Updated bigbluebutton role

2025-08-29 15:06:26 +02:00 · 2025-04-06 05:01:09 +02:00
parent ade8053430
commit 8d58aa2364
12 changed files with 321 additions and 90 deletions
--- a/roles/docker-bigbluebutton/Administration.md
+++ b/roles/docker-bigbluebutton/Administration.md
@@ -1,16 +0,0 @@
-## Administration
-
-## cleanup
-```bash
-    docker compose down -v
-```
-
-## check container status 
-```bash
-watch -n 2 "docker compose ps -a"
-```
-
-## database access
-```bash
- sudo docker-compose exec -it postgres psql -U postgres
-```
--- a/roles/docker-bigbluebutton/README.md
+++ b/roles/docker-bigbluebutton/README.md
@@ -1,19 +1,47 @@
-# docker bigbluebutton
-@TODO Database needs to be decoupled 
+# Docker BigBlueButton 📡

-Role to deploy [BigBlueButton](https://bigbluebutton.org/). 
+## Description

-## SSO
- https://docs.bigbluebutton.org/greenlight/v3/external-authentication/
+This Ansible role deploys [BigBlueButton](https://bigbluebutton.org/) using Docker Compose. It includes support for Greenlight, OIDC, LDAP, TURN/STUN, health checks, and a modular `.env` setup. This role is ideal for educational institutions and teams requiring a self-hosted video conferencing solution.

-## Other Resources
- https://github.com/bigbluebutton/docker
- https://docs.bigbluebutton.org/greenlight/gl-install.html#setting-bigbluebutton-credentials
- https://goneuland.de/big-blue-button-mit-docker-und-traefik-installieren/
- https://github.com/docker/compose/issues/4799
- https://www.cyberciti.biz/faq/linux-command-to-remove-virtual-interfaces-or-network-aliases/
- https://www.cyberciti.biz/faq/linux-restart-network-interface/
- https://stackoverflow.com/questions/53347951/docker-network-not-found
- https://github.com/bigbluebutton/docker/issues/325
- https://mattdyson.org/blog/2024/11/self-hosting-bluesky-pds/
- https://atproto.com/specs/handle#handle-resolution @toto micoservice für dynamische did auflösung implementieren
+> 🔧 **Note**: The database layer should be decoupled in a future release to improve modularity and integration.
+
+## Overview
+
+This role provides a fully automated deployment of [BigBlueButton](https://bigbluebutton.org/) using Docker Compose on Arch Linux. It manages the entire lifecycle of the deployment, from cloning the upstream Docker repository and generating the `.env` configuration to customizing `docker-compose.yml` for volume usage, WebSocket proxying, and optional LDAP/OIDC integration.
+
+The setup includes conditional Greenlight activation, WebRTC support via TURN/STUN, and various fixes for known container orchestration issues. The role is modular and integrates seamlessly with the CyMaIS infrastructure, including reverse proxy configuration, domain management, and secrets templating.
+
+By default, BigBlueButton is deployed with best-practice hardening, modular secrets, and support for multiple authentication methods and scalable storage backends.
+
+## Features
+
+- 🐳 **Docker-based** deployment via official [bigbluebutton/docker](https://github.com/bigbluebutton/docker)
+- ✅ **Greenlight** (v3) frontend support
+- 🔐 **SSO with OIDC & LDAP** (optional)
+- 🧱 Automatic `.env` templating and domain/Nginx integration
+- 🛠 Volume patching and Docker Compose customization
+- 📬 SMTP integration and Greenlight admin creation
+- 🧪 Workarounds for known Docker Compose or Etherpad issues
+
+## Single Sign-On (SSO)
+
+- Docs: [External Authentication](https://docs.bigbluebutton.org/greenlight/v3/external-authentication/)
+- Supports:
+  - ✅ OpenID Connect (OIDC)
+  - ✅ LDAP (with custom DN and filters)
+  - 🧩 Custom OAuth2 flows via ENV vars
+
+## System Requirements
+
+- Arch Linux with Docker, Compose, and Nginx roles pre-installed
+- DNS and reverse proxy configuration using `nginx-docker-reverse-proxy`
+- Functional email system for Greenlight SMTP
+
+## Important Resources
+
+- [BigBlueButton Docker Docs](https://docs.bigbluebutton.org/greenlight/gl-install.html#setting-bigbluebutton-credentials)
+- [Networking Fixes & Issues](https://stackoverflow.com/questions/53347951/docker-network-not-found)
+- [Traefik + Docker Tutorial](https://goneuland.de/big-blue-button-mit-docker-und-traefik-installieren/)
+- [Etherpad Healthcheck Bug](https://chatgpt.com/c/67a0fc7e-5104-800f-bb6b-3731e2f83b7b)
+- [Virtual Interfaces Cleanup](https://www.cyberciti.biz/faq/linux-command-to-remove-virtual-interfaces-or-network-aliases/)
--- a/roles/docker-bigbluebutton/handlers/main.yml
+++ b/roles/docker-bigbluebutton/handlers/main.yml
@@ -2,29 +2,35 @@
 - name: create docker-compose.yml for bigbluebutton
  command:
    cmd: bash ./scripts/generate-compose
-    chdir: "{{docker_compose.directories.instance}}"
+    chdir: "{{ bbb_repository_directory }}"
  environment:
    COMPOSE_HTTP_TIMEOUT: 600
    DOCKER_CLIENT_TIMEOUT: 600
  listen: setup bigbluebutton

- name: replace postgres bind mount by volume mount
-  replace:
-    path: "{{docker_compose_file}}"
-    regexp: '\./postgres-data:/var/lib/postgresql/data'
-    replace: 'database:/var/lib/postgresql/data'
+- name: Copy docker-compose.yml from origin to final location
+  ansible.builtin.copy:
+    src:  "{{ docker_compose_file_origine }}"
+    dest: "{{ docker_compose_file_final }}"
+    remote_src: yes
  listen: setup bigbluebutton

- name: replace greenlight bind mount by volume mount
-  replace:
-    path: "{{docker_compose_file}}"
-    regexp: '\./greenlight-data:/usr/src/app/storage'
-    replace: 'greenlight:/usr/src/app/storage'
+- name: Replace bind mounts by named volume mounts
+  ansible.builtin.replace:
+    path: "{{ docker_compose_file_final }}"
+    regexp: "{{ item.regexp }}"
+    replace: "{{ item.replace }}"
+  loop:
+    - { regexp: '\./data/postgres:/var/lib/postgresql/data', replace: 'database:/var/lib/postgresql/data' }
+    - { regexp: '\./data/bigbluebutton:/var/bigbluebutton', replace: 'bigbluebutton:/var/bigbluebutton' }
+    - { regexp: '\./data/freeswitch-meetings:/var/freeswitch/meetings', replace: 'freeswitch:/var/freeswitch/meetings' }
+    - { regexp: '\./data/greenlight:/usr/src/app/storage', replace: 'greenlight:/usr/src/app/storage' }
+    - { regexp: '\./data/mediasoup:/var/mediasoup', replace: 'mediasoup:/var/mediasoup' }
  listen: setup bigbluebutton

 - name: add volume to redis
  lineinfile:
-    path: "{{ docker_compose_file }}"
+    path: "{{ docker_compose_file_final }}"
    insertafter: "^\\s*redis:"
    line: "    volumes:\n      - redis:/data"
    firstmatch: yes
@@ -32,7 +38,7 @@

 - name: add volume to coturn
  lineinfile:
-    path: "{{ docker_compose_file }}"
+    path: "{{ docker_compose_file_final }}"
    insertafter: "- ./mod/coturn/turnserver.conf:/etc/coturn/turnserver.conf"
    line: "      - coturn:/var/lib/coturn"
  listen: setup bigbluebutton
@@ -40,30 +46,46 @@
 # Implemented due to etherpad health bug.
 # @todo Remove when health check is working fine
 # @see https://chatgpt.com/c/67a0fc7e-5104-800f-bb6b-3731e2f83b7b
- name: "Update docker-compose.yml for Etherpad health check"
-  lineinfile: 
-    line: "    healthcheck:\n      test: [\"CMD\", \"curl\", \"-f\", \"http://127.0.0.1:9001\"]\n      interval: 30s\n      timeout: 10s\n      retries: 5\n      start_period: 10s"
-    path: "{{docker_compose_file}}"
-    insertafter: "etherpad:"
-  listen: setup bigbluebutton
+#- name: "Update docker-compose.yml for Etherpad health check"
+#  lineinfile: 
+#    line: "    healthcheck:\n      test: [\"CMD\", \"curl\", \"-f\", \"http://127.0.0.1:9001\"]\n      interval: 30s\n      timeout: 10s\n      retries: 5\n      start_period: 10s"
+#    path: "{{docker_compose_file_final}}"
+#    insertafter: "etherpad:"
+#  listen: setup bigbluebutton

- name: add volumes to docker compose
+- name: Add volumes block after services in docker compose
  blockinfile:
-    path: "{{docker_compose_file}}"
-    block: |2
+    path: "{{ docker_compose_file_final }}"
+    block: |
+      volumes:
        database:
        greenlight:
        redis:
        coturn:
+        #freeswitch:
+        bigbluebutton:
    marker: "# {mark} ANSIBLE MANAGED BLOCK FOR VOLUMES"
-    insertafter: "html5-static:"
+    insertbefore: "^services:"
+  listen: setup bigbluebutton
+
+- name: Replace all './' with '/services/' in docker-compose.yml
+  ansible.builtin.replace:
+    path:     "{{ docker_compose_file_final }}"
+    regexp:   '\./'
+    replace:  './services/'
+  listen: setup bigbluebutton
+
+- name: docker compose pull bigbluebutton
+  command:
+    cmd: "docker-compose pull"
+    chdir: "{{ bbb_repository_directory }}"
  listen: setup bigbluebutton

 - name: docker compose up bigbluebutton
  command:
    cmd: "docker-compose -p bigbluebutton up -d --force-recreate{% if mode_cleanup | bool %} --remove-orphans{% endif %}"
    # Don't use the --build flag here. This leads to bugs
-    chdir: "{{docker_compose.directories.instance}}"
+    chdir: "{{ docker_compose.directories.instance }}"
  environment:
    COMPOSE_HTTP_TIMEOUT: 600
    DOCKER_CLIENT_TIMEOUT: 600
--- a/roles/docker-bigbluebutton/meta/main.yml
+++ b/roles/docker-bigbluebutton/meta/main.yml
@@ -0,0 +1,28 @@
+---
+galaxy_info:
+  author: "Kevin Veen-Birkenbach"
+  description: "Deploys BigBlueButton with Greenlight and SSO"
+  license: "CyMaIS NonCommercial License (CNCL)"
+  license_url: "https://s.veen.world/cncl"
+  company: |
+    Kevin Veen-Birkenbach  
+    Consulting & Coaching Solutions  
+    https://www.veen.world
+  min_ansible_version: "2.9"
+  platforms:
+    - name: Archlinux
+      versions:
+        - rolling
+  galaxy_tags:
+    - docker
+    - bigbluebutton
+    - conferencing
+    - education
+    - greenlight
+    - sso
+    - oidc
+    - ldap
+    - archlinux
+  repository: https://s.veen.world/cymais
+  issue_tracker_url: https://s.veen.world/cymaisissues
+  documentation: https://s.veen.world/cymais
--- a/roles/docker-bigbluebutton/tasks/main.yml
+++ b/roles/docker-bigbluebutton/tasks/main.yml
@@ -3,24 +3,18 @@
  include_role: 
    name: docker-compose

-# Leave this in the code until big blue button was working for a while. 
-# This is necessary due to the reason that big blue button wasn't fully tested after refactoring
-#
-#- name: "include task certbot-and-globals.yml"
-#  include_tasks: certbot-and-globals.yml
-#
-#- name: configure {{domains[application_id]}}.conf
-#  template: 
-#    src:  "nginx-proxy.conf.j2"
-#    dest: "{{nginx.directories.http.servers}}{{domains[application_id]}}.conf"
-#  notify: restart nginx
-
 - name: "include role nginx-domain-setup for {{application_id}}"
  include_role:
    name: nginx-domain-setup
-  vars:
-    domain: 	"{{ domains[application_id] }}"
-    http_port: 	"{{ ports.localhost.http[application_id] }}"
+
+- name: pull docker repository
+  git:
+    repo: "https://github.com/bigbluebutton/docker.git"
+    dest: "{{ bbb_repository_directory }}"
+    update: yes
+    recursive: yes
+    version: main
+  notify: setup bigbluebutton

 - name: configure websocket_upgrade.conf
  copy: 
@@ -28,20 +22,23 @@
    dest: "{{nginx.directories.http.maps}}websocket_upgrade.conf"
  notify: restart nginx

- name: pull docker repository
-  git:
-    repo: "https://github.com/bigbluebutton/docker.git"
-    dest: "{{docker_compose.directories.instance}}"
-    update: yes
-    recursive: yes
-    version: main
-  notify: setup bigbluebutton
-  ignore_errors: true
+- name: "Remove directory {{ docker_compose.directories.env }}"
+  ansible.builtin.file:
+    path: "{{ docker_compose.directories.env }}"
+    state: absent

 - name: deploy .env
-  template: src=env.j2 dest={{docker_compose.directories.instance}}/.env
+  template: 
+    src:  env.j2
+    dest: "{{ bbb_env_file_origine }}"
  notify: setup bigbluebutton

+- name: Create symbolic link from .env file to target location
+  ansible.builtin.file:
+    src:    "{{ bbb_env_file_origine }}"
+    dest:   "{{ bbb_env_file_link }}"
+    state:  link
+
 - name: flush docker service
  meta: flush_handlers

@@ -53,7 +50,7 @@
 - name: create admin
  command:
    cmd: docker compose exec greenlight bundle exec rake admin:create
-    chdir: "{{docker_compose.directories.instance}}"
+    chdir: "{{ docker_compose.directories.instance }}"
  when: applications.bigbluebutton.setup | bool
  ignore_errors: true
  register: admin_creation_result
--- a/roles/docker-bigbluebutton/vars/main.yml
+++ b/roles/docker-bigbluebutton/vars/main.yml
@@ -1,6 +1,12 @@
-application_id:       "bigbluebutton"
-docker_compose_file:  "{{docker_compose.directories.instance}}docker-compose.yml"
-database_instance:    "bigbluebutton"
-database_name:        "greenlight-v3"
-database_username:    "postgres"
-database_password:    "{{bigbluebutton_postgresql_secret}}"
+application_id:               "bigbluebutton"
+bbb_repository_directory:     "{{ docker_compose.directories.services }}"
+docker_compose_file_origine:  "{{ docker_compose.directories.services }}docker-compose.yml"
+docker_compose_file_final:    "{{ docker_compose.directories.instance }}docker-compose.yml"
+database_instance:            "bigbluebutton"
+database_name:                "greenlight-v3"
+database_username:            "postgres"
+database_password:            "{{bigbluebutton_postgresql_secret}}"
+domain: 	                    "{{ domains[application_id] }}"
+http_port: 	                  "{{ ports.localhost.http[application_id] }}"
+bbb_env_file_link:            "{{ docker_compose.directories.instance }}.env"    
+bbb_env_file_origine:         "{{ bbb_repository_directory }}.env"