Initial commit, coturn 4.6 image

CHANGELOG.md

@@ -0,0 +1,5 @@
+## Changelog
+
+### 0.1.0
+
+* Adds coturn 4.6

LICENSE

@@ -0,0 +1,19 @@
+MIT License Copyright (c) 2022 Jan Beilicke <dev@jotbe.io>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is furnished
+to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice (including the next
+paragraph) shall be included in all copies or substantial portions of the
+Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS
+OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF
+OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

README.md

@@ -0,0 +1,46 @@
+coturn TURN/STUN server (Docker-Compose)
+========================================
+
+A [coturn TURN/STUN server](https://github.com/coturn/coturn) server that can be run behind [Traefik](https://traefik.io).
+
+Requirements
+------------
+
+- Ansible (implemented and tested with core 2.12.4, Python 3.9.10)
+- Ubuntu or Debian server
+- [Docker Engine](https://docs.docker.com/install/) + [Docker Compose](https://docs.docker.com/compose/install/)
+- Traefik
+
+Role Variables
+--------------
+
+For a documentation of the correspoding coturn server specific variables, have a look here: <https://github.com/coturn/coturn/blob/master/README.turnserver>
+
+Some variables are commented out in the Docker Compose template and are usually not needed.
+
+| Variable    | Description                                                     |
+|-------------|-----------------------------------------------------------------|
+| docker_user | The user who is going to manage/run the Docker Compose services |
+| coturn_virtual_host | eg. turn.example.org |
+| coturn_external_ip | |
+| coturn_static_auth_secret |  |
+| coturn_listening_port | |
+| coturn_listening_port_tls |  |
+| coturn_min_port | |
+| coturn_max_port | |
+
+Dependencies
+------------
+
+Example Playbook
+----------------
+
+License
+-------
+
+MIT
+
+Author Information
+------------------
+
+This role was created in 2022 by [Jan Beilicke](https://jotbe.io).

defaults/main.yml

@@ -0,0 +1,11 @@
+---
+# defaults file for coturn
+docker_user: deploy
+
+#coturn_virtual_host: turn.example.org
+coturn_external_ip: "{{ ansible_host }}"
+#coturn_static_auth_secret: 
+coturn_listening_port: "3478"
+coturn_listening_port_tls: "5349"
+coturn_min_port: "49160"
+coturn_max_port: "49200"

meta/main.yml

@@ -0,0 +1,43 @@
+galaxy_info:
+  author: Jan Beilicke
+  description: Dockerized coturn TURN server behind Traefik
+
+  #issue_tracker_url: https://git.jotbe.io/jotbe/ansible-role-coturn-docker/issues
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: MIT
+
+  min_ansible_version: 2.9
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  platforms:
+  - name: Debian
+    versions:
+    - all
+  - name: Ubuntu
+    versions:
+    - all
+
+  galaxy_tags:
+    - docker
+    - traefik
+    - turn
+    - videoconferencing
+
+dependencies: []
+  # - geerlingguy.pip
+  # - geerlingguy.docker

tasks/main.yml

@@ -0,0 +1,70 @@
+---
+# tasks file for coturn
+- name: Ensure coturn Docker Compose config directory exists
+  file:
+    path: /home/{{ docker_user }}/coturn
+    state: directory
+    owner: '{{ docker_user }}'
+    group: '{{ docker_user }}'
+  tags: config
+
+- name: "Teardown: Remove coturn runtime config"
+  file:
+    path: /home/{{ docker_user }}/coturn/conf
+    state: absent
+  tags: ['never', 'teardown']
+
+- name: Ensure coturn config directory exists
+  file:
+    path: /home/{{ docker_user }}/coturn/conf
+    state: directory
+    owner: '{{ docker_user }}'
+    group: '{{ docker_user }}'
+  tags: config
+
+- name: Provide docker-compose.yml
+  template:
+    src: templates/docker-compose.coturn.yml.j2
+    dest: /home/{{ docker_user }}/coturn/docker-compose.yml
+    owner: "{{ docker_user }}"
+    group: "{{ docker_user }}"
+    mode: '0644'
+  tags: config
+
+- name: Output docker-compose.yml
+  shell: cat /home/{{ docker_user }}/coturn/docker-compose.yml
+  register: output
+  tags: config
+
+- debug:
+    var: output
+
+- name: Provide coturn env vars
+  template:
+    src: templates/env.coturn.j2
+    dest: /home/{{ docker_user }}/coturn/.env
+    owner: "{{ docker_user }}"
+    group: "{{ docker_user }}"
+    mode: '0640'
+  tags: config
+
+- name: "docker-compose: Teardown existing coturn service"
+  docker_compose:
+    project_src: "/home/{{ docker_user }}/coturn/"
+    state: absent
+  tags: ['never', 'teardown']
+
+- name: "docker-compose: Bootstrap coturn service"
+  docker_compose:
+    project_src: "/home/{{ docker_user }}/coturn/"
+    pull: yes
+  register: output
+
+- debug:
+    var: output
+
+- assert:
+    that:
+      - "output.services['coturn']['coturn_coturn_1'].state.running"
+
+# TODO: Test availability of the service

templates/docker-compose.coturn.yml.j2

@@ -0,0 +1,42 @@
+version: "3.7"
+
+services:
+  coturn:
+    image: coturn/coturn:4.6
+    restart: unless-stopped
+    ports:
+      - "${LISTENING_PORT}:${LISTENING_PORT}"
+      #- "${LISTENING_PORT_TLS}:${LISTENING_PORT_TLS}"
+      - "${MIN_PORT}-${MAX_PORT}:${MIN_PORT}-${MAX_PORT}/udp"
+    command:
+      - "--realm=${COTURN_VIRTUAL_HOST}"
+      #- "--server-name=turn-server"
+      - "--fingerprint"
+      - "--listening-ip=0.0.0.0"
+      - "--external-ip=${EXTERNAL_IP}"
+      #- "--relay-ip=${EXTERNAL_IP}"
+      - "--listening-port=${LISTENING_PORT}"
+      - "--min-port=${MIN_PORT}"
+      - "--max-port=${MAX_PORT}"
+      - "--log-file=stdout"
+      #- "--tls-listening-port=${LISTENING_PORT_TLS}"
+      - "--use-auth-secret"
+      - "--static-auth-secret=${STATIC_AUTH_SECRET}"
+      - "--verbose"
+    labels:
+      traefik.enable: true
+      traefik.port: ${LISTENING_PORT}
+      traefik.http.routers.turn-server.tls: true
+      traefik.http.routers.turn-server.rule: Host(`${COTURN_VIRTUAL_HOST}`)
+      traefik.http.routers.turn-server.entrypoints: websecure
+      traefik.http.routers.turn-server.tls.certresolver: defaultresolver
+      #traefik.udp.routers.turn-server-udp.entrypoints: turn-udp
+      #traefik.udp.routers.turn-server-udp.service: turn-server-udp
+      #traefik.udp.services.turn-server-udp.loadbalancer.server.port: ${LISTENING_PORT}
+    networks:
+      - public
+
+networks:
+  public:
+    external:
+      name: traefik_public

templates/env.coturn.j2

@@ -0,0 +1,7 @@
+COTURN_VIRTUAL_HOST={{ coturn_virtual_host }}
+EXTERNAL_IP={{ coturn_external_ip }}
+STATIC_AUTH_SECRET={{ coturn_static_auth_secret }}
+LISTENING_PORT={{ coturn_listening_port }}
+LISTENING_PORT_TLS={{ coturn_listening_port_tls }}
+MIN_PORT={{ coturn_min_port }}
+MAX_PORT={{ coturn_max_port }}