aboutsummaryrefslogtreecommitdiff
path: root/app
diff options
context:
space:
mode:
authorQuentin <quentin@deuxfleurs.fr>2020-12-23 15:55:17 +0100
committerQuentin <quentin@deuxfleurs.fr>2020-12-23 15:55:17 +0100
commit80dc6ec803949bbb09a8d40c80daaa9c676c0fb6 (patch)
treed2a44cf03ef3f3d9c3646846b4a7d8153181fbc9 /app
parent9117616f0250ab0ac724c6aa9a5b6d94ec7c9d92 (diff)
downloadinfrastructure-80dc6ec803949bbb09a8d40c80daaa9c676c0fb6.tar.gz
infrastructure-80dc6ec803949bbb09a8d40c80daaa9c676c0fb6.zip
Migrate jitsi
Diffstat (limited to 'app')
-rw-r--r--app/build/docker-compose.yml6
-rwxr-xr-xapp/build/jitsi-meet/entrypoint.sh4
-rw-r--r--app/build/jitsi-xmpp/Dockerfile4
-rwxr-xr-xapp/build/jitsi-xmpp/xmpp_conf2
-rw-r--r--app/config/configuration/jitsi/global_env.tpl10
-rwxr-xr-xapp/config/restore_configuration.sh7
-rw-r--r--app/config/secrets/jitsi/global_env.sample9
-rw-r--r--app/deployment/jitsi.hcl116
8 files changed, 76 insertions, 82 deletions
diff --git a/app/build/docker-compose.yml b/app/build/docker-compose.yml
index 38031d2..de2c229 100644
--- a/app/build/docker-compose.yml
+++ b/app/build/docker-compose.yml
@@ -49,7 +49,7 @@ services:
# https://github.com/jitsi/jitsi-meet
PREFIXV: stable/jitsi-meet_
VERSION: 4966
- image: superboum/amd64_jitsi_meet:v1
+ image: superboum/amd64_jitsi_meet:v2
jitsi-conference-focus:
build:
@@ -73,8 +73,8 @@ services:
build:
context: ./jitsi-xmpp
args:
- VERSION: fake-1
- image: superboum/amd64_jitsi_xmpp:v4
+ VERSION: 0.11.2-1
+ image: superboum/amd64_jitsi_xmpp:v8
plume:
build:
diff --git a/app/build/jitsi-meet/entrypoint.sh b/app/build/jitsi-meet/entrypoint.sh
index 1e18bd1..1cd96dc 100755
--- a/app/build/jitsi-meet/entrypoint.sh
+++ b/app/build/jitsi-meet/entrypoint.sh
@@ -4,8 +4,8 @@ cat > /etc/nginx/sites-available/jitsi <<EOF
server_names_hash_bucket_size 64;
server {
- listen 0.0.0.0:443 ssl http2 default_server;
- listen [::]:443 ssl http2 default_server;
+ listen 0.0.0.0:${NGINX_PORT} ssl http2 default_server;
+ listen [::]:${NGINX_PORT} ssl http2 default_server;
server_name _;
ssl_certificate ${JITSI_CERTS_FOLDER}/jitsi.deuxfleurs.fr.crt;
ssl_certificate_key ${JITSI_CERTS_FOLDER}/jitsi.deuxfleurs.fr.key;
diff --git a/app/build/jitsi-xmpp/Dockerfile b/app/build/jitsi-xmpp/Dockerfile
index 3733d49..f3dcd36 100644
--- a/app/build/jitsi-xmpp/Dockerfile
+++ b/app/build/jitsi-xmpp/Dockerfile
@@ -1,7 +1,9 @@
FROM debian:buster
+ARG VERSION
+
RUN apt-get update && \
- apt-get install -y prosody
+ apt-get install -y prosody=${VERSION}
COPY external_components.cfg.lua /etc/prosody/conf.d/external_components.cfg.lua
COPY xmpp_conf /usr/local/bin/xmpp_conf
diff --git a/app/build/jitsi-xmpp/xmpp_conf b/app/build/jitsi-xmpp/xmpp_conf
index 5990d07..34b2cb3 100755
--- a/app/build/jitsi-xmpp/xmpp_conf
+++ b/app/build/jitsi-xmpp/xmpp_conf
@@ -7,6 +7,8 @@ EOF
mkdir -p /etc/prosody/conf.{d,avail}/
cat > /etc/prosody/conf.avail/jitsi.deuxfleurs.fr.cfg.lua <<EOF
+http_ports = { ${JITSI_PROSODY_BOSH_PORT} }
+
VirtualHost "jitsi.deuxfleurs.fr"
authentication = "anonymous"
ssl = {
diff --git a/app/config/configuration/jitsi/global_env.tpl b/app/config/configuration/jitsi/global_env.tpl
new file mode 100644
index 0000000..836a131
--- /dev/null
+++ b/app/config/configuration/jitsi/global_env.tpl
@@ -0,0 +1,10 @@
+JITSI_SECRET_VIDEOBRIDGE={{ key "secrets/jitsi/jitsi_secret_videobridge" }}
+JITSI_SECRET_JICOFO_COMPONENT={{ key "secrets/jitsi/jitsi_secret_jicofo_component" }}
+JITSI_SECRET_JICOFO_USER={{ key "secrets/jitsi/jitsi_secret_jicofo_user" }}
+JITSI_PROSODY_BOSH_PORT={{ env "NOMAD_PORT_bosh_port" }}
+JITSI_PROSODY_BOSH_HOST=127.0.0.1
+JITSI_PROSODY_HOST=127.0.0.1
+JITSI_CERTS_FOLDER=/secrets/certs/
+JITSI_NAT_PUBLIC_IP=82.253.205.190
+JITSI_NAT_LOCAL_IP={{ env "NOMAD_IP_video1_port" }}
+NGINX_PORT={{ env "NOMAD_PORT_https_port" }}
diff --git a/app/config/restore_configuration.sh b/app/config/restore_configuration.sh
deleted file mode 100755
index 63d71a1..0000000
--- a/app/config/restore_configuration.sh
+++ /dev/null
@@ -1,7 +0,0 @@
-#!/bin/bash
-
-find {configuration,secrets}/$1 -type f \
- | grep --perl-regexp --invert-match "\.sample$|\.gen$|\.gitignore|\.sh$" \
- | while read filename; do
- consul kv put "${filename}" "@${filename}"
- done
diff --git a/app/config/secrets/jitsi/global_env.sample b/app/config/secrets/jitsi/global_env.sample
deleted file mode 100644
index 658c9c9..0000000
--- a/app/config/secrets/jitsi/global_env.sample
+++ /dev/null
@@ -1,9 +0,0 @@
-JITSI_SECRET_VIDEOBRIDGE=redacted
-JITSI_SECRET_JICOFO_COMPONENT=redacted
-JITSI_SECRET_JICOFO_USER=redacted
-JITSI_PROSODY_BOSH_PORT=5280
-JITSI_PROSODY_BOSH_HOST=127.0.0.1
-JITSI_PROSODY_HOST=127.0.0.1
-JITSI_CERTS_FOLDER=/secrets/certs/
-JITSI_NAT_PUBLIC_IP=redacted
-JITSI_NAT_LOCAL_IP={{ env "NOMAD_IP_video1_port" }}
diff --git a/app/deployment/jitsi.hcl b/app/deployment/jitsi.hcl
index 3c8de3a..9c1edd5 100644
--- a/app/deployment/jitsi.hcl
+++ b/app/deployment/jitsi.hcl
@@ -8,39 +8,50 @@ job "jitsi" {
}
group "core" {
+
+ network {
+ port "bosh_port" { }
+ port "ext_port" { static = 5347 }
+ port "xmpp_port" { static = 5222 }
+ port "https_port" { }
+ port "video1_port" { static = 8080 }
+ port "video2_port" { static = 10000 }
+ }
+
task "xmpp" {
driver = "docker"
config {
- image = "superboum/amd64_jitsi_xmpp:v4"
+ image = "superboum/amd64_jitsi_xmpp:v8"
+ ports = [ "bosh_port", "ext_port", "xmpp_port" ]
network_mode = "host"
}
template {
+ data = file("../config/configuration/jitsi/global_env.tpl")
+ destination = "secrets/global_env"
+ env = true
+ }
+
+ # --- secrets ---
+ template {
data = "{{ key \"secrets/jitsi/auth.jitsi.deuxfleurs.fr.crt\" }}"
destination = "secrets/certs/auth.jitsi.deuxfleurs.fr.crt"
}
+
template {
data = "{{ key \"secrets/jitsi/auth.jitsi.deuxfleurs.fr.key\" }}"
destination = "secrets/certs/auth.jitsi.deuxfleurs.fr.key"
}
+
template {
data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.crt\" }}"
destination = "secrets/certs/jitsi.deuxfleurs.fr.crt"
}
+
template {
data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.key\" }}"
destination = "secrets/certs/jitsi.deuxfleurs.fr.key"
}
- artifact {
- source = "http://127.0.0.1:8500/v1/kv/secrets/jitsi/global_env?raw"
- destination = "secrets/global_env.tpl"
- mode = "file"
- }
- template {
- source = "secrets/global_env.tpl"
- destination = "secrets/global_env"
- env = true
- }
resources {
cpu = 300
@@ -49,13 +60,12 @@ job "jitsi" {
service {
tags = [ "jitsi", "bosh" ]
- port = 5280
- address_mode = "driver"
+ port = "bosh_port"
+ address_mode = "host"
name = "jitsi-xmpp-bosh"
check {
type = "tcp"
- address_mode = "driver"
- port = 5280
+ port = "bosh_port"
interval = "60s"
timeout = "5s"
check_restart {
@@ -68,15 +78,15 @@ job "jitsi" {
service {
tags = [ "jitsi", "ext" ]
- port = 5347
- address_mode = "driver"
+ port = "ext_port"
+ address_mode = "host"
name = "jitsi-ext"
}
service {
tags = [ "jitsi", "xmpp" ]
- port = 5222
- address_mode = "driver"
+ port = "xmpp_port"
+ address_mode = "host"
name = "jitsi-xmpp"
}
}
@@ -84,11 +94,19 @@ job "jitsi" {
task "front" {
driver = "docker"
config {
- image = "superboum/amd64_jitsi_meet:v1"
+ image = "superboum/amd64_jitsi_meet:v2"
network_mode = "host"
+ ports = [ "https_port" ]
}
template {
+ data = file("../config/configuration/jitsi/global_env.tpl")
+ destination = "secrets/global_env"
+ env = true
+ }
+
+ # --- secrets ---
+ template {
data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.crt\" }}"
destination = "secrets/certs/jitsi.deuxfleurs.fr.crt"
}
@@ -96,16 +114,6 @@ job "jitsi" {
data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.key\" }}"
destination = "secrets/certs/jitsi.deuxfleurs.fr.key"
}
- artifact {
- source = "http://127.0.0.1:8500/v1/kv/secrets/jitsi/global_env?raw"
- destination = "secrets/global_env.tpl"
- mode = "file"
- }
- template {
- source = "secrets/global_env.tpl"
- destination = "secrets/global_env"
- env = true
- }
resources {
cpu = 300
@@ -120,13 +128,12 @@ job "jitsi" {
"traefik.frontend.rule=Host:jitsi.deuxfleurs.fr;PathPrefix:/",
"traefik.protocol=https"
]
- port = 443
- address_mode = "driver"
+ port = "https_port"
+ address_mode = "host"
name = "jitsi-front-https"
check {
type = "tcp"
- port = 443
- address_mode = "driver"
+ port = "https_port"
interval = "60s"
timeout = "5s"
check_restart {
@@ -146,23 +153,21 @@ job "jitsi" {
}
template {
+ data = file("../config/configuration/jitsi/global_env.tpl")
+ destination = "secrets/global_env"
+ env = true
+ }
+
+ #--- secrets ---
+ template {
data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.crt\" }}"
destination = "secrets/certs/jitsi.deuxfleurs.fr.crt"
}
+
template {
data = "{{ key \"secrets/jitsi/auth.jitsi.deuxfleurs.fr.crt\" }}"
destination = "secrets/certs/auth.jitsi.deuxfleurs.fr.crt"
}
- artifact {
- source = "http://127.0.0.1:8500/v1/kv/secrets/jitsi/global_env?raw"
- destination = "secrets/global_env.tpl"
- mode = "file"
- }
- template {
- source = "secrets/global_env.tpl"
- destination = "secrets/global_env"
- env = true
- }
resources {
cpu = 300
@@ -175,7 +180,7 @@ job "jitsi" {
config {
image = "superboum/amd64_jitsi_videobridge:v15"
network_mode = "host"
- port_map { video1_port = 8080 } # this is a hack, check secrets/jitsi/global_env to understand why
+ ports = [ "video1_port", "video2_port" ]
ulimit {
nofile = "1048576:1048576"
nproc = "65536:65536"
@@ -188,13 +193,8 @@ job "jitsi" {
VIDEOBRIDGE_MAX_MEMORY = "1450m"
}
- artifact {
- source = "http://127.0.0.1:8500/v1/kv/secrets/jitsi/global_env?raw"
- destination = "secrets/global_env.tpl"
- mode = "file"
- }
template {
- source = "secrets/global_env.tpl"
+ data = file("../config/configuration/jitsi/global_env.tpl")
destination = "secrets/global_env"
env = true
}
@@ -202,20 +202,16 @@ job "jitsi" {
resources {
cpu = 900
memory = 1500
- network {
- port "video1_port" { static = "8080" } # this is a hack
- }
}
service {
tags = [ "jitsi", "(diplonat (tcp_port 8080))" ]
- port = 8080
- address_mode = "driver"
+ port = "video1_port"
+ address_mode = "host"
name = "jitsi-videobridge-video1"
check {
type = "tcp"
- port = 8080
- address_mode = "driver"
+ port = "video1_port"
interval = "60s"
timeout = "5s"
check_restart {
@@ -228,8 +224,8 @@ job "jitsi" {
service {
tags = [ "jitsi", "(diplonat (udp_port 10000))" ]
- port = 10000
- address_mode = "driver"
+ port = "video2_port"
+ address_mode = "host"
name = "jitsi-videobridge-video2"
}
}