antoine/visio_nrd
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch '10-installation-d-un-coturn-externe' into 'master'

Browse Source 
Resolve "installation d'un coturn externe"

Closes #10

See merge request 10031/visio!16
This commit is contained in:
Antoine Ouvrard
2021-04-27 10:19:54 +00:00
parent 7c4cf16d05 38c5dc95bf
commit 1c1dd147a9
14 changed files with 205 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files
group_vars/all/vault
+32 -29
View File
@@ -1,30 +1,33 @@
$ANSIBLE_VAULT;1.1;AES256
61333538356632383839336135343862353764643963663538313239376562666665613137353333
3138326361613439353838396162653263383839376234390a643963343962313935373134313465
66656662386135353434313935636135336336323833626666383931623665366264663438663134
6237656662356632350a313232376331393031366330336363613963343366393338323366313338
34626231356530646163623738356462646463646261383735633166316133653631613466323161
65323438316165646263343566303336663261616333636231336632653662383935626165643331
65643839303730313134643866313963613532623635653735643433396530653035336161393930
33626338306561333461383036356235666130313635643864343831363237613066613138326633
32343761663533323635363034666165393063653438336533333232663237316431333863336165
34306565623337316433653531383731343366626666616233633630363736333234316565313436
30616331626365656333646262633130336166353137333139303764363165346133393836626233
64323962666263303263343535396266623966356439653833313139653838363866626365366434
66633461636637373264633130313438383461613835646463663061653531306362633737376562
61376536633162303337336266386465353139306265386365316434346462653464366663316663
66323335393361613432313430653865356137663261643037303663663535346366383366626339
36356332373631393464623566303832666638356134643738646138396631353434343436623036
30313137656363303939613734646463333039343838303162333165613432393634356432386538
34613566623436303632666566306462626438663739353432663265653237633661396132376331
31636637333132396464353036313362623234386435366661656134336436373030623830643038
38643862306332663831363935326361316661333737616230633961393261643261653364373731
65336433656362663961636666326430363432353537316164643662343634306538376165666639
65616135643438353738376665613561353663356466306633653266303738323830346330386334
61386537333935376134373134383666616564636565343261303161303064656436363064666432
34653737616161386265623164336137363663653264643239326337383139336336643063313434
33326166633263616537613365306335626562303835643637323162383831333234613136643464
61646531646332393032366362383538616636656261373036373164323531393430363837393066
37663865646338393866653636326131316237613030663964663962313366666136633634633731
32626263316633306363313031626666316139393735616236653031626166383434646166353366
63303163626335333735626338306332333037366239646631393138316364313932
66376665636436366538646536616266356136383562326135313565616137343661633066633838
3766383364643637316661393762333639333335373835650a306239363535346436363930376665
39643865613032386563323262313934353634633432333837613933663766303661363664333132
3230326235373636380a663264376161616235636638383764343265373866323437393033633535
66356235643963353265336633643438393136613630313339623764666339653934336631363664
61623965396537326562326436346132613061326164353263376161313736323334373263623539
64633136366632623138313066633664663739393236303862313236613333353730646462646433
37393137313336313835343935633137663336373363663964353630353231643530336536326666
63373833316337396166643465663966333037373863663533326133613830366631653561376631
31386362343330313131366534613732396162343864623436646163613339383038303562353138
37313334343363646639623161373339626365383034613432383335353261306130356465363066
61626535306139393639643066653930646532336530653563393034353665366136363335353731
65386439613331396339343630303031313565626264393532393739373531656436616634636630
32376531323562653835396334306634623830336136313864653535323337346161363363376430
34356133653631303138303337383238333835356238373261336465356538326439333537666533
64383832353065383463643632343064663734613239613135663564343333373331623663326235
62666362383962623833376331323930366361306132376131633066323935643763366336333036
38323765383137663832613838353131353161336239656633373565333564316164376331393663
62333565313531373539663932653530333663653431393333663436643363663433343266663064
63373930343430393261343138363963663065393634663734636565616331343364666331313432
66613931383765383766623662353831353538313932396332343030326137336438646432666534
38626533386666373961363838636639323230316632626635323266626139313462386638343137
36663864626166383861633765343432373539333237303364656338616233383934336365623132
38623637383366643063616339636633653538303663303364366436396562323835386433383534
34653132303465356464643966303032646331653162373130333730616439336438333930623236
37393036636237306165626563643165346461303861396165333937313030653933643630336163
38353533626531383239336539633238333139633034353437356234626565343863656634623734
64366636633938663165666530386634363637396535656232363039383936623065303033643166
32393631656362373566633230393436313138396430383130643339633432363765373539313230
34393236346332366462623466383463626432613931653961643730643330666662333838366466
36353439363565653436616236353830633763353236353331623333306239653835393034343237
33393937303630616136
host_vars/coturn.komuniki.fr.yml
+2
View File
@@ -0,0 +1,2 @@
---
coturn_secret: "{{ vault_coturn_secret }}"
host_vars/pp.jitsi.komuniki.fr.yml
+2
View File
@@ -2,3 +2,5 @@
ansible_user: root
jitsi_logo: jitsi.komuniki.fr.svg
jitsi_logo_url: https://komuniki.fr
coturn_hostname: coturn.komuniki.fr
coturn_secret: "{{ vault_coturn_secret }}"
host_vars/visio.imio.be.yml
+3 -3
View File
@@ -1,6 +1,6 @@
---
jitsi_user: imio
jitsi_pass: logiciellibre
jitsi_logo: visio.imio.be.svg
jitsi_logo_url: https://imio.be
jitsi_mutidomain_domain: ['visio-cpas.be']
jitsi_multidomain_domain: ['visio-cpas.be']
coturn_hostname: origan.champs-libres.be
coturn_secret: "{{ vault_coturn_secret }}"
inventory_staging
+1
View File
@@ -1,2 +1,3 @@
pp.jitsi.komuniki.fr
imio2.komuniki.fr ansible_user=root
coturn.komuniki.fr ansible_user=root
playbook_prod.yml
+4
View File
@@ -7,6 +7,10 @@
- role: jitsi-add-logo
- role: jitsi-enable-video-optimisation
- role: jitsi-enable-metrics
- role: jitsi-enable-prejoinPage
- role: jitsi-enable-external-coturn
- role: jitsi-enable-multidomain
- role: jitsi-enable-specific-imio
tags:
- imio
playbook_staging.yml
+7
View File
@@ -5,6 +5,7 @@
- role: jitsi-pre-install
- role: jitsi-install
- role: jitsi-enable-prejoinPage
- role: jitsi-enable-external-coturn
- role: jitsi-enable-metrics
- role: jitsi-enable-fr-ln
- role: jitsi-add-logo
@@ -22,3 +23,9 @@
- role: jitsi-enable-specific-imio
tags:
- imio2
- hosts: coturn.komuniki.fr
roles:
- role: coturn-install
tags:
- coturn.komki
roles/coturn-install/handlers/main.yml
+8
View File
@@ -0,0 +1,8 @@
---
- name: restart coturn
systemd:
name: coturn
state: restarted
daemon_reload: true
enabled: true
roles/coturn-install/tasks/letsencrypt.yml
+15
View File
@@ -0,0 +1,15 @@
- name: Installation de snapd
apt:
name:
- snapd
state: present
- name: Initialisation de snap et installtion de certbot (prendre bien 5min, soyez patient)
command: "{{ item }}"
loop:
- snap install core
- snap refresh core
- snap install --classic certbot
- name: Création du certificat SSL
command: /snap/bin/certbot certonly --standalone -d {{ inventory_hostname }} -m supervision@nereide.fr --agree-tos --non-interactive
roles/coturn-install/tasks/main.yml
+49
View File
@@ -0,0 +1,49 @@
---
- name: vérification des variables obligatoire
fail:
msg: |
il faut définir la variable `coturn_secret` pour utiliser ce role
when: coturn_secret is not defined
- name: Installation de coturn
apt:
name:
- coturn
update_cache: true
- name: Y-a-t un certificat SSL dans l'avion?
stat:
path: /etc/letsencrypt/live/{{ inventory_hostname }}/fullchain.pem
register: ssl_file
- include_tasks: letsencrypt.yml
when: not ssl_file.stat.exists
- name: Donne les droits a coturn de lire les certificats SSL
file:
path: "{{ item }}"
owner: turnserver
group: turnserver
state: directory
recurse: yes
loop:
- /etc/letsencrypt/live
- /etc/letsencrypt/archive
- name: set la config coturn
template:
src: ../templates/turnserver.conf.j2
dest: /etc/turnserver.conf
notify: restart coturn
- name: Ajout des capabilities à coturn
lineinfile:
path: /etc/systemd/system/coturn.service.d/override.conf
create: yes
line: |
[Service]
AmbientCapabilities=CAP_NET_BIND_SERVICE
notify: restart coturn
roles/coturn-install/templates/turnserver.conf.j2
+36
View File
@@ -0,0 +1,36 @@
# jitsi-meet coturn config. Do not modify this line
use-auth-secret
keep-address-family
static-auth-secret={{ coturn_secret }}
realm={{ inventory_hostname }}
server-name={{ inventory_hostname }}
cert=/etc/letsencrypt/live/{{ inventory_hostname }}/fullchain.pem
pkey=/etc/letsencrypt/live/{{ inventory_hostname }}/privkey.pem
no-multicast-peers
no-cli
no-loopback-peers
no-tcp-relay
no-tcp
listening-port=3478
tls-listening-port=443
no-tlsv1
no-tlsv1_1
# https://ssl-config.mozilla.org/#server=haproxy&version=2.1&config=intermediate&openssl=1.1.0g&guideline=5.4
cipher-list=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
# jitsi-meet coturn relay disable config. Do not modify this line
denied-peer-ip=0.0.0.0-0.255.255.255
denied-peer-ip=10.0.0.0-10.255.255.255
denied-peer-ip=100.64.0.0-100.127.255.255
denied-peer-ip=127.0.0.0-127.255.255.255
denied-peer-ip=169.254.0.0-169.254.255.255
denied-peer-ip=127.0.0.0-127.255.255.255
denied-peer-ip=172.16.0.0-172.31.255.255
denied-peer-ip=192.0.0.0-192.0.0.255
denied-peer-ip=192.0.2.0-192.0.2.255
denied-peer-ip=192.88.99.0-192.88.99.255
denied-peer-ip=192.168.0.0-192.168.255.255
denied-peer-ip=198.18.0.0-198.19.255.255
denied-peer-ip=198.51.100.0-198.51.100.255
denied-peer-ip=203.0.113.0-203.0.113.255
denied-peer-ip=240.0.0.0-255.255.255.255
syslog
roles/jitsi-enable-external-coturn/handlers/main.yml
+7
View File
@@ -0,0 +1,7 @@
---
- name: restart prosody
systemd:
name: prosody
state: restarted
daemon_reload: true
enabled: true
roles/jitsi-enable-external-coturn/tasks/main.yml
+35
View File
@@ -0,0 +1,35 @@
---
- name: vérification des variables obligatoire
fail:
msg: |
il faut définir les variables `coturn_hostname` et
`coturn_secret` pour utiliser ce role
when: (coturn_secret is not defined) or
(coturn_hostname is not defined)
# Attention doit etre joué toujours avant la tache d'après
# Car commente le paramètre `turncredentials_secret`
# qui est ensuite renseigné par la tache suivante
- name: indique a jitsi d'utiliser un coturn externe
replace:
path: /etc/prosody/conf.d/{{ inventory_hostname }}.cfg.lua
regexp: '{{ item[0] }}'
replace: '{{ item[1] }}'
loop:
- ['host = "{{ inventory_hostname }}"','host = "{{ coturn_hostname }}"']
- ['-- https_ports = { };','https_ports = { };']
- ['^external_service_secret =', '-- external_service_secret =']
- ['port = 3478','port = 443']
- ['port = 5349','port = 443']
notify: restart prosody
- name: indique a jitsi les règles d'échange des credentials pour le coturn externe
blockinfile:
path: /etc/prosody/conf.d/{{ inventory_hostname }}.cfg.lua
marker: "-- {mark} ANSIBLE MANAGED BLOCK"
insertbefore: 'external_services = {'
block: |
external_service_secret = "{{ coturn_secret }}";
external_service_port = 443;
external_service_ttl = 86400;
notify: restart prosody
roles/jitsi-enable-video-optimisation/tasks/main.yml
+3 -14
View File
@@ -1,21 +1,10 @@
---
- name: Conf Jitsi - webcam en qualité medium par defaut
blockinfile:
lineinfile:
path: /etc/jitsi/meet/{{ inventory_hostname }}-config.js
marker: "// {mark} ANSIBLE MANAGED BLOCK"
insertafter: "[^?]// Video"
block: |
resolution: 360,
constraints: {
video: {
aspectRatio: 16 / 9,
height: {
ideal: 360,
max: 360,
min: 240
}
}
},
insertafter: "[^?]// resolution: 720,"
line: "resolution: 360,"
- name: Conf Jitsi - Désactive l'effet floutage d'arrière plan
replace: