Provision extra Jitsi JVB services on additional hosts (#2166)

* Add task to configure a standalone JVB on a different server * add missing file * set nginx config * update prosody file and expose port 5222 * change variable name to server id * formatting change * use server id of jvb-1 for the main server * adding documentation * adding more jvbs * rename variable * revert file * fix yaml error * minor doc fixes * renaming tags and introducing a common tag * remove duplicates * add mapping for jvb to hostname/ip * missed a jvb_server * Update roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-jitsi.conf.j2 Co-authored-by: Slavi Pantaleev <slavi@devture.com> * PR review comments and additional documentation * iterate on dict items * Update docs/configuring-playbook-jitsi.md Co-authored-by: Slavi Pantaleev <slavi@devture.com> * Update docs/configuring-playbook-jitsi.md Co-authored-by: Slavi Pantaleev <slavi@devture.com> * Update docs/configuring-playbook-jitsi.md Co-authored-by: Slavi Pantaleev <slavi@devture.com> * Update docs/configuring-playbook-jitsi.md Co-authored-by: Slavi Pantaleev <slavi@devture.com> * Update docs/configuring-playbook-jitsi.md Co-authored-by: Slavi Pantaleev <slavi@devture.com> * Update docs/configuring-playbook-jitsi.md Co-authored-by: Slavi Pantaleev <slavi@devture.com> * Update docs/configuring-playbook-jitsi.md Co-authored-by: Slavi Pantaleev <slavi@devture.com> * adding documentation around the xmpp setting * add common after * reduce the number of services during init of the additional jvb * remove rogue i * revert change to jitsi init as it's needed * only run the jvb service on the additional jvb host * updating docs * reset default and add documentation about the websocket port * fix issue rather merge with master * add missing role introduced in master * this role is required too * Adding new jitsi jvb playbook, moving setup.yml to matrix.yml and creating soft link * updating documentation * revert accidental change to file * add symlink back to roles to aid running of the jitsi playbook * Remove extra space * Delete useless playbooks/roles symlink * Remove blank lines Co-authored-by: Slavi Pantaleev <slavi@devture.com>
2022-11-18 12:00:27 +00:00
parent 45c0467745
commit 84c74136ea
14 changed files with 258 additions and 128 deletions
--- a/roles/custom/matrix-base/tasks/main.yml
+++ b/roles/custom/matrix-base/tasks/main.yml
@ -1,18 +1,24 @@
 ---

+- ansible.builtin.import_tasks: "{{ role_path }}/tasks/system_check.yml"
+  tags:
+    - always
+
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/sanity_check.yml"
  tags:
-    - always
+    - setup-all

 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/clean_up_old_files.yml"
  when: run_setup | bool
  tags:
    - setup-all
+    - common

 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/server_base/setup.yml"
  when: run_setup | bool
  tags:
    - setup-all
+    - common

 # This needs to always run, because it populates `matrix_user_uid` and `matrix_user_gid`,
 # which are required by many other roles.
@ -21,11 +27,13 @@
  tags:
    - always
    - setup-system-user
+    - common

 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_matrix_base.yml"
  when: run_setup | bool
  tags:
    - setup-all
+    - common

 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_well_known.yml"
  when: run_setup | bool
--- a/roles/custom/matrix-base/tasks/sanity_check.yml
+++ b/roles/custom/matrix-base/tasks/sanity_check.yml
@ -5,21 +5,6 @@
    msg: "You need to set a valid homeserver implementation in `matrix_homeserver_implementation`"
  when: "matrix_homeserver_implementation not in ['synapse', 'dendrite', 'conduit']"

-# We generally support Ansible 2.7.1 and above.
- name: Fail if running on Ansible < 2.7.1
-  ansible.builtin.fail:
-    msg: "You are running on Ansible {{ ansible_version.string }}, which is not supported. See our guide about Ansible: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/ansible.md"
-  when:
-    - "(ansible_version.major < 2) or (ansible_version.major == 2 and ansible_version.minor < 7) or (ansible_version.major == 2 and ansible_version.minor == 7 and ansible_version.revision < 1)"
-
-# Though we do not support Ansible 2.9.6 which is buggy
- name: Fail if running on Ansible 2.9.6 on Ubuntu
-  ansible.builtin.fail:
-    msg: "You are running on Ansible {{ ansible_version.string }}, which is not supported. See our guide about Ansible: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/ansible.md"
-  when:
-    - ansible_distribution == 'Ubuntu'
-    - "ansible_version.major == 2 and ansible_version.minor == 9 and ansible_version.revision == 6"
-
 - name: (Deprecation) Catch and report renamed settings
  ansible.builtin.fail:
    msg: >-
@ -66,20 +51,6 @@
    - "{{ matrix_server_fqn_element }}"
  when: "item != item | lower"

- name: Fail if using python2 on Archlinux
-  ansible.builtin.fail:
-    msg: "Detected that you're using python2 when installing onto Archlinux. Archlinux by default only supports python3."
-  when:
-    - ansible_distribution == 'Archlinux'
-    - ansible_python.version.major != 3
-
- name: Fail if architecture is set incorrectly
-  ansible.builtin.fail:
-    msg: "Detected that variable matrix_architecture {{ matrix_architecture }} appears to be set incorrectly. See docs/alternative-architectures.md. Server appears to be {{ ansible_architecture }}."
-  when: (ansible_architecture == "x86_64" and matrix_architecture != "amd64") or
-        (ansible_architecture == "aarch64" and matrix_architecture != "arm64") or
-        (ansible_architecture.startswith("armv") and matrix_architecture != "arm32")
-
 - name: Fail if encountering usage of removed role (mx-puppet-skype)
  ansible.builtin.fail:
    msg: >-
--- a/roles/custom/matrix-base/tasks/system_check.yml
+++ b/roles/custom/matrix-base/tasks/system_check.yml
@ -0,0 +1,30 @@
+---
+
+# We generally support Ansible 2.7.1 and above.
+- name: Fail if running on Ansible < 2.7.1
+  ansible.builtin.fail:
+    msg: "You are running on Ansible {{ ansible_version.string }}, which is not supported. See our guide about Ansible: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/ansible.md"
+  when:
+    - "(ansible_version.major < 2) or (ansible_version.major == 2 and ansible_version.minor < 7) or (ansible_version.major == 2 and ansible_version.minor == 7 and ansible_version.revision < 1)"
+
+# Though we do not support Ansible 2.9.6 which is buggy
+- name: Fail if running on Ansible 2.9.6 on Ubuntu
+  ansible.builtin.fail:
+    msg: "You are running on Ansible {{ ansible_version.string }}, which is not supported. See our guide about Ansible: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/ansible.md"
+  when:
+    - ansible_distribution == 'Ubuntu'
+    - "ansible_version.major == 2 and ansible_version.minor == 9 and ansible_version.revision == 6"
+
+- name: Fail if using python2 on Archlinux
+  ansible.builtin.fail:
+    msg: "Detected that you're using python2 when installing onto Archlinux. Archlinux by default only supports python3."
+  when:
+    - ansible_distribution == 'Archlinux'
+    - ansible_python.version.major != 3
+
+- name: Fail if architecture is set incorrectly
+  ansible.builtin.fail:
+    msg: "Detected that variable matrix_architecture {{ matrix_architecture }} appears to be set incorrectly. See docs/alternative-architectures.md. Server appears to be {{ ansible_architecture }}."
+  when: (ansible_architecture == "x86_64" and matrix_architecture != "amd64") or
+        (ansible_architecture == "aarch64" and matrix_architecture != "arm64") or
+        (ansible_architecture.startswith("armv") and matrix_architecture != "arm32")
--- a/roles/custom/matrix-jitsi/defaults/main.yml
+++ b/roles/custom/matrix-jitsi/defaults/main.yml
@ -189,6 +189,8 @@ matrix_jitsi_prosody_systemd_required_services_list: ['docker.service']
 # Neccessary Port binding for those disabling the integrated nginx proxy
 matrix_jitsi_prosody_container_http_host_bind_port: ''

+matrix_jitsi_prosody_container_jvb_host_bind_port: 5222
+
 matrix_jitsi_jicofo_docker_image: "{{ matrix_container_global_registry_prefix }}jitsi/jicofo:{{ matrix_jitsi_container_image_tag }}"
 matrix_jitsi_jicofo_docker_image_force_pull: "{{ matrix_jitsi_jicofo_docker_image.endswith(':latest') }}"

@ -218,7 +220,7 @@ matrix_jitsi_jvb_config_path: "{{ matrix_jitsi_jvb_base_path }}/config"
 matrix_jitsi_jvb_container_extra_arguments: []

 # List of systemd services that matrix-jitsi-jvb.service depends on
-matrix_jitsi_jvb_systemd_required_services_list: ['docker.service', 'matrix-jitsi-prosody.service']
+matrix_jitsi_jvb_systemd_required_services_list: ['docker.service']

 matrix_jitsi_jvb_auth_user: jvb
 matrix_jitsi_jvb_auth_password: ''
@ -233,6 +235,8 @@ matrix_jitsi_jvb_stun_servers: ['meet-jit-si-turnrelay.jitsi.net:443']
 matrix_jitsi_jvb_brewery_muc: jvbbrewery
 matrix_jitsi_jvb_rtp_udp_port: 10000
 matrix_jitsi_jvb_rtp_tcp_port: 4443
+matrix_jitsi_jvb_server_id: 'jvb-1'
+

 # Custom configuration to be injected into `custom-sip-communicator.properties`, passed to Jitsi JVB.
 # This configuration gets appended to the final configuration that Jitsi JVB uses.
--- a/roles/custom/matrix-jitsi/tasks/init_additional_jvb.yml
+++ b/roles/custom/matrix-jitsi/tasks/init_additional_jvb.yml
@ -0,0 +1,5 @@
+---
+
+- ansible.builtin.set_fact:
+    matrix_systemd_services_list: "{{ ['matrix-jitsi-jvb.service'] }}"
+  when: matrix_jitsi_enabled | bool
--- a/roles/custom/matrix-jitsi/tasks/main.yml
+++ b/roles/custom/matrix-jitsi/tasks/main.yml
@ -4,17 +4,23 @@
  tags:
    - always

+- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init_additional_jvb.yml"
+  tags:
+    - setup-additional-jitsi-jvb
+
 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
  when: "run_setup | bool and matrix_jitsi_enabled | bool"
  tags:
    - setup-all
    - setup-jitsi
+    - setup-additional-jitsi-jvb

 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_jitsi_base.yml"
  when: run_setup | bool
  tags:
    - setup-all
    - setup-jitsi
+    - setup-additional-jitsi-jvb

 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_jitsi_web.yml"
  when: run_setup | bool
@ -39,3 +45,4 @@
  tags:
    - setup-all
    - setup-jitsi
+    - setup-additional-jitsi-jvb
--- a/roles/custom/matrix-jitsi/templates/jvb/env.j2
+++ b/roles/custom/matrix-jitsi/templates/jvb/env.j2
@ -16,7 +16,7 @@ JVB_OCTO_PUBLIC_ADDRESS
 JVB_OCTO_BIND_PORT
 JVB_OCTO_REGION
 JVB_WS_DOMAIN
-JVB_WS_SERVER_ID
+JVB_WS_SERVER_ID={{ matrix_jitsi_jvb_server_id }}
 PUBLIC_URL={{ matrix_jitsi_web_public_url }}
 SENTRY_DSN={{ matrix_jitsi_jvb_sentry_dsn }}
 SENTRY_ENVIRONMENT
--- a/roles/custom/matrix-jitsi/templates/prosody/matrix-jitsi-prosody.service.j2
+++ b/roles/custom/matrix-jitsi/templates/prosody/matrix-jitsi-prosody.service.j2
@ -20,6 +20,9 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name
 			{% if matrix_jitsi_prosody_container_http_host_bind_port %}
 			-p {{ matrix_jitsi_prosody_container_http_host_bind_port }}:5280 \
 			{% endif %}
+			{% if matrix_jitsi_prosody_container_jvb_host_bind_port %}
+			-p {{ matrix_jitsi_prosody_container_jvb_host_bind_port }}:5222 \
+			{% endif %}
 			--env-file={{ matrix_jitsi_prosody_base_path }}/env \
 			--mount type=bind,src={{ matrix_jitsi_prosody_config_path }},dst=/config \
 			--mount type=bind,src={{ matrix_jitsi_prosody_plugins_path }},dst=/prosody-plugins-custom \
--- a/roles/custom/matrix-nginx-proxy/defaults/main.yml
+++ b/roles/custom/matrix-nginx-proxy/defaults/main.yml
@ -667,3 +667,12 @@ matrix_nginx_proxy_synapse_cache_proxy_cache_valid_time: "24h"
 # http://nginx.org/en/docs/ngx_core_module.html#worker_connections
 matrix_nginx_proxy_worker_processes: auto
 matrix_nginx_proxy_worker_connections: 1024
+
+# A mapping of JVB server ids to hostname/ipa addresses used to add additional jvb blocks
+# to the Jitsi's server configuration (matrix-jitsi.conf)
+# Note: avoid using the JVB server id  "jvb-1" as this is reserved for the main host.
+# Example:
+# matrix_nginx_proxy_proxy_jitsi_additional_jvbs:
+#   jvb-2: 192.168.0.1
+#   jvb-3: 192.168.0.2
+matrix_nginx_proxy_proxy_jitsi_additional_jvbs: {}
--- a/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-jitsi.conf.j2
+++ b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-jitsi.conf.j2
@ -34,7 +34,7 @@
 	}

 	# colibri (JVB) websockets
-	location ~ ^/colibri-ws/([a-zA-Z0-9-\.]+)/(.*) {
+	location ~ ^/colibri-ws/jvb-1/(.*) {
 		{% if matrix_nginx_proxy_enabled %}
 			resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s;
 			set $backend "matrix-jitsi-jvb:9090";
@ -53,6 +53,22 @@

 		tcp_nodelay on;
 	}
+	{% for id, ip_address in matrix_nginx_proxy_proxy_jitsi_additional_jvbs.items() %}
+	# colibri (JVB) websockets for additional JVBs
+	location ~ ^/colibri-ws/{{ id | regex_escape }}/(.*) {
+		proxy_pass http://{{ ip_address }}:9090/colibri-ws/{{ id }}/$1$is_args$args;
+
+		proxy_set_header Host $host;
+		proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }};
+		proxy_set_header Upgrade $http_upgrade;
+		proxy_set_header Connection "upgrade";
+
+		proxy_http_version 1.1;
+
+		tcp_nodelay on;
+	}
+	{% endfor %}
+

 	# XMPP websocket
 	location = /xmpp-websocket {