Browse Source

jitsi: first implementation of the playbook

Fixes: main/infrastructure#231
keep-around/ac4788e70ffc9a1e25ee69295bf7516fe11cca33
Loïc Dachary 1 year ago
committed by Loic Dachary
parent
commit
ac4788e70f
Signed by: dachary GPG Key ID: 992D23B392F9E4F2
  1. 2
      ansible.cfg
  2. 1
      docs/services/index.rst
  3. 14
      docs/services/jitsi.rst
  4. 1
      docs/user-guide.rst
  5. 1
      inventory/all.yml
  6. 9
      inventory/services.yml
  7. 14
      playbooks/jitsi/conftest.py
  8. 19
      playbooks/jitsi/files/command-check_jitsi.conf
  9. 4
      playbooks/jitsi/inventory/service.yml
  10. 79
      playbooks/jitsi/jitsi-monitoring-playbook.yml
  11. 4
      playbooks/jitsi/jitsi-playbook.yml
  12. 50
      playbooks/jitsi/jitsi-server-playbook.yml
  13. 9
      playbooks/jitsi/playbook.yml
  14. 65
      playbooks/jitsi/roles/jitsi/defaults/main.yml
  15. 48
      playbooks/jitsi/roles/jitsi/tasks/jitsi.yml
  16. 2
      playbooks/jitsi/roles/jitsi/tasks/main.yml
  17. 602
      playbooks/jitsi/roles/jitsi/templates/config.js.j2
  18. 13
      playbooks/jitsi/tests/test_icinga.py
  19. 2
      tox.ini

2
ansible.cfg

@ -1,2 +1,2 @@
[defaults]
roles_path = playbooks/infrastructure/roles:playbooks/authorized_keys/roles:playbooks/backup/roles:playbooks/bind/roles:playbooks/icinga/roles:playbooks/postfix/roles:playbooks/weblate/roles:playbooks/packages/roles:playbooks/jdauphant.nginx/roles:playbooks/enough-nginx/roles:playbooks/certificate/roles:playbooks/wazuh/roles:playbooks/firewall/roles:playbooks/api/roles:playbooks/openvpn/roles
roles_path = playbooks/infrastructure/roles:playbooks/authorized_keys/roles:playbooks/backup/roles:playbooks/bind/roles:playbooks/icinga/roles:playbooks/postfix/roles:playbooks/weblate/roles:playbooks/packages/roles:playbooks/jdauphant.nginx/roles:playbooks/enough-nginx/roles:playbooks/certificate/roles:playbooks/wazuh/roles:playbooks/firewall/roles:playbooks/api/roles:playbooks/openvpn/roles:playbooks/jitsi/roles

1
docs/services/index.rst

@ -19,3 +19,4 @@ Services
ids
monitoring
backup
jitsi

14
docs/services/jitsi.rst

@ -0,0 +1,14 @@
Jitsi
=====
`Jitsi <https://jitsi.org/>`__ is documented in `this file
<https://lab.enough.community/main/infrastructure/blob/master/playbooks/jitsi/roles/jitsi/defaults/main.yml>`__
and can be modified in the
`~/.enough/example.com/inventory/group_vars/jitsi-service-group.yml`
file.
The service is created with:
.. code::
$ enough --domain example.com service create jitsi

1
docs/user-guide.rst

@ -133,6 +133,7 @@ The following services are available:
* ``wekan``, for `kanban <https://wekan.github.io/>`__ at ``wekan.example.com``
* :doc:`gitlab <services/gitlab>`, for `software development <https://gitlab.com/>`__ at ``lab.example.com``
* ``api``, for :doc:`Enough development <community/contribute>` at ``api.example.com``
* :doc:`Jitsi <services/jitsi>`, for `video conferencing <https://jitsi.org/>`__ at ``jitsi.example.com``
As an example, the cloud service can be created as follows:

1
inventory/all.yml

@ -8,6 +8,7 @@ all-hosts:
forum-host:
gitlab-host:
icinga-host:
jitsi-host:
packages-host:
postfix-host:
runner-host:

9
inventory/services.yml

@ -172,3 +172,12 @@ securedrop-service-hosts:
children:
securedrop-service-group:
essential-service-group:
jitsi-service-group:
hosts:
jitsi-host:
jitsi-service-hosts:
children:
jitsi-service-group:
essential-service-group:

14
playbooks/jitsi/conftest.py

@ -0,0 +1,14 @@
def pytest_addoption(parser):
parser.addoption(
"--enough-hosts",
action="store",
default="bind-host,icinga-host,jitsi-host",
help="list of hosts"
)
parser.addoption(
"--enough-service",
action="store",
default="jitsi",
help="service"
)

19
playbooks/jitsi/files/command-check_jitsi.conf

@ -0,0 +1,19 @@
object CheckCommand "jitsi" {
import "ipv4-or-ipv6"
command = [
PluginDir + "/check_jitsi",
"-H", "$jitsi_address$",
"-p", "$jitsi_port$"
]
arguments = {
"-m" = {
value = "$jitsi_mode$"
required = true
description = "health mode"
}
}
vars.jitsi_address = "$check_address$"
}

4
playbooks/jitsi/inventory/service.yml

@ -0,0 +1,4 @@
---
icinga-service-group:
hosts:
icinga-host:

79
playbooks/jitsi/jitsi-monitoring-playbook.yml

@ -0,0 +1,79 @@
---
- name: firewall for Jitsi monitoring
hosts: localhost
gather_facts: false
tasks:
- include_role:
name: firewall
vars:
firewall_server: "{{ item }}"
firewall_clients: [ "{{ hostvars[groups['icinga-service-group'][0]]['ansible_host'] }}/32" ]
firewall_protocols: [ tcp ]
firewall_ports: [ 8080 ]
when: hostvars[item].ansible_host
with_items: "{{ groups['jitsi-service-group'] | default([]) }}"
- name: Jitsi enable API
hosts: jitsi-service-group
become: true
gather_facts: false
pre_tasks:
- name: JVB_OPTS="--apis=rest,xmpp"
shell: |
set -ex
sed -i -e 's/^JVB_OPTS.*/JVB_OPTS="--apis=rest,xmpp"/' /etc/jitsi/videobridge/config
- name: restart jitsi-videobridge2
service:
name: jitsi-videobridge2
state: restarted
- name: Jitsi install Icinga monitoring check
hosts: icinga-service-group
become: true
pre_tasks:
- name: Icinga install command-check_jitsi.conf
copy:
src: command-check_jitsi.conf
dest: /etc/icinga2/conf.d/command-check_jitsi.conf
mode: 0444
# https://exchange.icinga.com/nicolaiB/check_jiitsi https://github.com/nbuchwitz/check_jitsi
- name: install check_jitsi.py
get_url:
url: https://raw.githubusercontent.com/nbuchwitz/check_jitsi/37d38249bb73e594fbd2bb48744e0b8d3d141d3d/check_jitsi.py
dest: /usr/lib/nagios/plugins/check_jitsi
mode: 0555
- name: Icinga for Jitsi
copy:
content: |
apply Service "Jitsi" {
import host.vars.service_template
check_command = "jitsi"
vars.jitsi_port = "8080"
vars.jitsi_mode = "health"
command_endpoint = NodeName
assign where host.vars.jitsi == true
}
dest: /etc/icinga2/zones.d/global-templates/jitsi.conf
- name: Add Jitsi check
blockinfile:
block: |
vars.jitsi = true
path: "/etc/icinga2/zones.d/master/{{ groups['jitsi-service-group'][0] }}/host.conf"
insertbefore: "END OF FILE"
marker: "/* {mark} Jitsi */"
- name: reload icinga2
systemd:
name: icinga2
state: reloaded
enabled: True
changed_when: False

4
playbooks/jitsi/jitsi-playbook.yml

@ -0,0 +1,4 @@
---
- import_playbook: jitsi-server-playbook.yml
- import_playbook: jitsi-monitoring-playbook.yml
when: (groups['icinga-service-group'] | length) > 0

50
playbooks/jitsi/jitsi-server-playbook.yml

@ -0,0 +1,50 @@
---
# https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-quickstart#setup-and-configure-your-firewall
- name: firewall for jitsi
hosts: localhost
gather_facts: false
tasks:
- include_role:
name: firewall
vars:
firewall_server: "{{ item }}"
firewall_clients: [ 0.0.0.0/0 ]
firewall_protocols: [ tcp ]
firewall_ports: [ 80, 443, 4443 ]
when: hostvars[item].ansible_host is defined
with_items: "{{ groups['jitsi-service-group'] | default([]) }}"
- include_role:
name: firewall
vars:
firewall_server: "{{ item }}"
firewall_clients: [ 0.0.0.0/0 ]
firewall_protocols: [ udp ]
firewall_ports: [ 10000 ]
when: hostvars[item].ansible_host is defined
with_items: "{{ groups['jitsi-service-group'] | default([]) }}"
- name: install jitsi DNS entry
hosts: jitsi-service-group
become: true
pre_tasks:
- name: set CNAME
nsupdate:
server: "{{ hostvars['bind-host']['ansible_host'] }}"
zone: "{{ domain }}"
record: "jitsi.{{ domain }}."
ttl: 1800
type: CNAME
value: "{{ item }}.{{ domain }}."
with_items: "{{ groups['jitsi-service-group'] | default([]) }}"
delegate_to: bind-host
- name: Jitsi installation
hosts: jitsi-host
become: true
roles:
- role: jitsi

9
playbooks/jitsi/playbook.yml

@ -0,0 +1,9 @@
---
- import_playbook: ../infrastructure/buster-playbook.yml
- import_playbook: ../infrastructure/network-playbook.yml
- import_playbook: ../firewall/firewall-playbook.yml
- import_playbook: ../icinga/test-icinga-playbook.yml
- import_playbook: ../bind/bind-playbook.yml
- import_playbook: ../bind/bind-client-playbook.yml
- import_playbook: ../icinga/icinga-playbook.yml
- import_playbook: jitsi-playbook.yml

65
playbooks/jitsi/roles/jitsi/defaults/main.yml

@ -0,0 +1,65 @@
---
#
##################################
#
# Start the conference in audio only mode (no video is being received)
#
jitsi_startAudioOnly: 'true'
#
##################################
#
# Require users to always specify a display name
#
jitsi_requireDisplayName: 'true'
#
##################################
#
# Default language for the user interface
#
jitsi_defaultLanguage: 'en'
#
##################################
#
# Enables peer to peer mode. When enabled the system will try to
# establish a direct connection when there are exactly 2 participants
# in the room. If that succeeds the conference will stop sending data
# through the JVB and use the peer to peer connection instead. When a
# 3rd participant joins the conference will be moved back to the JVB
# connection.
#
jitsi_p2p_enabled: 'true'
#
##################################
#
# Sets the preferred resolution (height) for local video
#
jitsi_constraint_video_height_ideal: '720'
jitsi_constraint_video_height_max: '720'
jitsi_constraint_video_height_min: '240'
#
##################################
# DO NOT MODIFY BELOW THIS LINE
##################################
#
# adapted from https://github.com/robertdebock/ansible-role-jitsi/blob/0fdb6371d75cfd10d82b512b916f492b953dc9ae/defaults/main.yml
# You can choose to install different release: `stable`, `testing` or `nightly`.
jitsi_release: stable
# Settings used for the installation of jitsi-meet
jitsi_settings:
- name: jitsi-meet
question: jitsi-meet/cert-choice
value: "Generate a new self-signed certificate (You will later get a chance to obtain a Let's encrypt certificate)"
type: string
- name: jitsi-meet
question: jitsi-meet/jvb-serve
value: yes|bool
type: boolean
- name: jitsi-meet-prosody
question: jitsi-meet-prosody/jvb-hostname
value: "jitsi.{{ domain }}"
type: string
- name: jitsi-videobridge
question: jitsi-videobridge/jvb-hostname
value: "jitsi.{{ domain }}"
type: string

48
playbooks/jitsi/roles/jitsi/tasks/jitsi.yml

@ -0,0 +1,48 @@
# inspired by https://github.com/robertdebock/ansible-role-jitsi/blob/0fdb6371d75cfd10d82b512b916f492b953dc9ae/tasks/main.yml
---
- name: apt-get install apt-transport-https
apt:
name: apt-transport-https
state: present
- name: apt-get install nginx certbot
apt:
name: nginx
state: present
- name: install repository key
apt_key:
url: "https://download.jitsi.org/jitsi-key.gpg.key"
state: present
- name: add repository
apt_repository:
repo: "deb https://download.jitsi.org {{ jitsi_release }}/"
filename: jitsi-{{ jitsi_release }}
state: present
- name: set installer options
debconf:
name: "{{ item.name }}"
question: "{{ item.question }}"
value: "{{ item.value }}"
vtype: "{{ item.type }}"
loop: "{{ jitsi_settings }}"
loop_control:
label: "{{ item.question }}"
- name: install jitsi-meet
package:
name: jitsi-meet
state: present
- name: setup certificate
shell: |
set -ex
echo contact@{{ domain }} | /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh
- name: copy configuration
template:
src: config.js.j2
dest: "/etc/jitsi/meet/jitsi.{{ domain }}-config.js"

2
playbooks/jitsi/roles/jitsi/tasks/main.yml

@ -0,0 +1,2 @@
---
- import_tasks: jitsi.yml

602
playbooks/jitsi/roles/jitsi/templates/config.js.j2

@ -0,0 +1,602 @@
/* eslint-disable no-unused-vars, no-var */
var config = {
// Connection
//
hosts: {
// XMPP domain.
domain: 'jitsi.{{ domain }}',
// When using authentication, domain for guest users.
// anonymousdomain: 'guest.example.com',
// Domain for authenticated users. Defaults to <domain>.
// authdomain: 'jitsi.{{ domain }}',
// Jirecon recording component domain.
// jirecon: 'jirecon.jitsi.{{ domain }}',
// Call control component (Jigasi).
// call_control: 'callcontrol.jitsi.{{ domain }}',
// Focus component domain. Defaults to focus.<domain>.
// focus: 'focus.jitsi.{{ domain }}',
// XMPP MUC domain. FIXME: use XEP-0030 to discover it.
muc: 'conference.jitsi.{{ domain }}'
},
// BOSH URL. FIXME: use XEP-0156 to discover it.
bosh: '//jitsi.{{ domain }}/http-bind',
// Websocket URL
// websocket: 'wss://jitsi.{{ domain }}/xmpp-websocket',
// The name of client node advertised in XEP-0115 'c' stanza
clientNode: 'http://jitsi.org/jitsimeet',
// The real JID of focus participant - can be overridden here
// focusUserJid: 'focus@auth.jitsi.{{ domain }}',
// Testing / experimental features.
//
testing: {
// Disables the End to End Encryption feature. Useful for debugging
// issues related to insertable streams.
// disableE2EE: false,
// P2P test mode disables automatic switching to P2P when there are 2
// participants in the conference.
p2pTestMode: false
// Enables the test specific features consumed by jitsi-meet-torture
// testMode: false
// Disables the auto-play behavior of *all* newly created video element.
// This is useful when the client runs on a host with limited resources.
// noAutoPlayVideo: false
// Enable / disable 500 Kbps bitrate cap on desktop tracks. When enabled,
// simulcast is turned off for the desktop share. If presenter is turned
// on while screensharing is in progress, the max bitrate is automatically
// adjusted to 2.5 Mbps. This takes a value between 0 and 1 which determines
// the probability for this to be enabled.
// capScreenshareBitrate: 1 // 0 to disable
},
// Disables ICE/UDP by filtering out local and remote UDP candidates in
// signalling.
// webrtcIceUdpDisable: false,
// Disables ICE/TCP by filtering out local and remote TCP candidates in
// signalling.
// webrtcIceTcpDisable: false,
// Media
//
// Audio
// Disable measuring of audio levels.
// disableAudioLevels: false,
// audioLevelsInterval: 200,
// Enabling this will run the lib-jitsi-meet no audio detection module which
// will notify the user if the current selected microphone has no audio
// input and will suggest another valid device if one is present.
enableNoAudioDetection: true,
// Enabling this will run the lib-jitsi-meet noise detection module which will
// notify the user if there is noise, other than voice, coming from the current
// selected microphone. The purpose it to let the user know that the input could
// be potentially unpleasant for other meeting participants.
enableNoisyMicDetection: true,
// Start the conference in audio only mode (no video is being received nor
// sent).
startAudioOnly: {{ jitsi_startAudioOnly }},
// Every participant after the Nth will start audio muted.
// startAudioMuted: 10,
// Start calls with audio muted. Unlike the option above, this one is only
// applied locally. FIXME: having these 2 options is confusing.
// startWithAudioMuted: false,
// Enabling it (with #params) will disable local audio output of remote
// participants and to enable it back a reload is needed.
// startSilent: false
// Sets the preferred target bitrate for the Opus audio codec by setting its
// 'maxaveragebitrate' parameter. Currently not available in p2p mode.
// Valid values are in the range 6000 to 510000
// opusMaxAvgBitrate: 20000,
// Video
// Sets the preferred resolution (height) for local video. Defaults to 720.
// resolution: 720,
// w3c spec-compliant video constraints to use for video capture. Currently
// used by browsers that return true from lib-jitsi-meet's
// util#browser#usesNewGumFlow. The constraints are independent from
// this config's resolution value. Defaults to requesting an ideal
// resolution of 720p.
constraints: {
video: {
height: {
ideal: {{ jitsi_constraint_video_height_ideal }},
max: {{ jitsi_constraint_video_height_max }},
min: {{ jitsi_constraint_video_height_min }}
}
}
},
// Enable / disable simulcast support.
// disableSimulcast: false,
// Enable / disable layer suspension. If enabled, endpoints whose HD
// layers are not in use will be suspended (no longer sent) until they
// are requested again.
// enableLayerSuspension: false,
// Every participant after the Nth will start video muted.
// startVideoMuted: 10,
// Start calls with video muted. Unlike the option above, this one is only
// applied locally. FIXME: having these 2 options is confusing.
// startWithVideoMuted: false,
// If set to true, prefer to use the H.264 video codec (if supported).
// Note that it's not recommended to do this because simulcast is not
// supported when using H.264. For 1-to-1 calls this setting is enabled by
// default and can be toggled in the p2p section.
// preferH264: true,
// If set to true, disable H.264 video codec by stripping it out of the
// SDP.
// disableH264: false,
// Desktop sharing
// Optional desktop sharing frame rate options. Default value: min:5, max:5.
// desktopSharingFrameRate: {
// min: 5,
// max: 5
// },
// Try to start calls with screen-sharing instead of camera video.
// startScreenSharing: false,
// Recording
// Whether to enable file recording or not.
// fileRecordingsEnabled: false,
// Enable the dropbox integration.
// dropbox: {
// appKey: '<APP_KEY>' // Specify your app key here.
// // A URL to redirect the user to, after authenticating
// // by default uses:
// // 'https://jitsi.{{ domain }}/static/oauth.html'
// redirectURI:
// 'https://jitsi.{{ domain }}/subfolder/static/oauth.html'
// },
// When integrations like dropbox are enabled only that will be shown,
// by enabling fileRecordingsServiceEnabled, we show both the integrations
// and the generic recording service (its configuration and storage type
// depends on jibri configuration)
// fileRecordingsServiceEnabled: false,
// Whether to show the possibility to share file recording with other people
// (e.g. meeting participants), based on the actual implementation
// on the backend.
// fileRecordingsServiceSharingEnabled: false,
// Whether to enable live streaming or not.
// liveStreamingEnabled: false,
// Transcription (in interface_config,
// subtitles and buttons can be configured)
// transcribingEnabled: false,
// Enables automatic turning on captions when recording is started
// autoCaptionOnRecord: false,
// Misc
// Default value for the channel "last N" attribute. -1 for unlimited.
channelLastN: -1,
// // Options for the recording limit notification.
// recordingLimit: {
//
// // The recording limit in minutes. Note: This number appears in the notification text
// // but doesn't enforce the actual recording time limit. This should be configured in
// // jibri!
// limit: 60,
//
// // The name of the app with unlimited recordings.
// appName: 'Unlimited recordings APP',
//
// // The URL of the app with unlimited recordings.
// appURL: 'https://unlimited.recordings.app.com/'
// },
// Disables or enables RTX (RFC 4588) (defaults to false).
// disableRtx: false,
// Disables or enables TCC (the default is in Jicofo and set to true)
// (draft-holmer-rmcat-transport-wide-cc-extensions-01). This setting
// affects congestion control, it practically enables send-side bandwidth
// estimations.
// enableTcc: true,
// Disables or enables REMB (the default is in Jicofo and set to false)
// (draft-alvestrand-rmcat-remb-03). This setting affects congestion
// control, it practically enables recv-side bandwidth estimations. When
// both TCC and REMB are enabled, TCC takes precedence. When both are
// disabled, then bandwidth estimations are disabled.
// enableRemb: false,
// Enables ICE restart logic in LJM and displays the page reload overlay on
// ICE failure. Current disabled by default because it's causing issues with
// signaling when Octo is enabled. Also when we do an "ICE restart"(which is
// not a real ICE restart), the client maintains the TCC sequence number
// counter, but the bridge resets it. The bridge sends media packets with
// TCC sequence numbers starting from 0.
// enableIceRestart: false,
// Defines the minimum number of participants to start a call (the default
// is set in Jicofo and set to 2).
// minParticipants: 2,
// Use the TURN servers discovered via XEP-0215 for the jitsi-videobridge
// connection
// useStunTurn: true,
// Use TURN/UDP servers for the jitsi-videobridge connection (by default
// we filter out TURN/UDP because it is usually not needed since the
// bridge itself is reachable via UDP)
// useTurnUdp: false
// Enables / disables a data communication channel with the Videobridge.
// Values can be 'datachannel', 'websocket', true (treat it as
// 'datachannel'), undefined (treat it as 'datachannel') and false (don't
// open any channel).
// openBridgeChannel: true,
// UI
//
// Require users to always specify a display name.
requireDisplayName: {{ jitsi_requireDisplayName }},
// Whether to use a welcome page or not. In case it's false a random room
// will be joined when no room is specified.
enableWelcomePage: true,
// Enabling the close page will ignore the welcome page redirection when
// a call is hangup.
// enableClosePage: false,
// Disable hiding of remote thumbnails when in a 1-on-1 conference call.
// disable1On1Mode: false,
// Default language for the user interface.
defaultLanguage: '{{ jitsi_defaultLanguage }}',
// If true all users without a token will be considered guests and all users
// with token will be considered non-guests. Only guests will be allowed to
// edit their profile.
enableUserRolesBasedOnToken: false,
// Whether or not some features are checked based on token.
// enableFeaturesBasedOnToken: false,
// Enable lock room for all moderators, even when userRolesBasedOnToken is enabled and participants are guests.
// lockRoomGuestEnabled: false,
// When enabled the password used for locking a room is restricted to up to the number of digits specified
// roomPasswordNumberOfDigits: 10,
// default: roomPasswordNumberOfDigits: false,
// Message to show the users. Example: 'The service will be down for
// maintenance at 01:00 AM GMT,
// noticeMessage: '',
// Enables calendar integration, depends on googleApiApplicationClientID
// and microsoftApiApplicationClientID
// enableCalendarIntegration: false,
// When 'true', it shows an intermediate page before joining, where the user can configure their devices.
// prejoinPageEnabled: false,
// If true, shows the unsafe room name warning label when a room name is
// deemed unsafe (due to the simplicity in the name) and a password is not
// set or the lobby is not enabled.
// enableInsecureRoomNameWarning: false,
// Stats
//
// Whether to enable stats collection or not in the TraceablePeerConnection.
// This can be useful for debugging purposes (post-processing/analysis of
// the webrtc stats) as it is done in the jitsi-meet-torture bandwidth
// estimation tests.
// gatherStats: false,
// The interval at which PeerConnection.getStats() is called. Defaults to 10000
// pcStatsInterval: 10000,
// To enable sending statistics to callstats.io you must provide the
// Application ID and Secret.
// callStatsID: '',
// callStatsSecret: '',
// Enables sending participants' display names to callstats
// enableDisplayNameInStats: false,
// Enables sending participants' emails (if available) to callstats and other analytics
// enableEmailInStats: false,
// Privacy
//
// If third party requests are disabled, no other server will be contacted.
// This means avatars will be locally generated and callstats integration
// will not function.
disableThirdPartyRequests: true,
// Peer-To-Peer mode: used (if enabled) when there are just 2 participants.
//
p2p: {
// Enables peer to peer mode. When enabled the system will try to
// establish a direct connection when there are exactly 2 participants
// in the room. If that succeeds the conference will stop sending data
// through the JVB and use the peer to peer connection instead. When a
// 3rd participant joins the conference will be moved back to the JVB
// connection.
enabled: {{ jitsi_p2p_enabled }},
// Use XEP-0215 to fetch STUN and TURN servers.
// useStunTurn: true,
// The STUN servers that will be used in the peer to peer connections
stunServers: [
// { urls: 'stun:jitsi.{{ domain }}:3478' },
{ urls: 'stun:meet-jit-si-turnrelay.jitsi.net:443' }
]
// Sets the ICE transport policy for the p2p connection. At the time
// of this writing the list of possible values are 'all' and 'relay',
// but that is subject to change in the future. The enum is defined in
// the WebRTC standard:
// https://www.w3.org/TR/webrtc/#rtcicetransportpolicy-enum.
// If not set, the effective value is 'all'.
// iceTransportPolicy: 'all',
// If set to true, it will prefer to use H.264 for P2P calls (if H.264
// is supported).
// preferH264: true
// If set to true, disable H.264 video codec by stripping it out of the
// SDP.
// disableH264: false,
// How long we're going to wait, before going back to P2P after the 3rd
// participant has left the conference (to filter out page reload).
// backToP2PDelay: 5
},
analytics: {
// The Google Analytics Tracking ID:
// googleAnalyticsTrackingId: 'your-tracking-id-UA-123456-1'
// Matomo configuration:
// matomoEndpoint: 'https://your-matomo-endpoint/',
// matomoSiteID: '42',
// The Amplitude APP Key:
// amplitudeAPPKey: '<APP_KEY>'
// Configuration for the rtcstats server:
// In order to enable rtcstats one needs to provide a endpoint url.
// rtcstatsEndpoint: wss://rtcstats-server-pilot.jitsi.net/,
// The interval at which rtcstats will poll getStats, defaults to 1000ms.
// If the value is set to 0 getStats won't be polled and the rtcstats client
// will only send data related to RTCPeerConnection events.
// rtcstatsPolIInterval: 1000
// Array of script URLs to load as lib-jitsi-meet "analytics handlers".
// scriptURLs: [
// "libs/analytics-ga.min.js", // google-analytics
// "https://example.com/my-custom-analytics.js"
// ],
},
// Information about the jitsi-meet instance we are connecting to, including
// the user region as seen by the server.
deploymentInfo: {
// shard: "shard1",
// region: "europe",
// userRegion: "asia"
},
// Decides whether the start/stop recording audio notifications should play on record.
// disableRecordAudioNotification: false,
// Information for the chrome extension banner
// chromeExtensionBanner: {
// // The chrome extension to be installed address
// url: 'https://chrome.google.com/webstore/detail/jitsi-meetings/kglhbbefdnlheedjiejgomgmfplipfeb',
// // Extensions info which allows checking if they are installed or not
// chromeExtensionsInfo: [
// {
// id: 'kglhbbefdnlheedjiejgomgmfplipfeb',
// path: 'jitsi-logo-48x48.png'
// }
// ]
// },
// Local Recording
//
// localRecording: {
// Enables local recording.
// Additionally, 'localrecording' (all lowercase) needs to be added to
// TOOLBAR_BUTTONS in interface_config.js for the Local Recording
// button to show up on the toolbar.
//
// enabled: true,
//
// The recording format, can be one of 'ogg', 'flac' or 'wav'.
// format: 'flac'
//
// },
// Options related to end-to-end (participant to participant) ping.
// e2eping: {
// // The interval in milliseconds at which pings will be sent.
// // Defaults to 10000, set to <= 0 to disable.
// pingInterval: 10000,
//
// // The interval in milliseconds at which analytics events
// // with the measured RTT will be sent. Defaults to 60000, set
// // to <= 0 to disable.
// analyticsInterval: 60000,
// },
// If set, will attempt to use the provided video input device label when
// triggering a screenshare, instead of proceeding through the normal flow
// for obtaining a desktop stream.
// NOTE: This option is experimental and is currently intended for internal
// use only.
// _desktopSharingSourceDevice: 'sample-id-or-label',
// If true, any checks to handoff to another application will be prevented
// and instead the app will continue to display in the current browser.
// disableDeepLinking: false,
// A property to disable the right click context menu for localVideo
// the menu has option to flip the locally seen video for local presentations
// disableLocalVideoFlip: false,
// Mainly privacy related settings
// Disables all invite functions from the app (share, invite, dial out...etc)
// disableInviteFunctions: true,
// Disables storing the room name to the recents list
// doNotStoreRoom: true,
// Deployment specific URLs.
// deploymentUrls: {
// // If specified a 'Help' button will be displayed in the overflow menu with a link to the specified URL for
// // user documentation.
// userDocumentationURL: 'https://docs.example.com/video-meetings.html',
// // If specified a 'Download our apps' button will be displayed in the overflow menu with a link
// // to the specified URL for an app download page.
// downloadAppsUrl: 'https://docs.example.com/our-apps.html'
// },
// Options related to the remote participant menu.
// remoteVideoMenu: {
// // If set to true the 'Kick out' button will be disabled.
// disableKick: true
// },
// If set to true all muting operations of remote participants will be disabled.
// disableRemoteMute: true,
/**
External API url used to receive branding specific information.
If there is no url set or there are missing fields, the defaults are applied.
None of the fields are mandatory and the response must have the shape:
{
// The hex value for the colour used as background
backgroundColor: '#fff',
// The url for the image used as background
backgroundImageUrl: 'https://example.com/background-img.png',
// The anchor url used when clicking the logo image
logoClickUrl: 'https://example-company.org',
// The url used for the image used as logo
logoImageUrl: 'https://example.com/logo-img.png'
}
*/
// brandingDataUrl: '',
// The URL of the moderated rooms microservice, if available. If it
// is present, a link to the service will be rendered on the welcome page,
// otherwise the app doesn't render it.
// moderatedRoomServiceUrl: 'https://moderated.jitsi.{{ domain }}',
// List of undocumented settings used in jitsi-meet
/**
_immediateReloadThreshold
autoRecord
autoRecordToken
debug
debugAudioLevels
deploymentInfo
dialInConfCodeUrl
dialInNumbersUrl
dialOutAuthUrl
dialOutCodesUrl
disableRemoteControl
displayJids
etherpad_base
externalConnectUrl
firefox_fake_device
googleApiApplicationClientID
iAmRecorder
iAmSipGateway
microsoftApiApplicationClientID
peopleSearchQueryTypes
peopleSearchUrl
requireDisplayName
tokenAuthUrl
*/
// List of undocumented settings used in lib-jitsi-meet
/**
_peerConnStatusOutOfLastNTimeout
_peerConnStatusRtcMuteTimeout
abTesting
avgRtpStatsN
callStatsConfIDNamespace
callStatsCustomScriptUrl
desktopSharingSources
disableAEC
disableAGC
disableAP
disableHPF
disableNS
enableLipSync
enableTalkWhileMuted
forceJVB121Ratio
hiddenDomain
ignoreStartMuted
nick
startBitrate
*/
// Allow all above example options to include a trailing comma and
// prevent fear when commenting out the last value.
makeJsonParserHappy: 'even if last key had a trailing comma'
// no configuration value should follow this line.
};
/* eslint-enable no-unused-vars, no-var */

13
playbooks/jitsi/tests/test_icinga.py

@ -0,0 +1,13 @@
from tests.icinga_helper import IcingaHelper
testinfra_hosts = ['ansible://icinga-host']
class TestChecks(IcingaHelper):
def test_host(self):
r = self.get_client().objects.get('Host', 'jitsi-host')
assert r['attrs']['name'] == 'jitsi-host'
def test_service(self, host):
assert self.is_service_ok('jitsi-host!Jitsi')

2
tox.ini

@ -23,7 +23,7 @@ commands = flake8 {posargs}
#
# Integration tests
#
[testenv:{infrastructure,bind,authorized_keys,backup,certificate,postfix,icinga,openvpn,wekan,misc,pad,firewall,gitlab,api,wazuh,weblate,website,chat,cloud,enough,forum,packages,securedrop}]
[testenv:{infrastructure,bind,authorized_keys,backup,certificate,postfix,icinga,openvpn,wekan,misc,pad,firewall,gitlab,api,wazuh,weblate,website,chat,cloud,enough,forum,packages,securedrop,jitsi}]
passenv =
ENOUGH_API_TOKEN
PYTEST_ADDOPTS

Loading…
Cancel
Save