Add support for external-IP-address-autodetection to Coturn

2023-10-10 11:10:21 +03:00
parent ccbff150cd
commit dc9ff4e01b
6 changed files with 82 additions and 3 deletions
--- a/roles/custom/matrix-coturn/defaults/main.yml
+++ b/roles/custom/matrix-coturn/defaults/main.yml
@ -73,8 +73,25 @@ matrix_coturn_turn_udp_max_port: 49172
 matrix_coturn_turn_static_auth_secret: ""

 # The external IP address of the machine where Coturn is.
+# If do not define an IP address here or in `matrix_coturn_turn_external_ip_addresses`, auto-detection via an EchoIP service will be done.
+# See `matrix_coturn_turn_external_ip_address_auto_detection_enabled`
 matrix_coturn_turn_external_ip_address: ''
-matrix_coturn_turn_external_ip_addresses: ["{{ matrix_coturn_turn_external_ip_address }}"]
+matrix_coturn_turn_external_ip_addresses: "{{ [matrix_coturn_turn_external_ip_address] if matrix_coturn_turn_external_ip_address != '' else [] }}"
+
+# Controls whether external IP address auto-detection should be attempted.
+# We try to do this if there is no external IP address explicitly configured and if an EchoIP service URL is specified.
+# See matrix_coturn_turn_external_ip_address_auto_detection_echoip_service_url
+matrix_coturn_turn_external_ip_address_auto_detection_enabled: "{{ matrix_coturn_turn_external_ip_addresses | length == 0 and matrix_coturn_turn_external_ip_address_auto_detection_echoip_service_url != '' }}"
+
+# Specifies the address of the EchoIP service (https://github.com/mpolden/echoip) to use for detecting the external IP address.
+# By default, we use the official public instance.
+matrix_coturn_turn_external_ip_address_auto_detection_echoip_service_url: https://ifconfig.co/json
+
+# Controls whether SSL certificates will be validated when contacting the EchoIP service (matrix_coturn_turn_external_ip_address_auto_detection_echoip_service_url)
+matrix_coturn_turn_external_ip_address_auto_detection_echoip_validate_certs: true
+
+matrix_coturn_turn_external_ip_address_auto_detection_echoip_service_retries_count: "{{ devture_playbook_help_geturl_retries_count }}"
+matrix_coturn_turn_external_ip_address_auto_detection_echoip_service_retries_delay: "{{ devture_playbook_help_geturl_retries_delay }}"

 matrix_coturn_allowed_peer_ips: []

--- a/roles/custom/matrix-coturn/tasks/setup_install.yml
+++ b/roles/custom/matrix-coturn/tasks/setup_install.yml
@ -1,5 +1,37 @@
 ---

+- when: matrix_coturn_turn_external_ip_address_auto_detection_enabled | bool
+  block:
+    - when: matrix_coturn_turn_external_ip_address_auto_detection_echoip_service_url == ''
+      name: Fail if enabled, but EchoIP service URL unset
+      ansible.builtin.fail:
+        msg: "To use the external IP address auto-detection feature, you need to set matrix_coturn_turn_external_ip_address_auto_detection_echoip_service_url"
+
+    # NOTE:
+    # `ansible.builtin.uri` does not provide a way to configure whether IPv4 or IPv6 is used.
+    # Luckily, the default instance we use does not define AAAA records for now, so it's always IPv4.
+    - name: Fetch IP address information from EchoIP service
+      ansible.builtin.uri:
+        url: "{{ matrix_coturn_turn_external_ip_address_auto_detection_echoip_service_url }}"
+        headers:
+          Content-Type: application/json
+        follow_redirects: none
+        validate_certs: "{{ matrix_coturn_turn_external_ip_address_auto_detection_echoip_validate_certs }}"
+      register: result_matrix_coturn_turn_external_ip_address_auto_detection_echoip_response
+      ignore_errors: true
+      check_mode: false
+      retries: "{{ matrix_coturn_turn_external_ip_address_auto_detection_echoip_service_retries_count }}"
+      delay: "{{ matrix_coturn_turn_external_ip_address_auto_detection_echoip_service_retries_delay }}"
+      until: not result_matrix_coturn_turn_external_ip_address_auto_detection_echoip_response.failed
+
+    - when: "(result_matrix_coturn_turn_external_ip_address_auto_detection_echoip_response.failed or 'json' not in result_matrix_coturn_turn_external_ip_address_auto_detection_echoip_response)"
+      name: Fail if EchoIP service failed
+      ansible.builtin.fail:
+        msg: "Failed contacting EchoIP service API at `{{ matrix_coturn_turn_external_ip_address_auto_detection_echoip_service_url }}` (controlled by `matrix_coturn_turn_external_ip_address_auto_detection_echoip_service_url`). Full error: {{ result_matrix_coturn_turn_external_ip_address_auto_detection_echoip_response }}"
+
+    - ansible.builtin.set_fact:
+        matrix_coturn_turn_external_ip_address: "{{ result_matrix_coturn_turn_external_ip_address_auto_detection_echoip_response.json.ip }}"
+
 - name: Ensure Matrix Coturn path exists
  ansible.builtin.file:
    path: "{{ item.path }}"
--- a/roles/custom/matrix-coturn/templates/turnserver.conf.j2
+++ b/roles/custom/matrix-coturn/templates/turnserver.conf.j2
@ -5,7 +5,7 @@ realm=turn.{{ matrix_server_fqn_matrix }}

 min-port={{ matrix_coturn_turn_udp_min_port }}
 max-port={{ matrix_coturn_turn_udp_max_port }}
-{% for ip in matrix_coturn_turn_external_ip_addresses|select('ne', '') %}
+{% for ip in matrix_coturn_turn_external_ip_addresses %}
 external-ip={{ ip }}
 {% endfor %}