kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-10-10 18:58:10 +02:00
Code Issues Packages Projects Releases Wiki Activity

Refactor BigBlueButton role:

Browse Source 
- Aligned schema/main.yml credential definitions with consistent spacing
- Changed PostgreSQL secret to use random_hex_32 instead of bcrypt
- Improved administrator creation logic in tasks/02_administrator.yml:
  * First try with primary password
  * Retry with starred password if OIDC is enabled
  * Fallback to user:set_admin_role if both fail
See: https://chatgpt.com/share/68d6aa34-19cc-800f-828a-a5121fda589f
This commit is contained in:
Kevin Veen-Birkenbach
2025-09-26 16:59:28 +02:00
parent 9082443753
commit 1daa53017e
2 changed files with 46 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
roles/web-app-bigbluebutton/schema/main.yml
View File

@@ -1,25 +1,25 @@
credentials: credentials:
shared_secret: shared_secret:
description: "Shared secret for BigBlueButton API authentication" description: "Shared secret for BigBlueButton API authentication"
algorithm: "sha256" algorithm: "sha256"
validation: "^[a-f0-9]{64}$" validation: "^[a-f0-9]{64}$"
etherpad_api_key: etherpad_api_key:
description: "API key for Etherpad integration" description: "API key for Etherpad integration"
algorithm: "random_hex_32" algorithm: "random_hex_32"
validation: "^[a-zA-Z0-9]{32}$" validation: "^[a-zA-Z0-9]{32}$"
rails_secret: rails_secret:
description: "Secret key for Rails backend" description: "Secret key for Rails backend"
algorithm: "random_hex" algorithm: "random_hex"
validation: "^[a-f0-9]{128}$" validation: "^[a-f0-9]{128}$"
postgresql_secret: postgresql_secret:
description: "Password for PostgreSQL user" description: "Password for PostgreSQL user"
algorithm: "bcrypt" algorithm: "random_hex_32"
validation: "^\\$2[aby]\\$.{56}$" validation: "^[a-zA-Z0-9]{32}$"
fsesl_password: fsesl_password:
description: "Password for FreeSWITCH ESL connection" description: "Password for FreeSWITCH ESL connection"
algorithm: "alphanumeric_32" algorithm: "alphanumeric_32"
validation: "^.{8,}$" validation: "^.{8,}$"
turn_secret: turn_secret:
description: "TURN server shared secret" description: "TURN server shared secret"
algorithm: "sha1" algorithm: "sha1"
validation: "^[a-f0-9]{40}$" validation: "^[a-f0-9]{40}$"

39
roles/web-app-bigbluebutton/tasks/02_administrator.yml
View File

@@ -1,3 +1,4 @@
---
- name: "Wait until Greenlight is reachable via Nginx" - name: "Wait until Greenlight is reachable via Nginx"
uri: uri:
url: "{{ domains | get_url(application_id, WEB_PROTOCOL) }}" url: "{{ domains | get_url(application_id, WEB_PROTOCOL) }}"
@@ -13,19 +14,35 @@
changed_when: false changed_when: false
- block: - block:
- name: "Create default admin" - name: "Create admin with primary password"
command: command:
cmd: > cmd: >
{{ docker_compose_command_exec }} greenlight {{ docker_compose_command_exec }}
bundle exec rake admin:create['{{ users.administrator.username | upper }}','{{ users.administrator.email }}','{{ users.administrator.password }}'] greenlight
bundle exec rake
admin:create['{{ users.administrator.username | upper }}','{{ users.administrator.email }}','{{ users.administrator.password }}']
chdir: "{{ docker_compose.directories.instance }}" chdir: "{{ docker_compose.directories.instance }}"
register: admin_creation_result register: admin_create_primary
# Treat exit codes 0 (created) and 2 (already exists) as success when: not BBB_OIDC_ENABLED | bool
failed_when: admin_creation_result.rc not in [0,2]
rescue: - name: "Retry with starred password when invalid and OIDC enabled"
- name: "Make existing user administrator" when: BBB_OIDC_ENABLED | bool
command: command:
cmd: > cmd: >
{{ docker_compose_command_exec }} greenlight {{ docker_compose_command_exec }}
bundle exec rake user:set_admin_role['{{ users.administrator.email }}'] greenlight
chdir: "{{ docker_compose.directories.instance }}" bundle exec rake
admin:create['{{ users.administrator.username | upper }}','{{ users.administrator.email }}','{{ users.administrator.password ~ '*' }}']
chdir: "{{ docker_compose.directories.instance }}"
register: admin_create_retry
failed_when: admin_create_retry.rc not in [0, 2]
rescue:
- name: "Make existing user administrator (fallback)"
command:
cmd: >
{{ docker_compose_command_exec }}
greenlight
bundle exec rake
user:set_admin_role['{{ users.administrator.email }}']
chdir: "{{ docker_compose.directories.instance }}"