Merge "Add meetpad server"
This commit is contained in:
commit
ce3a064133
30
.zuul.yaml
30
.zuul.yaml
@ -1219,6 +1219,34 @@
|
||||
# to run this job as well.
|
||||
- docker/haproxy-statsd/.*
|
||||
|
||||
- job:
|
||||
name: system-config-run-meetpad
|
||||
parent: system-config-run
|
||||
description: |
|
||||
Run the playbook for jitsi-meet.
|
||||
dependencies: opendev-buildset-registry
|
||||
nodeset:
|
||||
nodes:
|
||||
- name: bridge.openstack.org
|
||||
label: ubuntu-bionic
|
||||
- name: meetpad01.opendev.org
|
||||
label: ubuntu-bionic
|
||||
vars:
|
||||
run_playbooks:
|
||||
- playbooks/service-letsencrypt.yaml
|
||||
- playbooks/service-meetpad.yaml
|
||||
host-vars:
|
||||
meetpad01.opendev.org:
|
||||
host_copy_output:
|
||||
'/var/jitsi-meet': logs
|
||||
files:
|
||||
- playbooks/bridge.yaml
|
||||
- playbooks/group_vars/meetpad.yaml
|
||||
- ^playbooks/host_vars/meetpad\d+.opendev.org.yaml
|
||||
- playbooks/roles/letsencrypt-create-certs/handlers/restart_jitsi_meet.yaml
|
||||
- playbooks/roles/jitsi-meet/
|
||||
- testinfra/test_meetpad.py
|
||||
|
||||
- job:
|
||||
name: system-config-run-zuul-preview
|
||||
parent: system-config-run
|
||||
@ -1561,6 +1589,7 @@
|
||||
- system-config-run-eavesdrop
|
||||
- system-config-run-lists
|
||||
- system-config-run-nodepool
|
||||
- system-config-run-meetpad
|
||||
- system-config-run-mirror-x86
|
||||
- system-config-run-mirror-update
|
||||
- system-config-run-static
|
||||
@ -1612,6 +1641,7 @@
|
||||
- system-config-run-eavesdrop
|
||||
- system-config-run-lists
|
||||
- system-config-run-nodepool
|
||||
- system-config-run-meetpad
|
||||
- system-config-run-mirror-x86
|
||||
- system-config-run-mirror-update
|
||||
- system-config-run-static
|
||||
|
@ -67,6 +67,7 @@ groups:
|
||||
- gitea[0-9]*.opendev.org
|
||||
- graphite01.opendev.org
|
||||
- insecure-ci-registry[0-9]*.opendev.org
|
||||
- meetpad[0-9]*.opendev.org
|
||||
- mirror[0-9]*.opendev.org
|
||||
- nb[0-9]*.opendev.org
|
||||
- review-dev[0-9]*.open*.org
|
||||
@ -81,6 +82,8 @@ groups:
|
||||
mailman:
|
||||
- lists*.katacontainers.io
|
||||
- lists*.open*.org
|
||||
meetpad:
|
||||
- meetpad[0-9]*.opendev.org
|
||||
mirror:
|
||||
- mirror[0-9]*.openstack.org
|
||||
mirror_opendev:
|
||||
|
6
playbooks/group_vars/meetpad.yaml
Normal file
6
playbooks/group_vars/meetpad.yaml
Normal file
@ -0,0 +1,6 @@
|
||||
iptables_extra_public_tcp_ports:
|
||||
- 80
|
||||
- 443
|
||||
- 4443
|
||||
iptables_extra_public_udp_ports:
|
||||
- 10000
|
4
playbooks/host_vars/meetpad01.opendev.org.yaml
Normal file
4
playbooks/host_vars/meetpad01.opendev.org.yaml
Normal file
@ -0,0 +1,4 @@
|
||||
letsencrypt_certs:
|
||||
meetpad01-main:
|
||||
- meetpad01.opendev.org
|
||||
- meetpad.opendev.org
|
2
playbooks/roles/jitsi-meet/README.rst
Normal file
2
playbooks/roles/jitsi-meet/README.rst
Normal file
@ -0,0 +1,2 @@
|
||||
Install, configure, and run jitsi-meet.
|
||||
|
483
playbooks/roles/jitsi-meet/files/config.js
Normal file
483
playbooks/roles/jitsi-meet/files/config.js
Normal file
@ -0,0 +1,483 @@
|
||||
/* eslint-disable no-unused-vars, no-var */
|
||||
|
||||
var config = {
|
||||
// Configuration
|
||||
//
|
||||
|
||||
// Alternative location for the configuration.
|
||||
// configLocation: './config.json',
|
||||
|
||||
// Custom function which given the URL path should return a room name.
|
||||
// getroomnode: function (path) { return 'someprefixpossiblybasedonpath'; },
|
||||
|
||||
|
||||
// Connection
|
||||
//
|
||||
|
||||
hosts: {
|
||||
// XMPP domain.
|
||||
domain: 'localhost.localdomain',
|
||||
|
||||
// When using authentication, domain for guest users.
|
||||
// anonymousdomain: 'guest.example.com',
|
||||
|
||||
// Domain for authenticated users. Defaults to <domain>.
|
||||
// authdomain: 'localhost.localdomain',
|
||||
|
||||
// Jirecon recording component domain.
|
||||
// jirecon: 'jirecon.localhost.localdomain',
|
||||
|
||||
// Call control component (Jigasi).
|
||||
// call_control: 'callcontrol.localhost.localdomain',
|
||||
|
||||
// Focus component domain. Defaults to focus.<domain>.
|
||||
// focus: 'focus.localhost.localdomain',
|
||||
|
||||
// XMPP MUC domain. FIXME: use XEP-0030 to discover it.
|
||||
muc: 'muc.localhost.localdomain',
|
||||
},
|
||||
|
||||
// BOSH URL. FIXME: use XEP-0156 to discover it.
|
||||
bosh: '/http-bind',
|
||||
|
||||
// The name of client node advertised in XEP-0115 'c' stanza
|
||||
clientNode: 'http://jitsi.org/jitsimeet',
|
||||
|
||||
// The real JID of focus participant - can be overridden here
|
||||
focusUserJid: 'focus@auth.localhost.localdomain',
|
||||
|
||||
|
||||
// Testing / experimental features.
|
||||
//
|
||||
|
||||
testing: {
|
||||
// Enables experimental simulcast support on Firefox.
|
||||
enableFirefoxSimulcast: false,
|
||||
|
||||
// P2P test mode disables automatic switching to P2P when there are 2
|
||||
// participants in the conference.
|
||||
p2pTestMode: false
|
||||
|
||||
// Enables the test specific features consumed by jitsi-meet-torture
|
||||
// testMode: false
|
||||
},
|
||||
|
||||
// Disables ICE/UDP by filtering out local and remote UDP candidates in
|
||||
// signalling.
|
||||
// webrtcIceUdpDisable: false,
|
||||
|
||||
// Disables ICE/TCP by filtering out local and remote TCP candidates in
|
||||
// signalling.
|
||||
// webrtcIceTcpDisable: false,
|
||||
|
||||
|
||||
// Media
|
||||
//
|
||||
|
||||
// Audio
|
||||
|
||||
// Disable measuring of audio levels.
|
||||
// disableAudioLevels: false,
|
||||
|
||||
// Start the conference in audio only mode (no video is being received nor
|
||||
// sent).
|
||||
// startAudioOnly: false,
|
||||
|
||||
// Every participant after the Nth will start audio muted.
|
||||
// startAudioMuted: 10,
|
||||
|
||||
// Start calls with audio muted. Unlike the option above, this one is only
|
||||
// applied locally. FIXME: having these 2 options is confusing.
|
||||
// startWithAudioMuted: false,
|
||||
|
||||
// Enabling it (with #params) will disable local audio output of remote
|
||||
// participants and to enable it back a reload is needed.
|
||||
// startSilent: false
|
||||
|
||||
// Video
|
||||
|
||||
// Sets the preferred resolution (height) for local video. Defaults to 720.
|
||||
// resolution: 720,
|
||||
|
||||
// w3c spec-compliant video constraints to use for video capture. Currently
|
||||
// used by browsers that return true from lib-jitsi-meet's
|
||||
// util#browser#usesNewGumFlow. The constraints are independency from
|
||||
// this config's resolution value. Defaults to requesting an ideal aspect
|
||||
// ratio of 16:9 with an ideal resolution of 720.
|
||||
// constraints: {
|
||||
// video: {
|
||||
// aspectRatio: 16 / 9,
|
||||
// height: {
|
||||
// ideal: 720,
|
||||
// max: 720,
|
||||
// min: 240
|
||||
// }
|
||||
// }
|
||||
// },
|
||||
|
||||
// Enable / disable simulcast support.
|
||||
// disableSimulcast: false,
|
||||
|
||||
// Enable / disable layer suspension. If enabled, endpoints whose HD
|
||||
// layers are not in use will be suspended (no longer sent) until they
|
||||
// are requested again.
|
||||
// enableLayerSuspension: false,
|
||||
|
||||
// Suspend sending video if bandwidth estimation is too low. This may cause
|
||||
// problems with audio playback. Disabled until these are fixed.
|
||||
disableSuspendVideo: true,
|
||||
|
||||
// Every participant after the Nth will start video muted.
|
||||
// startVideoMuted: 10,
|
||||
|
||||
// Start calls with video muted. Unlike the option above, this one is only
|
||||
// applied locally. FIXME: having these 2 options is confusing.
|
||||
// startWithVideoMuted: false,
|
||||
|
||||
// If set to true, prefer to use the H.264 video codec (if supported).
|
||||
// Note that it's not recommended to do this because simulcast is not
|
||||
// supported when using H.264. For 1-to-1 calls this setting is enabled by
|
||||
// default and can be toggled in the p2p section.
|
||||
// preferH264: true,
|
||||
|
||||
// If set to true, disable H.264 video codec by stripping it out of the
|
||||
// SDP.
|
||||
// disableH264: false,
|
||||
|
||||
// Desktop sharing
|
||||
|
||||
// The ID of the jidesha extension for Chrome.
|
||||
desktopSharingChromeExtId: null,
|
||||
|
||||
// Whether desktop sharing should be disabled on Chrome.
|
||||
// desktopSharingChromeDisabled: false,
|
||||
|
||||
// The media sources to use when using screen sharing with the Chrome
|
||||
// extension.
|
||||
desktopSharingChromeSources: [ 'screen', 'window', 'tab' ],
|
||||
|
||||
// Required version of Chrome extension
|
||||
desktopSharingChromeMinExtVersion: '0.1',
|
||||
|
||||
// Whether desktop sharing should be disabled on Firefox.
|
||||
// desktopSharingFirefoxDisabled: false,
|
||||
|
||||
// Optional desktop sharing frame rate options. Default value: min:5, max:5.
|
||||
// desktopSharingFrameRate: {
|
||||
// min: 5,
|
||||
// max: 5
|
||||
// },
|
||||
|
||||
// Try to start calls with screen-sharing instead of camera video.
|
||||
// startScreenSharing: false,
|
||||
|
||||
// Recording
|
||||
|
||||
// Whether to enable file recording or not.
|
||||
// fileRecordingsEnabled: false,
|
||||
// Enable the dropbox integration.
|
||||
// dropbox: {
|
||||
// appKey: '<APP_KEY>' // Specify your app key here.
|
||||
// // A URL to redirect the user to, after authenticating
|
||||
// // by default uses:
|
||||
// // 'https://localhost.localdomain/static/oauth.html'
|
||||
// redirectURI:
|
||||
// 'https://localhost.localdomain/subfolder/static/oauth.html'
|
||||
// },
|
||||
// When integrations like dropbox are enabled only that will be shown,
|
||||
// by enabling fileRecordingsServiceEnabled, we show both the integrations
|
||||
// and the generic recording service (its configuration and storage type
|
||||
// depends on jibri configuration)
|
||||
// fileRecordingsServiceEnabled: false,
|
||||
// Whether to show the possibility to share file recording with other people
|
||||
// (e.g. meeting participants), based on the actual implementation
|
||||
// on the backend.
|
||||
// fileRecordingsServiceSharingEnabled: false,
|
||||
|
||||
// Whether to enable live streaming or not.
|
||||
// liveStreamingEnabled: false,
|
||||
|
||||
// Transcription (in interface_config,
|
||||
// subtitles and buttons can be configured)
|
||||
// transcribingEnabled: false,
|
||||
|
||||
// Misc
|
||||
|
||||
// Default value for the channel "last N" attribute. -1 for unlimited.
|
||||
channelLastN: -1,
|
||||
|
||||
// Disables or enables RTX (RFC 4588) (defaults to false).
|
||||
// disableRtx: false,
|
||||
|
||||
// Disables or enables TCC (the default is in Jicofo and set to true)
|
||||
// (draft-holmer-rmcat-transport-wide-cc-extensions-01). This setting
|
||||
// affects congestion control, it practically enables send-side bandwidth
|
||||
// estimations.
|
||||
// enableTcc: true,
|
||||
|
||||
// Disables or enables REMB (the default is in Jicofo and set to false)
|
||||
// (draft-alvestrand-rmcat-remb-03). This setting affects congestion
|
||||
// control, it practically enables recv-side bandwidth estimations. When
|
||||
// both TCC and REMB are enabled, TCC takes precedence. When both are
|
||||
// disabled, then bandwidth estimations are disabled.
|
||||
// enableRemb: false,
|
||||
|
||||
// Defines the minimum number of participants to start a call (the default
|
||||
// is set in Jicofo and set to 2).
|
||||
// minParticipants: 2,
|
||||
|
||||
// Use XEP-0215 to fetch STUN and TURN servers.
|
||||
// useStunTurn: true,
|
||||
|
||||
// Enable IPv6 support.
|
||||
// useIPv6: true,
|
||||
|
||||
// Enables / disables a data communication channel with the Videobridge.
|
||||
// Values can be 'datachannel', 'websocket', true (treat it as
|
||||
// 'datachannel'), undefined (treat it as 'datachannel') and false (don't
|
||||
// open any channel).
|
||||
// openBridgeChannel: true,
|
||||
|
||||
|
||||
// UI
|
||||
//
|
||||
|
||||
// Use display name as XMPP nickname.
|
||||
// useNicks: false,
|
||||
|
||||
// Require users to always specify a display name.
|
||||
// requireDisplayName: true,
|
||||
|
||||
// Whether to use a welcome page or not. In case it's false a random room
|
||||
// will be joined when no room is specified.
|
||||
enableWelcomePage: true,
|
||||
etherpad_base: 'https://etherpad.openstack.org/p/',
|
||||
useRoomAsSharedDocumentName: true,
|
||||
|
||||
// Enabling the close page will ignore the welcome page redirection when
|
||||
// a call is hangup.
|
||||
// enableClosePage: false,
|
||||
|
||||
// Disable hiding of remote thumbnails when in a 1-on-1 conference call.
|
||||
// disable1On1Mode: false,
|
||||
|
||||
// Default language for the user interface.
|
||||
// defaultLanguage: 'en',
|
||||
|
||||
// If true all users without a token will be considered guests and all users
|
||||
// with token will be considered non-guests. Only guests will be allowed to
|
||||
// edit their profile.
|
||||
enableUserRolesBasedOnToken: false,
|
||||
|
||||
// Whether or not some features are checked based on token.
|
||||
// enableFeaturesBasedOnToken: false,
|
||||
|
||||
// Enable lock room for all moderators, even when userRolesBasedOnToken is enabled and participants are guests.
|
||||
// lockRoomGuestEnabled: false,
|
||||
|
||||
// When enabled the password used for locking a room is restricted to up to the number of digits specified
|
||||
// roomPasswordNumberOfDigits: 10,
|
||||
// default: roomPasswordNumberOfDigits: false,
|
||||
|
||||
// Message to show the users. Example: 'The service will be down for
|
||||
// maintenance at 01:00 AM GMT,
|
||||
// noticeMessage: '',
|
||||
|
||||
// Enables calendar integration, depends on googleApiApplicationClientID
|
||||
// and microsoftApiApplicationClientID
|
||||
// enableCalendarIntegration: false,
|
||||
|
||||
// Stats
|
||||
//
|
||||
|
||||
// Whether to enable stats collection or not in the TraceablePeerConnection.
|
||||
// This can be useful for debugging purposes (post-processing/analysis of
|
||||
// the webrtc stats) as it is done in the jitsi-meet-torture bandwidth
|
||||
// estimation tests.
|
||||
// gatherStats: false,
|
||||
|
||||
// To enable sending statistics to callstats.io you must provide the
|
||||
// Application ID and Secret.
|
||||
// callStatsID: '',
|
||||
// callStatsSecret: '',
|
||||
|
||||
// enables callstatsUsername to be reported as statsId and used
|
||||
// by callstats as repoted remote id
|
||||
// enableStatsID: false
|
||||
|
||||
// enables sending participants display name to callstats
|
||||
// enableDisplayNameInStats: false
|
||||
|
||||
|
||||
// Privacy
|
||||
//
|
||||
|
||||
// If third party requests are disabled, no other server will be contacted.
|
||||
// This means avatars will be locally generated and callstats integration
|
||||
// will not function.
|
||||
// disableThirdPartyRequests: false,
|
||||
|
||||
|
||||
// Peer-To-Peer mode: used (if enabled) when there are just 2 participants.
|
||||
//
|
||||
|
||||
p2p: {
|
||||
// Enables peer to peer mode. When enabled the system will try to
|
||||
// establish a direct connection when there are exactly 2 participants
|
||||
// in the room. If that succeeds the conference will stop sending data
|
||||
// through the JVB and use the peer to peer connection instead. When a
|
||||
// 3rd participant joins the conference will be moved back to the JVB
|
||||
// connection.
|
||||
enabled: false,
|
||||
|
||||
// Use XEP-0215 to fetch STUN and TURN servers.
|
||||
// useStunTurn: true,
|
||||
|
||||
// The STUN servers that will be used in the peer to peer connections
|
||||
stunServers: [
|
||||
{ urls: 'stun:stun.l.google.com:19302' },
|
||||
{ urls: 'stun:stun1.l.google.com:19302' },
|
||||
{ urls: 'stun:stun2.l.google.com:19302' }
|
||||
],
|
||||
|
||||
// Sets the ICE transport policy for the p2p connection. At the time
|
||||
// of this writing the list of possible values are 'all' and 'relay',
|
||||
// but that is subject to change in the future. The enum is defined in
|
||||
// the WebRTC standard:
|
||||
// https://www.w3.org/TR/webrtc/#rtcicetransportpolicy-enum.
|
||||
// If not set, the effective value is 'all'.
|
||||
// iceTransportPolicy: 'all',
|
||||
|
||||
// If set to true, it will prefer to use H.264 for P2P calls (if H.264
|
||||
// is supported).
|
||||
preferH264: true
|
||||
|
||||
// If set to true, disable H.264 video codec by stripping it out of the
|
||||
// SDP.
|
||||
// disableH264: false,
|
||||
|
||||
// How long we're going to wait, before going back to P2P after the 3rd
|
||||
// participant has left the conference (to filter out page reload).
|
||||
// backToP2PDelay: 5
|
||||
},
|
||||
|
||||
analytics: {
|
||||
// The Google Analytics Tracking ID:
|
||||
// googleAnalyticsTrackingId: 'your-tracking-id-UA-123456-1'
|
||||
|
||||
// The Amplitude APP Key:
|
||||
// amplitudeAPPKey: '<APP_KEY>'
|
||||
|
||||
// Array of script URLs to load as lib-jitsi-meet "analytics handlers".
|
||||
// scriptURLs: [
|
||||
// "libs/analytics-ga.min.js", // google-analytics
|
||||
// "https://example.com/my-custom-analytics.js"
|
||||
// ],
|
||||
},
|
||||
|
||||
// Information about the jitsi-meet instance we are connecting to, including
|
||||
// the user region as seen by the server.
|
||||
deploymentInfo: {
|
||||
// shard: "shard1",
|
||||
// region: "europe",
|
||||
// userRegion: "asia"
|
||||
}
|
||||
|
||||
// Local Recording
|
||||
//
|
||||
|
||||
// localRecording: {
|
||||
// Enables local recording.
|
||||
// Additionally, 'localrecording' (all lowercase) needs to be added to
|
||||
// TOOLBAR_BUTTONS in interface_config.js for the Local Recording
|
||||
// button to show up on the toolbar.
|
||||
//
|
||||
// enabled: true,
|
||||
//
|
||||
|
||||
// The recording format, can be one of 'ogg', 'flac' or 'wav'.
|
||||
// format: 'flac'
|
||||
//
|
||||
|
||||
// }
|
||||
|
||||
// Options related to end-to-end (participant to participant) ping.
|
||||
// e2eping: {
|
||||
// // The interval in milliseconds at which pings will be sent.
|
||||
// // Defaults to 10000, set to <= 0 to disable.
|
||||
// pingInterval: 10000,
|
||||
//
|
||||
// // The interval in milliseconds at which analytics events
|
||||
// // with the measured RTT will be sent. Defaults to 60000, set
|
||||
// // to <= 0 to disable.
|
||||
// analyticsInterval: 60000,
|
||||
// }
|
||||
|
||||
// If set, will attempt to use the provided video input device label when
|
||||
// triggering a screenshare, instead of proceeding through the normal flow
|
||||
// for obtaining a desktop stream.
|
||||
// NOTE: This option is experimental and is currently intended for internal
|
||||
// use only.
|
||||
// _desktopSharingSourceDevice: 'sample-id-or-label'
|
||||
|
||||
// If true, any checks to handoff to another application will be prevented
|
||||
// and instead the app will continue to display in the current browser.
|
||||
// disableDeepLinking: false
|
||||
|
||||
// A property to disable the right click context menu for localVideo
|
||||
// the menu has option to flip the locally seen video for local presentations
|
||||
// disableLocalVideoFlip: false
|
||||
|
||||
// List of undocumented settings used in jitsi-meet
|
||||
/**
|
||||
_immediateReloadThreshold
|
||||
autoRecord
|
||||
autoRecordToken
|
||||
debug
|
||||
debugAudioLevels
|
||||
deploymentInfo
|
||||
dialInConfCodeUrl
|
||||
dialInNumbersUrl
|
||||
dialOutAuthUrl
|
||||
dialOutCodesUrl
|
||||
disableRemoteControl
|
||||
displayJids
|
||||
etherpad_base
|
||||
externalConnectUrl
|
||||
firefox_fake_device
|
||||
googleApiApplicationClientID
|
||||
iAmRecorder
|
||||
iAmSipGateway
|
||||
microsoftApiApplicationClientID
|
||||
peopleSearchQueryTypes
|
||||
peopleSearchUrl
|
||||
requireDisplayName
|
||||
tokenAuthUrl
|
||||
*/
|
||||
|
||||
// List of undocumented settings used in lib-jitsi-meet
|
||||
/**
|
||||
_peerConnStatusOutOfLastNTimeout
|
||||
_peerConnStatusRtcMuteTimeout
|
||||
abTesting
|
||||
avgRtpStatsN
|
||||
callStatsConfIDNamespace
|
||||
callStatsCustomScriptUrl
|
||||
desktopSharingSources
|
||||
disableAEC
|
||||
disableAGC
|
||||
disableAP
|
||||
disableHPF
|
||||
disableNS
|
||||
enableLipSync
|
||||
enableTalkWhileMuted
|
||||
forceJVB121Ratio
|
||||
hiddenDomain
|
||||
ignoreStartMuted
|
||||
nick
|
||||
startBitrate
|
||||
*/
|
||||
|
||||
};
|
||||
|
||||
/* eslint-enable no-unused-vars, no-var */
|
295
playbooks/roles/jitsi-meet/files/jitsi-meet-docker/.env
Normal file
295
playbooks/roles/jitsi-meet/files/jitsi-meet-docker/.env
Normal file
@ -0,0 +1,295 @@
|
||||
# Based on https://github.com/jitsi/docker-jitsi-meet/blob/df404476160526d8512fb23b606965b98f7f25f3/env.example
|
||||
# Licensed under the ASL v2.
|
||||
|
||||
# Customized for OpenDev:
|
||||
|
||||
# Directory where all configuration will be stored.
|
||||
CONFIG=/var/jitsi-meet
|
||||
|
||||
# System time zone.
|
||||
TZ=Etc/UTC
|
||||
|
||||
# Public URL for the web service.
|
||||
PUBLIC_URL="https://meetpad.opendev.org"
|
||||
|
||||
# Set etherpad-lite URL (uncomment to enable).
|
||||
ETHERPAD_URL_BASE=https://etherpad.openstack.org/p/
|
||||
|
||||
#
|
||||
# Basic configuration options
|
||||
#
|
||||
|
||||
# IP address of the Docker host. See the "Running on a LAN environment" section
|
||||
# in the README.
|
||||
#DOCKER_HOST_ADDRESS=192.168.1.1
|
||||
|
||||
#
|
||||
# Let's Encrypt configuration
|
||||
#
|
||||
|
||||
# Enable Let's Encrypt certificate generation.
|
||||
#ENABLE_LETSENCRYPT=1
|
||||
|
||||
# Domain for which to generate the certificate.
|
||||
#LETSENCRYPT_DOMAIN=meet.example.com
|
||||
|
||||
# E-Mail for receiving important account notifications (mandatory).
|
||||
#LETSENCRYPT_EMAIL=alice@atlanta.net
|
||||
|
||||
|
||||
#
|
||||
# Basic Jigasi configuration options (needed for SIP gateway support)
|
||||
#
|
||||
|
||||
# SIP URI for incoming / outgoing calls.
|
||||
#JIGASI_SIP_URI=test@sip2sip.info
|
||||
|
||||
# Password for the specified SIP account as a clear text
|
||||
#JIGASI_SIP_PASSWORD=passw0rd
|
||||
|
||||
# SIP server (use the SIP account domain if in doubt).
|
||||
#JIGASI_SIP_SERVER=sip2sip.info
|
||||
|
||||
# SIP server port
|
||||
#JIGASI_SIP_PORT=5060
|
||||
|
||||
# SIP server transport
|
||||
#JIGASI_SIP_TRANSPORT=UDP
|
||||
|
||||
#
|
||||
# Authentication configuration (see README for details)
|
||||
#
|
||||
|
||||
# Enable authentication.
|
||||
#ENABLE_AUTH=1
|
||||
|
||||
# Enable guest access.
|
||||
#ENABLE_GUESTS=1
|
||||
|
||||
# Select authentication type: internal, jwt or ldap
|
||||
#AUTH_TYPE=internal
|
||||
|
||||
# JWT auuthentication
|
||||
#
|
||||
|
||||
# Application identifier.
|
||||
#JWT_APP_ID=my_jitsi_app_id
|
||||
|
||||
# Application secret known only to your token.
|
||||
#JWT_APP_SECRET=my_jitsi_app_secret
|
||||
|
||||
# (Optional) Set asap_accepted_issuers as a comma separated list.
|
||||
#JWT_ACCEPTED_ISSUERS=my_web_client,my_app_client
|
||||
|
||||
# (Optional) Set asap_accepted_audiences as a comma separated list.
|
||||
#JWT_ACCEPTED_AUDIENCES=my_server1,my_server2
|
||||
|
||||
|
||||
# LDAP authentication (for more information see the Cyrus SASL saslauthd.conf man page)
|
||||
#
|
||||
|
||||
# LDAP url for connection.
|
||||
#LDAP_URL=ldaps://ldap.domain.com/
|
||||
|
||||
# LDAP base DN. Can be empty
|
||||
#LDAP_BASE=DC=example,DC=domain,DC=com
|
||||
|
||||
# LDAP user DN. Do not specify this parameter for the anonymous bind.
|
||||
#LDAP_BINDDN=CN=binduser,OU=users,DC=example,DC=domain,DC=com
|
||||
|
||||
# LDAP user password. Do not specify this parameter for the anonymous bind.
|
||||
#LDAP_BINDPW=LdapUserPassw0rd
|
||||
|
||||
# LDAP filter. Tokens example:
|
||||
# %1-9 - if the input key is user@mail.domain.com, then %1 is com, %2 is domain and %3 is mail.
|
||||
# %s - %s is replaced by the complete service string.
|
||||
# %r - %r is replaced by the complete realm string.
|
||||
#LDAP_FILTER=(sAMAccountName=%u)
|
||||
|
||||
# LDAP authentication method
|
||||
#LDAP_AUTH_METHOD=bind
|
||||
|
||||
# LDAP version
|
||||
#LDAP_VERSION=3
|
||||
|
||||
# LDAP TLS using
|
||||
#LDAP_USE_TLS=1
|
||||
|
||||
# List of SSL/TLS ciphers to allow.
|
||||
#LDAP_TLS_CIPHERS=SECURE256:SECURE128:!AES-128-CBC:!ARCFOUR-128:!CAMELLIA-128-CBC:!3DES-CBC:!CAMELLIA-128-CBC
|
||||
|
||||
# Require and verify server certificate
|
||||
#LDAP_TLS_CHECK_PEER=1
|
||||
|
||||
# Path to CA cert file. Used when server sertificate verify is enabled.
|
||||
#LDAP_TLS_CACERT_FILE=/etc/ssl/certs/ca-certificates.crt
|
||||
|
||||
# Path to CA certs directory. Used when server sertificate verify is enabled.
|
||||
#LDAP_TLS_CACERT_DIR=/etc/ssl/certs
|
||||
|
||||
# Wether to use starttls, implies LDAPv3 and requires ldap:// instead of ldaps://
|
||||
# LDAP_START_TLS=1
|
||||
|
||||
|
||||
#
|
||||
# Advanced configuration options (you generally don't need to change these)
|
||||
#
|
||||
|
||||
# Internal XMPP domain.
|
||||
XMPP_DOMAIN=localhost
|
||||
|
||||
# Internal XMPP server
|
||||
XMPP_SERVER=localhost
|
||||
|
||||
# Internal XMPP server URL
|
||||
XMPP_BOSH_URL_BASE=http://localhost:5280
|
||||
|
||||
# Internal XMPP domain for authenticated services.
|
||||
XMPP_AUTH_DOMAIN=auth.localhost
|
||||
|
||||
# XMPP domain for the MUC.
|
||||
XMPP_MUC_DOMAIN=muc.localhost
|
||||
|
||||
# XMPP domain for the internal MUC used for jibri, jigasi and jvb pools.
|
||||
XMPP_INTERNAL_MUC_DOMAIN=internal-muc.localhost
|
||||
|
||||
# XMPP domain for unauthenticated users.
|
||||
XMPP_GUEST_DOMAIN=guest.localhost
|
||||
|
||||
# Custom Prosody modules for XMPP_DOMAIN (comma separated)
|
||||
XMPP_MODULES=
|
||||
|
||||
# Custom Prosody modules for MUC component (comma separated)
|
||||
XMPP_MUC_MODULES=
|
||||
|
||||
# Custom Prosody modules for internal MUC component (comma separated)
|
||||
XMPP_INTERNAL_MUC_MODULES=
|
||||
|
||||
# MUC for the JVB pool.
|
||||
JVB_BREWERY_MUC=jvbbrewery
|
||||
|
||||
# XMPP user for JVB client connections.
|
||||
JVB_AUTH_USER=jvb
|
||||
|
||||
# XMPP password for JVB client connections.
|
||||
JVB_AUTH_PASSWORD=passw0rd
|
||||
|
||||
# STUN servers used to discover the server's public IP.
|
||||
JVB_STUN_SERVERS=stun.l.google.com:19302,stun1.l.google.com:19302,stun2.l.google.com:19302
|
||||
|
||||
# Media port for the Jitsi Videobridge
|
||||
JVB_PORT=10000
|
||||
|
||||
# TCP Fallback for Jitsi Videobridge for when UDP isn't available
|
||||
JVB_TCP_HARVESTER_DISABLED=true
|
||||
JVB_TCP_PORT=4443
|
||||
|
||||
# A comma separated list of APIs to enable when the JVB is started. The default is none.
|
||||
# See https://github.com/jitsi/jitsi-videobridge/blob/master/doc/rest.md for more information
|
||||
#JVB_ENABLE_APIS=rest,colibri
|
||||
|
||||
# XMPP component password for Jicofo.
|
||||
JICOFO_COMPONENT_SECRET=s3cr37
|
||||
|
||||
# XMPP user for Jicofo client connections. NOTE: this option doesn't currently work due to a bug.
|
||||
JICOFO_AUTH_USER=focus
|
||||
|
||||
# XMPP password for Jicofo client connections.
|
||||
JICOFO_AUTH_PASSWORD=passw0rd
|
||||
|
||||
# Base URL of Jicofo's reservation REST API
|
||||
#JICOFO_RESERVATION_REST_BASE_URL=http://reservation.example.com
|
||||
|
||||
# XMPP user for Jigasi MUC client connections.
|
||||
JIGASI_XMPP_USER=jigasi
|
||||
|
||||
# XMPP password for Jigasi MUC client connections.
|
||||
JIGASI_XMPP_PASSWORD=passw0rd
|
||||
|
||||
# MUC name for the Jigasi pool.
|
||||
JIGASI_BREWERY_MUC=jigasibrewery
|
||||
|
||||
# Minimum port for media used by Jigasi.
|
||||
JIGASI_PORT_MIN=20000
|
||||
|
||||
# Maximum port for media used by Jigasi.
|
||||
JIGASI_PORT_MAX=20050
|
||||
|
||||
# Enable SDES srtp
|
||||
#JIGASI_ENABLE_SDES_SRTP=1
|
||||
|
||||
# Keepalive method
|
||||
#JIGASI_SIP_KEEP_ALIVE_METHOD=OPTIONS
|
||||
|
||||
# Health-check extension
|
||||
#JIGASI_HEALTH_CHECK_SIP_URI=keepalive
|
||||
|
||||
# Health-check interval
|
||||
#JIGASI_HEALTH_CHECK_INTERVAL=300000
|
||||
#
|
||||
# Enable Jigasi transcription.
|
||||
#ENABLE_TRANSCRIPTIONS=1
|
||||
|
||||
# Jigasi will recordord an audio when transcriber is on. Default false.
|
||||
#JIGASI_TRANSCRIBER_RECORD_AUDIO=true
|
||||
|
||||
# Jigasi will send transcribed text to the chat when transcriber is on. Default false.
|
||||
#JIGASI_TRANSCRIBER_SEND_TXT=true
|
||||
|
||||
# Jigasi post to the chat an url with transcription file. Default false.
|
||||
#JIGASI_TRANSCRIBER_ADVERTISE_URL=true
|
||||
|
||||
# Credentials for connect to Cloud Google API from Jigasi. Path located inside the container.
|
||||
# Please read https://cloud.google.com/text-to-speech/docs/quickstart-protocol
|
||||
# section "Before you begin" from 1 to 5 paragraph. Copy the key on
|
||||
# the docker host to ${CONFIG}/jigasi/key.json and to enable this setting:
|
||||
#GOOGLE_APPLICATION_CREDENTIALS=/config/key.json
|
||||
|
||||
# Enable recording
|
||||
#ENABLE_RECORDING=1
|
||||
|
||||
# XMPP domain for the jibri recorder
|
||||
XMPP_RECORDER_DOMAIN=recorder.localhost
|
||||
|
||||
# XMPP recorder user for Jibri client connections.
|
||||
JIBRI_RECORDER_USER=recorder
|
||||
|
||||
# XMPP recorder password for Jibri client connections.
|
||||
JIBRI_RECORDER_PASSWORD=passw0rd
|
||||
|
||||
# Directory for recordings inside Jibri container.
|
||||
JIBRI_RECORDING_DIR=/config/recordings
|
||||
|
||||
# The finalizing script. Will run after recording is complete.
|
||||
JIBRI_FINALIZE_RECORDING_SCRIPT_PATH=/config/finalize.sh
|
||||
|
||||
# XMPP user for Jibri client connections.
|
||||
JIBRI_XMPP_USER=jibri
|
||||
|
||||
# XMPP password for Jibri client connections.
|
||||
JIBRI_XMPP_PASSWORD=passw0rd
|
||||
|
||||
# MUC name for the Jibri pool.
|
||||
JIBRI_BREWERY_MUC=jibribrewery
|
||||
|
||||
# MUC connection timeout
|
||||
JIBRI_PENDING_TIMEOUT=90
|
||||
|
||||
# When jibri gets a request to start a service for a room, the room
|
||||
# jid will look like: roomName@optional.prefixes.subdomain.xmpp_domain
|
||||
# We'll build the url for the call by transforming that into:
|
||||
# https://xmpp_domain/subdomain/roomName
|
||||
# So if there are any prefixes in the jid (like jitsi meet, which
|
||||
# has its participants join a muc at conference.xmpp_domain) then
|
||||
# list that prefix here so it can be stripped out to generate
|
||||
# the call url correctly.
|
||||
JIBRI_STRIP_DOMAIN_JID=muc
|
||||
|
||||
# Directory for logs inside Jibri container.
|
||||
JIBRI_LOGS_DIR=/config/logs
|
||||
|
||||
# Disable HTTPS. This can be useful if TLS connections are going to be handled outside of this setup.
|
||||
#DISABLE_HTTPS=1
|
||||
|
||||
# Redirects HTTP traffic to HTTPS. Only works with the standard HTTPS port (443).
|
||||
#ENABLE_HTTP_REDIRECT=1
|
@ -0,0 +1,143 @@
|
||||
# Based on https://github.com/jitsi/docker-jitsi-meet/blob/df404476160526d8512fb23b606965b98f7f25f3/docker-compose.yml
|
||||
# Licensed under the ASL v2.
|
||||
|
||||
version: '2'
|
||||
|
||||
services:
|
||||
# Frontend
|
||||
web:
|
||||
image: docker.io/jitsi/web
|
||||
network_mode: host
|
||||
volumes:
|
||||
- ${CONFIG}/web:/config
|
||||
- ${CONFIG}/web/letsencrypt:/etc/letsencrypt
|
||||
- ${CONFIG}/transcripts:/usr/share/jitsi-meet/transcripts
|
||||
environment:
|
||||
- ENABLE_AUTH
|
||||
- ENABLE_GUESTS
|
||||
- ENABLE_LETSENCRYPT
|
||||
- ENABLE_HTTP_REDIRECT
|
||||
- ENABLE_TRANSCRIPTIONS
|
||||
- DISABLE_HTTPS
|
||||
- JICOFO_AUTH_USER
|
||||
- LETSENCRYPT_DOMAIN
|
||||
- LETSENCRYPT_EMAIL
|
||||
- PUBLIC_URL
|
||||
- XMPP_DOMAIN
|
||||
- XMPP_AUTH_DOMAIN
|
||||
- XMPP_BOSH_URL_BASE
|
||||
- XMPP_GUEST_DOMAIN
|
||||
- XMPP_MUC_DOMAIN
|
||||
- XMPP_RECORDER_DOMAIN
|
||||
- ETHERPAD_URL_BASE
|
||||
- TZ
|
||||
- JIBRI_BREWERY_MUC
|
||||
- JIBRI_PENDING_TIMEOUT
|
||||
- JIBRI_XMPP_USER
|
||||
- JIBRI_XMPP_PASSWORD
|
||||
- JIBRI_RECORDER_USER
|
||||
- JIBRI_RECORDER_PASSWORD
|
||||
- ENABLE_RECORDING
|
||||
|
||||
# XMPP server
|
||||
prosody:
|
||||
image: docker.io/jitsi/prosody
|
||||
network_mode: host
|
||||
volumes:
|
||||
- ${CONFIG}/prosody:/config
|
||||
environment:
|
||||
- AUTH_TYPE
|
||||
- ENABLE_AUTH
|
||||
- ENABLE_GUESTS
|
||||
- GLOBAL_MODULES
|
||||
- GLOBAL_CONFIG
|
||||
- LDAP_URL
|
||||
- LDAP_BASE
|
||||
- LDAP_BINDDN
|
||||
- LDAP_BINDPW
|
||||
- LDAP_FILTER
|
||||
- LDAP_AUTH_METHOD
|
||||
- LDAP_VERSION
|
||||
- LDAP_USE_TLS
|
||||
- LDAP_TLS_CIPHERS
|
||||
- LDAP_TLS_CHECK_PEER
|
||||
- LDAP_TLS_CACERT_FILE
|
||||
- LDAP_TLS_CACERT_DIR
|
||||
- LDAP_START_TLS
|
||||
- XMPP_DOMAIN
|
||||
- XMPP_AUTH_DOMAIN
|
||||
- XMPP_GUEST_DOMAIN
|
||||
- XMPP_MUC_DOMAIN
|
||||
- XMPP_INTERNAL_MUC_DOMAIN
|
||||
- XMPP_MODULES
|
||||
- XMPP_MUC_MODULES
|
||||
- XMPP_INTERNAL_MUC_MODULES
|
||||
- XMPP_RECORDER_DOMAIN
|
||||
- JICOFO_COMPONENT_SECRET
|
||||
- JICOFO_AUTH_USER
|
||||
- JICOFO_AUTH_PASSWORD
|
||||
- JVB_AUTH_USER
|
||||
- JVB_AUTH_PASSWORD
|
||||
- JIGASI_XMPP_USER
|
||||
- JIGASI_XMPP_PASSWORD
|
||||
- JIBRI_XMPP_USER
|
||||
- JIBRI_XMPP_PASSWORD
|
||||
- JIBRI_RECORDER_USER
|
||||
- JIBRI_RECORDER_PASSWORD
|
||||
- JWT_APP_ID
|
||||
- JWT_APP_SECRET
|
||||
- JWT_ACCEPTED_ISSUERS
|
||||
- JWT_ACCEPTED_AUDIENCES
|
||||
- JWT_ASAP_KEYSERVER
|
||||
- JWT_ALLOW_EMPTY
|
||||
- JWT_AUTH_TYPE
|
||||
- JWT_TOKEN_AUTH_MODULE
|
||||
- LOG_LEVEL
|
||||
- TZ
|
||||
|
||||
# Focus component
|
||||
jicofo:
|
||||
image: docker.io/jitsi/jicofo
|
||||
network_mode: host
|
||||
volumes:
|
||||
- ${CONFIG}/jicofo:/config
|
||||
environment:
|
||||
- ENABLE_AUTH
|
||||
- XMPP_DOMAIN
|
||||
- XMPP_AUTH_DOMAIN
|
||||
- XMPP_INTERNAL_MUC_DOMAIN
|
||||
- XMPP_SERVER
|
||||
- JICOFO_COMPONENT_SECRET
|
||||
- JICOFO_AUTH_USER
|
||||
- JICOFO_AUTH_PASSWORD
|
||||
- JICOFO_RESERVATION_REST_BASE_URL
|
||||
- JVB_BREWERY_MUC
|
||||
- JIGASI_BREWERY_MUC
|
||||
- JIBRI_BREWERY_MUC
|
||||
- JIBRI_PENDING_TIMEOUT
|
||||
- TZ
|
||||
depends_on:
|
||||
- prosody
|
||||
|
||||
# Video bridge
|
||||
jvb:
|
||||
image: docker.io/jitsi/jvb
|
||||
network_mode: host
|
||||
volumes:
|
||||
- ${CONFIG}/jvb:/config
|
||||
environment:
|
||||
- DOCKER_HOST_ADDRESS
|
||||
- XMPP_AUTH_DOMAIN
|
||||
- XMPP_INTERNAL_MUC_DOMAIN
|
||||
- XMPP_SERVER
|
||||
- JVB_AUTH_USER
|
||||
- JVB_AUTH_PASSWORD
|
||||
- JVB_BREWERY_MUC
|
||||
- JVB_PORT
|
||||
- JVB_TCP_HARVESTER_DISABLED
|
||||
- JVB_TCP_PORT
|
||||
- JVB_STUN_SERVERS
|
||||
- JVB_ENABLE_APIS
|
||||
- TZ
|
||||
depends_on:
|
||||
- prosody
|
30
playbooks/roles/jitsi-meet/tasks/main.yaml
Normal file
30
playbooks/roles/jitsi-meet/tasks/main.yaml
Normal file
@ -0,0 +1,30 @@
|
||||
- name: Synchronize docker-compose directory
|
||||
synchronize:
|
||||
src: jitsi-meet-docker/
|
||||
dest: /etc/jitsi-meet-docker/
|
||||
- name: Ensure jitsi-meet volume directories exist
|
||||
file:
|
||||
state: directory
|
||||
path: "/var/jitsi-meet/{{ item }}"
|
||||
loop:
|
||||
- web
|
||||
- name: Write web config
|
||||
copy:
|
||||
src: config.js
|
||||
dest: /var/jitsi-meet/web/config.js
|
||||
- name: Install docker-compose
|
||||
package:
|
||||
name:
|
||||
- docker-compose
|
||||
state: present
|
||||
- name: Run docker-compose pull
|
||||
shell:
|
||||
cmd: docker-compose pull
|
||||
chdir: /etc/jitsi-meet-docker/
|
||||
- name: Run docker-compose up
|
||||
shell:
|
||||
cmd: docker-compose up -d
|
||||
chdir: /etc/jitsi-meet-docker/
|
||||
- name: Run docker prune to cleanup unneeded images
|
||||
shell:
|
||||
cmd: docker image prune -f
|
@ -34,6 +34,9 @@
|
||||
- name: letsencrypt updated insecure-ci-registry01-main
|
||||
include_tasks: roles/letsencrypt-create-certs/handlers/restart_zuul_registry.yaml
|
||||
|
||||
- name: letsencrypt updated meetpad01-main
|
||||
include_tasks: roles/letsencrypt-create-certs/handlers/restart_jitsi_meet.yaml
|
||||
|
||||
# Static
|
||||
- name: letsencrypt updated static01-opendev-org-main
|
||||
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
||||
|
@ -0,0 +1,37 @@
|
||||
- name: Ensure cert directory exists
|
||||
file:
|
||||
state: directory
|
||||
path: /var/jitsi-meet/web/keys
|
||||
owner: root
|
||||
group: root
|
||||
|
||||
- name: Put key in place
|
||||
copy:
|
||||
remote_src: yes
|
||||
src: /etc/letsencrypt-certs/{{ inventory_hostname }}/{{ inventory_hostname }}.key
|
||||
dest: /var/jitsi-meet/web/keys/cert.key
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
|
||||
- name: Put cert in place
|
||||
copy:
|
||||
remote_src: yes
|
||||
src: /etc/letsencrypt-certs/{{ inventory_hostname }}/fullchain.cer
|
||||
dest: /var/jitsi-meet/web/keys/cert.crt
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
|
||||
- name: Check for running nginx
|
||||
command: pgrep -f nginx
|
||||
ignore_errors: yes
|
||||
register: nginx_pids
|
||||
|
||||
- name: Restart nginx if running
|
||||
when: nginx_pids.rc == 0
|
||||
block:
|
||||
- name: Restart nginx
|
||||
shell:
|
||||
cmd: docker-compose restart web
|
||||
chdir: /etc/jitsi-meet-docker/
|
5
playbooks/service-meetpad.yaml
Normal file
5
playbooks/service-meetpad.yaml
Normal file
@ -0,0 +1,5 @@
|
||||
- hosts: "meetpad:!disabled"
|
||||
name: "Configure meetpad"
|
||||
roles:
|
||||
- install-docker
|
||||
- jitsi-meet
|
@ -109,6 +109,10 @@ start_timer
|
||||
timeout -k 2m 30m ansible-playbook -f 50 ${ANSIBLE_PLAYBOOKS}/service-nodepool.yaml
|
||||
send_timer nodepool
|
||||
|
||||
start_timer
|
||||
timeout -k 2m 30m ansible-playbook -f 50 ${ANSIBLE_PLAYBOOKS}/service-meetpad.yaml
|
||||
send_timer meetpad
|
||||
|
||||
start_timer
|
||||
timeout -k 2m 30m ansible-playbook -f 50 ${ANSIBLE_PLAYBOOKS}/service-mirror-update.yaml
|
||||
send_timer mirror-update
|
||||
|
21
testinfra/test_meetpad.py
Normal file
21
testinfra/test_meetpad.py
Normal file
@ -0,0 +1,21 @@
|
||||
# Copyright 2018 Red Hat, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
|
||||
testinfra_hosts = ['meetpad01.opendev.org']
|
||||
|
||||
|
||||
def test_jitsi_meet_listening(host):
|
||||
registry = host.socket("tcp://0.0.0.0:443")
|
||||
assert registry.is_listening
|
Loading…
Reference in New Issue
Block a user