Refactor BigBlueButton role:

- Aligned schema/main.yml credential definitions with consistent spacing - Changed PostgreSQL secret to use random_hex_32 instead of bcrypt - Improved administrator creation logic in tasks/02_administrator.yml: * First try with primary password * Retry with starred password if OIDC is enabled * Fallback to user:set_admin_role if both fail See: https://chatgpt.com/share/68d6aa34-19cc-800f-828a-a5121fda589f
2025-10-10 10:48:10 +02:00 · 2025-09-26 16:59:28 +02:00
parent 9082443753
commit 1daa53017e
2 changed files with 46 additions and 29 deletions
--- a/roles/web-app-bigbluebutton/schema/main.yml
+++ b/roles/web-app-bigbluebutton/schema/main.yml
@@ -1,25 +1,25 @@
 credentials:
  shared_secret:
-    description: "Shared secret for BigBlueButton API authentication"
-    algorithm: "sha256"
-    validation: "^[a-f0-9]{64}$"
+    description:  "Shared secret for BigBlueButton API authentication"
+    algorithm:    "sha256"
+    validation:   "^[a-f0-9]{64}$"
  etherpad_api_key:
-    description: "API key for Etherpad integration"
-    algorithm: "random_hex_32"
-    validation: "^[a-zA-Z0-9]{32}$"
+    description:  "API key for Etherpad integration"
+    algorithm:    "random_hex_32"
+    validation:   "^[a-zA-Z0-9]{32}$"
  rails_secret:
-    description: "Secret key for Rails backend"
-    algorithm: "random_hex"
-    validation: "^[a-f0-9]{128}$"
+    description:  "Secret key for Rails backend"
+    algorithm:    "random_hex"
+    validation:   "^[a-f0-9]{128}$"
  postgresql_secret:
-    description: "Password for PostgreSQL user"
-    algorithm: "bcrypt"
-    validation: "^\\$2[aby]\\$.{56}$"
+    description:  "Password for PostgreSQL user"
+    algorithm:    "random_hex_32"
+    validation:   "^[a-zA-Z0-9]{32}$"
  fsesl_password:
-    description: "Password for FreeSWITCH ESL connection"
-    algorithm: "alphanumeric_32"
-    validation: "^.{8,}$"
+    description:  "Password for FreeSWITCH ESL connection"
+    algorithm:    "alphanumeric_32"
+    validation:   "^.{8,}$"
  turn_secret:
-    description: "TURN server shared secret"
-    algorithm: "sha1"
-    validation: "^[a-f0-9]{40}$"
+    description:  "TURN server shared secret"
+    algorithm:    "sha1"
+    validation:   "^[a-f0-9]{40}$"