Optimized snipe-it und bbb

2025-07-22 00:01:09 +02:00 · 2025-07-21 01:40:42 +02:00 · 2025-07-21 01:40:42 +02:00 · 5343536d27
commit 5343536d27
parent 6e2e3e45a7
17 changed files with 102 additions and 121 deletions
--- a/roles/cmp-db-docker/tasks/main.yml
+++ b/roles/cmp-db-docker/tasks/main.yml
@ -7,8 +7,8 @@
 - name: "For '{{ application_id }}': Load database variables"
  include_vars: "{{ item }}"
  loop:
-    - "{{ cmp_db_docker_vars_file_docker }}"   # Important to load docker variables first so that database can use them
-    - "{{ cmp_db_docker_vars_file_db }}" # Important to load them before docker role so that backup can use them
+    - "{{ cmp_db_docker_vars_file_docker }}"  # Important to load docker variables first so that database can use them
+    - "{{ cmp_db_docker_vars_file_db }}"      # Important to load them before docker role so that backup can use them

 - name: "For '{{ application_id }}': Load docker-compose"
  include_role: 
--- a/roles/cmp-docker-proxy/tasks/main.yml
+++ b/roles/cmp-docker-proxy/tasks/main.yml
@ -1,12 +1,14 @@
 # run_once_cmp_docker_proxy: deactivated

- name: "For '{{ application_id }}': include docker-compose role"
-  include_role:
-    name: docker-compose
-
+# To load the proxy firs is just implemented due to some issues with BBB
 - name: "For '{{ application_id }}': include role srv-proxy-6-6-domain"
  include_role:
    name: srv-proxy-6-6-domain
  vars:
    domain:   "{{ domains | get_domain(application_id) }}"
    http_port:   "{{ ports.localhost.http[application_id] }}"
+
+- name: "For '{{ application_id }}': include docker-compose role"
+  include_role:
+    name: docker-compose
+
--- a/roles/docker-compose/handlers/main.yml
+++ b/roles/docker-compose/handlers/main.yml
@ -13,7 +13,7 @@
 - name: Build docker 
  command:
    cmd:   docker compose build
-    chdir: "{{docker_repository_path}}"
+    chdir: "{{ docker_compose.directories.instance }}"
  environment:
    COMPOSE_HTTP_TIMEOUT: 600
    DOCKER_CLIENT_TIMEOUT: 600
@ -21,7 +21,6 @@
    - docker compose build
    - docker compose up     # This is just here because I didn't took the time to refactor
                            # @todo go over all docker compose up implementations and check where it makes sense to user docker compose build and where docker compose up
-  when: application_id != 'web-app-bigbluebutton' # @todo solve this on a different way, just a fast hack

 - name: docker compose up
  shell: docker-compose -p {{ application_id | get_entity_name }} up -d --force-recreate --remove-orphans
--- a/roles/docker-compose/tasks/01_reset.yml
+++ b/roles/docker-compose/tasks/01_reset.yml
--- a/roles/docker-compose/tasks/02_repository.yml
+++ b/roles/docker-compose/tasks/02_repository.yml
@ -4,9 +4,11 @@

 - name: pull docker repository
  git:
-    repo: "{{ docker_repository_address }}"
-    dest: "{{ docker_repository_path }}"
-    update: yes
+    repo:       "{{ docker_repository_address }}"
+    dest:       "{{ docker_repository_path }}"
+    depth:      1
+    update:     yes
+    recursive:  yes
  notify:
    - docker compose build
    - docker compose up
--- a/roles/docker-compose/tasks/03_files.yml
+++ b/roles/docker-compose/tasks/03_files.yml
--- a/roles/docker-compose/tasks/04_ensure_up.yml
+++ b/roles/docker-compose/tasks/04_ensure_up.yml
@ -4,6 +4,11 @@
    chdir:        "{{ docker_compose.directories.instance }}"
  register:       docker_ps
  changed_when:   (docker_ps.stdout | trim) == ""
+  # The failed when catches the condition when an docker compose file will be dynamicly build after the file routine
+  failed_when: >
+    docker_ps.rc != 0
+    and
+    'no configuration file provided: not found' not in (docker_ps.stderr | default(''))
  when: >
    not (
      docker_compose_template.changed | default(false)
--- a/roles/docker-compose/tasks/main.yml
+++ b/roles/docker-compose/tasks/main.yml
@ -4,7 +4,7 @@
  include_vars: "{{ docker_compose_variable_file }}"

 - name: "reset (if enabled)"
-  include_tasks: reset.yml 
+  include_tasks: 01_reset.yml 
  when: mode_reset | bool

 # This could lead to problems in docker-compose directories which are based on a git repository
@ -17,15 +17,16 @@
  with_dict: "{{ docker_compose.directories }}"

 - name: "Include routines to set up a git repository based installaion for '{{application_id}}'."
-  include_tasks: "01_repository.yml"
+  include_tasks: "02_repository.yml"
  when: docker_pull_git_repository | bool

 - name: "Include routines file management routines for '{{application_id}}'."
-  include_tasks: "02_files.yml"
+  include_tasks: "03_files.yml"
  when: not docker_compose_skipp_file_creation | bool

 - name: "Ensure that {{ docker_compose.directories.instance }} is up"
-  include_tasks: "03_ensure_up.yml"
+  include_tasks: "04_ensure_up.yml"
+  when: not docker_compose_skipp_file_creation | bool

 - name: "flush database, docker and proxy for '{{ application_id }}'" 
  meta: flush_handlers
--- a/roles/web-app-bigbluebutton/TODO.md
+++ b/roles/web-app-bigbluebutton/TODO.md
@ -1,2 +1,3 @@
 # Todo
-  Propper implement and test the LDAP integration, the configuration values just had been set during refactoring
+- Propper implement and test the LDAP integration, the configuration values just had been set during refactoring
+- Move this whole overcomplicated handlers to the copying of a docker-compose.yml file. This is just legacy stuff
--- a/roles/web-app-bigbluebutton/tasks/docker-compose.yml
+++ b/roles/web-app-bigbluebutton/tasks/docker-compose.yml
@ -1,19 +1,16 @@
---
 - name: create docker-compose.yml for bigbluebutton
  command:
    cmd: bash ./scripts/generate-compose
-    chdir: "{{ bbb_repository_directory }}"
+    chdir: "{{ docker_repository_path }}"
  environment:
    COMPOSE_HTTP_TIMEOUT: 600
    DOCKER_CLIENT_TIMEOUT: 600
-  listen: setup bigbluebutton

 - name: Copy docker-compose.yml from origin to final location
  copy:
    src:  "{{ docker_compose_file_origine }}"
    dest: "{{ docker_compose_file_final }}"
    remote_src: yes
-  listen: setup bigbluebutton

 - name: Replace bind mounts by named volume mounts
  replace:
@ -26,7 +23,6 @@
    - { regexp: '\./data/freeswitch-meetings:/var/freeswitch/meetings', replace: 'freeswitch:/var/freeswitch/meetings' }
    - { regexp: '\./data/greenlight:/usr/src/app/storage', replace: 'greenlight:/usr/src/app/storage' }
    - { regexp: '\./data/mediasoup:/var/mediasoup', replace: 'mediasoup:/var/mediasoup' }
-  listen: setup bigbluebutton

 - name: add volume to redis
  lineinfile:
@ -34,14 +30,12 @@
    insertafter: "^\\s*redis:"
    line: "    volumes:\n      - redis:/data"
    firstmatch: yes
-  listen: setup bigbluebutton

 - name: add volume to coturn
  lineinfile:
    path: "{{ docker_compose_file_final }}"
    insertafter: "- ./mod/coturn/turnserver.conf:/etc/coturn/turnserver.conf"
    line: "      - coturn:/var/lib/coturn"
-  listen: setup bigbluebutton

 # Implemented due to etherpad health bug.
 # @todo Remove when health check is working fine
@ -67,14 +61,18 @@
        mediasoup:
    marker: "# {mark} ANSIBLE MANAGED BLOCK FOR VOLUMES"
    insertbefore: "^services:"
-  listen: setup bigbluebutton

 - name: Replace all './' with '/services/' in docker-compose.yml
  ansible.builtin.replace:
    path:     "{{ docker_compose_file_final }}"
    regexp:   '\./'
-    replace:  './services/'
-  listen: setup bigbluebutton
+    replace:  '{{ docker_repository_path }}/'
+
+- name: Prefix build context with docker_repository_path
+  ansible.builtin.replace:
+    path: "{{ docker_compose_file_final }}"
+    regexp: '(^\s*context:\s*)mod/(.*)'
+    replace: '\1{{ docker_repository_path }}/mod/\2'

 - name: "Update healthcheck for bbb-graphql-server"
  # This is neccessary because the healthcheck doesn't listen to the correct port
@ -82,20 +80,33 @@
    line: "    healthcheck:\n      test: [\"CMD\", \"curl\", \"-f\", \"http://localhost:8085/healthz\"]\n      interval: 30s\n      timeout: 10s\n      retries: 5\n      start_period: 10s"
    path: "{{docker_compose_file_final}}"
    insertafter: "bbb-graphql-server:"
-  listen: setup bigbluebutton

- name: docker compose pull bigbluebutton
-  command:
-    cmd: "docker-compose pull"
-    chdir: "{{ bbb_repository_directory }}"
-  listen: setup bigbluebutton
-
- name: docker compose up bigbluebutton
-  command:
-    cmd: "docker-compose -p bigbluebutton up -d --force-recreate --remove-orphans"
-    # Don't use the --build flag here. This leads to bugs
-    chdir: "{{ docker_compose.directories.instance }}"
-  environment:
-    COMPOSE_HTTP_TIMEOUT: 600
-    DOCKER_CLIENT_TIMEOUT: 600
-  listen: setup bigbluebutton
+- name: Add env_file to each service in docker-compose.yml
+  blockinfile:
+    path: "{{ docker_compose_file_final }}"
+    insertafter: '^  {{ service }}:$'
+    marker: "# {mark} ANSIBLE MANAGED BLOCK FOR ENV_FILE"
+    block: |
+        env_file:
+          - "{{ docker_compose.files.env }}"
+  loop:
+    - bbb-web
+    - freeswitch
+    - nginx
+    - etherpad
+    - bbb-pads
+    - bbb-export-annotations
+    - redis
+    - webrtc-sfu
+    - fsesl-akka
+    - apps-akka
+    - bbb-graphql-server
+    - bbb-graphql-actions
+    - bbb-graphql-middleware
+    - collabora
+    - periodic
+    - coturn
+    - greenlight
+    - postgres
+  loop_control:
+    loop_var: service
--- a/roles/web-app-bigbluebutton/tasks/main.yml
+++ b/roles/web-app-bigbluebutton/tasks/main.yml
@ -1,66 +1,39 @@
 ---
-# Docker Central Database Role can't be used here
- name: "include docker-compose role"
+- name: "For '{{ application_id }}': include docker-compose role"
  include_role:
-    name: docker-compose
+    name: cmp-docker-proxy
  vars:
    database_instance:  "{{ application_id }}"
    database_password:  "{{ applications | get_app_conf(application_id, 'credentials.postgresql_secret', True) }}"
    database_username:  "postgres"
    database_name:      ""                              # Multiple databases

- name:                 "Seed BigBlueButton Database for Backup"
-  include_tasks:        "{{ playbook_dir }}/roles/sys-bkp-docker-2-loc/tasks/seed-database-to-backup.yml"
-  vars:
-    database_instance:  "{{ application_id }}"
-    database_password:  "{{ applications | get_app_conf(application_id, 'credentials.postgresql_secret', True) }}"
-    database_username:  "postgres"
-    database_name:      ""                              # Multiple databases
-
- name: "include role srv-proxy-6-6-domain"
-  include_role:
-    name: srv-proxy-6-6-domain
-
- name: pull docker repository
-  git:
-    repo: "https://github.com/bigbluebutton/docker.git"
-    dest: "{{ bbb_repository_directory }}"
-    update: yes
-    recursive: yes
-    version: main
-  notify: setup bigbluebutton
-
 - name: configure websocket_upgrade.conf
  copy: 
    src:  "websocket_upgrade.conf"
    dest: "{{nginx.directories.http.maps}}websocket_upgrade.conf"
  notify: restart nginx

- name: "Remove directory {{ docker_compose.directories.env }}"
-  file:
-    path: "{{ docker_compose.directories.env }}"
-    state: absent
+- name: "Set BBB Facts"
+  set_fact:
+    bbb_env_file_link:            "{{ docker_repository_path }}.env"
+    bbb_env_file_origine:         "{{ docker_compose.files.env }}"
+    docker_compose_file_origine:  "{{ docker_repository_path }}docker-compose.yml"
+    docker_compose_file_final:    "{{ docker_compose.directories.instance }}docker-compose.yml"

 - name: deploy .env
  template: 
    src:  env.j2
    dest: "{{ bbb_env_file_origine }}"
-  notify: setup bigbluebutton

 - name: Create symbolic link from .env file to target location
  file:
    src:    "{{ bbb_env_file_origine }}"
    dest:   "{{ bbb_env_file_link }}"
    state:  link
-  notify: setup bigbluebutton

- name:           "Check if any container is running in {{ docker_compose.directories.instance }}"
-  command:        docker compose ps -q --filter status=running
-  args:
-    chdir:        "{{ docker_compose.directories.instance }}"
-  register:       docker_ps
-  changed_when:   (docker_ps.stdout | trim) == ""
-  notify:         setup bigbluebutton
+- name: "Setup docker-compose.yml file"
+  include_tasks: "docker-compose.yml"

 - name: flush docker service
  meta: flush_handlers
@ -76,6 +49,6 @@
  command:
    cmd: docker compose exec greenlight bundle exec rake admin:create
    chdir: "{{ docker_compose.directories.instance }}"
-  when: bigbluebutton_setup
+  when: bbb_setup
  ignore_errors: true
  register: admin_creation_result
--- a/roles/web-app-bigbluebutton/templates/env.j2
+++ b/roles/web-app-bigbluebutton/templates/env.j2
@ -1,7 +1,7 @@
 ENABLE_COTURN=true
 COTURN_TLS_CERT_PATH={{ certbot_cert_path }}/{{ ssl_cert_folder }}/fullchain.pem
 COTURN_TLS_KEY_PATH={{ certbot_cert_path }}/{{ ssl_cert_folder }}/privkey.pem
-ENABLE_GREENLIGHT={{applications | get_app_conf(application_id, 'enable_greenlight', True)}}
+ENABLE_GREENLIGHT={{ applications | get_app_conf(application_id, 'enable_greenlight', True) }}

 # Enable Webhooks
 # used by some integrations
--- a/roles/web-app-bigbluebutton/vars/main.yml
+++ b/roles/web-app-bigbluebutton/vars/main.yml
@ -1,18 +1,18 @@
 application_id:                           "web-app-bigbluebutton"
-bbb_repository_directory:                 "{{ docker_compose.directories.services }}"
-docker_compose_file_origine:              "{{ docker_compose.directories.services }}docker-compose.yml"
-docker_compose_file_final:                "{{ docker_compose.directories.instance }}docker-compose.yml"

 # Database configuration
 database_type:                            "postgres"
 database_password:                        "{{ applications | get_app_conf(application_id, 'credentials.postgresql_secret') }}"

+# Proxy
 domain:                                   "{{ domains | get_domain(application_id) }}"
 http_port:                                "{{ ports.localhost.http[application_id] }}"
-bbb_env_file_link:                        "{{ docker_compose.directories.instance }}.env"    
-bbb_env_file_origine:                     "{{ bbb_repository_directory }}.env"

-docker_compose_skipp_file_creation: true  # Skipp creation of docker-compose.yml file
+# Docker
+docker_compose_skipp_file_creation:       true # Handled in this role
+docker_repository_address:                "https://github.com/bigbluebutton/docker.git"
+docker_pull_git_repository:               true
+docker_compose_flush_handlers:            false

 # Setup 
-bigbluebutton_setup:                      "{{ applications | get_app_conf(application_id, 'setup') }}"
+bbb_setup:                                "{{ applications | get_app_conf(application_id, 'setup') }}"
--- a/roles/web-app-port-ui/vars/main.yml
+++ b/roles/web-app-port-ui/vars/main.yml
@ -1,4 +1,4 @@
-application_id:             "web-app-port-ui"
-docker_repository_address:  "https://github.com/kevinveenbirkenbach/port-ui"
-config_inventory_path:      "{{ inventory_dir }}/files/{{ inventory_hostname }}/docker/web-app-port-ui/config.yaml.j2"
-docker_pull_git_repository:          true
+application_id:               "web-app-port-ui"
+docker_repository_address:    "https://github.com/kevinveenbirkenbach/port-ui"
+config_inventory_path:        "{{ inventory_dir }}/files/{{ inventory_hostname }}/docker/web-app-port-ui/config.yaml.j2"
+docker_pull_git_repository:   true
--- a/roles/web-app-snipe-it/tasks/ldap.yml
+++ b/roles/web-app-snipe-it/tasks/ldap.yml
@ -12,27 +12,6 @@
  until: snipeit_admin_check.status == 200
  when: not ( applications | get_app_conf(application_id, 'features.oauth2', False))

- name: "Debug: show APP_KEY in container shell"
-  shell: |
-    docker-compose exec -T \
-      -u {{ snipe_it_user }} \
-      -e XDG_CONFIG_HOME=/tmp \
-      -e APP_KEY='{{ applications | get_app_conf(application_id, 'credentials.app_key', True) }}' \
-      application \
-      sh -c 'echo "SHELL sees APP_KEY=$APP_KEY"'
-  args:
-    chdir: "{{ docker_compose.directories.instance }}"
-
- name: "Debug: show APP_KEY in container shell"
-  shell: |
-    docker-compose exec -T -u {{ snipe_it_user }} \
-    -e XDG_CONFIG_HOME=/tmp \
-    -e APP_KEY="{{ applications | get_app_conf(application_id, 'credentials.app_key', True) }}" \
-    application \
-    php artisan tinker --execute="echo 'CONFIG app.key: ' . config('app.key') . PHP_EOL;"
-  args:
-    chdir: "{{ docker_compose.directories.instance }}"
-
 - name: "Set all LDAP settings via Laravel Setting model (inside container as {{ snipe_it_user }})"
  shell: |
    docker-compose exec -T \
--- a/roles/web-app-snipe-it/vars/main.yml
+++ b/roles/web-app-snipe-it/vars/main.yml
@ -1,6 +1,14 @@
+# General 
 application_id:     "web-app-snipe-it"
+
+# Database
 database_password:  "{{ applications | get_app_conf(application_id, 'credentials.database_password', True) }}"
 database_type:      "mariadb"
+
+# Docker
+docker_compose_flush_handlers:          true
+
+# Snipe-IT specific
 snipe_it_url:       "{{ domains | get_url(application_id, web_protocol) }}"
 snipe_it_version:   "{{ applications | get_app_conf(application_id, 'docker.services.snipe-it.version', True) }}"
 snipe_it_image:     "{{ applications | get_app_conf(application_id, 'docker.services.snipe-it.image', True) }}"
--- a/templates/roles/web-app/vars/main.yml.j2
+++ b/templates/roles/web-app/vars/main.yml.j2
@ -13,7 +13,7 @@ database_type:                          0                       # Database type
 docker_compose_flush_handlers:          true                    # When this is set to true an auto-flush after the docker-compose.yml, and env deploy is triggered, otherwise you have todo it manual.
 docker_compose_skipp_file_creation:     false                   # Skipp creation of docker-compose.yml file

-docker_pull_git_repository:                      true                    # This will automaticly pull a repository from the 'docker_repository_address'
+docker_pull_git_repository:             true                    # This will automaticly pull a repository from the 'docker_repository_address'
 docker_repository_address:              ""                      # The address of a repository which should be pulled

 {# The following variable mapping is optional, but it makes it easier to read the code.#}