Merge branch 'bbb' into 'master'

BBB - ajout de la gestion de la connection ldap LE + activation des metrics See merge request 10031/visio!12
2020-10-13 10:32:17 +02:00
parent 65a74e0072 33cd88390b
commit 1bc6092523
12 changed files with 246 additions and 3 deletions
@@ -1,3 +1,4 @@
 jitsi.komuniki.fr ansible_user=ubuntu ansible_become=true
 visio.imio.be ansible_user=debian ansible_become=true
 jitsi.entrouvert.com ansible_user=root
 bbb.komuniki.fr ansible_user=root
@@ -6,7 +6,7 @@
    - role: jitsi-enable-fr-ln
    - role: jitsi-add-logo
    - role: jitsi-enable-video-optimisation
-    - role: jitsi-enable-stats
+    - role: jitsi-enable-metrics
  tags:
    - imio
@@ -15,7 +15,7 @@
    - role: jitsi-pre-install
    - role: jitsi-install
    - role: jitsi-enable-prejoinPage
-    - role: jitsi-enable-stats
+    - role: jitsi-enable-metrics
    - role: jitsi-enable-fr-ln
    - role: jitsi-add-logo
    - role: jitsi-enable-calendar
@@ -28,7 +28,7 @@
    - role: jitsi-install
    - role: jitsi-enable-fr-ln
    - role: jitsi-enable-video-optimisation
-    - role: jitsi-enable-stats
+    - role: jitsi-enable-metrics
      vars:
        hostname: visio443.champs-libres.be
  tags:
@@ -41,3 +41,10 @@
    - role: jitsi-enable-video-optimisation
  tags:
    - eo
 - hosts: bbb.komuniki.fr
  roles:
    - role: bbb-enable-ldap-LE
    - role: bbb-enable-metrics
  tags:
    - bbb
@@ -0,0 +1,32 @@
 ---
 # Activation de l'authentification au ldap Libre Entreprise
 - name: ajout du serveur LDAP
  lineinfile:
    path: "/root/greenlight/.env"
    regexp: "LDAP_SERVER="
    line: "LDAP_SERVER=ldap.libre-entreprise.org"
 - name: ajout du LDAP_PORT
  lineinfile:
    path: "/root/greenlight/.env"
    regexp: "LDAP_PORT="
    line: "LDAP_PORT=636"
 - name: ajout du LDAP_METHOD
  lineinfile:
    path: "/root/greenlight/.env"
    regexp: "LDAP_METHOD="
    line: "LDAP_METHOD=ssl"
 - name: ajout du LDAP_UID
  lineinfile:
    path: "/root/greenlight/.env"
    regexp: "LDAP_UID="
    line: "LDAP_UID=uid"
 - name: ajout du LDAP_BASE
  lineinfile:
    path: "/root/greenlight/.env"
    regexp: "LDAP_BASE="
    line: "LDAP_BASE=o=libre-entreprise" 
@@ -0,0 +1,94 @@
 #!/usr/bin/env python3
 import subprocess
 import json
 import sys
 import hashlib
 import logging
 from urllib.parse import urljoin
 from lxml import etree
 import requests
 def error(msg):
  print(msg, file=sys.stderr)
  sys.exit(2)
 def get_conf():
  secret, base_url = "", ""
  out = subprocess.check_output(["bbb-conf", "--secret"])
  for line in out.splitlines():
    line = line.strip().decode('utf-8')
    if line.lower().startswith('url:'):
      base_url = line[len('url: '):]
    if line.lower().startswith('secret:'):
      secret = line[len('secret: '):]
  return secret, base_url + 'api/'
 def checksum(secret, baseurl, endpoint):
  content = endpoint + secret
  sha1 = hashlib.sha1()
  sha1.update(content.encode('utf-8'))
  return sha1.hexdigest()
 def get(baseurl, endpoint, secret):
  url = urljoin(baseurl, endpoint + '?checksum=' + checksum(secret, baseurl, endpoint))
  try:
    res = requests.get(url)
  except Exception:
    logging.exception('fail to make api call')
    return os.exit(2)
  return etree.fromstring(res.text)
 def dump_meetings(baseurl, secret):
  t = get(baseurl, 'getMeetings', secret)
  meetings = t.findall('.//meeting')
  metrics = {
   'meetings': len(meetings),
   'inactive_meetings': 0,
   'participants': 0,
   'voice_participants': 0,
   'video_participants': 0,
   'listeners': 0
  }
  for node in meetings:
    participants = int(node.find('participantCount').text)
    voice_participants = int(node.find('voiceParticipantCount').text)
    video_participants = int(node.find('videoCount').text)
    listeners = int(node.find('listenerCount').text)
    metrics['participants'] += participants
    metrics['voice_participants'] += voice_participants
    metrics['video_participants'] += video_participants
    metrics['listeners'] += listeners
    if participants == 0:
      metrics['inactive_meetings'] += 1
  return metrics
 def dump_recordings(baseurl, secret):
  t = get(baseurl, 'getRecordings', secret)
  metrics = {'processing_recordings': 0, 'processed_recordings': 0, 'published_recordings': 0, 'unpublished_recordings': 0}
  for node in t.findall('.//recording'):
    origstate = node.find('state').text
    state = origstate + '_recordings'
    if state not in metrics:
      return error('unknown state `%s`' % origstate)
    metrics[state] += 1
  return metrics
 def main():
  secret, baseurl = get_conf()
  metrics = {}
  metrics.update(dump_recordings(baseurl, secret))
  metrics.update(dump_meetings(baseurl, secret))
  print(json.dumps(metrics))
 main()
@@ -0,0 +1,7 @@
 [[inputs.exec]]
  name_override = "bbb_stats"
  commands = [
    "/opt/bbb-telegraf.py"
  ]
  data_format = "json"
@@ -0,0 +1,38 @@
 ---
 # Activation des métriques Telegraf
 ## Instalation de Telegraf
 - name: Ajout de la clé du depot Telegraf
  apt_key:
    url: https://repos.influxdata.com/influxdb.key
 - name: Ajout du depot influxdata
  apt_repository:
    repo: deb https://repos.influxdata.com/debian buster stable
 - name: Installation de Telegraf
  apt:
    name: telegraf
 - name: Application de la conf général de Telegraf
  template:
    src: ../templates/telegraf-general.conf.j2
    dest: /etc/telegraf/telegraf.conf
    mode: u=rw,g=r,o=r
  notify:
    - restart telegraf
 ## Instalation des metrics BBB
 - name: Ajout du script python qui met en forme les metrics BBB
  template:
    src: ../files/bbb-telegraf.py
    dest: /opt/
    mode: u=rwx,g=rx,o=rx
 - name: Application de la conf BBB pour Telegraf
  template:
    src: ../files/telegraf-input-bbb.conf
    dest: /etc/telegraf/telegraf.d/jitsi.conf
    mode: u=rw,g=r,o=r
  notify:
    - restart telegraf
@@ -0,0 +1,56 @@
 [global_tags]
 # Configuration for telegraf agent
 [agent]
    interval = "60s"
    debug = false
    hostname = "{{ inventory_hostname }}"
    round_interval = true
    flush_interval = "10s"
    flush_jitter = "0s"
    collection_jitter = "0s"
    metric_batch_size = 1000
    metric_buffer_limit = 10000
    quiet = false
    logfile = ""
    omit_hostname = false
 ###############################################################################
 #                                  OUTPUTS                                    #
 ###############################################################################
 [[outputs.influxdb]]
    urls = [ "https://influxdb.nereide.fr" ]
    username = "telegraf"
    password = "{{ vault_telegraf_nrd_passwd }}"
 ###############################################################################
 #                                  INPUTS                                     #
 ###############################################################################
 [[inputs.cpu]]
  percpu = true
  totalcpu = true
  fielddrop = ["time_*"]
 [[inputs.disk]]
  ignore_fs = ["tmpfs", "devtmpfs", "none", "iso9660", "overlay", "aufs", "squashfs"]
 [[inputs.diskio]]
 [[inputs.kernel]]
 [[inputs.mem]]
 [[inputs.swap]]
 [[inputs.net]]
  fieldpass = [ "bytes*" ]
 [[inputs.netstat]]
 [[inputs.processes]]
 [[inputs.system]]
@@ -0,0 +1,8 @@
 ---
 - name: restart telegraf
  systemd:
    name: telegraf
    state: restarted
    daemon_reload: true
    enabled: true