XMPP password to connect to
+jitsi_videobridge_xmpp_server: "{{ jitsi_xmpp_server | default(inventory_hostname) }}"
+jitsi_videobridge_xmpp_user: jvb
+jitsi_videobridge_xmpp_domain: "{{ jitsi_videobridge_auth_domain }}"
+# A random pass will be created if not defined
+# jitsi_videobridge_xmpp_pass:

roles/jitsi_videobridge/handlers/main.yml

@@ -0,0 +1,5 @@
+---
+
+- name: restart jitsi-videobridge
+  service: name=jitsi-videobridge state=restarted
+

roles/jitsi_videobridge/meta/main.yml

@@ -0,0 +1,4 @@
+---
+
+dependencies:
+  - role: maven

roles/jitsi_videobridge/tasks/cleanup.yml

@@ -0,0 +1,8 @@
+---
+
+- name: Remove temp files
+  file: path={{ item }} state=absent
+  loop:
+    - "{{ jitsi_root_dir }}/tmp/jitsi-videobridge-2.1-SNAPSHOT"
+    - "{{ jitsi_root_dir }}/src/videobridge/target"
+  tags: jitsi

roles/jitsi_videobridge/tasks/conf.yml

@@ -0,0 +1,9 @@
+---
+
+- name: Deploy videobridge configuration
+  template: src={{ item }}.j2 dest={{ jitsi_root_dir }}/etc/videobridge/{{ item }} group={{ jitsi_user }} mode=640
+  loop:
+    - videobridge.conf
+    - sip-communicator.properties
+  notify: restart jitsi-videobridge
+  tags: jitsi

roles/jitsi_videobridge/tasks/directories.yml

@@ -0,0 +1,3 @@
+---
+
+- include: ../jitsi/tasks/directories.yml

roles/jitsi_videobridge/tasks/facts.yml

@@ -0,0 +1,15 @@
+---
+
+- name: Generate a random pass for videobridge
+  block:
+    - import_tasks: ../includes/get_rand_pass.yml
+      vars:
+        - pass_file: "{{ jitsi_root_dir }}/meta/ansible_videobridge_xmpp_pass"
+    - set_fact: jitsi_videobridge_xmpp_pass={{ rand_pass }}
+  when: jitsi_videobridge_xmpp_pass is not defined
+  tags: jitsi
+
+- name: Check if videobridge is built
+  stat: path={{ jitsi_root_dir }}/videobridge/jvb.sh
+  register: jitsi_videobridge_script
+  tags: jitsi

roles/jitsi_videobridge/tasks/install.yml

@@ -0,0 +1,52 @@
+---
+
+- name: Install dependencies
+  yum:
+    name:
+      - java-1.8.0-openjdk
+      - git
+  tags: jitsi
+
+  # If the repo changed since the last run, we rebuild and restart the bridge
+- name: Clone videobridge repo
+  git:
+    repo: "{{ jitsi_videobridge_git_url }}"
+    dest: "{{ jitsi_root_dir }}/src/videobridge"
+    force: True
+  become_user: "{{ jitsi_user }}"
+  register: jitsi_videobridge_git
+  tags: jitsi
+
+- name: Install or update videobridge
+  block:
+    - name: Build videobridge
+      command: /opt/maven/apache-maven/bin/mvn package -DskipTests -Dassembly.skipAssembly=false
+      args:
+        chdir: "{{ jitsi_root_dir }}/src/videobridge"
+      become_user: "{{ jitsi_user }}"
+
+    - name: Extract videobridge archive
+      unarchive:
+        src: "{{ jitsi_root_dir }}/src/videobridge/jvb/target/jitsi-videobridge-2.1-SNAPSHOT-archive.zip"
+        dest: "{{ jitsi_root_dir }}/tmp/"
+        remote_src: True
+
+    - name: Move videobridge to its final directory
+      synchronize:
+        src: "{{ jitsi_root_dir }}/tmp/jitsi-videobridge-2.1-SNAPSHOT/"
+        dest: "{{ jitsi_root_dir }}/videobridge/"
+        recursive: True
+        delete: True
+        compress: False
+      delegate_to: "{{ inventory_hostname }}"
+      notify: restart jitsi-videobridge
+
+  when: (jitsi_videobridge_git.changed and jitsi_videobridge_manage_upgrade) or not jitsi_videobridge_script.stat.exists
+  tags: jitsi
+
+- name: Deploy systemd unit
+  template: src=jitsi-videobridge.service.j2 dest=/etc/systemd/system/jitsi-videobridge.service
+  register: jitsi_videobridge_unit
+  notify: restart jitsi-videobridge
+  tags: jitsi
+

roles/jitsi_videobridge/tasks/iptables.yml

@@ -0,0 +1,8 @@
+---
+
+- name: Handle jitsi videobridge ports
+  iptables_raw:
+    name: jitsi_videobridge_ports
+    state: "{{ (jitsi_videobridge_src_ip | length > 0) | ternary('present','absent') }}"
+    rules: "-A INPUT -m state --state NEW -p udp --dport {{ jitsi_videobridge_rtp_port }} -s {{ jitsi_videobridge_src_ip | join(',') }} -j ACCEPT"
+  tags: firewall,jitsi

roles/jitsi_videobridge/tasks/main.yml

@@ -0,0 +1,11 @@
+---
+
+- include: user.yml
+- include: directories.yml
+- include: facts.yml
+- include: install.yml
+- include: conf.yml
+- include: iptables.yml
+  when: iptables_manage | default(True)
+- include: services.yml
+- include: cleanup.yml

roles/jitsi_videobridge/tasks/services.yml

@@ -0,0 +1,5 @@
+---
+
+- name: Start and enable services
+  service: name=jitsi-videobridge state=started enabled=True
+  tags: jitsi

roles/jitsi_videobridge/tasks/user.yml

@@ -0,0 +1,3 @@
+---
+
+- include: ../jitsi/tasks/user.yml

roles/jitsi_videobridge/templates/jitsi-videobridge.service.j2

@@ -0,0 +1,27 @@
+[Unit]
+Description=Jitsi Videobridge
+After=network.target
+
+[Service]
+Type=simple
+SuccessExitStatus=143
+EnvironmentFile={{ jitsi_root_dir }}/etc/videobridge/videobridge.conf
+User={{ jitsi_user }}
+Group={{ jitsi_user }}
+PrivateTmp=true
+PrivateDevices=true
+ProtectHome=true
+ProtectSystem=full
+ReadOnlyDirectories={{ jitsi_root_dir }}/etc {{ jitsi_root_dir }}/videobridge
+Restart=on-failure
+StartLimitInterval=0
+RestartSec=30
+# more threads for this process
+TasksMax=65000
+# allow more open files for this process
+LimitNPROC=65000
+LimitNOFILE=65000
+ExecStart={{ jitsi_root_dir }}/videobridge/jvb.sh ${JVB_OPTS}
+
+[Install]
+WantedBy=multi-user.target

roles/jitsi_videobridge/templates/sip-communicator.properties.j2

@@ -0,0 +1,19 @@
+org.jitsi.impl.neomedia.transform.srtp.SRTPCryptoContext.checkReplay=false
+org.jitsi.videobridge.SINGLE_PORT_HARVESTER_PORT={{ jitsi_videobridge_rtp_port }}
+org.ice4j.ipv6.DISABLED=true
+{% if jitsi_external_ip is defined %}
+org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS={{ ansible_default_ipv4.address }}
+org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS={{ jitsi_external_ip }}
+{% endif %}
+
+org.jitsi.videobridge.ENABLE_STATISTICS=true
+org.jitsi.videobridge.STATISTICS_TRANSPORT=muc
+org.jitsi.videobridge.STATISTICS_INTERVAL=5000
+
+org.jitsi.videobridge.xmpp.user.acc1.HOSTNAME={{ jitsi_xmpp_server }}
+org.jitsi.videobridge.xmpp.user.acc1.DOMAIN={{ jitsi_videobridge_xmpp_domain }}
+org.jitsi.videobridge.xmpp.user.acc1.USERNAME={{ jitsi_videobridge_xmpp_user }}
+org.jitsi.videobridge.xmpp.user.acc1.PASSWORD={{ jitsi_videobridge_xmpp_pass }}
+org.jitsi.videobridge.xmpp.user.acc1.MUC_JIDS=JvbBrewery@internal.{{ jitsi_auth_domain }}
+org.jitsi.videobridge.xmpp.user.acc1.MUC_NICKNAME={{ inventory_hostname }}
+

roles/jitsi_videobridge/templates/videobridge.conf.j2

@@ -0,0 +1,3 @@
+JVB_OPTS="--apis=rest"
+JAVA_SYS_PROPS="-Dnet.java.sip.communicator.SC_HOME_DIR_LOCATION={{ jitsi_root_dir }}/etc -Dnet.java.sip.communicator.SC_HOME_DIR_NAME=videobridge"
+