kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-10-31 02:10:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

bbb: WIP—stabilize env/compose wiring & prep SFU override

Browse Source 
Context: debugging mediasoup/WebRTC failures caused by empty/interpolated vars (EXTERNAL_IPv4, etc.).
- Normalize config/main.yml (ip6_enabled flag, enable greenlight/coturn) and tidy formatting.
- Extend vars/main.yml with BBB_* switches (IPv6, Greenlight, Coturn), TURN/Coturn cert paths.
- env.j2: wire secrets & toggles, guard IPv6 via BBB_IP6_ENABLED, switch LDAP/OIDC to role flags, add TURN/STUN, and general cleanup.
- tasks/main.yml: use BBB_* fact names, robust path joins, write docker-compose.override.yml, and notify compose on env/override changes.
- tasks/01_docker-compose.yml: reference new BBB_DOCKER_COMPOSE_* facts.
- Add templates/docker-compose.override.yml.j2 (placeholder for SFU overrides to avoid bad defaults during runs).
Rationale: make Compose brings deterministic (no empty ), paving the way to set MS_WEBRTC_LISTEN_IPS in override without risk.

Chat reference: debugging thread with GPT-5 Thinking on 2025-09-26 https://chatgpt.com/share/68d59d98-4388-800f-a627-07b6a603d0b2.
This commit is contained in:
Kevin Veen-Birkenbach
2025-09-26 12:49:12 +02:00
parent 5e4cda0ac9
commit 6ea0d09f14
8 changed files with 67 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
roles/web-app-bigbluebutton/Setup.md
View File

@@ -1,6 +0,0 @@
# Setup
## Passwords
```bash
docker run --rm ruby:latest ruby -rsecurerandom -e 'puts SecureRandom.hex(64)'
```

2
roles/web-app-bigbluebutton/TODO.md
View File

@@ -1,3 +1,3 @@
# Todo
- Propper implement and test the LDAP integration, the configuration values just had been set during refactoring
- Move this whole overcomplicated handlers to the copying of a docker-compose.yml file. This is just legacy stuff
- Implement that BBB can be opened in web-app-desktop app

25
roles/web-app-bigbluebutton/config/main.yml
View File

@@ -1,15 +1,14 @@
enable_greenlight: "true"
api_suffix: "/bigbluebutton/"
api_suffix: "/bigbluebutton/"
features:
matomo: true
css: true
desktop: false # Videos can't open in frame due to iframe restrictions
# @todo fix this
ldap: false
oidc: true
central_database: false # Propably required for backup routines
logout: true
matomo: true
css: true
desktop: false # Videos can't open in frame due to iframe restrictions
ldap: false
oidc: true
central_database: false # Propably required for backup routines
logout: true
server:
ip6_enabled: false
csp:
flags:
script-src-elem:
@@ -29,4 +28,8 @@ docker:
version: "main"
database:
# This is set to true to pass integration test, doesn't have any other function
enabled: true
enabled: true
greenlight:
enabled: true
coturn:
enabled: true

4
roles/web-app-bigbluebutton/tasks/01_docker-compose.yml
View File

@@ -8,12 +8,12 @@
- name: Slurp docker-compose.yml from remote host
slurp:
src: "{{ docker_compose_file_origine }}"
src: "{{ BBB_DOCKER_COMPOSE_FILE_ORIGINE }}"
register: compose_slurp
- name: Transform docker-compose.yml with compose_mods
copy:
content: "{{ compose_slurp.content | b64decode | compose_mods(docker_repository_path, docker_compose.files.env) }}"
dest: "{{ docker_compose_file_final }}"
dest: "{{ BBB_DOCKER_COMPOSE_FILE_FINAL }}"
notify:
- docker compose up

29
roles/web-app-bigbluebutton/tasks/main.yml
View File

@@ -15,7 +15,7 @@
vars:
docker_compose_flush_handlers: false
- name: "include 04_seed-database-to-backup.yml"
include_tasks: "{{ playbook_dir }}/roles/sys-ctl-bkp-docker-2-loc/tasks/04_seed-database-to-backup.yml"
include_tasks: "{{ [ playbook_dir, 'roles/sys-ctl-bkp-docker-2-loc/tasks/04_seed-database-to-backup.yml' ] | path_join }}"
- name: "Unset 'proxy_extra_configuration'"
set_fact:
@@ -24,33 +24,42 @@
- name: configure websocket_upgrade.conf
copy:
src: "websocket_upgrade.conf"
dest: "{{NGINX.DIRECTORIES.HTTP.MAPS}}websocket_upgrade.conf"
dest: "{{ [ NGINX.DIRECTORIES.HTTP.MAPS, 'websocket_upgrade.conf' ] | path_join }}"
notify: restart openresty
- name: "Set BBB Facts"
set_fact:
bbb_env_file_link: "{{ docker_repository_path }}.env"
bbb_env_file_origine: "{{ docker_compose.files.env }}"
docker_compose_file_origine: "{{ docker_repository_path }}docker-compose.yml"
docker_compose_file_final: "{{ docker_compose.directories.instance }}docker-compose.yml"
BBB_ENV_FILE_LINK: "{{ [ docker_repository_path, '.env' ] | path_join }}"
BBB_ENV_FILE_ORIGINE: "{{ docker_compose.files.env }}"
BBB_DOCKER_COMPOSE_FILE_ORIGINE: "{{ [ docker_repository_path, 'docker-compose.yml' ] | path_join }}"
BBB_DOCKER_COMPOSE_FILE_FINAL: "{{ [ docker_compose.directories.instance, 'docker-compose.yml' ] | path_join }}"
- name: Write docker-compose.override.yml for BigBlueButton
template:
src: docker-compose.override.yml.j2
dest: "{{ [ docker_compose.directories.instance, 'docker-compose.override.yml' ] | path_join }}"
notify:
- docker compose up
- name: deploy .env
# This seems redundant @todo Checkout if this is true and if so, delete it
template:
src: env.j2
dest: "{{ bbb_env_file_origine }}"
dest: "{{ BBB_ENV_FILE_ORIGINE }}"
notify:
- docker compose up
- name: Create symbolic link from .env file to target location
file:
src: "{{ bbb_env_file_origine }}"
dest: "{{ bbb_env_file_link }}"
src: "{{ BBB_ENV_FILE_ORIGINE }}"
dest: "{{ BBB_ENV_FILE_LINK }}"
state: link
- name: "Setup docker-compose.yml file"
include_tasks: "01_docker-compose.yml"
- name: Ensure all containers in instance are running
include_tasks: "{{ playbook_dir }}/roles/docker-compose/tasks/05_ensure_up.yml"
include_tasks: "{{ [ playbook_dir , 'roles/docker-compose/tasks/05_ensure_up.yml' ] | path_join }}"
- name: flush docker service
meta: flush_handlers

1
roles/web-app-bigbluebutton/templates/docker-compose.override.yml.j2 Normal file
View File

@@ -0,0 +1 @@
{# Overrides for Big Blue Button #}

18
roles/web-app-bigbluebutton/templates/env.j2
View File

@@ -1,7 +1,9 @@
ENABLE_COTURN=true
COTURN_TLS_CERT_PATH={{ [ LETSENCRYPT_LIVE_PATH, ssl_cert_folder] | path_join }}/fullchain.pem
COTURN_TLS_KEY_PATH={{ [ LETSENCRYPT_LIVE_PATH, ssl_cert_folder] | path_join }}/privkey.pem
ENABLE_GREENLIGHT={{ applications | get_app_conf(application_id, 'enable_greenlight', True) }}
# Coturn
ENABLE_COTURN={{ BBB_COTURN_ENABLED }}
COTURN_TLS_CERT_PATH={{ BBB_COTURN_TLS_CERT_PATH }}
COTURN_TLS_KEY_PATH={{ BBB_COTURN_TLS_KEY_PATH }}
ENABLE_GREENLIGHT={{ BBB_GREENLIGHT_ENABLED }}
# Enable Webhooks
# used by some integrations
@@ -39,9 +41,9 @@ FSESL_PASSWORD={{ BBB_FSESL_PASSWORD }}
DOMAIN={{ domain }}
# IP
EXTERNAL_IPv4={{ networks.internet.ip4 }}
# The following line is not tested and could lead to bugs:
EXTERNAL_IPv6={{ networks.internet.ip6 }}
EXTERNAL_IPv6={{ networks.internet.ip6 if BBB_IP6_ENABLED else '' }}
# STUN SERVER
# stun.freeswitch.org
@@ -158,7 +160,7 @@ OFFICE365_HD=
# It is useful for cases when Greenlight is deployed behind a Network Load Balancer or proxy
OAUTH2_REDIRECT=
{% if applications | get_app_conf(application_id, 'features.ldap', False) %}
{% if BBB_LDAP_ENABLED | bool %}
# LDAP Login Provider (optional)
#
# You can enable LDAP authentication by providing values for the variables below.
@@ -283,7 +285,7 @@ HELP_URL=https://docs.bigbluebutton.org/greenlight/gl-overview.html
# approval - For approve/decline registration
DEFAULT_REGISTRATION=invite
{% if applications | get_app_conf(application_id, 'features.oidc', False) %}
{% if BBB_OIDC_ENABLED | bool %}
### EXTERNAL AUTHENTICATION METHODS
# @See https://docs.bigbluebutton.org/greenlight/v3/external-authentication/
#

22
roles/web-app-bigbluebutton/vars/main.yml
View File

@@ -6,7 +6,7 @@ database_type: "postgres"
database_instance: "{{ application_id | get_entity_name }}"
database_password: "{{ applications | get_app_conf(application_id, 'credentials.postgresql_secret') }}"
database_username: "postgres"
database_name: "" # Multiple databases
database_name: "" # Multiple databases
# Proxy
domain: "{{ domains | get_domain(application_id) }}"
@@ -19,9 +19,27 @@ docker_repository_branch: "{{ applications | get_app_conf(applicatio
docker_pull_git_repository: true
# BigBlueButton
## Credentials
BBB_SHARED_SECRET: "{{ applications | get_app_conf(application_id, 'credentials.shared_secret') }}"
BBB_ETHERPAD_API_KEY: "{{ applications | get_app_conf(application_id, 'credentials.etherpad_api_key') }}"
BBB_RAILS_SECRET: "{{ applications | get_app_conf(application_id, 'credentials.rails_secret') }}"
BBB_POSTGRESQL_SECRET: "{{ applications | get_app_conf(application_id, 'credentials.postgresql_secret') }}"
BBB_FSESL_PASSWORD: "{{ applications | get_app_conf(application_id, 'credentials.fsesl_password') }}"
BBB_TURN_SECRET: "{{ applications | get_app_conf(application_id, 'credentials.turn_secret') }}"
BBB_TURN_SECRET: "{{ applications | get_app_conf(application_id, 'credentials.turn_secret') }}"
BBB_COTURN_TLS_CERT_PATH: "{{ [ LETSENCRYPT_LIVE_PATH, ssl_cert_folder, 'fullchain.pem'] | path_join }}"
BBB_COTURN_TLS_KEY_PATH: "{{ [ LETSENCRYPT_LIVE_PATH, ssl_cert_folder, 'privkey.pem'] | path_join }}"
## Switchs
### Network
BBB_IP6_ENABLED: "{{ applications | get_app_conf(application_id, 'server.ip6_enabled') }}"
### Container
BBB_GREENLIGHT_ENABLED: "{{ applications | get_app_conf(application_id, 'docker.services.greenlight.enabled') }}"
BBB_COTURN_ENABLED: "{{ applications | get_app_conf(application_id, 'docker.services.coturn.enabled') }}"
### SSO
BBB_LDAP_ENABLED: "{{ applications | get_app_conf(application_id, 'features.ldap') }}"
BBB_OIDC_ENABLED: "{{ applications | get_app_conf(application_id, 'features.oidc') }}"