antoine/visio_nrd
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'jibri2' into 'master'

Browse Source 
Jibri installation et configuration

See merge request 10031/visio!19
This commit is contained in:
Antoine Ouvrard
2021-04-28 15:43:34 +00:00
parent e13e25b1de 81f81beb10
commit ef7e1a2729
19 changed files with 533 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files
group_vars/all/vault
+34 -32
View File
@@ -1,33 +1,35 @@
$ANSIBLE_VAULT;1.1;AES256
66376665636436366538646536616266356136383562326135313565616137343661633066633838
3766383364643637316661393762333639333335373835650a306239363535346436363930376665
39643865613032386563323262313934353634633432333837613933663766303661363664333132
3230326235373636380a663264376161616235636638383764343265373866323437393033633535
66356235643963353265336633643438393136613630313339623764666339653934336631363664
61623965396537326562326436346132613061326164353263376161313736323334373263623539
64633136366632623138313066633664663739393236303862313236613333353730646462646433
37393137313336313835343935633137663336373363663964353630353231643530336536326666
63373833316337396166643465663966333037373863663533326133613830366631653561376631
31386362343330313131366534613732396162343864623436646163613339383038303562353138
37313334343363646639623161373339626365383034613432383335353261306130356465363066
61626535306139393639643066653930646532336530653563393034353665366136363335353731
65386439613331396339343630303031313565626264393532393739373531656436616634636630
32376531323562653835396334306634623830336136313864653535323337346161363363376430
34356133653631303138303337383238333835356238373261336465356538326439333537666533
64383832353065383463643632343064663734613239613135663564343333373331623663326235
62666362383962623833376331323930366361306132376131633066323935643763366336333036
38323765383137663832613838353131353161336239656633373565333564316164376331393663
62333565313531373539663932653530333663653431393333663436643363663433343266663064
63373930343430393261343138363963663065393634663734636565616331343364666331313432
66613931383765383766623662353831353538313932396332343030326137336438646432666534
38626533386666373961363838636639323230316632626635323266626139313462386638343137
36663864626166383861633765343432373539333237303364656338616233383934336365623132
38623637383366643063616339636633653538303663303364366436396562323835386433383534
34653132303465356464643966303032646331653162373130333730616439336438333930623236
37393036636237306165626563643165346461303861396165333937313030653933643630336163
38353533626531383239336539633238333139633034353437356234626565343863656634623734
64366636633938663165666530386634363637396535656232363039383936623065303033643166
32393631656362373566633230393436313138396430383130643339633432363765373539313230
34393236346332366462623466383463626432613931653961643730643330666662333838366466
36353439363565653436616236353830633763353236353331623333306239653835393034343237
33393937303630616136
33366637616337386438303331383830636131393062366539323333356531656638633362646633
3836666230323933653534363330386531373964633261350a386164336165666539313433333233
36363636633263303965396664393136323637323130646135366462623261656161333830666338
3564353666616561390a663636663162313564666264336661376636643532643833386263383731
66383564626134613365306262336337656430386263366633633134383730643163356138316664
61663136633864396237306261346430316635643736346234353133653561373566383638623966
31336333346138303564643866663563326237653134323834663633643330666263653232366665
34313537373038363734353766346639636462313962323034623430306465623539396332643130
62613030303234623865653832313662663764373432393366643262363136333662393439363730
30343535366331323864653066323333393938366166343463626132636431353663386534633936
39613163353236613133646464396337363637346336303231343766353134623036333333326337
33333766656465353638326461613431316236653039376363613536363937666364623166663531
36316533356464363530323666653436666331393634623539636130323237316663396239396564
39396236653636643764643636383332336262303234353730376638366236396630666163663266
35646662643236333630363566613436363737653461363839343131633632616230333737663535
31353638666233376433303338316465323737353538623530636366353963633663333333346364
66396562613337343034383137373838306636316334666239663964613134363962353138386663
37313561386662383066633734653439333035653765393135353663623535656330343963323462
61623837393131636466346364333734343064643838363836326562613731623730333030373431
39633435366666333236323430353138663363383064343565316132353561353763326334376237
66303963316632386464633865613339333133333939356665353165623762333565353837306631
30393763366231613738386233636439663937393138363338373565613630666234343463353532
36356531383737656164653935376331666261343239383462333966316335323531386365613138
30353939366164633730363161393766623638303633396132333339396164666335343836376638
32323066323631363436346339353838373866613837613666303264613535316134643661313165
63643039356631376432316563613130376539623638343864303738393132353331623330663235
66363032646233336566653233336133616561393831386162396631663930626430323766326137
31643766666538396266626464313036666638326233313065393163393230653135313730633339
64363338346564316461393963633363306365363034653037653766653930626564393433376536
33613665346334643361613163623536336138393037333135636664323235326563363761663037
35396666386433613063313639336239623637623263613762643835356261326236663338376564
35613633303430333736333531616436656537323335636434316231336633633262343964663261
37656438393831333730363761316334353265313239343030396534643066323665373862643832
3862343563316335313338313532643466643330633164383265
host_vars/jibri2.komuniki.fr.yml
+5
View File
@@ -0,0 +1,5 @@
---
jibri_user: "jibri1"
jibri_password: "{{ vault_jibri1_komuniki }}"
jitsi_server_host: "jitsi2.komuniki.fr"
jitsi_cookie_enabled: true
host_vars/jitsi2.komuniki.fr.yml
+4
View File
@@ -0,0 +1,4 @@
---
jibri_users:
- user: "jibri1"
password: "{{ vault_jibri1_komuniki }}"
inventory_staging
+1
View File
@@ -1,2 +1,3 @@
pp.jitsi.komuniki.fr
jitsi2.komuniki.fr ansible_user=root
jibri2.komuniki.fr ansible_user=root
playbook_staging.yml
+7
View File
@@ -8,5 +8,12 @@
- role: jitsi-enable-specific-komuniki
- role: jitsi-enable-fr-ln
- role: jitsi-enable-calendar
- role: jitsi-enable-jibri
tags:
- ppkomki
- hosts: jibri2.komuniki.fr
roles:
- role: jibri-install
tags:
- jibri2
roles/jibri-install/files/chrome-extension-cookie/README.md
+31
View File
@@ -0,0 +1,31 @@
# extension chrome
cette extension permet de forcer le positionnement de cookie
il faut d'abord forcer l'installation de cette extension voir la documentation
sur [chromium](http://dev.chromium.org/administrators/policy-list-3#ExtensionInstallForcelist)
Puis il faut configurer l'extension via le fichier /etc/chromium/policies/managed/content.json
pour chromium (ou /etc/opt/chrome/policies/managed/managed_policies.json pour chrome) avec le contenu suivant:
```json
{
"3rdparty": {
"extensions": {
"gkaeknlffijmeakpmmeigddgjhiidhof": {
"forcedCookies": [
{
"name": "rgpd",
"value": "nothing",
"domain": "visio.imio.be"
}
]
}
}
}
}
```
voir la documentation [ici](http://dev.chromium.org/administrators/configuring-policy-for-extensions)
roles/jibri-install/files/chrome-extension-cookie/managed.json
+15
View File
@@ -0,0 +1,15 @@
{
"3rdparty": {
"extensions": {
"gkaeknlffijmeakpmmeigddgjhiidhof": {
"forcedCookies": [
{
"domain": "toto",
"name": "toto name",
"value": "toto value"
}
]
}
}
}
}
roles/jibri-install/files/chrome-extension-cookie/manifest.json
+18
View File
@@ -0,0 +1,18 @@
{
"name": "Force cookie extension",
"version": "1.0.0",
"description": "Will set cookie for particular domain",
"background": {
"scripts": ["background.js"],
"persistent": false
},
"storage": {
"managed_schema": "schema.json"
},
"permissions": [
"storage",
"cookies",
"\u003Call_urls\u003E"
],
"manifest_version": 2
}
roles/jibri-install/files/chrome-extension-cookie/schema.json
+16
View File
@@ -0,0 +1,16 @@
{
"type": "object",
"properties": {
"forcedCookies": {
"type": "array",
"items": {
"type": "object",
"properties": {
"domain": { "type": "string" },
"name": { "type": "string" },
"value": { "type": "string" }
}
}
}
}
}
roles/jibri-install/handlers/main.yml
+12
View File
@@ -0,0 +1,12 @@
---
- name: restart jibri
systemd:
name: jibri
state: restarted
enabled: true
- name: restart jibri-xorg
systemd:
name: jibri-xorg
state: restarted
enabled: true
roles/jibri-install/tasks/install-chromedriver.yml
+25
View File
@@ -0,0 +1,25 @@
---
- block:
- name: installation de unzip
apt:
pkg:
- unzip
- name: récupération de la version pour chromedriver
uri:
url: "https://chromedriver.storage.googleapis.com/LATEST_RELEASE"
method: GET
return_content: true
status_code: 200
register: _latest_release
until: _latest_release.status == 200
retries: 5
- name: répertoire du binaire pour chromedriver
file:
state: directory
path: /usr/local/bin/
- name: "télécharge de chromedriver pour la version {{ _latest_release.content }}"
unarchive:
src: "http://chromedriver.storage.googleapis.com/{{ _latest_release.content }}/chromedriver_linux64.zip"
dest: /usr/local/bin
mode: "755"
remote_src: true
roles/jibri-install/tasks/install-googlechrome.yml
+29
View File
@@ -0,0 +1,29 @@
---
- name: Import de la clé GPG google
apt_key:
id: 4CCA1EAF950CEE4AB83976DCA040830F7FAC5991
url: https://dl-ssl.google.com/linux/linux_signing_key.pub
keyring: /etc/apt/trusted.gpg.d/google.gpg
- name: Ajout du depot google
apt_repository:
repo: deb [arch=amd64 signed-by=/etc/apt/trusted.gpg.d/google.gpg] http://dl.google.com/linux/chrome/deb/ stable main
update_cache: true
filename: google-chrome
- name: install google-chrome-stable
apt:
pkg:
- google-chrome-stable
- name: désactive l'avertissement chrome est contrôllé par un autre logiciel
block:
- name: répertoire policies
file:
state: directory
path: /etc/opt/chrome/policies/managed
- name: CommandLineFlagSecurityWarningsEnabled
copy:
dest: /etc/opt/chrome/policies/managed/managed_policies.json
content: |
{ "CommandLineFlagSecurityWarningsEnabled": false }
roles/jibri-install/tasks/install-jibri.yml
+61
View File
@@ -0,0 +1,61 @@
---
- name: vérification des variables obligatoire
fail:
msg: |
il faut définir les variables `jibri_user` et
`jibri_password`, `jitsi_server_host` pour utiliser ce role
when: (jibri_user is not defined) or
(jibri_password is not defined) or
(jitsi_server_host is not defined)
# source: https://github.com/jitsi/jibri#jitsi-debian-repository
- name: Import de la clé GPG
apt_key:
id: FFD65A0DA2BEBDEB73D44C8BB4D2D216F1FD7806
url: https://download.jitsi.org/jitsi-key.gpg.key
keyring: /etc/apt/trusted.gpg.d/jitsi.gpg
- name: Ajout du depot jitsi
apt_repository:
repo: deb [signed-by=/etc/apt/trusted.gpg.d/jitsi.gpg] https://download.jitsi.org stable/
update_cache: true
- name: install jibri
apt:
pkg:
- jibri
notify: restart jibri
- name: configure jibri
template:
src: ../templates/jibri.conf
dest: /etc/jitsi/jibri/jibri.conf
notify: restart jibri
- name: configure xorg
lineinfile:
path: /etc/jitsi/jibri/xorg-video-dummy.conf
regexp: "[^?]Virtual "
line: " Virtual 1280 720"
notify:
- restart jibri
- restart jibri-xorg
- name: configure les cookies (fichier)
copy:
src: ../files/chrome-extension-cookie
dest: /opt/
mode: '644'
directory_mode: '755'
when:
- jitsi_cookie_enabled is defined
- jitsi_cookie_enabled
- name: configure les cookies (template)
template:
src: ../templates/chrome-extension-background.js.j2
dest: /opt/chrome-extension-cookie/background.js
mode: '644'
when:
- jitsi_cookie_enabled is defined
- jitsi_cookie_enabled
roles/jibri-install/tasks/main.yml
+5
View File
@@ -0,0 +1,5 @@
---
- include_tasks: pre-install.yml
- include_tasks: install-chromedriver.yml
- include_tasks: install-googlechrome.yml
- include_tasks: install-jibri.yml
roles/jibri-install/tasks/pre-install.yml
+5
View File
@@ -0,0 +1,5 @@
---
- name: Activation du module snd-aloop
modprobe:
name: snd-aloop
state: present
roles/jibri-install/templates/chrome-extension-background.js.j2
+41
View File
@@ -0,0 +1,41 @@
chrome.runtime.onInstalled.addListener(function() {
chrome.storage.managed.get("forcedCookies", managedItems => {
if (!managedItems.hasOwnProperty('forcedCookies')) {
return;
}
for (const item of managedItems.forcedCookies) {
chrome.cookies.set({
url: `https://${item.domain}/`,
domain: item.domain,
name: item.name,
value: item.value
});
}
})
// temp hack because loading config from managed policies seems too slow
const forcedCookies = [
{
domain: "{{ jitsi_server_host }}",
name: "rgpd",
value: "nothing"
},
{% for host in cookies_dns|default([]) %}
{
domain: "{{ host }}",
name: "rgpd",
value: "nothing"
},
{% endfor %}
];
for (const item of forcedCookies) {
chrome.cookies.set({
url: `https://${item.domain}/`,
domain: item.domain,
name: item.name,
value: item.value
});
}
});
roles/jibri-install/templates/jibri.conf
+152
View File
@@ -0,0 +1,152 @@
jibri {
// A unique identifier for this Jibri
// TODO: eventually this will be required with no default
id = "{{ inventory_hostname }}"
// Whether or not Jibri should return to idle state after handling
// (successfully or unsuccessfully) a request. A value of 'true'
// here means that a Jibri will NOT return back to the IDLE state
// and will need to be restarted in order to be used again.
single-use-mode = false
api {
http {
external-api-port = 2222
internal-api-port = 3333
}
xmpp {
// See example_xmpp_envs.conf for an example of what is expected here
environments = [
{
// A user-friendly name for this environment
name = "prod env"
// A list of XMPP server hosts to which we'll connect
xmpp-server-hosts = [
"{{ jitsi_server_host }}",
]
// The base XMPP domain
xmpp-domain = "{{ jitsi_server_host }}"
// The MUC we'll join to announce our presence for
// recording and streaming services
control-muc {
domain = "internal.auth.{{ jitsi_server_host }}"
room-name = "JibriBrewery"
nickname = "{{ inventory_hostname }}-nickname"
}
// The login information for the control MUC
control-login {
domain = "auth.{{ jitsi_server_host }}"
// Optional port, defaults to 5222.
// port = 6222
username = "{{ jibri_user }}"
password = "{{ jibri_password }}"
}
// An (optional) MUC configuration where we'll
// join to announce SIP gateway services
# sip-control-muc {
# domain = "domain"
# room-name = "room-name"
# nickname = "nickname"
# }
// The login information the selenium web client will use
call-login {
domain = "recorder.{{ jitsi_server_host }}"
username = "{{ jibri_user }}-record"
password = "{{ jibri_password }}"
}
// The value we'll strip from the room JID domain to derive
// the call URL
strip-from-room-domain = "conference."
// How long Jibri sessions will be allowed to last before
// they are stopped. A value of 0 allows them to go on
// indefinitely
usage-timeout = 1 hour
// Whether or not we'll automatically trust any cert on
// this XMPP domain
trust-all-xmpp-certs = true
}
]
}
}
recording {
recordings-directory = "/tmp/recordings"
# TODO: make this an optional param and remove the default
# finalize-script = "/path/to/finalize"
}
streaming {
// A list of regex patterns for allowed RTMP URLs. The RTMP URL used
// when starting a stream must match at least one of the patterns in
// this list.
rtmp-allow-list = [
// By default, all services are allowed
".*"
]
}
ffmpeg {
resolution = "1280x720"
// The audio source that will be used to capture audio on Linux
audio-source = "alsa"
// The audio device that will be used to capture audio on Linux
audio-device = "plug:bsnoop"
}
chrome {
// The flags which will be passed to chromium when launching
flags = [
{% if jitsi_cookie_enabled | default(false) %}
"--load-extension=/opt/chrome-extension-cookie",
{% endif %}
"--use-fake-ui-for-media-stream",
"--start-maximized",
"--kiosk",
"--enabled",
"--disable-infobars",
"--autoplay-policy=no-user-gesture-required"
]
}
stats {
enable-stats-d = true
}
webhook {
// A list of subscribers interested in receiving webhook events
subscribers = []
}
jwt-info {
// The path to a .pem file which will be used to sign JWT tokens used in webhook
// requests. If not set, no JWT will be added to webhook requests.
# signing-key-path = "/path/to/key.pem"
// The kid to use as part of the JWT
# kid = "key-id"
// The issuer of the JWT
# issuer = "issuer"
// The audience of the JWT
# audience = "audience"
// The TTL of each generated JWT. Can't be less than 10 minutes.
# ttl = 1 hour
}
call-status-checks {
// If all clients have their audio and video muted and if Jibri does not
// detect any data stream (audio or video) comming in, it will stop
// recording after NO_MEDIA_TIMEOUT expires.
no-media-timeout = 30 seconds
// If all clients have their audio and video muted, Jibri consideres this
// as an empty call and stops the recording after ALL_MUTED_TIMEOUT expires.
all-muted-timeout = 10 minutes
// When detecting if a call is empty, Jibri takes into consideration for how
// long the call has been empty already. If it has been empty for more than
// DEFAULT_CALL_EMPTY_TIMEOUT, it will consider it empty and stop the recording.
default-call-empty-timeout = 30 seconds
}
}
roles/jitsi-enable-jibri/handlers/main.yml
+18
View File
@@ -0,0 +1,18 @@
---
- name: restart prosody
systemd:
name: prosody
state: restarted
enabled: true
- name: restart jitsi-videobridge2
systemd:
name: jitsi-videobridge2
state: restarted
enabled: true
- name: restart jicofo
systemd:
name: jicofo
state: restarted
enabled: true
roles/jitsi-enable-jibri/tasks/main.yml
+52
View File
@@ -0,0 +1,52 @@
---
- name: vérification des variables obligatoire
fail:
msg: |
il faut définir la variable `jibri_users`
pour utiliser ce role
when: jibri_users is not defined
- name: configure prosody
blockinfile:
path: /etc/prosody/conf.d/{{ inventory_hostname }}.cfg.lua
marker: "-- {mark} jibri ANSIBLE MANAGED BLOCK"
block: |
VirtualHost "recorder.{{ inventory_hostname }}"
modules_enabled = {
"ping";
}
authentication = "internal_plain"
notify:
- restart prosody
- name: utilisateur jibri pour prosody (auth)
command: prosodyctl register {{ item.user }} auth.{{ inventory_hostname }} {{ item.password }}
loop: "{{ jibri_users }}"
- name: utilisateur jibri pour prosody (recorder)
command: prosodyctl register {{ item.user }}-record recorder.{{ inventory_hostname }} {{ item.password }}
loop: "{{ jibri_users }}"
- name: authentification jicofo
blockinfile:
path: /etc/jitsi/jicofo/sip-communicator.properties
marker: "# {mark} jibri ANSIBLE MANAGED BLOCK"
block: |
org.jitsi.jicofo.jibri.BREWERY=JibriBrewery@internal.auth.{{ inventory_hostname }}
org.jitsi.jicofo.jibri.PENDING_TIMEOUT=90
notify:
- restart prosody
- restart jitsi-videobridge2
- restart jicofo
- name: livestreaming
lineinfile:
path: /etc/jitsi/meet/{{ inventory_hostname }}-config.js
insertafter: "[^?]// liveStreamingEnabled:"
line: "liveStreamingEnabled: true,"
- name: hidden domain
lineinfile:
path: /etc/jitsi/meet/{{ inventory_hostname }}-config.js
insertbefore: "[^?]// List of undocumented"
line: "hiddenDomain: 'recorder.{{ inventory_hostname}}',"