From f9d39f1c0cdb1f73000a254a43792d9c00f61f2b Mon Sep 17 00:00:00 2001 From: teutat3s <10206665+teutat3s@users.noreply.github.com> Date: Wed, 8 Apr 2020 01:59:30 +0200 Subject: [PATCH 1/9] update Jitsi, add generate-jitsi-passwords script --- .gitignore | 1 + docs/configuring-playbook-jitsi.md | 11 ++++ inventory/scripts/generate-jitsi-passwords.sh | 50 +++++++++++++++++++ roles/matrix-jitsi/defaults/main.yml | 8 +-- 4 files changed, 66 insertions(+), 4 deletions(-) create mode 100755 inventory/scripts/generate-jitsi-passwords.sh diff --git a/.gitignore b/.gitignore index e3f61b55..32ab139f 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,5 @@ /inventory/* !/inventory/.gitkeep !/inventory/host_vars/.gitkeep +!/inventory/scripts /roles/*/files/scratchpad diff --git a/docs/configuring-playbook-jitsi.md b/docs/configuring-playbook-jitsi.md index c2834244..017cb4eb 100644 --- a/docs/configuring-playbook-jitsi.md +++ b/docs/configuring-playbook-jitsi.md @@ -25,6 +25,17 @@ Add this to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration: matrix_jitsi_enabled: true ``` +## Securing your Jitsi instance with strong passwords + +Please use the bash script provided in this repo to generate strong passwords for your Jitsi instance. +Execute the following commands in your terminal from the root of this repo: +```bash +cd inventory/scripts +bash generate-jitsi-passwords.sh +``` + +The script will add the corresponding ansible variables and passwords generated with `openssl rand -hex 16` to the bottom of your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration. + ## (Optional) configure internal Jitsi authentication and guests mode By default the Jitsi Meet instance does not require any kind of login and is open to use for anyone without registration. diff --git a/inventory/scripts/generate-jitsi-passwords.sh b/inventory/scripts/generate-jitsi-passwords.sh new file mode 100755 index 00000000..2f0cb00c --- /dev/null +++ b/inventory/scripts/generate-jitsi-passwords.sh @@ -0,0 +1,50 @@ +#!/usr/bin/env bash +# This is a bash script for generating strong passwords for the Jitsi role in this ansible project: +# https://github.com/spantaleev/matrix-docker-ansible-deploy + +# This script assumes that you followed the documentation at https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/configuring-playbook.md and created a folder in the source code's directory like this: 'mkdir inventory/host_vars/matrix.' +# it will put the generated passwords for Jitsi at the end of the vars.yml file in that directory + +function generatePassword() { + openssl rand -hex 16 +} + +# helper function to get the matrix domain in the host_vars directory +function get_domain_dir() { + counter=0 + + for f in *; do + counter=$(( counter + 1 )) + if [ ! -d "$f" ]; then + echo "Error: could not find directory 'matrix.your.domain'" + echo "Did you create it already? Please first setup your matrix homeserver before running this script." + echo "You should start here: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/prerequisites.md" + exit 1 + elif [[ "$counter" -gt 1 ]]; then + echo "Error: multiple directories found in ../host_vars/. Only one directory like 'matrix.your.domain' expected." + echo "Please make sure there is only one directory holding your vars.yml for this ansible playbook." + echo "Cannot continue script, exiting." + exit 1 + fi + + # Will not set domain if zero or multiple directories are detected + domain=$f + done +} + +cd ../host_vars +get_domain_dir + +JICOFO_COMPONENT_SECRET=`generatePassword` +JICOFO_AUTH_PASSWORD=`generatePassword` +JVB_AUTH_PASSWORD=`generatePassword` +JIBRI_RECORDER_PASSWORD=`generatePassword` +JIBRI_XMPP_PASSWORD=`generatePassword` + +echo "" >> ../host_vars/${domain}/vars.yml +echo "Jitsi passwords generated by inventory/scripts/gen-passwords.sh" >> ../host_vars/${domain}/vars.yml +echo "matrix_jitsi_jicofo_component_secret: $JICOFO_COMPONENT_SECRET" >> ../host_vars/${domain}/vars.yml +echo "matrix_jitsi_jicofo_auth_password: $JICOFO_AUTH_PASSWORD" >> ../host_vars/${domain}/vars.yml +echo "matrix_jitsi_jvb_auth_password: $JVB_AUTH_PASSWORD" >> ../host_vars/${domain}/vars.yml +echo "matrix_jitsi_jibri_recorder_password: $JIBRI_RECORDER_PASSWORD" >> ../host_vars/${domain}/vars.yml +echo "matrix_jitsi_jibri_xmpp_password: $JIBRI_XMPP_PASSWORD" >> ../host_vars/${domain}/vars.yml diff --git a/roles/matrix-jitsi/defaults/main.yml b/roles/matrix-jitsi/defaults/main.yml index 1fed1744..55f82677 100644 --- a/roles/matrix-jitsi/defaults/main.yml +++ b/roles/matrix-jitsi/defaults/main.yml @@ -28,7 +28,7 @@ matrix_jitsi_jibri_recorder_user: recorder matrix_jitsi_jibri_recorder_password: recorder-password -matrix_jitsi_web_docker_image: "jitsi/web:4101" +matrix_jitsi_web_docker_image: "jitsi/web:4384" matrix_jitsi_web_docker_image_force_pull: "{{ matrix_jitsi_web_docker_image.endswith(':latest') }}" matrix_jitsi_web_base_path: "{{ matrix_base_data_path }}/jitsi/web" @@ -73,7 +73,7 @@ matrix_jitsi_web_interface_config_show_powered_by: false matrix_jitsi_web_interface_config_disable_transcription_subtitles: false matrix_jisti_web_interface_config_show_deep_linking_image: false -matrix_jitsi_prosody_docker_image: "jitsi/prosody:4101" +matrix_jitsi_prosody_docker_image: "jitsi/prosody:4384" matrix_jitsi_prosody_docker_image_force_pull: "{{ matrix_jitsi_prosody_docker_image.endswith(':latest') }}" matrix_jitsi_prosody_base_path: "{{ matrix_base_data_path }}/jitsi/prosody" @@ -86,7 +86,7 @@ matrix_jitsi_prosody_container_extra_arguments: [] matrix_jitsi_prosody_systemd_required_services_list: ['docker.service'] -matrix_jitsi_jicofo_docker_image: "jitsi/jicofo:4101" +matrix_jitsi_jicofo_docker_image: "jitsi/jicofo:4384" matrix_jitsi_jicofo_docker_image_force_pull: "{{ matrix_jitsi_jicofo_docker_image.endswith(':latest') }}" matrix_jitsi_jicofo_base_path: "{{ matrix_base_data_path }}/jitsi/jicofo" @@ -103,7 +103,7 @@ matrix_jitsi_jicofo_auth_user: focus matrix_jitsi_jicofo_auth_password: passw0rd -matrix_jitsi_jvb_docker_image: "jitsi/jvb:4101" +matrix_jitsi_jvb_docker_image: "jitsi/jvb:4384" matrix_jitsi_jvb_docker_image_force_pull: "{{ matrix_jitsi_jvb_docker_image.endswith(':latest') }}" matrix_jitsi_jvb_base_path: "{{ matrix_base_data_path }}/jitsi/jvb" From 6a9eb89ea6ac5ce59bcdd023884fd8bdb782006f Mon Sep 17 00:00:00 2001 From: teutat3s <10206665+teutat3s@users.noreply.github.com> Date: Wed, 8 Apr 2020 02:04:59 +0200 Subject: [PATCH 2/9] fix whitespace --- inventory/scripts/generate-jitsi-passwords.sh | 24 +++++++++---------- 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/inventory/scripts/generate-jitsi-passwords.sh b/inventory/scripts/generate-jitsi-passwords.sh index 2f0cb00c..244d977f 100755 --- a/inventory/scripts/generate-jitsi-passwords.sh +++ b/inventory/scripts/generate-jitsi-passwords.sh @@ -12,21 +12,21 @@ function generatePassword() { # helper function to get the matrix domain in the host_vars directory function get_domain_dir() { counter=0 - + for f in *; do counter=$(( counter + 1 )) if [ ! -d "$f" ]; then - echo "Error: could not find directory 'matrix.your.domain'" - echo "Did you create it already? Please first setup your matrix homeserver before running this script." - echo "You should start here: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/prerequisites.md" - exit 1 - elif [[ "$counter" -gt 1 ]]; then - echo "Error: multiple directories found in ../host_vars/. Only one directory like 'matrix.your.domain' expected." - echo "Please make sure there is only one directory holding your vars.yml for this ansible playbook." - echo "Cannot continue script, exiting." - exit 1 - fi - + echo "Error: could not find directory 'matrix.your.domain'" + echo "Did you create it already? Please first setup your matrix homeserver before running this script." + echo "You should start here: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/prerequisites.md" + exit 1 + elif [[ "$counter" -gt 1 ]]; then + echo "Error: multiple directories found in ../host_vars/. Only one directory like 'matrix.your.domain' expected." + echo "Please make sure there is only one directory holding your vars.yml for this ansible playbook." + echo "Cannot continue script, exiting." + exit 1 + fi + # Will not set domain if zero or multiple directories are detected domain=$f done From f798605836e46cc73daa8da937a7ea46d7778087 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 8 Apr 2020 09:37:54 +0300 Subject: [PATCH 3/9] Undefine Jitsi secrets and require their (re-)definition --- docs/configuring-playbook-jitsi.md | 24 ++++++++++++++++---- roles/matrix-jitsi/defaults/main.yml | 10 ++++---- roles/matrix-jitsi/tasks/main.yml | 6 +++++ roles/matrix-jitsi/tasks/validate_config.yml | 21 +++++++++++++++++ 4 files changed, 51 insertions(+), 10 deletions(-) create mode 100644 roles/matrix-jitsi/tasks/validate_config.yml diff --git a/docs/configuring-playbook-jitsi.md b/docs/configuring-playbook-jitsi.md index 017cb4eb..028d2b15 100644 --- a/docs/configuring-playbook-jitsi.md +++ b/docs/configuring-playbook-jitsi.md @@ -66,11 +66,7 @@ docker exec matrix-jitsi-prosody prosodyctl --config /config/prosody.cfg.lua reg Run this command for each user you would like to create, replacing `` and `` accordingly. After you've finished, please exit the host. -**If you get an error** like this: "Error: Account creation/modification not supported.", it's likely that you had previously installed Jitsi without auth/guest support. The playbook can't yet rebuild all configuration files for some Jitsi services (like `matrix-jitsi-prosody`), which may cause such an error. **If you encounter this error**, we encourage you to: -- stop all Jitsi services (`systemctl stop matrix-jitsi-*`) -- remove the Jitsi Prosody configuration & data (`rm -rf /matrix/jitsi/prosody`) -- rebuild Jitsi configuration and restart services (`ansible-playbook -i inventory/hosts setup.yml --tags=setup-jitsi,start`) -- try the previously-failing command once again +**If you get an error** like this: "Error: Account creation/modification not supported.", it's likely that you had previously installed Jitsi without auth/guest support. In such a case, you should look into [Rebuilding your Jitsi installation](#rebuilding-your-jitsi-installation). ## Usage @@ -78,3 +74,21 @@ Run this command for each user you would like to create, replacing `` You can use the self-hosted Jitsi server through Riot, through an Integration Manager like [Dimension](docs/configuring-playbook-dimension.md) or directly at `https://jitsi.DOMAIN`. To use it via riot-web (the one configured by the playbook at `https://riot.DOMAIN`), just start a voice or a video call in a room containing more than 2 members and that would create a Jitsi widget which utilizes your self-hosted Jitsi server. + + +## Troubleshooting + +### Rebuilding your Jitsi installation + +**If you ever run into any trouble** or **if you change configuration (`matrix_jitsi_*` variables) too much**, we urge you to rebuild your Jitsi setup. + +We normally don't require such manual intervention for other services, for Jitsi services generate a lot of configuration files on their own. + +These files are not all managed by Ansible (at least not yet), so you may sometimes need to delete them all and start fresh. + +To rebuild your Jitsi configuration: + +- SSH into the server and do this: + - stop all Jitsi services (`systemctl stop matrix-jitsi-*`). + - remove all Jitsi configuration & data (`rm -rf /matrix/jitsi`) +- ask Ansible to set up Jitsi anew and restart services (`ansible-playbook -i inventory/hosts setup.yml --tags=setup-jitsi,start`) diff --git a/roles/matrix-jitsi/defaults/main.yml b/roles/matrix-jitsi/defaults/main.yml index 55f82677..83511c4c 100644 --- a/roles/matrix-jitsi/defaults/main.yml +++ b/roles/matrix-jitsi/defaults/main.yml @@ -23,9 +23,9 @@ matrix_jitsi_recorder_domain: recorder.meet.jitsi matrix_jitsi_jibri_brewery_muc: jibribrewery matrix_jitsi_jibri_pending_timeout: 90 matrix_jitsi_jibri_xmpp_user: jibri -matrix_jitsi_jibri_xmpp_password: jibri-password +matrix_jitsi_jibri_xmpp_password: '' matrix_jitsi_jibri_recorder_user: recorder -matrix_jitsi_jibri_recorder_password: recorder-password +matrix_jitsi_jibri_recorder_password: '' matrix_jitsi_web_docker_image: "jitsi/web:4384" @@ -98,9 +98,9 @@ matrix_jitsi_jicofo_container_extra_arguments: [] # List of systemd services that matrix-jitsi-jicofo.service depends on matrix_jitsi_jicofo_systemd_required_services_list: ['docker.service', 'matrix-jitsi-prosody.service'] -matrix_jitsi_jicofo_component_secret: s3cr37 +matrix_jitsi_jicofo_component_secret: '' matrix_jitsi_jicofo_auth_user: focus -matrix_jitsi_jicofo_auth_password: passw0rd +matrix_jitsi_jicofo_auth_password: '' matrix_jitsi_jvb_docker_image: "jitsi/jvb:4384" @@ -116,7 +116,7 @@ matrix_jitsi_jvb_container_extra_arguments: [] matrix_jitsi_jvb_systemd_required_services_list: ['docker.service', 'matrix-jitsi-prosody.service'] matrix_jitsi_jvb_auth_user: jvb -matrix_jitsi_jvb_auth_password: passw0rd +matrix_jitsi_jvb_auth_password: '' # STUN servers used by JVB on the server-side, so it can discover its own external IP address. # Pointing this to a STUN server running on the same Docker network may lead to incorrect IP address discovery. diff --git a/roles/matrix-jitsi/tasks/main.yml b/roles/matrix-jitsi/tasks/main.yml index 2bc4a57f..e4f3508f 100644 --- a/roles/matrix-jitsi/tasks/main.yml +++ b/roles/matrix-jitsi/tasks/main.yml @@ -2,6 +2,12 @@ tags: - always +- import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup|bool and matrix_jitsi_enabled|bool" + tags: + - setup-all + - setup-jitsi + - import_tasks: "{{ role_path }}/tasks/setup_jitsi_base.yml" when: run_setup|bool tags: diff --git a/roles/matrix-jitsi/tasks/validate_config.yml b/roles/matrix-jitsi/tasks/validate_config.yml new file mode 100644 index 00000000..ea92c914 --- /dev/null +++ b/roles/matrix-jitsi/tasks/validate_config.yml @@ -0,0 +1,21 @@ +--- + +- name: Fail if required Jitsi settings not defined + fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`) for using Jitsi. + + If you're setting up Jitsi for the first time, you may have missed a step. + Refer to our setup instructions (docs/configuring-playbook-jitsi.md). + + If you had setup Jitsi successfully before and it's just now that you're observing this failure, + it means that your installation may be using some default passwords that the playbook used to define until now. + This is not secure and we urge you to rebuild your Jitsi setup. + Refer to the "Rebuilding your Jitsi installation" section in our setup instructions (docs/configuring-playbook-jitsi.md). + when: "vars[item] == ''" + with_items: + - "matrix_jitsi_jibri_xmpp_password" + - "matrix_jitsi_jibri_recorder_password" + - "matrix_jitsi_jicofo_component_secret" + - "matrix_jitsi_jicofo_auth_password" + - "matrix_jitsi_jvb_auth_password" From 976ccf3880561346853c7cd9292f8b19b9a64a14 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 8 Apr 2020 09:39:38 +0300 Subject: [PATCH 4/9] Fix typo --- docs/configuring-playbook-jitsi.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook-jitsi.md b/docs/configuring-playbook-jitsi.md index 028d2b15..c7245e92 100644 --- a/docs/configuring-playbook-jitsi.md +++ b/docs/configuring-playbook-jitsi.md @@ -82,7 +82,7 @@ To use it via riot-web (the one configured by the playbook at `https://riot.DOMA **If you ever run into any trouble** or **if you change configuration (`matrix_jitsi_*` variables) too much**, we urge you to rebuild your Jitsi setup. -We normally don't require such manual intervention for other services, for Jitsi services generate a lot of configuration files on their own. +We normally don't require such manual intervention for other services, but Jitsi services generate a lot of configuration files on their own. These files are not all managed by Ansible (at least not yet), so you may sometimes need to delete them all and start fresh. From b181f0268072a80b541e1e519c32c2def730dc5c Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 8 Apr 2020 09:55:44 +0300 Subject: [PATCH 5/9] Use dollar sign instead of backtick Co-Authored-By: Sandro --- inventory/scripts/generate-jitsi-passwords.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/inventory/scripts/generate-jitsi-passwords.sh b/inventory/scripts/generate-jitsi-passwords.sh index 244d977f..ae6d471a 100755 --- a/inventory/scripts/generate-jitsi-passwords.sh +++ b/inventory/scripts/generate-jitsi-passwords.sh @@ -35,11 +35,11 @@ function get_domain_dir() { cd ../host_vars get_domain_dir -JICOFO_COMPONENT_SECRET=`generatePassword` -JICOFO_AUTH_PASSWORD=`generatePassword` -JVB_AUTH_PASSWORD=`generatePassword` -JIBRI_RECORDER_PASSWORD=`generatePassword` -JIBRI_XMPP_PASSWORD=`generatePassword` +JICOFO_COMPONENT_SECRET=$(generatePassword) +JICOFO_AUTH_PASSWORD=$(generatePassword) +JVB_AUTH_PASSWORD=$(generatePassword) +JIBRI_RECORDER_PASSWORD=$(generatePassword) +JIBRI_XMPP_PASSWORD=$(generatePassword) echo "" >> ../host_vars/${domain}/vars.yml echo "Jitsi passwords generated by inventory/scripts/gen-passwords.sh" >> ../host_vars/${domain}/vars.yml From 1b27e0f812c652eb91504c3d8af24264b10039ce Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 8 Apr 2020 10:05:10 +0300 Subject: [PATCH 6/9] Make generate-jitsi-passwords.sh less magical --- docs/configuring-playbook-jitsi.md | 18 ++++---- inventory/scripts/generate-jitsi-passwords.sh | 44 +++++-------------- 2 files changed, 18 insertions(+), 44 deletions(-) diff --git a/docs/configuring-playbook-jitsi.md b/docs/configuring-playbook-jitsi.md index c7245e92..1a3f10c7 100644 --- a/docs/configuring-playbook-jitsi.md +++ b/docs/configuring-playbook-jitsi.md @@ -23,18 +23,16 @@ Add this to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration: ```yaml matrix_jitsi_enabled: true + +# Run `bash inventory/scripts/generate-jitsi-passwords.sh` to generate these passwords, +# or define your own strong passwords manually. +matrix_jitsi_jicofo_component_secret: "" +matrix_jitsi_jicofo_auth_password: "" +matrix_jitsi_jvb_auth_password: "" +matrix_jitsi_jibri_recorder_password: "" +matrix_jitsi_jibri_xmpp_password: "" ``` -## Securing your Jitsi instance with strong passwords - -Please use the bash script provided in this repo to generate strong passwords for your Jitsi instance. -Execute the following commands in your terminal from the root of this repo: -```bash -cd inventory/scripts -bash generate-jitsi-passwords.sh -``` - -The script will add the corresponding ansible variables and passwords generated with `openssl rand -hex 16` to the bottom of your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration. ## (Optional) configure internal Jitsi authentication and guests mode diff --git a/inventory/scripts/generate-jitsi-passwords.sh b/inventory/scripts/generate-jitsi-passwords.sh index ae6d471a..eacfa7d8 100755 --- a/inventory/scripts/generate-jitsi-passwords.sh +++ b/inventory/scripts/generate-jitsi-passwords.sh @@ -2,38 +2,14 @@ # This is a bash script for generating strong passwords for the Jitsi role in this ansible project: # https://github.com/spantaleev/matrix-docker-ansible-deploy -# This script assumes that you followed the documentation at https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/configuring-playbook.md and created a folder in the source code's directory like this: 'mkdir inventory/host_vars/matrix.' -# it will put the generated passwords for Jitsi at the end of the vars.yml file in that directory - function generatePassword() { openssl rand -hex 16 } -# helper function to get the matrix domain in the host_vars directory -function get_domain_dir() { - counter=0 +echo "# If this script fails, it's likely because you don't have the openssl tool installed." +echo "# Install it before using this script, or simply create your own passwords manually." - for f in *; do - counter=$(( counter + 1 )) - if [ ! -d "$f" ]; then - echo "Error: could not find directory 'matrix.your.domain'" - echo "Did you create it already? Please first setup your matrix homeserver before running this script." - echo "You should start here: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/prerequisites.md" - exit 1 - elif [[ "$counter" -gt 1 ]]; then - echo "Error: multiple directories found in ../host_vars/. Only one directory like 'matrix.your.domain' expected." - echo "Please make sure there is only one directory holding your vars.yml for this ansible playbook." - echo "Cannot continue script, exiting." - exit 1 - fi - - # Will not set domain if zero or multiple directories are detected - domain=$f - done -} - -cd ../host_vars -get_domain_dir +echo "" JICOFO_COMPONENT_SECRET=$(generatePassword) JICOFO_AUTH_PASSWORD=$(generatePassword) @@ -41,10 +17,10 @@ JVB_AUTH_PASSWORD=$(generatePassword) JIBRI_RECORDER_PASSWORD=$(generatePassword) JIBRI_XMPP_PASSWORD=$(generatePassword) -echo "" >> ../host_vars/${domain}/vars.yml -echo "Jitsi passwords generated by inventory/scripts/gen-passwords.sh" >> ../host_vars/${domain}/vars.yml -echo "matrix_jitsi_jicofo_component_secret: $JICOFO_COMPONENT_SECRET" >> ../host_vars/${domain}/vars.yml -echo "matrix_jitsi_jicofo_auth_password: $JICOFO_AUTH_PASSWORD" >> ../host_vars/${domain}/vars.yml -echo "matrix_jitsi_jvb_auth_password: $JVB_AUTH_PASSWORD" >> ../host_vars/${domain}/vars.yml -echo "matrix_jitsi_jibri_recorder_password: $JIBRI_RECORDER_PASSWORD" >> ../host_vars/${domain}/vars.yml -echo "matrix_jitsi_jibri_xmpp_password: $JIBRI_XMPP_PASSWORD" >> ../host_vars/${domain}/vars.yml +echo "# Paste these variables into your inventory/host_vars/matrix.DOMAIN/vars.yml file:" +echo "" +echo "matrix_jitsi_jicofo_component_secret: "$JICOFO_COMPONENT_SECRET +echo "matrix_jitsi_jicofo_auth_password: "$JICOFO_AUTH_PASSWORD +echo "matrix_jitsi_jvb_auth_password: "$JVB_AUTH_PASSWORD +echo "matrix_jitsi_jibri_recorder_password: "$JIBRI_RECORDER_PASSWORD +echo "matrix_jitsi_jibri_xmpp_password: "$JIBRI_XMPP_PASSWORD From dcce276b8696fda1460bffbb6040a365eaf19bc6 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 8 Apr 2020 10:05:43 +0300 Subject: [PATCH 7/9] Rename script file --- docs/configuring-playbook-jitsi.md | 2 +- ...{generate-jitsi-passwords.sh => jitsi-generate-passwords.sh} | 0 2 files changed, 1 insertion(+), 1 deletion(-) rename inventory/scripts/{generate-jitsi-passwords.sh => jitsi-generate-passwords.sh} (100%) diff --git a/docs/configuring-playbook-jitsi.md b/docs/configuring-playbook-jitsi.md index 1a3f10c7..d6ff1c8a 100644 --- a/docs/configuring-playbook-jitsi.md +++ b/docs/configuring-playbook-jitsi.md @@ -24,7 +24,7 @@ Add this to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration: ```yaml matrix_jitsi_enabled: true -# Run `bash inventory/scripts/generate-jitsi-passwords.sh` to generate these passwords, +# Run `bash inventory/scripts/jitsi-generate-passwords.sh` to generate these passwords, # or define your own strong passwords manually. matrix_jitsi_jicofo_component_secret: "" matrix_jitsi_jicofo_auth_password: "" diff --git a/inventory/scripts/generate-jitsi-passwords.sh b/inventory/scripts/jitsi-generate-passwords.sh similarity index 100% rename from inventory/scripts/generate-jitsi-passwords.sh rename to inventory/scripts/jitsi-generate-passwords.sh From 14786071afaf55ac56aecb2c2a33071af70da62c Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 8 Apr 2020 10:23:51 +0300 Subject: [PATCH 8/9] Pass JVB_AUTH_PASSWORD environment variable to make JVB startup happy We define this password in the `sip-communicator.properties` configuration file, so this is not needed for actually running JVB. However, it does a (useless) safety check during container startup, and we need to make that check happy. --- roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml | 7 +++++++ roles/matrix-jitsi/templates/jvb/env.j2 | 1 + .../matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2 | 1 + 3 files changed, 9 insertions(+) create mode 100644 roles/matrix-jitsi/templates/jvb/env.j2 diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml b/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml index e4d652ed..f442fc6e 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml +++ b/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml @@ -34,6 +34,13 @@ - logging.properties when: matrix_jitsi_enabled|bool +- name: Ensure jitsi-jvb environment variables file created + template: + src: "{{ role_path }}/templates/jvb/env.j2" + dest: "{{ matrix_jitsi_jvb_base_path }}/env" + mode: 0640 + when: matrix_jitsi_enabled|bool + - name: Ensure matrix-jitsi-jvb.service installed template: src: "{{ role_path }}/templates/jvb/matrix-jitsi-jvb.service.j2" diff --git a/roles/matrix-jitsi/templates/jvb/env.j2 b/roles/matrix-jitsi/templates/jvb/env.j2 new file mode 100644 index 00000000..423070db --- /dev/null +++ b/roles/matrix-jitsi/templates/jvb/env.j2 @@ -0,0 +1 @@ +JVB_AUTH_PASSWORD={{ matrix_jitsi_jvb_auth_password }} diff --git a/roles/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2 b/roles/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2 index 03aef079..5df5807a 100644 --- a/roles/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2 +++ b/roles/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2 @@ -14,6 +14,7 @@ ExecStartPre=-/usr/bin/docker rm matrix-jitsi-jvb ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-jvb \ --log-driver=none \ --network={{ matrix_docker_network }} \ + --env-file={{ matrix_jitsi_jvb_base_path }}/env \ {% if matrix_jitsi_jvb_container_rtp_udp_host_bind_port %} -p {{ matrix_jitsi_jvb_container_rtp_udp_host_bind_port }}:{{ matrix_jitsi_jvb_rtp_udp_port }}/udp \ {% endif %} From 25d51d3de3eacebd8ce61ffedc7fd967f1a11cf1 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 8 Apr 2020 16:46:41 +0300 Subject: [PATCH 9/9] Fix typo --- docs/self-building.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/self-building.md b/docs/self-building.md index 6b9a46d4..bef35852 100644 --- a/docs/self-building.md +++ b/docs/self-building.md @@ -4,7 +4,7 @@ The playbook supports the self-building of some of its components. This may be u To use these modification there is a variable that needs to be switched to enable this functionality. Add this to your `vars.yaml` file: ```yaml -matrix_container_images_self_build = true +matrix_container_images_self_build: true ``` Setting that variable will self-build every role which supports self-building. Self-building can be set on a per-role basis as well.