kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-12-09 10:56:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

Refactor webserver proxy variables and fix BigBlueButton deployment behavior

Browse Source 
Refactor proxy/webserver configuration variables to a consistent webserver_* naming scheme across roles. Replace legacy variables like proxy_extra_configuration, client_max_body_size, vhost_flavour, location_ws and ws_port with webserver_extra_configuration, webserver_client_max_body_size, webserver_vhost_flavour, webserver_websocket_location and webserver_websocket_port. Update NGINX vhost and location templates (html, upload, ws, basic, ws_generic) as well as callers (sys-front-inj-all, sys-stk-front-proxy, various web-app-* and web-svc-* roles) to use the new naming.

Tighten docker-compose Git repository handling by making docker_git_repository_pull depend on docker_git_repository_address being defined, a string and non-empty. This avoids accidental Git operations when the repository address is unset or of the wrong type.

Refactor the BigBlueButton role structure and fix deployment bugs: introduce 01_core.yml to orchestrate docker/proxy setup, database seeding, websocket map deployment, docker-compose overrides and admin/bootstrap logic in a single once-executed entrypoint. Rename supporting task files (02_docker-compose.yml, 03_administrator.yml, 04_dependencies.yml) and update tasks/main.yml to delegate via include_tasks with run_once_web_app_bigbluebutton. Improve Greenlight admin creation behavior by treating the 'Email has already been taken' error as a non-fatal, unchanged outcome and running user:set_admin_role as a fallback, both for the primary password and the OIDC starred-password path.

Also standardize vhost flavour selection for services like Mailu, Discourse, CDN, Collabora, Coturn, OnlyOffice, Simpleicons and web-svc-logout by explicitly passing webserver_vhost_flavour where needed and aligning client_max_body_size and websocket configuration with the new webserver_* variables.

Reference: ChatGPT conversation https://chatgpt.com/share/6931c530-bba8-800f-9997-dd61dc1d497b
This commit is contained in:
Kevin Veen-Birkenbach
2025-12-04 18:31:09 +01:00
parent f2ace362bc
commit 986f959696
43 changed files with 210 additions and 192 deletions
Download Patch File Download Diff File Expand all files Collapse all files

68
roles/web-app-bigbluebutton/tasks/01_core.yml Normal file
View File

@@ -0,0 +1,68 @@
---
- name: "load docker, proxy for '{{ application_id }}'"
include_role:
name: sys-stk-full-stateless
vars:
docker_compose_flush_handlers: false
docker_compose_file_creation_enabled: false
docker_git_repository_pull: true
docker_git_repository_address: "{{ applications | get_app_conf(application_id, 'docker.services.' ~ entity_name ~ '.repository') }}"
docker_git_repository_branch: "{{ applications | get_app_conf(application_id, 'docker.services.' ~ entity_name ~ '.version') }}"
webserver_extra_configuration: >-
{{ lookup(
'ansible.builtin.template',
playbook_dir ~ '/roles/sys-svc-proxy/templates/location/html.conf.j2',
template_vars={
'location': '^~ /html5client',
'oauth2_proxy_enabled': false,
'proxy_lua_enabled': false
}
) | trim }}
- name: "Include Seed routines for '{{ application_id }}' database backup"
include_tasks: "{{ [ playbook_dir, 'roles/sys-ctl-bkp-docker-2-loc/tasks/04_seed-database-to-backup.yml' ] | path_join }}"
vars:
database_type: "postgres"
database_instance: "{{ entity_name }}"
database_password: "{{ applications | get_app_conf(application_id, 'credentials.postgresql_secret') }}"
database_username: "postgres"
database_name: "" # Multiple databases
- name: configure websocket_upgrade.conf
copy:
src: "websocket_upgrade.conf"
dest: "{{ [ NGINX.DIRECTORIES.HTTP.MAPS, 'websocket_upgrade.conf' ] | path_join }}"
notify: restart openresty
- name: "Set BBB Facts"
set_fact:
BBB_ENV_FILE_LINK: "{{ [ docker_repository_path, '.env' ] | path_join }}"
BBB_ENV_FILE_ORIGINE: "{{ docker_compose.files.env }}"
BBB_DOCKER_COMPOSE_FILE_ORIGINE: "{{ [ docker_repository_path, 'docker-compose.yml' ] | path_join }}"
BBB_DOCKER_COMPOSE_FILE_FINAL: "{{ [ docker_compose.directories.instance, 'docker-compose.yml' ] | path_join }}"
- name: Write docker-compose.override.yml for BigBlueButton
template:
src: docker-compose.override.yml.j2
dest: "{{ [ docker_compose.directories.instance, 'docker-compose.override.yml' ] | path_join }}"
notify: docker compose up
- name: Create symbolic link from .env file to target location
file:
src: "{{ BBB_ENV_FILE_ORIGINE }}"
dest: "{{ BBB_ENV_FILE_LINK }}"
state: link
- name: "Setup docker-compose.yml file"
include_tasks: "02_docker-compose.yml"
- name: flush docker service
meta: flush_handlers
- name: "Setup administrator"
include_tasks: "03_administrator.yml"
- name: "Load '{{ application_id }}' dependencies"
include_tasks: "04_dependencies.yml"
- include_tasks: utils/once/flag.yml

48
roles/web-app-bigbluebutton/tasks/02_administrator.yml
View File

@@ -1,48 +0,0 @@
---
- name: "Wait until Greenlight is reachable via Nginx"
uri:
url: "{{ domains | get_url(application_id, WEB_PROTOCOL) }}"
validate_certs: true
status_code: 200
return_content: true
register: greenlight_http
until:
- greenlight_http.status == 200
- "'Greenlight' in greenlight_http.content or 'Sign in' in greenlight_http.content"
retries: 30
delay: 5
changed_when: false
- block:
- name: "Create admin with primary password"
command:
cmd: >
{{ docker_compose_command_exec }}
greenlight
bundle exec rake
admin:create['{{ users.administrator.username | upper }}','{{ users.administrator.email }}','{{ users.administrator.password }}']
chdir: "{{ docker_compose.directories.instance }}"
register: admin_create_primary
when: not BBB_OIDC_ENABLED | bool
- name: "Retry with starred password when invalid and OIDC enabled"
when: BBB_OIDC_ENABLED | bool
command:
cmd: >
{{ docker_compose_command_exec }}
greenlight
bundle exec rake
admin:create['{{ users.administrator.username | upper }}','{{ users.administrator.email }}','{{ users.administrator.password ~ '*' }}']
chdir: "{{ docker_compose.directories.instance }}"
register: admin_create_retry
failed_when: admin_create_retry.rc not in [0, 2]
rescue:
- name: "Make existing user administrator (fallback)"
command:
cmd: >
{{ docker_compose_command_exec }}
greenlight
bundle exec rake
user:set_admin_role['{{ users.administrator.email }}']
chdir: "{{ docker_compose.directories.instance }}"

0
roles/web-app-bigbluebutton/tasks/01_docker-compose.yml → roles/web-app-bigbluebutton/tasks/02_docker-compose.yml
View File

63
roles/web-app-bigbluebutton/tasks/03_administrator.yml Normal file
View File

@@ -0,0 +1,63 @@
---
- name: "Wait until Greenlight is reachable via Nginx"
uri:
url: "{{ domains | get_url(application_id, WEB_PROTOCOL) }}"
validate_certs: true
status_code: 200
return_content: true
register: greenlight_http
until:
- greenlight_http.status == 200
- "'Greenlight' in greenlight_http.content or 'Sign in' in greenlight_http.content"
retries: 30
delay: 5
changed_when: false
# Case 1: OIDC disabled → use primary password
- name: "Create admin with primary password"
when: not (BBB_OIDC_ENABLED | bool)
command:
cmd: >
{{ docker_compose_command_exec }}
greenlight
bundle exec rake
admin:create['{{ users.administrator.username | upper }}',
'{{ users.administrator.email }}',
'{{ users.administrator.password }}']
chdir: "{{ docker_compose.directories.instance }}"
register: admin_create
failed_when:
# Only fail if rc != 0 AND it's NOT the "already taken" case
- admin_create.rc != 0
- "'Email has already been taken' not in (admin_create.stderr | default(''))"
changed_when: admin_create.rc == 0
# Case 2: OIDC enabled → retry with starred password
- name: "Retry with starred password when OIDC enabled"
when: BBB_OIDC_ENABLED | bool
command:
cmd: >
{{ docker_compose_command_exec }}
greenlight
bundle exec rake
admin:create['{{ users.administrator.username | upper }}',
'{{ users.administrator.email }}',
'{{ users.administrator.password ~ '*' }}']
chdir: "{{ docker_compose.directories.instance }}"
register: admin_create
failed_when:
- admin_create.rc != 0
- "'Email has already been taken' not in (admin_create.stderr | default(''))"
changed_when: admin_create.rc == 0
- name: "Make existing user administrator (fallback)"
command:
cmd: >
{{ docker_compose_command_exec }}
greenlight
bundle exec rake
user:set_admin_role['{{ users.administrator.email }}']
chdir: "{{ docker_compose.directories.instance }}"
when:
- admin_create is defined
- "'Email has already been taken' in (admin_create.stderr | default(''))"

0
roles/web-app-bigbluebutton/tasks/03_dependencies.yml → roles/web-app-bigbluebutton/tasks/04_dependencies.yml
View File

84
roles/web-app-bigbluebutton/tasks/main.yml
View File

@@ -1,82 +1,6 @@
---
- name: Render HTML-Location-Block in Variable
set_fact:
proxy_extra_configuration: >-
{{ lookup('ansible.builtin.template',
playbook_dir ~ '/roles/sys-svc-proxy/templates/location/html.conf.j2') | trim }}
- name: "Execute Role (once)"
include_tasks: 01_core.yml
when: run_once_web_app_bigbluebutton is not defined
vars:
location: '^~ /html5client'
oauth2_proxy_enabled: false
proxy_lua_enabled: false
- name: "load docker, proxy for '{{ application_id }}'"
include_role:
name: sys-stk-full-stateless
vars:
docker_compose_flush_handlers: false
docker_compose_file_creation_enabled: false
docker_git_repository_pull: true
docker_git_repository_address: "{{ applications | get_app_conf(application_id, 'docker.services.' ~ entity_name ~ '.repository') }}"
docker_git_repository_branch: "{{ applications | get_app_conf(application_id, 'docker.services.' ~ entity_name ~ '.version') }}"
- name: "Unset 'proxy_extra_configuration'"
set_fact:
proxy_extra_configuration: null
- name: "Include Seed routines for '{{ application_id }}' database backup"
include_tasks: "{{ [ playbook_dir, 'roles/sys-ctl-bkp-docker-2-loc/tasks/04_seed-database-to-backup.yml' ] | path_join }}"
vars:
database_type: "postgres"
database_instance: "{{ entity_name }}"
database_password: "{{ applications | get_app_conf(application_id, 'credentials.postgresql_secret') }}"
database_username: "postgres"
database_name: "" # Multiple databases
- name: configure websocket_upgrade.conf
copy:
src: "websocket_upgrade.conf"
dest: "{{ [ NGINX.DIRECTORIES.HTTP.MAPS, 'websocket_upgrade.conf' ] | path_join }}"
notify: restart openresty
- name: "Set BBB Facts"
set_fact:
BBB_ENV_FILE_LINK: "{{ [ docker_repository_path, '.env' ] | path_join }}"
BBB_ENV_FILE_ORIGINE: "{{ docker_compose.files.env }}"
BBB_DOCKER_COMPOSE_FILE_ORIGINE: "{{ [ docker_repository_path, 'docker-compose.yml' ] | path_join }}"
BBB_DOCKER_COMPOSE_FILE_FINAL: "{{ [ docker_compose.directories.instance, 'docker-compose.yml' ] | path_join }}"
- name: Write docker-compose.override.yml for BigBlueButton
template:
src: docker-compose.override.yml.j2
dest: "{{ [ docker_compose.directories.instance, 'docker-compose.override.yml' ] | path_join }}"
notify:
- docker compose up
- name: deploy .env
# This seems redundant @todo Checkout if this is true and if so, delete it
template:
src: env.j2
dest: "{{ BBB_ENV_FILE_ORIGINE }}"
notify:
- docker compose up
- name: Create symbolic link from .env file to target location
file:
src: "{{ BBB_ENV_FILE_ORIGINE }}"
dest: "{{ BBB_ENV_FILE_LINK }}"
state: link
- name: "Setup docker-compose.yml file"
include_tasks: "01_docker-compose.yml"
- name: Ensure all containers in instance are running
include_tasks: "{{ [ playbook_dir , 'roles/docker-compose/tasks/utils/up.yml' ] | path_join }}"
- name: flush docker service
meta: flush_handlers
- name: "Setup administrator"
include_tasks: "02_administrator.yml"
- name: "Load '{{ application_id }}' dependencies"
include_tasks: "03_dependencies.yml"
application_id: 'web-app-bigbluebutton'