aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorQuentin Dufour <quentin@deuxfleurs.fr>2021-01-28 17:52:41 +0100
committerQuentin Dufour <quentin@deuxfleurs.fr>2021-01-28 17:52:41 +0100
commit7b57ff72a918ca295e2b00e76da33eec700c6a2a (patch)
tree6f19d8c5260cadc3535ee3343f662d4217719c23
parentebb772e5ba26944ac002c236d33ef164e91c6a7d (diff)
downloadinfrastructure-7b57ff72a918ca295e2b00e76da33eec700c6a2a.tar.gz
infrastructure-7b57ff72a918ca295e2b00e76da33eec700c6a2a.zip
Simplify prosody too
-rw-r--r--app/jitsi/build/jitsi-conference-focus/Dockerfile1
-rwxr-xr-xapp/jitsi/build/jitsi-conference-focus/jicofo7
-rw-r--r--app/jitsi/build/jitsi-xmpp/Dockerfile10
-rw-r--r--app/jitsi/build/jitsi-xmpp/external_components.cfg.lua2
-rwxr-xr-xapp/jitsi/build/jitsi-xmpp/xmpp_conf49
-rwxr-xr-xapp/jitsi/build/jitsi-xmpp/xmpp_gen5
-rwxr-xr-xapp/jitsi/build/jitsi-xmpp/xmpp_run18
-rw-r--r--app/jitsi/integration/README.md8
-rw-r--r--app/jitsi/integration/dev.env10
-rw-r--r--app/jitsi/integration/jicofo/jicofo.conf (renamed from app/jitsi/integration/jicofo.conf)8
-rw-r--r--app/jitsi/integration/jitsi-certs/.gitignore2
-rw-r--r--app/jitsi/integration/jvb/videobridge.conf (renamed from app/jitsi/integration/videobridge.conf)0
-rw-r--r--app/jitsi/integration/prosody/prosody.cfg.lua34
13 files changed, 57 insertions, 97 deletions
diff --git a/app/jitsi/build/jitsi-conference-focus/Dockerfile b/app/jitsi/build/jitsi-conference-focus/Dockerfile
index f78cc78..e67b3de 100644
--- a/app/jitsi/build/jitsi-conference-focus/Dockerfile
+++ b/app/jitsi/build/jitsi-conference-focus/Dockerfile
@@ -20,5 +20,6 @@ RUN apt-get update && \
COPY --from=builder /srv/build /usr/share/jicofo
COPY jicofo /usr/local/bin
+ENV JICOFO_SECRET=IAMDEPRECATED
CMD ["/usr/local/bin/jicofo"]
diff --git a/app/jitsi/build/jitsi-conference-focus/jicofo b/app/jitsi/build/jitsi-conference-focus/jicofo
index bfc54f6..31cd9c4 100755
--- a/app/jitsi/build/jitsi-conference-focus/jicofo
+++ b/app/jitsi/build/jitsi-conference-focus/jicofo
@@ -16,9 +16,4 @@ exec java \
-Djava.util.logging.config.file=/usr/share/jicofo/lib/logging.properties \
-Dconfig.file=/etc/jitsi/jicofo.conf \
-cp "/usr/share/jicofo/*:/usr/share/jicofo/lib/*" \
- org.jitsi.jicofo.Main \
- --host=${JITSI_PROSODY_HOST} \
- --domain=jitsi.deuxfleurs.fr \
- --secret=${JITSI_SECRET_JICOFO_COMPONENT} \
- --user_domain=auth.jitsi.deuxfleurs.fr \
- --user_password=${JITSI_SECRET_JICOFO_USER}
+ org.jitsi.jicofo.Main
diff --git a/app/jitsi/build/jitsi-xmpp/Dockerfile b/app/jitsi/build/jitsi-xmpp/Dockerfile
index f3dcd36..a682984 100644
--- a/app/jitsi/build/jitsi-xmpp/Dockerfile
+++ b/app/jitsi/build/jitsi-xmpp/Dockerfile
@@ -5,9 +5,15 @@ ARG VERSION
RUN apt-get update && \
apt-get install -y prosody=${VERSION}
-COPY external_components.cfg.lua /etc/prosody/conf.d/external_components.cfg.lua
-COPY xmpp_conf /usr/local/bin/xmpp_conf
+mkdir -p /usr/local/share/ca-certificates/
+ln -sf \
+ /var/lib/prosody/auth.jitsi.crt \
+ /usr/local/share/ca-certificates/auth.jitsi.crt
+
COPY xmpp_gen /usr/local/bin/xmpp_gen
COPY xmpp_run /usr/local/bin/xmpp_run
+USER prosody
+RUN mkdir /run/prosody && touch /run/prosody/prosody.pid
+WORKDIR /var/lib/prosody
CMD ["/usr/local/bin/xmpp_run"]
diff --git a/app/jitsi/build/jitsi-xmpp/external_components.cfg.lua b/app/jitsi/build/jitsi-xmpp/external_components.cfg.lua
deleted file mode 100644
index beaaa87..0000000
--- a/app/jitsi/build/jitsi-xmpp/external_components.cfg.lua
+++ /dev/null
@@ -1,2 +0,0 @@
-component_ports = { 5347 }
-component_interface = "0.0.0.0"
diff --git a/app/jitsi/build/jitsi-xmpp/xmpp_conf b/app/jitsi/build/jitsi-xmpp/xmpp_conf
deleted file mode 100755
index 34b2cb3..0000000
--- a/app/jitsi/build/jitsi-xmpp/xmpp_conf
+++ /dev/null
@@ -1,49 +0,0 @@
-#!/bin/bash
-
-cat >> /etc/hosts <<EOF
-${JITSI_PROSODY_HOST} jitsi.deuxfleurs.fr conference.jitsi.deuxfleurs.fr jitsi-videobridge.jitsi.deuxfleurs.fr focus.jitsi.deuxfleurs.fr auth.jitsi.deuxfleurs.fr
-127.0.0.1 `hostname`
-EOF
-
-mkdir -p /etc/prosody/conf.{d,avail}/
-cat > /etc/prosody/conf.avail/jitsi.deuxfleurs.fr.cfg.lua <<EOF
-http_ports = { ${JITSI_PROSODY_BOSH_PORT} }
-
-VirtualHost "jitsi.deuxfleurs.fr"
- authentication = "anonymous"
- ssl = {
- key = "/var/lib/prosody/jitsi.deuxfleurs.fr.key";
- certificate = "/var/lib/prosody/jitsi.deuxfleurs.fr.crt";
- }
- modules_enabled = {
- "bosh";
- "pubsub";
- }
- c2s_require_encryption = false
-
-VirtualHost "auth.jitsi.deuxfleurs.fr"
- ssl = {
- key = "/var/lib/prosody/auth.jitsi.deuxfleurs.fr.key";
- certificate = "/var/lib/prosody/auth.jitsi.deuxfleurs.fr.crt";
- }
- authentication = "internal_plain"
- admins = { "focus@auth.jitsi.deuxfleurs.fr"}
-
-Component "conference.jitsi.deuxfleurs.fr" "muc"
-Component "internal.auth.jitsi.deuxfleurs.fr" "muc"
- storage = "memory"
- modules_enabled = { "ping"; }
- admins = { "focus@auth.jitsi.deuxfleurs.fr", "jvb@auth.jitsi.deuxfleurs.fr" }
-
-Component "jitsi-videobridge.jitsi.deuxfleurs.fr"
- component_secret = "${JITSI_SECRET_VIDEOBRIDGE}"
-Component "focus.jitsi.deuxfleurs.fr"
- component_secret = "${JITSI_SECRET_JICOFO_COMPONENT}"
-
-EOF
-
-ln -sf \
- /etc/prosody/conf.avail/jitsi.deuxfleurs.fr.cfg.lua \
- /etc/prosody/conf.d/jitsi.deuxfleurs.fr.cfg.lua
-
-
diff --git a/app/jitsi/build/jitsi-xmpp/xmpp_gen b/app/jitsi/build/jitsi-xmpp/xmpp_gen
index 3a2e04a..a66aad8 100755
--- a/app/jitsi/build/jitsi-xmpp/xmpp_gen
+++ b/app/jitsi/build/jitsi-xmpp/xmpp_gen
@@ -1,9 +1,4 @@
#!/bin/bash
-/usr/local/bin/xmpp_conf
-
prosodyctl cert generate jitsi.deuxfleurs.fr
prosodyctl cert generate auth.jitsi.deuxfleurs.fr
-
-cp /var/lib/prosody/*.crt ${JITSI_CERTS_FOLDER}
-cp /var/lib/prosody/*.key ${JITSI_CERTS_FOLDER}
diff --git a/app/jitsi/build/jitsi-xmpp/xmpp_run b/app/jitsi/build/jitsi-xmpp/xmpp_run
index 6383b65..81329d2 100755
--- a/app/jitsi/build/jitsi-xmpp/xmpp_run
+++ b/app/jitsi/build/jitsi-xmpp/xmpp_run
@@ -1,20 +1,4 @@
#!/bin/bash
-
-/usr/local/bin/xmpp_conf
-cp ${JITSI_CERTS_FOLDER}/* /var/lib/prosody/
-chown -R prosody:prosody /var/lib/prosody
-
-mkdir -p /usr/local/share/ca-certificates/
-ln -sf \
- /var/lib/prosody/auth.jitsi.deuxfleurs.fr.crt \
- /usr/local/share/ca-certificates/auth.jitsi.deuxfleurs.fr.crt
-
prosodyctl register focus auth.jitsi.deuxfleurs.fr ${JITSI_SECRET_JICOFO_USER}
prosodyctl register jvb auth.jitsi.deuxfleurs.fr ${JITSI_SECRET_VIDEOBRIDGE}
-
-mkdir /run/prosody
-touch /run/prosody/prosody.pid
-chown -R prosody:prosody /run/prosody
-
-cd /var/lib/prosody
-su - prosody -s /bin/bash -c prosody
+exec prosody
diff --git a/app/jitsi/integration/README.md b/app/jitsi/integration/README.md
index 315b5de..e295745 100644
--- a/app/jitsi/integration/README.md
+++ b/app/jitsi/integration/README.md
@@ -38,6 +38,14 @@ We are particularly interested by: https://github.com/lightbend/config#standard-
Using 'application.conf' with classpath does not seem to work.
But, specifying the file path as `-Dconfig.file=/etc/jitsi/jicofo.conf` works!
+Some parameters are also set independently of lightbend hocon config.
+They are seen in jicofo entrypoint:
+https://github.com/jitsi/jicofo/blob/master/src/main/java/org/jitsi/jicofo/Main.java
+Many of these parameters can be in fact read from the HOCON file except one: the `--secret` parameter or the `JICOFO_SECRET` env variable.
+But we can see this is a deprecated thing, it has been already removed from master: https://github.com/jitsi/jicofo/commit/c9e5b50a8b4e77f8b8cb8831a4a044a53edfcf48
+For now (as per v5390) we will keep `JICOFO_SECRET` environment variable but will assume no other environment variable is set
+But maybe this value is deprecated: the check is still here but it is not used anymore?!
+
## Resources to understand jitsi
- [jicofo/debian/postinst](https://github.com/jitsi/jicofo/blob/master/debian/postinst)
diff --git a/app/jitsi/integration/dev.env b/app/jitsi/integration/dev.env
deleted file mode 100644
index 1dd2122..0000000
--- a/app/jitsi/integration/dev.env
+++ /dev/null
@@ -1,10 +0,0 @@
-JITSI_SECRET_VIDEOBRIDGE=S3CR3T01
-JITSI_SECRET_JICOFO_COMPONENT=S3CR3T02
-JITSI_SECRET_JICOFO_USER=S3CR3T03
-JITSI_PROSODY_BOSH_PORT=5280
-JITSI_PROSODY_BOSH_HOST=172.17.0.1
-JITSI_PROSODY_HOST=172.17.0.1
-JITSI_CERTS_FOLDER=/certs/
-JITSI_NAT_PUBLIC_IP=37.164.35.154
-JITSI_NAT_LOCAL_IP=192.168.0.231
-JITSI_VIDEO_TCP=8080
diff --git a/app/jitsi/integration/jicofo.conf b/app/jitsi/integration/jicofo/jicofo.conf
index 2351cde..edb87c5 100644
--- a/app/jitsi/integration/jicofo.conf
+++ b/app/jitsi/integration/jicofo/jicofo.conf
@@ -213,11 +213,11 @@ jicofo {
octo {
// Whether or not to use Octo. Note that when enabled, its use will be determined by
// $jicofo.bridge.selection-strategy.
- enabled = true
+ enabled = false
// An identifier of the Jicofo instance, used for the purpose of generating conference IDs unique across a set of
// Jicofo instances. Valid values are [1, 65535]. The value 0 is used when none is explicitly configured.
- #id = 1234
+ id = 1
}
rest {
@@ -239,11 +239,11 @@ jicofo {
// The separate XMPP connection used for communication with clients (endpoints).
client {
enabled = true
- hostname = "localhost"
+ hostname = "jitsi-xmpp"
port = 5222
#domain =
username = "focus"
- #password =
+ password = "3x@mple01"
// How long to wait for a response to a stanza before giving up.
reply-timeout = 15 seconds
diff --git a/app/jitsi/integration/jitsi-certs/.gitignore b/app/jitsi/integration/jitsi-certs/.gitignore
deleted file mode 100644
index d6b7ef3..0000000
--- a/app/jitsi/integration/jitsi-certs/.gitignore
+++ /dev/null
@@ -1,2 +0,0 @@
-*
-!.gitignore
diff --git a/app/jitsi/integration/videobridge.conf b/app/jitsi/integration/jvb/videobridge.conf
index e9bded0..e9bded0 100644
--- a/app/jitsi/integration/videobridge.conf
+++ b/app/jitsi/integration/jvb/videobridge.conf
diff --git a/app/jitsi/integration/prosody/prosody.cfg.lua b/app/jitsi/integration/prosody/prosody.cfg.lua
new file mode 100644
index 0000000..edfd820
--- /dev/null
+++ b/app/jitsi/integration/prosody/prosody.cfg.lua
@@ -0,0 +1,34 @@
+component_ports = { 5347 }
+component_interface = "0.0.0.0"
+http_ports = { ${JITSI_PROSODY_BOSH_PORT} }
+log = {
+ error="/dev/stderr"
+ info="/dev/stdout"
+}
+
+VirtualHost "jitsi.deuxfleurs.fr"
+ authentication = "anonymous"
+ ssl = {
+ key = "/var/lib/prosody/jitsi.key";
+ certificate = "/var/lib/prosody/jitsi.crt";
+ }
+ modules_enabled = {
+ "bosh";
+ "pubsub";
+ }
+ c2s_require_encryption = false
+
+VirtualHost "auth.jitsi.deuxfleurs.fr"
+ ssl = {
+ key = "/var/lib/prosody/auth.jitsi.key";
+ certificate = "/var/lib/prosody/auth.jitsi.crt";
+ }
+ authentication = "internal_plain"
+ admins = { "focus@auth.jitsi.deuxfleurs.fr"}
+
+Component "conference.jitsi.deuxfleurs.fr" "muc"
+Component "internal.auth.jitsi.deuxfleurs.fr" "muc"
+ storage = "memory"
+ modules_enabled = { "ping"; }
+ admins = { "focus@auth.jitsi.deuxfleurs.fr", "jvb@auth.jitsi.deuxfleurs.fr" }
+