From 33cd88390be8f7e7207667b7bc2bb42b64bbd632 Mon Sep 17 00:00:00 2001
From: Antoine Ouvrard <antoine.ouvrard@nereide.fr>
Date: Mon, 28 Sep 2020 11:25:22 +0200
Subject: [PATCH] BBB - ajout de la gestion de la connection ldap LE +
 activation des metrics

---
 inventory_prod                                |  1 +
 playbook_prod.yml                             | 13 ++-
 roles/bbb-enable-ldap-LE/tasks/main.yml       | 32 +++++++
 .../bbb-enable-metrics/files/bbb-telegraf.py  | 94 +++++++++++++++++++
 .../files/telegraf-input-bbb.conf             |  7 ++
 .../handlers/main.yml                         |  0
 roles/bbb-enable-metrics/tasks/main.yml       | 38 ++++++++
 .../templates/telegraf-general.conf.j2        | 56 +++++++++++
 roles/jitsi-enable-metrics/handlers/main.yml  |  8 ++
 .../tasks/main.yml                            |  0
 .../templates/telegraf-general.conf.j2        |  0
 .../templates/telegraf-input-jitsi.conf       |  0
 12 files changed, 246 insertions(+), 3 deletions(-)
 create mode 100644 roles/bbb-enable-ldap-LE/tasks/main.yml
 create mode 100644 roles/bbb-enable-metrics/files/bbb-telegraf.py
 create mode 100644 roles/bbb-enable-metrics/files/telegraf-input-bbb.conf
 rename roles/{jitsi-enable-stats => bbb-enable-metrics}/handlers/main.yml (100%)
 create mode 100644 roles/bbb-enable-metrics/tasks/main.yml
 create mode 100644 roles/bbb-enable-metrics/templates/telegraf-general.conf.j2
 create mode 100644 roles/jitsi-enable-metrics/handlers/main.yml
 rename roles/{jitsi-enable-stats => jitsi-enable-metrics}/tasks/main.yml (100%)
 rename roles/{jitsi-enable-stats => jitsi-enable-metrics}/templates/telegraf-general.conf.j2 (100%)
 rename roles/{jitsi-enable-stats => jitsi-enable-metrics}/templates/telegraf-input-jitsi.conf (100%)

diff --git a/inventory_prod b/inventory_prod
index 785b9b0..0420e17 100644
--- a/inventory_prod
+++ b/inventory_prod
@@ -1,3 +1,4 @@
 jitsi.komuniki.fr ansible_user=ubuntu ansible_become=true
 visio.imio.be ansible_user=debian ansible_become=true
 jitsi.entrouvert.com ansible_user=root
+bbb.komuniki.fr ansible_user=root
\ No newline at end of file
diff --git a/playbook_prod.yml b/playbook_prod.yml
index 4309da7..a9cbd9c 100644
--- a/playbook_prod.yml
+++ b/playbook_prod.yml
@@ -6,7 +6,7 @@
     - role: jitsi-enable-fr-ln
     - role: jitsi-add-logo
     - role: jitsi-enable-video-optimisation
-    - role: jitsi-enable-stats
+    - role: jitsi-enable-metrics
   tags:
     - imio
 
@@ -15,7 +15,7 @@
     - role: jitsi-pre-install
     - role: jitsi-install
     - role: jitsi-enable-prejoinPage
-    - role: jitsi-enable-stats
+    - role: jitsi-enable-metrics
     - role: jitsi-enable-fr-ln
     - role: jitsi-add-logo
     - role: jitsi-enable-calendar
@@ -28,7 +28,7 @@
     - role: jitsi-install
     - role: jitsi-enable-fr-ln
     - role: jitsi-enable-video-optimisation
-    - role: jitsi-enable-stats
+    - role: jitsi-enable-metrics
       vars:
         hostname: visio443.champs-libres.be
   tags:
@@ -41,3 +41,10 @@
     - role: jitsi-enable-video-optimisation
   tags:
     - eo
+
+- hosts: bbb.komuniki.fr
+  roles:
+    - role: bbb-enable-ldap-LE
+    - role: bbb-enable-metrics
+  tags:
+    - bbb
diff --git a/roles/bbb-enable-ldap-LE/tasks/main.yml b/roles/bbb-enable-ldap-LE/tasks/main.yml
new file mode 100644
index 0000000..6eec55c
--- /dev/null
+++ b/roles/bbb-enable-ldap-LE/tasks/main.yml
@@ -0,0 +1,32 @@
+---
+# Activation de l'authentification au ldap Libre Entreprise
+
+- name: ajout du serveur LDAP
+  lineinfile:
+    path: "/root/greenlight/.env"
+    regexp: "LDAP_SERVER="
+    line: "LDAP_SERVER=ldap.libre-entreprise.org"
+
+- name: ajout du LDAP_PORT
+  lineinfile:
+    path: "/root/greenlight/.env"
+    regexp: "LDAP_PORT="
+    line: "LDAP_PORT=636"
+
+- name: ajout du LDAP_METHOD
+  lineinfile:
+    path: "/root/greenlight/.env"
+    regexp: "LDAP_METHOD="
+    line: "LDAP_METHOD=ssl"
+
+- name: ajout du LDAP_UID
+  lineinfile:
+    path: "/root/greenlight/.env"
+    regexp: "LDAP_UID="
+    line: "LDAP_UID=uid"
+
+- name: ajout du LDAP_BASE
+  lineinfile:
+    path: "/root/greenlight/.env"
+    regexp: "LDAP_BASE="
+    line: "LDAP_BASE=o=libre-entreprise" 
\ No newline at end of file
diff --git a/roles/bbb-enable-metrics/files/bbb-telegraf.py b/roles/bbb-enable-metrics/files/bbb-telegraf.py
new file mode 100644
index 0000000..54979f6
--- /dev/null
+++ b/roles/bbb-enable-metrics/files/bbb-telegraf.py
@@ -0,0 +1,94 @@
+#!/usr/bin/env python3
+
+import subprocess
+import json
+import sys
+import hashlib
+import logging
+from urllib.parse import urljoin
+
+from lxml import etree
+
+import requests
+
+
+def error(msg):
+  print(msg, file=sys.stderr)
+  sys.exit(2)
+
+
+def get_conf():
+  secret, base_url = "", ""
+  out = subprocess.check_output(["bbb-conf", "--secret"])
+  for line in out.splitlines():
+    line = line.strip().decode('utf-8')
+    if line.lower().startswith('url:'):
+      base_url = line[len('url: '):]
+    if line.lower().startswith('secret:'):
+      secret = line[len('secret: '):]
+  return secret, base_url + 'api/'
+
+
+def checksum(secret, baseurl, endpoint):
+  content = endpoint + secret
+  sha1 = hashlib.sha1()
+  sha1.update(content.encode('utf-8'))
+  return sha1.hexdigest()
+
+
+def get(baseurl, endpoint, secret):
+  url = urljoin(baseurl, endpoint + '?checksum=' + checksum(secret, baseurl, endpoint))
+  try:
+    res = requests.get(url)
+  except Exception:
+    logging.exception('fail to make api call')
+    return os.exit(2)
+  return etree.fromstring(res.text)
+
+
+def dump_meetings(baseurl, secret):
+  t = get(baseurl, 'getMeetings', secret)
+  meetings = t.findall('.//meeting')
+  metrics = {
+   'meetings': len(meetings),
+   'inactive_meetings': 0,
+   'participants': 0,
+   'voice_participants': 0,
+   'video_participants': 0,
+   'listeners': 0
+  }
+  for node in meetings:
+    participants = int(node.find('participantCount').text)
+    voice_participants = int(node.find('voiceParticipantCount').text)
+    video_participants = int(node.find('videoCount').text)
+    listeners = int(node.find('listenerCount').text)
+    metrics['participants'] += participants
+    metrics['voice_participants'] += voice_participants
+    metrics['video_participants'] += video_participants
+    metrics['listeners'] += listeners
+    if participants == 0:
+      metrics['inactive_meetings'] += 1
+  return metrics
+
+
+def dump_recordings(baseurl, secret):
+  t = get(baseurl, 'getRecordings', secret)
+  metrics = {'processing_recordings': 0, 'processed_recordings': 0, 'published_recordings': 0, 'unpublished_recordings': 0}
+  for node in t.findall('.//recording'):
+    origstate = node.find('state').text
+    state = origstate + '_recordings'
+    if state not in metrics:
+      return error('unknown state `%s`' % origstate)
+    metrics[state] += 1
+  return metrics
+
+
+def main():
+  secret, baseurl = get_conf()
+  metrics = {}
+  metrics.update(dump_recordings(baseurl, secret))
+  metrics.update(dump_meetings(baseurl, secret))
+  print(json.dumps(metrics))
+
+
+main()
\ No newline at end of file
diff --git a/roles/bbb-enable-metrics/files/telegraf-input-bbb.conf b/roles/bbb-enable-metrics/files/telegraf-input-bbb.conf
new file mode 100644
index 0000000..3120e92
--- /dev/null
+++ b/roles/bbb-enable-metrics/files/telegraf-input-bbb.conf
@@ -0,0 +1,7 @@
+[[inputs.exec]]
+  name_override = "bbb_stats"
+  commands = [
+    "/opt/bbb-telegraf.py"
+  ]
+
+  data_format = "json"
diff --git a/roles/jitsi-enable-stats/handlers/main.yml b/roles/bbb-enable-metrics/handlers/main.yml
similarity index 100%
rename from roles/jitsi-enable-stats/handlers/main.yml
rename to roles/bbb-enable-metrics/handlers/main.yml
diff --git a/roles/bbb-enable-metrics/tasks/main.yml b/roles/bbb-enable-metrics/tasks/main.yml
new file mode 100644
index 0000000..b747d3b
--- /dev/null
+++ b/roles/bbb-enable-metrics/tasks/main.yml
@@ -0,0 +1,38 @@
+---
+# Activation des métriques Telegraf
+
+## Instalation de Telegraf
+- name: Ajout de la clé du depot Telegraf
+  apt_key:
+    url: https://repos.influxdata.com/influxdb.key
+
+- name: Ajout du depot influxdata
+  apt_repository:
+    repo: deb https://repos.influxdata.com/debian buster stable
+
+- name: Installation de Telegraf
+  apt:
+    name: telegraf
+
+- name: Application de la conf général de Telegraf
+  template:
+    src: ../templates/telegraf-general.conf.j2
+    dest: /etc/telegraf/telegraf.conf
+    mode: u=rw,g=r,o=r
+  notify:
+    - restart telegraf
+
+## Instalation des metrics BBB
+- name: Ajout du script python qui met en forme les metrics BBB
+  template:
+    src: ../files/bbb-telegraf.py
+    dest: /opt/
+    mode: u=rwx,g=rx,o=rx
+
+- name: Application de la conf BBB pour Telegraf
+  template:
+    src: ../files/telegraf-input-bbb.conf
+    dest: /etc/telegraf/telegraf.d/jitsi.conf
+    mode: u=rw,g=r,o=r
+  notify:
+    - restart telegraf
diff --git a/roles/bbb-enable-metrics/templates/telegraf-general.conf.j2 b/roles/bbb-enable-metrics/templates/telegraf-general.conf.j2
new file mode 100644
index 0000000..848032e
--- /dev/null
+++ b/roles/bbb-enable-metrics/templates/telegraf-general.conf.j2
@@ -0,0 +1,56 @@
+[global_tags]
+
+
+# Configuration for telegraf agent
+[agent]
+    interval = "60s"
+    debug = false
+    hostname = "{{ inventory_hostname }}"
+    round_interval = true
+    flush_interval = "10s"
+    flush_jitter = "0s"
+    collection_jitter = "0s"
+    metric_batch_size = 1000
+    metric_buffer_limit = 10000
+    quiet = false
+    logfile = ""
+    omit_hostname = false
+
+###############################################################################
+#                                  OUTPUTS                                    #
+###############################################################################
+
+[[outputs.influxdb]]
+    urls = [ "https://influxdb.nereide.fr" ]
+    username = "telegraf"
+    password = "{{ vault_telegraf_nrd_passwd }}"
+
+
+###############################################################################
+#                                  INPUTS                                     #
+###############################################################################
+
+[[inputs.cpu]]
+  percpu = true
+  totalcpu = true
+  fielddrop = ["time_*"]
+
+[[inputs.disk]]
+  ignore_fs = ["tmpfs", "devtmpfs", "none", "iso9660", "overlay", "aufs", "squashfs"]
+
+[[inputs.diskio]]
+
+[[inputs.kernel]]
+
+[[inputs.mem]]
+
+[[inputs.swap]]
+
+[[inputs.net]]
+  fieldpass = [ "bytes*" ]
+
+[[inputs.netstat]]
+
+[[inputs.processes]]
+
+[[inputs.system]]
diff --git a/roles/jitsi-enable-metrics/handlers/main.yml b/roles/jitsi-enable-metrics/handlers/main.yml
new file mode 100644
index 0000000..389c440
--- /dev/null
+++ b/roles/jitsi-enable-metrics/handlers/main.yml
@@ -0,0 +1,8 @@
+---
+- name: restart telegraf
+  systemd:
+    name: telegraf
+    state: restarted
+    daemon_reload: true
+    enabled: true
+
diff --git a/roles/jitsi-enable-stats/tasks/main.yml b/roles/jitsi-enable-metrics/tasks/main.yml
similarity index 100%
rename from roles/jitsi-enable-stats/tasks/main.yml
rename to roles/jitsi-enable-metrics/tasks/main.yml
diff --git a/roles/jitsi-enable-stats/templates/telegraf-general.conf.j2 b/roles/jitsi-enable-metrics/templates/telegraf-general.conf.j2
similarity index 100%
rename from roles/jitsi-enable-stats/templates/telegraf-general.conf.j2
rename to roles/jitsi-enable-metrics/templates/telegraf-general.conf.j2
diff --git a/roles/jitsi-enable-stats/templates/telegraf-input-jitsi.conf b/roles/jitsi-enable-metrics/templates/telegraf-input-jitsi.conf
similarity index 100%
rename from roles/jitsi-enable-stats/templates/telegraf-input-jitsi.conf
rename to roles/jitsi-enable-metrics/templates/telegraf-input-jitsi.conf