Refactor BigBlueButton role:

- Aligned schema/main.yml credential definitions with consistent spacing - Changed PostgreSQL secret to use random_hex_32 instead of bcrypt - Improved administrator creation logic in tasks/02_administrator.yml: * First try with primary password * Retry with starred password if OIDC is enabled * Fallback to user:set_admin_role if both fail See: https://chatgpt.com/share/68d6aa34-19cc-800f-828a-a5121fda589f
2025-10-10 18:58:10 +02:00 · 2025-09-26 16:59:28 +02:00
parent 9082443753
commit 1daa53017e
2 changed files with 46 additions and 29 deletions
--- a/roles/web-app-bigbluebutton/schema/main.yml
+++ b/roles/web-app-bigbluebutton/schema/main.yml
@@ -13,8 +13,8 @@ credentials:
    validation:   "^[a-f0-9]{128}$"
  postgresql_secret:
    description:  "Password for PostgreSQL user"
-    algorithm: "bcrypt"
-    validation: "^\\$2[aby]\\$.{56}$"
+    algorithm:    "random_hex_32"
+    validation:   "^[a-zA-Z0-9]{32}$"
  fsesl_password:
    description:  "Password for FreeSWITCH ESL connection"
    algorithm:    "alphanumeric_32"
--- a/roles/web-app-bigbluebutton/tasks/02_administrator.yml
+++ b/roles/web-app-bigbluebutton/tasks/02_administrator.yml
@@ -1,3 +1,4 @@
+---
 - name: "Wait until Greenlight is reachable via Nginx"
  uri:
    url: "{{ domains | get_url(application_id, WEB_PROTOCOL) }}"
@@ -13,19 +14,35 @@
  changed_when: false

 - block:
-    - name: "Create default admin"
+    - name: "Create admin with primary password"
      command:
        cmd: >
-            {{ docker_compose_command_exec }} greenlight
-            bundle exec rake admin:create['{{ users.administrator.username | upper }}','{{ users.administrator.email }}','{{ users.administrator.password }}']
+          {{ docker_compose_command_exec }}
+          greenlight
+          bundle exec rake
+          admin:create['{{ users.administrator.username | upper }}','{{ users.administrator.email }}','{{ users.administrator.password }}']
        chdir: "{{ docker_compose.directories.instance }}"
-      register: admin_creation_result
-      # Treat exit codes 0 (created) and 2 (already exists) as success
-      failed_when: admin_creation_result.rc not in [0,2]
+      register: admin_create_primary
+      when: not BBB_OIDC_ENABLED | bool
+
+    - name: "Retry with starred password when invalid and OIDC enabled"
+      when: BBB_OIDC_ENABLED | bool
+      command:
+        cmd: >
+          {{ docker_compose_command_exec }}
+          greenlight
+          bundle exec rake
+          admin:create['{{ users.administrator.username | upper }}','{{ users.administrator.email }}','{{ users.administrator.password ~ '*' }}']
+        chdir: "{{ docker_compose.directories.instance }}"
+      register: admin_create_retry
+      failed_when: admin_create_retry.rc not in [0, 2]
+
  rescue:
-    - name: "Make existing user administrator"
+    - name: "Make existing user administrator (fallback)"
      command:
        cmd: >
-          {{ docker_compose_command_exec }} greenlight
-          bundle exec rake user:set_admin_role['{{ users.administrator.email }}']
+          {{ docker_compose_command_exec }}
+          greenlight
+          bundle exec rake
+          user:set_admin_role['{{ users.administrator.email }}']
        chdir: "{{ docker_compose.directories.instance }}"