diff --git a/roles/web-app-bigbluebutton/Setup.md b/roles/web-app-bigbluebutton/Setup.md deleted file mode 100644 index 32b4ab7b..00000000 --- a/roles/web-app-bigbluebutton/Setup.md +++ /dev/null @@ -1,6 +0,0 @@ -# Setup - -## Passwords -```bash -docker run --rm ruby:latest ruby -rsecurerandom -e 'puts SecureRandom.hex(64)' -``` \ No newline at end of file diff --git a/roles/web-app-bigbluebutton/TODO.md b/roles/web-app-bigbluebutton/TODO.md index 27b082ae..f708eeec 100644 --- a/roles/web-app-bigbluebutton/TODO.md +++ b/roles/web-app-bigbluebutton/TODO.md @@ -1,3 +1,3 @@ # Todo - Propper implement and test the LDAP integration, the configuration values just had been set during refactoring -- Move this whole overcomplicated handlers to the copying of a docker-compose.yml file. This is just legacy stuff \ No newline at end of file +- Implement that BBB can be opened in web-app-desktop app \ No newline at end of file diff --git a/roles/web-app-bigbluebutton/config/main.yml b/roles/web-app-bigbluebutton/config/main.yml index 508e269c..d335d6ea 100644 --- a/roles/web-app-bigbluebutton/config/main.yml +++ b/roles/web-app-bigbluebutton/config/main.yml @@ -1,15 +1,14 @@ -enable_greenlight: "true" -api_suffix: "/bigbluebutton/" +api_suffix: "/bigbluebutton/" features: - matomo: true - css: true - desktop: false # Videos can't open in frame due to iframe restrictions - # @todo fix this - ldap: false - oidc: true - central_database: false # Propably required for backup routines - logout: true + matomo: true + css: true + desktop: false # Videos can't open in frame due to iframe restrictions + ldap: false + oidc: true + central_database: false # Propably required for backup routines + logout: true server: + ip6_enabled: false csp: flags: script-src-elem: @@ -29,4 +28,8 @@ docker: version: "main" database: # This is set to true to pass integration test, doesn't have any other function - enabled: true + enabled: true + greenlight: + enabled: true + coturn: + enabled: true \ No newline at end of file diff --git a/roles/web-app-bigbluebutton/tasks/01_docker-compose.yml b/roles/web-app-bigbluebutton/tasks/01_docker-compose.yml index aebbb1dc..3755cd2f 100644 --- a/roles/web-app-bigbluebutton/tasks/01_docker-compose.yml +++ b/roles/web-app-bigbluebutton/tasks/01_docker-compose.yml @@ -8,12 +8,12 @@ - name: Slurp docker-compose.yml from remote host slurp: - src: "{{ docker_compose_file_origine }}" + src: "{{ BBB_DOCKER_COMPOSE_FILE_ORIGINE }}" register: compose_slurp - name: Transform docker-compose.yml with compose_mods copy: content: "{{ compose_slurp.content | b64decode | compose_mods(docker_repository_path, docker_compose.files.env) }}" - dest: "{{ docker_compose_file_final }}" + dest: "{{ BBB_DOCKER_COMPOSE_FILE_FINAL }}" notify: - docker compose up diff --git a/roles/web-app-bigbluebutton/tasks/main.yml b/roles/web-app-bigbluebutton/tasks/main.yml index 5aa47540..32b7671d 100644 --- a/roles/web-app-bigbluebutton/tasks/main.yml +++ b/roles/web-app-bigbluebutton/tasks/main.yml @@ -15,7 +15,7 @@ vars: docker_compose_flush_handlers: false - name: "include 04_seed-database-to-backup.yml" - include_tasks: "{{ playbook_dir }}/roles/sys-ctl-bkp-docker-2-loc/tasks/04_seed-database-to-backup.yml" + include_tasks: "{{ [ playbook_dir, 'roles/sys-ctl-bkp-docker-2-loc/tasks/04_seed-database-to-backup.yml' ] | path_join }}" - name: "Unset 'proxy_extra_configuration'" set_fact: @@ -24,33 +24,42 @@ - name: configure websocket_upgrade.conf copy: src: "websocket_upgrade.conf" - dest: "{{NGINX.DIRECTORIES.HTTP.MAPS}}websocket_upgrade.conf" + dest: "{{ [ NGINX.DIRECTORIES.HTTP.MAPS, 'websocket_upgrade.conf' ] | path_join }}" notify: restart openresty - name: "Set BBB Facts" set_fact: - bbb_env_file_link: "{{ docker_repository_path }}.env" - bbb_env_file_origine: "{{ docker_compose.files.env }}" - docker_compose_file_origine: "{{ docker_repository_path }}docker-compose.yml" - docker_compose_file_final: "{{ docker_compose.directories.instance }}docker-compose.yml" + BBB_ENV_FILE_LINK: "{{ [ docker_repository_path, '.env' ] | path_join }}" + BBB_ENV_FILE_ORIGINE: "{{ docker_compose.files.env }}" + BBB_DOCKER_COMPOSE_FILE_ORIGINE: "{{ [ docker_repository_path, 'docker-compose.yml' ] | path_join }}" + BBB_DOCKER_COMPOSE_FILE_FINAL: "{{ [ docker_compose.directories.instance, 'docker-compose.yml' ] | path_join }}" + +- name: Write docker-compose.override.yml for BigBlueButton + template: + src: docker-compose.override.yml.j2 + dest: "{{ [ docker_compose.directories.instance, 'docker-compose.override.yml' ] | path_join }}" + notify: + - docker compose up - name: deploy .env # This seems redundant @todo Checkout if this is true and if so, delete it template: src: env.j2 - dest: "{{ bbb_env_file_origine }}" + dest: "{{ BBB_ENV_FILE_ORIGINE }}" + notify: + - docker compose up - name: Create symbolic link from .env file to target location file: - src: "{{ bbb_env_file_origine }}" - dest: "{{ bbb_env_file_link }}" + src: "{{ BBB_ENV_FILE_ORIGINE }}" + dest: "{{ BBB_ENV_FILE_LINK }}" state: link - name: "Setup docker-compose.yml file" include_tasks: "01_docker-compose.yml" - name: Ensure all containers in instance are running - include_tasks: "{{ playbook_dir }}/roles/docker-compose/tasks/05_ensure_up.yml" + include_tasks: "{{ [ playbook_dir , 'roles/docker-compose/tasks/05_ensure_up.yml' ] | path_join }}" - name: flush docker service meta: flush_handlers diff --git a/roles/web-app-bigbluebutton/templates/docker-compose.override.yml.j2 b/roles/web-app-bigbluebutton/templates/docker-compose.override.yml.j2 new file mode 100644 index 00000000..104d9bdf --- /dev/null +++ b/roles/web-app-bigbluebutton/templates/docker-compose.override.yml.j2 @@ -0,0 +1 @@ +{# Overrides for Big Blue Button #} \ No newline at end of file diff --git a/roles/web-app-bigbluebutton/templates/env.j2 b/roles/web-app-bigbluebutton/templates/env.j2 index a0e79b59..662fdd6d 100644 --- a/roles/web-app-bigbluebutton/templates/env.j2 +++ b/roles/web-app-bigbluebutton/templates/env.j2 @@ -1,7 +1,9 @@ -ENABLE_COTURN=true -COTURN_TLS_CERT_PATH={{ [ LETSENCRYPT_LIVE_PATH, ssl_cert_folder] | path_join }}/fullchain.pem -COTURN_TLS_KEY_PATH={{ [ LETSENCRYPT_LIVE_PATH, ssl_cert_folder] | path_join }}/privkey.pem -ENABLE_GREENLIGHT={{ applications | get_app_conf(application_id, 'enable_greenlight', True) }} +# Coturn +ENABLE_COTURN={{ BBB_COTURN_ENABLED }} +COTURN_TLS_CERT_PATH={{ BBB_COTURN_TLS_CERT_PATH }} +COTURN_TLS_KEY_PATH={{ BBB_COTURN_TLS_KEY_PATH }} + +ENABLE_GREENLIGHT={{ BBB_GREENLIGHT_ENABLED }} # Enable Webhooks # used by some integrations @@ -39,9 +41,9 @@ FSESL_PASSWORD={{ BBB_FSESL_PASSWORD }} DOMAIN={{ domain }} +# IP EXTERNAL_IPv4={{ networks.internet.ip4 }} -# The following line is not tested and could lead to bugs: -EXTERNAL_IPv6={{ networks.internet.ip6 }} +EXTERNAL_IPv6={{ networks.internet.ip6 if BBB_IP6_ENABLED else '' }} # STUN SERVER # stun.freeswitch.org @@ -158,7 +160,7 @@ OFFICE365_HD= # It is useful for cases when Greenlight is deployed behind a Network Load Balancer or proxy OAUTH2_REDIRECT= -{% if applications | get_app_conf(application_id, 'features.ldap', False) %} +{% if BBB_LDAP_ENABLED | bool %} # LDAP Login Provider (optional) # # You can enable LDAP authentication by providing values for the variables below. @@ -283,7 +285,7 @@ HELP_URL=https://docs.bigbluebutton.org/greenlight/gl-overview.html # approval - For approve/decline registration DEFAULT_REGISTRATION=invite -{% if applications | get_app_conf(application_id, 'features.oidc', False) %} +{% if BBB_OIDC_ENABLED | bool %} ### EXTERNAL AUTHENTICATION METHODS # @See https://docs.bigbluebutton.org/greenlight/v3/external-authentication/ # diff --git a/roles/web-app-bigbluebutton/vars/main.yml b/roles/web-app-bigbluebutton/vars/main.yml index 7e930e8c..6f37cfd7 100644 --- a/roles/web-app-bigbluebutton/vars/main.yml +++ b/roles/web-app-bigbluebutton/vars/main.yml @@ -6,7 +6,7 @@ database_type: "postgres" database_instance: "{{ application_id | get_entity_name }}" database_password: "{{ applications | get_app_conf(application_id, 'credentials.postgresql_secret') }}" database_username: "postgres" -database_name: "" # Multiple databases +database_name: "" # Multiple databases # Proxy domain: "{{ domains | get_domain(application_id) }}" @@ -19,9 +19,27 @@ docker_repository_branch: "{{ applications | get_app_conf(applicatio docker_pull_git_repository: true # BigBlueButton + +## Credentials BBB_SHARED_SECRET: "{{ applications | get_app_conf(application_id, 'credentials.shared_secret') }}" BBB_ETHERPAD_API_KEY: "{{ applications | get_app_conf(application_id, 'credentials.etherpad_api_key') }}" BBB_RAILS_SECRET: "{{ applications | get_app_conf(application_id, 'credentials.rails_secret') }}" BBB_POSTGRESQL_SECRET: "{{ applications | get_app_conf(application_id, 'credentials.postgresql_secret') }}" BBB_FSESL_PASSWORD: "{{ applications | get_app_conf(application_id, 'credentials.fsesl_password') }}" -BBB_TURN_SECRET: "{{ applications | get_app_conf(application_id, 'credentials.turn_secret') }}" \ No newline at end of file +BBB_TURN_SECRET: "{{ applications | get_app_conf(application_id, 'credentials.turn_secret') }}" + +BBB_COTURN_TLS_CERT_PATH: "{{ [ LETSENCRYPT_LIVE_PATH, ssl_cert_folder, 'fullchain.pem'] | path_join }}" +BBB_COTURN_TLS_KEY_PATH: "{{ [ LETSENCRYPT_LIVE_PATH, ssl_cert_folder, 'privkey.pem'] | path_join }}" + +## Switchs + +### Network +BBB_IP6_ENABLED: "{{ applications | get_app_conf(application_id, 'server.ip6_enabled') }}" + +### Container +BBB_GREENLIGHT_ENABLED: "{{ applications | get_app_conf(application_id, 'docker.services.greenlight.enabled') }}" +BBB_COTURN_ENABLED: "{{ applications | get_app_conf(application_id, 'docker.services.coturn.enabled') }}" + +### SSO +BBB_LDAP_ENABLED: "{{ applications | get_app_conf(application_id, 'features.ldap') }}" +BBB_OIDC_ENABLED: "{{ applications | get_app_conf(application_id, 'features.oidc') }}" \ No newline at end of file