diff --git a/README.md b/README.md index e30e812..7b26b4c 100644 --- a/README.md +++ b/README.md @@ -35,29 +35,11 @@ ldap = { # BigBlueButton ## Installation - Installé à l'aide du script officiel fournit ici : https://docs.bigbluebutton.org/2.2/install.html#bbb-installsh +## Ajout d'un compte administrateur +`docker exec greenlight-v2 bundle exec rake user:create["LOGIN","MAIL","PASS","admin"]` + ## Connexion LDAP - -On suit la solution proposée par la communauté : -https://docs.bigbluebutton.org/greenlight/gl-config.html#ldap-auth - -Lors de la configuration du fichier .env pour activer l'authentification LDAP, -on applique les paramètres suivants : - - -```shell -LDAP_SERVER=ldap.libre-entreprise.org -LDAP_PORT=636 -LDAP_METHOD=ssl -LDAP_UID=uid -LDAP_BASE=o=libre-entreprise -LDAP_BIND_DN= -LDAP_PASSWORD= -``` - - - - +utiliser le role `bbb-enable-ldap-LE` dans le fichier playbook_prod.yml pour votre machine diff --git a/inventory_prod b/inventory_prod index 8fb07c1..16da929 100644 --- a/inventory_prod +++ b/inventory_prod @@ -1,4 +1,5 @@ jitsi.komuniki.fr ansible_user=debian ansible_become=true visio.imio.be ansible_user=debian ansible_become=true jitsi.entrouvert.com ansible_user=root -bbb.komuniki.fr ansible_user=root \ No newline at end of file +bbb.komuniki.fr ansible_user=root +imio.bbb.komuniki.fr ansible_user=root bbbHostname=imio.bbb.komuniki.fr \ No newline at end of file diff --git a/playbook_prod.yml b/playbook_prod.yml index a9cbd9c..63b65c7 100644 --- a/playbook_prod.yml +++ b/playbook_prod.yml @@ -22,18 +22,6 @@ tags: - komki -- hosts: visio443.champs-libres.be - roles: - - role: jitsi-pre-install - - role: jitsi-install - - role: jitsi-enable-fr-ln - - role: jitsi-enable-video-optimisation - - role: jitsi-enable-metrics - vars: - hostname: visio443.champs-libres.be - tags: - - cl - - hosts: jitsi.entrouvert.com roles: - role: jitsi-pre-install @@ -48,3 +36,11 @@ - role: bbb-enable-metrics tags: - bbb + +- hosts: imio.bbb.komuniki.fr + roles: + - role: bbb-set-hostname + - role: bbb-disable-test-echo + - role: bbb-enable-metrics + tags: + - imio.bbb diff --git a/roles/bbb-disable-test-echo/tasks/main.yml b/roles/bbb-disable-test-echo/tasks/main.yml new file mode 100644 index 0000000..12ba9f4 --- /dev/null +++ b/roles/bbb-disable-test-echo/tasks/main.yml @@ -0,0 +1,11 @@ +--- +- name: Désactivation du test d'écho effectué lors de l'accès à la room + lineinfile: + path: /usr/share/meteor/bundle/programs/server/assets/app/config/settings.yml + regexp: ' skipCheck: false' + line: ' skipCheck: true' + register: result + +- name: On redémarre bbb que si le fichier ci dessus a été modifié + shell: "bbb-conf --restart" + when: result is changed \ No newline at end of file diff --git a/roles/bbb-set-hostname/handlers/main.yml b/roles/bbb-set-hostname/handlers/main.yml new file mode 100644 index 0000000..a7e57e5 --- /dev/null +++ b/roles/bbb-set-hostname/handlers/main.yml @@ -0,0 +1,5 @@ +--- +- name: reload nginx + systemd: + name: nginx + state: reloaded \ No newline at end of file diff --git a/roles/bbb-set-hostname/tasks/main.yml b/roles/bbb-set-hostname/tasks/main.yml new file mode 100644 index 0000000..b0a7872 --- /dev/null +++ b/roles/bbb-set-hostname/tasks/main.yml @@ -0,0 +1,74 @@ +--- +# Set du hostname BBB +# Prérequis : le DNS doit être positionné sur le nouveau nom de domaine + +- name: vérification de la présence du hostname dans les variables + fail: + msg: | + la variable `bbbHostname` est obligatoire pour + utiliser le role bbb-set-hostname. + Veuillez la rajouter dans l'inventaire + when: + - bbbHostname is not defined + +# Config BBB +- name: Récup du hostname actuellement configuré + fetch: + src: /usr/share/bbb-web/WEB-INF/classes/bigbluebutton.properties + dest: /tmp/ + flat: yes + +- name : Récup du hostname actuellement configuré + set_fact: + oldHostname: "{{ lookup('ini', 'bigbluebutton.web.serverURL type=properties file=/tmp/bigbluebutton.properties') | urlsplit('hostname') }}" + +- name: execution de la commande bigbluebutton qui set le nouveau nom de domaine + command: "bbb-conf --setip {{ bbbHostname }}" + when: oldHostname != bbbHostname + +# Config Greenlight +- name: Maj du server name greenlight de la conf bigbluebutton + replace: + path: /root/greenlight/.env + regexp: '(.*){{ oldHostname }}(.*)' + replace: '\1{{ bbbHostname }}\2' + +- name: redémarrage de greenlight + shell: "cd /root/greenlight; docker-compose down; docker-compose up -d" + when: oldHostname != bbbHostname + +# Config Let's encrypt +- name: Check si le certificat SSL est présent + stat: + path: /etc/letsencrypt/live/{{ bbbHostname }}/fullchain.pem + register: ssl_file + +- name: Active la conf nginx nécessaire pour créer un certificat Let's Encrypt + template: + src: ../templates/nginxSSLcheck.conf + dest: /etc/nginx/sites-enabled/ + mode: '0644' + when: not ssl_file.stat.exists + +- name: Force le redémarrage de Nginx pour prendre en compte la nouvelle conf + systemd: + state: restarted + name: nginx + when: not ssl_file.stat.exists + +- name: Certif LE + command: certbot --webroot -w /var/www/bigbluebutton-default/ -d {{ bbbHostname }} certonly + when: not ssl_file.stat.exists + +- name: Suppression de la conf temporaire LE + file: + path: /etc/nginx/sites-enabled/nginxSSLcheck.conf + state: absent + notify: reload nginx + +- name: Maj du server name nginx de la conf bigbluebutton + replace: + path: /etc/nginx/sites-enabled/bigbluebutton + regexp: '(.*){{ oldHostname }}(.*)' + replace: '\1{{ bbbHostname }}\2' + notify: reload nginx \ No newline at end of file diff --git a/roles/bbb-set-hostname/templates/nginxSSLcheck.conf b/roles/bbb-set-hostname/templates/nginxSSLcheck.conf new file mode 100644 index 0000000..8432419 --- /dev/null +++ b/roles/bbb-set-hostname/templates/nginxSSLcheck.conf @@ -0,0 +1,6 @@ +server { + listen 80; + listen [::]:80; + server_name {{ bbbHostname }}; + root /var/www/bigbluebutton-default/; +} \ No newline at end of file