bbb: WIP—stabilize env/compose wiring & prep SFU override

Context: debugging mediasoup/WebRTC failures caused by empty/interpolated vars (EXTERNAL_IPv4, etc.). - Normalize config/main.yml (ip6_enabled flag, enable greenlight/coturn) and tidy formatting. - Extend vars/main.yml with BBB_* switches (IPv6, Greenlight, Coturn), TURN/Coturn cert paths. - env.j2: wire secrets & toggles, guard IPv6 via BBB_IP6_ENABLED, switch LDAP/OIDC to role flags, add TURN/STUN, and general cleanup. - tasks/main.yml: use BBB_* fact names, robust path joins, write docker-compose.override.yml, and notify compose on env/override changes. - tasks/01_docker-compose.yml: reference new BBB_DOCKER_COMPOSE_* facts. - Add templates/docker-compose.override.yml.j2 (placeholder for SFU overrides to avoid bad defaults during runs). Rationale: make Compose brings deterministic (no empty ), paving the way to set MS_WEBRTC_LISTEN_IPS in override without risk. Chat reference: debugging thread with GPT-5 Thinking on 2025-09-26 https://chatgpt.com/share/68d59d98-4388-800f-a627-07b6a603d0b2.
2025-10-10 10:48:10 +02:00 · 2025-09-26 12:49:12 +02:00
parent 5e4cda0ac9
commit 6ea0d09f14
8 changed files with 67 additions and 40 deletions
--- a/roles/web-app-bigbluebutton/vars/main.yml
+++ b/roles/web-app-bigbluebutton/vars/main.yml
@@ -6,7 +6,7 @@ database_type:                        "postgres"
 database_instance:                    "{{ application_id | get_entity_name }}"
 database_password:                    "{{ applications | get_app_conf(application_id, 'credentials.postgresql_secret') }}"
 database_username:                    "postgres"
-database_name:                        ""                              # Multiple databases
+database_name:                        "" # Multiple databases

 # Proxy
 domain:                               "{{ domains | get_domain(application_id) }}"
@@ -19,9 +19,27 @@ docker_repository_branch:             "{{ applications | get_app_conf(applicatio
 docker_pull_git_repository:           true

 # BigBlueButton
+
+## Credentials
 BBB_SHARED_SECRET:                    "{{ applications | get_app_conf(application_id, 'credentials.shared_secret') }}"
 BBB_ETHERPAD_API_KEY:                 "{{ applications | get_app_conf(application_id, 'credentials.etherpad_api_key') }}"
 BBB_RAILS_SECRET:                     "{{ applications | get_app_conf(application_id, 'credentials.rails_secret') }}"
 BBB_POSTGRESQL_SECRET:                "{{ applications | get_app_conf(application_id, 'credentials.postgresql_secret') }}"
 BBB_FSESL_PASSWORD:                   "{{ applications | get_app_conf(application_id, 'credentials.fsesl_password') }}"
-BBB_TURN_SECRET:                      "{{ applications | get_app_conf(application_id, 'credentials.turn_secret') }}"
+BBB_TURN_SECRET:                      "{{ applications | get_app_conf(application_id, 'credentials.turn_secret') }}"
+
+BBB_COTURN_TLS_CERT_PATH:             "{{ [ LETSENCRYPT_LIVE_PATH, ssl_cert_folder,   'fullchain.pem'] | path_join }}"
+BBB_COTURN_TLS_KEY_PATH:              "{{ [ LETSENCRYPT_LIVE_PATH, ssl_cert_folder,   'privkey.pem'] | path_join }}"
+
+## Switchs
+
+### Network
+BBB_IP6_ENABLED:                      "{{ applications | get_app_conf(application_id, 'server.ip6_enabled') }}"
+
+### Container
+BBB_GREENLIGHT_ENABLED:               "{{ applications | get_app_conf(application_id, 'docker.services.greenlight.enabled') }}"
+BBB_COTURN_ENABLED:                   "{{ applications | get_app_conf(application_id, 'docker.services.coturn.enabled') }}"
+
+### SSO
+BBB_LDAP_ENABLED:                     "{{ applications | get_app_conf(application_id, 'features.ldap') }}"
+BBB_OIDC_ENABLED:                     "{{ applications | get_app_conf(application_id, 'features.oidc') }}"