271 lines
10 KiB
YAML
271 lines
10 KiB
YAML
---
|
|
- hosts: 127.0.0.1
|
|
connection: local
|
|
vars:
|
|
bundle: /opt/greenlight/.gem/ruby/2.5.0/bin/bundle
|
|
tasks:
|
|
- name: add PPA for bigbluebutton support packages
|
|
apt_repository:
|
|
repo: ppa:bigbluebutton/support
|
|
- name: add PPA for yq
|
|
apt_repository:
|
|
repo: ppa:rmescandon/yq
|
|
- name: add PPA for libreoffice
|
|
apt_repository:
|
|
repo: ppa:libreoffice/ppa
|
|
- name: add GPG key for MongoDB
|
|
apt_key:
|
|
url: https://www.mongodb.org/static/pgp/server-3.4.asc
|
|
- name: add repo for MongoDB
|
|
apt_repository:
|
|
repo: "deb [arch=amd64] http://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.4 multiverse"
|
|
filename: mongodb-org-3.4
|
|
- name: add GPG key for Nodesource
|
|
apt_key:
|
|
url: https://deb.nodesource.com/gpgkey/nodesource.gpg.key
|
|
- name: add repo for Nodesource
|
|
apt_repository:
|
|
repo: deb https://deb.nodesource.com/node_8.x xenial main
|
|
filename: nodesource
|
|
- name: add GPG key for bigbluebutton
|
|
apt_key:
|
|
url: https://ubuntu.bigbluebutton.org/repo/bigbluebutton.asc
|
|
- name: add repo for bigbluebutton
|
|
apt_repository:
|
|
repo: deb https://ubuntu.bigbluebutton.org/xenial-22/ bigbluebutton-xenial main
|
|
filename: bigbluebutton
|
|
- name: add GPG key for Brightbox ruby-ng
|
|
apt_key:
|
|
keyserver: keyserver.ubuntu.com
|
|
id: 80F70E11F0F0D5F10CB20E62F5DA5F09C3173AA6
|
|
- name: add repo for Brightbox ruby-ng
|
|
apt_repository:
|
|
repo: deb http://ppa.launchpad.net/brightbox/ruby-ng/ubuntu xenial main
|
|
filename: brightbox.ruby-ng
|
|
- name: add GPG key for CSC
|
|
apt_key:
|
|
url: http://debian.csclub.uwaterloo.ca/csclub.asc
|
|
- name: add CSC Debian repo
|
|
apt_repository:
|
|
repo: deb http://debian.csclub.uwaterloo.ca xenial main
|
|
filename: csclub
|
|
- name: update apt cache
|
|
apt:
|
|
update_cache: true
|
|
- name: install apt-transport-https
|
|
apt:
|
|
name: apt-transport-https
|
|
state: latest
|
|
- name: install curl
|
|
apt:
|
|
name: curl
|
|
state: latest
|
|
- name: install MongoDB
|
|
apt:
|
|
name: mongodb-org
|
|
state: latest
|
|
- name: install nodejs
|
|
apt:
|
|
# consider apt pinning this to version 8
|
|
name: nodejs
|
|
state: latest
|
|
- name: install bigbluebutton
|
|
apt:
|
|
name: bigbluebutton
|
|
state: latest
|
|
- name: install bbb-html5
|
|
apt:
|
|
name: bbb-html5
|
|
state: latest
|
|
- name: install ruby2.5
|
|
apt:
|
|
name: ruby2.5
|
|
state: latest
|
|
- name: install greenlight
|
|
apt:
|
|
name: greenlight
|
|
state: latest
|
|
- name: set BBB hostname
|
|
# We should only need to do this once. Make sure to remove
|
|
# /tmp/bbb-setip-done if the FQDN changes for whatever reason.
|
|
shell: 'bbb-conf --setip {{ ansible_fqdn }} && touch /tmp/bbb-setip-done'
|
|
args:
|
|
creates: /tmp/bbb-setip-done
|
|
# Make sure to place the certificate and key in this directory,
|
|
# and run `chmod 0600` on the key
|
|
- name: create SSL directory
|
|
file:
|
|
path: /etc/nginx/ssl
|
|
state: directory
|
|
- name: create Diffie-Hellman params
|
|
command:
|
|
cmd: openssl dhparam -out /etc/nginx/ssl/dhp-4096.pem 4096
|
|
creates: /etc/nginx/ssl/dhp-4096.pem
|
|
- name: update NGINX config
|
|
copy:
|
|
src: '{{ playbook_dir }}/bigbluebutton.nginx'
|
|
dest: /etc/nginx/sites-available/bigbluebutton
|
|
- name: update SIP config to use HTTPS
|
|
replace:
|
|
path: /etc/bigbluebutton/nginx/sip.nginx
|
|
regexp: '^(\s*)proxy_pass http://(.*):5066;$'
|
|
replace: '\1proxy_pass https://\2:7443;'
|
|
- name: configure BBB to load session via HTTPS (1)
|
|
replace:
|
|
path: /usr/share/bbb-web/WEB-INF/classes/bigbluebutton.properties
|
|
regexp: 'http://'
|
|
replace: 'https://'
|
|
- name: configure BBB to load session via HTTPS (2)
|
|
replace:
|
|
path: /usr/share/red5/webapps/screenshare/WEB-INF/screenshare.properties
|
|
regexp: 'http://'
|
|
replace: 'https://'
|
|
- name: configure BBB to load session via HTTPS (3)
|
|
replace:
|
|
path: /usr/share/meteor/bundle/programs/server/assets/app/config/settings.yml
|
|
regexp: 'ws://'
|
|
replace: 'wss://'
|
|
- name: configure BBB to load session via HTTPS (4)
|
|
replace:
|
|
path: /usr/share/meteor/bundle/programs/server/assets/app/config/settings.yml
|
|
regexp: 'http://'
|
|
replace: 'https://'
|
|
- name: configure BBB to load session via HTTPS (5)
|
|
replace:
|
|
path: /usr/local/bigbluebutton/core/scripts/bigbluebutton.yml
|
|
regexp: '^playback_protocol: http$'
|
|
replace: 'playback_protocol: https'
|
|
- name: configure BBB to support IPv6
|
|
copy:
|
|
dest: /etc/nginx/conf.d/bigbluebutton_sip_addr_map.conf
|
|
content: |
|
|
map $remote_addr $freeswitch_addr {
|
|
"~:" [{{ ansible_default_ipv6.address }}];
|
|
default {{ ansible_default_ipv4.address }};
|
|
}
|
|
- name: update SIP config to support IPv6 (1)
|
|
replace:
|
|
path: /etc/bigbluebutton/nginx/sip.nginx
|
|
regexp: '^(\s*)proxy_pass https://(.*):7443;$'
|
|
replace: '\1proxy_pass https://$freeswitch_addr:7443;'
|
|
- name: update SIP config to support IPv6 (2)
|
|
replace:
|
|
path: /opt/freeswitch/etc/freeswitch/sip_profiles/external-ipv6.xml
|
|
regexp: '^(\s*)<!--\s*<param name="enable-3pcc" value="true"/>\s*-->$'
|
|
replace: '\1<param name="enable-3pcc" value="true"/>'
|
|
- name: increase file number limit for bbb-web
|
|
replace:
|
|
path: /lib/systemd/system/bbb-web.service
|
|
regexp: '^LimitNOFILE=\d+$'
|
|
replace: 'LimitNOFILE=8192'
|
|
notify:
|
|
- reload systemd
|
|
- name: disable recording
|
|
replace:
|
|
path: /usr/share/bbb-web/WEB-INF/classes/bigbluebutton.properties
|
|
regexp: '^{{ item.key }}=.*$'
|
|
replace: '{{ item.key }}={{ item.value }}'
|
|
with_dict:
|
|
disableRecordingDefault: 'true'
|
|
allowStartStopRecording: 'false'
|
|
- name: turn off certain sound effects
|
|
replace:
|
|
path: /opt/freeswitch/etc/freeswitch/autoload_configs/conference.conf.xml
|
|
regexp: '^(\s*){{ item }}$'
|
|
replace: '\1<!-- {{ item }} -->'
|
|
loop:
|
|
- '<param name="muted-sound" value="conference/conf-muted.wav"/>'
|
|
- '<param name="unmuted-sound" value="conference/conf-unmuted.wav"/>'
|
|
- '<param name="alone-sound" value="conference/conf-alone.wav"/>'
|
|
- name: skip echo test
|
|
replace:
|
|
path: /usr/share/meteor/bundle/programs/server/assets/app/config/settings.yml
|
|
regexp: '^(\s*)skipCheck: false$'
|
|
replace: '\1skipCheck: true'
|
|
- name: increase maximum number of breakout rooms
|
|
replace:
|
|
path: /usr/share/meteor/bundle/programs/server/assets/app/config/settings.yml
|
|
regexp: '^(\s*)breakoutRoomLimit: \d+$'
|
|
replace: '\1breakoutRoomLimit: 16'
|
|
- name: use custom STUN servers
|
|
copy:
|
|
src: '{{ playbook_dir }}/turn-stun-servers.xml'
|
|
dest: /usr/share/bbb-web/WEB-INF/classes/spring/turn-stun-servers.xml
|
|
- name: update FreeSWITCH to listen for connections on external IP (1)
|
|
replace:
|
|
path: /opt/freeswitch/conf/vars.xml
|
|
regexp: '^(\s*)<X-PRE-PROCESS cmd="set" data="external_{{ item }}_ip=.*"/>$'
|
|
replace: '\1<X-PRE-PROCESS cmd="set" data="external_{{ item }}_ip={{ ansible_default_ipv4.address }}"/>'
|
|
loop:
|
|
- 'rtp'
|
|
- 'sip'
|
|
- name: update FreeSWITCH to listen for connections on external IP (2)
|
|
replace:
|
|
path: /opt/freeswitch/conf/sip_profiles/external.xml
|
|
regexp: '^(\s*)<param name="ext-{{ item }}-ip" value=".*"/>$'
|
|
replace: '\1<param name="ext-{{ item }}-ip" value="$${external_{{ item }}_ip}"/>'
|
|
loop:
|
|
- 'rtp'
|
|
- 'sip'
|
|
- name: install bundler for greenlight
|
|
become: yes
|
|
become_user: greenlight
|
|
command: gem install --user-install bundler
|
|
args:
|
|
creates: '{{ bundle }}'
|
|
- name: configure NGINX to route to Greenlight
|
|
copy:
|
|
src: /opt/greenlight/greenlight.nginx
|
|
dest: /etc/bigbluebutton/nginx/greenlight.nginx
|
|
- name: create secret key for Rails
|
|
become: yes
|
|
become_user: greenlight
|
|
shell: '{{ bundle }} exec rake secret | tee /opt/greenlight/rake_secret'
|
|
args:
|
|
creates: /opt/greenlight/rake_secret
|
|
- name: obtain BBB API secret
|
|
shell: "bbb-conf --secret | grep -oP 'Secret: \\K[[:alnum:]]+'"
|
|
register: api_secret
|
|
- name: create .env file for greenlight
|
|
copy:
|
|
src: /opt/greenlight/sample.env
|
|
dest: /opt/greenlight/.env
|
|
force: no
|
|
owner: greenlight
|
|
group: greenlight
|
|
- name: update .env file for greenlight
|
|
replace:
|
|
path: /opt/greenlight/.env
|
|
regexp: '^{{ item.key }}=.*$'
|
|
replace: '{{ item.key }}={{ item.value }}'
|
|
with_dict:
|
|
SECRET_KEY_BASE: "{{ lookup('file', '/opt/greenlight/rake_secret') }}"
|
|
BIGBLUEBUTTON_ENDPOINT: 'https://{{ ansible_fqdn }}/bigbluebutton/'
|
|
BIGBLUEBUTTON_SECRET: '{{ api_secret.stdout }}'
|
|
SAFE_HOSTS: '{{ ansible_fqdn }}'
|
|
LDAP_SERVER: auth1.csclub.uwaterloo.ca
|
|
LDAP_PORT: '636'
|
|
LDAP_METHOD: 'ssl'
|
|
LDAP_UID: 'uid'
|
|
LDAP_BASE: 'dc=csclub,dc=uwaterloo,dc=ca'
|
|
LDAP_AUTH: 'user'
|
|
# make sure to create a role in Greenlight called "sysadmin"
|
|
LDAP_ROLE_FIELD: 'position'
|
|
ALLOW_GREENLIGHT_ACCOUNTS: 'false'
|
|
DEFAULT_REGISTRATION: open
|
|
ROOM_FEATURES: 'mute-on-join,require-moderator-approval'
|
|
DB_ADAPTER: postgresql
|
|
DB_HOST: coffee.csclub.uwaterloo.ca
|
|
DB_PORT: 5432
|
|
DB_NAME: greenlight
|
|
DB_USERNAME: greenlight
|
|
- name: reminder for DB credentials
|
|
debug:
|
|
msg: >-
|
|
Make sure to create a database and user for greenlight and
|
|
update /opt/greenlight/.env with the Postgres credentials.
|
|
|
|
handlers:
|
|
- name: reload systemd
|
|
command: systemctl daemon-reload
|