From 5b052e01e8ca18495b5fe1ba27c69456139c1106 Mon Sep 17 00:00:00 2001 From: Joschka Seydell Date: Wed, 9 Dec 2020 12:23:54 -0800 Subject: [PATCH 1/5] Introduced image tag variable. --- README.md | 1 + defaults/main.yml | 5 +++-- templates/docker-compose.jitsi.yml.j2 | 8 ++++---- templates/etherpad.yml | 2 +- templates/jibri.yml | 2 +- templates/jigasi.yml | 2 +- 6 files changed, 11 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 04c23cd..ad4899d 100644 --- a/README.md +++ b/README.md @@ -19,6 +19,7 @@ Role Variables | jitsi_install_user | The user who is going to manage/run the Docker Compose services | {{ ansible_user }} | | jitsi_install_path | The location where the service should be deployed | /home/{{ jitsi_install_user }} | | jitsi_multitenant_label | A label (unique accross all instances on this host) identifying the tenant | | +| jitsi_docker_image_tag | Tag that should be used for the jitsi-docker images. If `jitsi_docker_upstream_repo_url` is set, this shall be left at `latest`. | latest | | jitsi_build_latest_image_from_source | Will fetch the master of `jitsi_docker_upstream_repo_url` and build the docker image as sometimes the latest available images in the Docker Hub are too old | yes | | jitsi_docker_upstream_repo_url | Git repo of docker-jitsi-meet required by `jitsi_build_latest_image_from_source` | https://github.com/jitsi/docker-jitsi-meet.git | | *jitsi_letsencrypt_email* | E-Mail adress used for requesting certificates | Not set | diff --git a/defaults/main.yml b/defaults/main.yml index 053e9e6..62eab06 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -3,6 +3,9 @@ jitsi_install_user: '{{ ansible_user }}' # This user must be present on the host jitsi_install_path: '/home/{{ jitsi_install_user }}' jitsi_multitenant_label: +jitsi_docker_image_tag: 'latest' +jitsi_build_latest_image_from_source: yes +jitsi_docker_upstream_repo_url: https://github.com/jitsi/docker-jitsi-meet.git #jitsi_letsencrypt_email:alice@host.tld jitsi_enable_letsencrypt: no jitsi_exposed_http_port: 8000 @@ -14,8 +17,6 @@ jitsi_public_url: http://{{ jitsi_virtual_host }} jitsi_timezone: Europe/Amsterdam jitsi_jvb_stun_servers: meet-jit-si-turnrelay.jitsi.net:443 jitsi_web_channel_last_n: 3 -jitsi_build_latest_image_from_source: yes -jitsi_docker_upstream_repo_url: https://github.com/jitsi/docker-jitsi-meet.git jitsi_enable_third_party_requests: no # Internal variables jitsi_multitenant_postfix: "{{ '_' + jitsi_multitenant_label if (jitsi_multitenant_label) else '' }}" \ No newline at end of file diff --git a/templates/docker-compose.jitsi.yml.j2 b/templates/docker-compose.jitsi.yml.j2 index 1273131..06f7220 100644 --- a/templates/docker-compose.jitsi.yml.j2 +++ b/templates/docker-compose.jitsi.yml.j2 @@ -3,7 +3,7 @@ version: '3' services: # Frontend web: - image: jitsi/web + image: jitsi/web:{{ jitsi_docker_image_tag }} restart: unless-stopped volumes: - ${CONFIG}/web:/config @@ -60,7 +60,7 @@ services: # XMPP server prosody: - image: jitsi/prosody + image: jitsi/prosody:{{ jitsi_docker_image_tag }} restart: unless-stopped expose: - '5222' @@ -124,7 +124,7 @@ services: # Focus component jicofo: - image: jitsi/jicofo + image: jitsi/jicofo:{{ jitsi_docker_image_tag }} restart: unless-stopped volumes: - ${CONFIG}/jicofo:/config @@ -150,7 +150,7 @@ services: # Video bridge jvb: - image: jitsi/jvb + image: jitsi/jvb:{{ jitsi_docker_image_tag }} restart: unless-stopped ports: - '${JVB_PORT}:${JVB_PORT}/udp' diff --git a/templates/etherpad.yml b/templates/etherpad.yml index 200f669..188d3d9 100644 --- a/templates/etherpad.yml +++ b/templates/etherpad.yml @@ -3,7 +3,7 @@ version: '3' services: # Etherpad: real-time collaborative document editing etherpad: - image: jitsi/etherpad + image: jitsi/etherpad:{{ jitsi_docker_image_tag }} restart: unless-stopped networks: meet.jitsi: diff --git a/templates/jibri.yml b/templates/jibri.yml index 3efbc8b..2a1dee3 100644 --- a/templates/jibri.yml +++ b/templates/jibri.yml @@ -2,7 +2,7 @@ version: '3' services: jibri: - image: jitsi/jibri + image: jitsi/jibri:{{ jitsi_docker_image_tag }} restart: unless-stopped volumes: - ${CONFIG}/jibri:/config diff --git a/templates/jigasi.yml b/templates/jigasi.yml index 0bcf1d2..b2094c0 100644 --- a/templates/jigasi.yml +++ b/templates/jigasi.yml @@ -3,7 +3,7 @@ version: '3' services: # SIP gateway (audio) jigasi: - image: jitsi/jigasi + image: jitsi/jigasi:{{ jitsi_docker_image_tag }} restart: unless-stopped ports: - '${JIGASI_PORT_MIN}-${JIGASI_PORT_MAX}:${JIGASI_PORT_MIN}-${JIGASI_PORT_MAX}/udp' From 7ab4f7ebe3bf083fd5d3f463ece7d8a891379c9a Mon Sep 17 00:00:00 2001 From: Joschka Seydell Date: Sat, 12 Dec 2020 06:59:14 -0800 Subject: [PATCH 2/5] Add PUBLIC_URL to all Jitsi containers to allow for proper routing by Traefik. --- templates/docker-compose.jitsi.yml.j2 | 3 +++ 1 file changed, 3 insertions(+) diff --git a/templates/docker-compose.jitsi.yml.j2 b/templates/docker-compose.jitsi.yml.j2 index 06f7220..21b622e 100644 --- a/templates/docker-compose.jitsi.yml.j2 +++ b/templates/docker-compose.jitsi.yml.j2 @@ -87,6 +87,7 @@ services: - LDAP_TLS_CACERT_FILE - LDAP_TLS_CACERT_DIR - LDAP_START_TLS + - PUBLIC_URL - XMPP_DOMAIN - XMPP_AUTH_DOMAIN - XMPP_GUEST_DOMAIN @@ -130,6 +131,7 @@ services: - ${CONFIG}/jicofo:/config environment: - ENABLE_AUTH + - PUBLIC_URL - XMPP_DOMAIN - XMPP_AUTH_DOMAIN - XMPP_INTERNAL_MUC_DOMAIN @@ -159,6 +161,7 @@ services: - ${CONFIG}/jvb:/config environment: - DOCKER_HOST_ADDRESS + - PUBLIC_URL - XMPP_AUTH_DOMAIN - XMPP_INTERNAL_MUC_DOMAIN - XMPP_SERVER From eaec14a23fdba8a89d9d314e4b8f07cf99e5f19f Mon Sep 17 00:00:00 2001 From: Joschka Seydell Date: Sat, 13 Nov 2021 12:31:39 -0800 Subject: [PATCH 3/5] Add exporter container if metrics shall be exposed. --- README.md | 1 + defaults/main.yml | 1 + src | 2 +- tasks/main.yml | 10 ++++++++++ templates/docker-compose.jitsi.yml.j2 | 14 ++++++++++++++ templates/exporter.env.j2 | 6 ++++++ 6 files changed, 33 insertions(+), 1 deletion(-) create mode 100644 templates/exporter.env.j2 diff --git a/README.md b/README.md index ad4899d..3220f94 100644 --- a/README.md +++ b/README.md @@ -46,6 +46,7 @@ Role Variables | jitsi_public_url | The public URL under which Jitsi Meet can be accessed | http://localhost | | jitsi_timezone | | Europe/Amsterdam | | jitsi_virtual_host | The virtual host that is e.g. used by Traefik, usually part of the public url | localhost | +| jitsi_expose_metrics | Determine whether an additional expoerter for the Jitsi metrics shall be run | False | \* It is important to provide a dedicated secure password for each service. Generate passwords with e.g. `openssl rand -hex 16` diff --git a/defaults/main.yml b/defaults/main.yml index 62eab06..1df8945 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -18,5 +18,6 @@ jitsi_timezone: Europe/Amsterdam jitsi_jvb_stun_servers: meet-jit-si-turnrelay.jitsi.net:443 jitsi_web_channel_last_n: 3 jitsi_enable_third_party_requests: no +jitsi_expose_metrics: False # Internal variables jitsi_multitenant_postfix: "{{ '_' + jitsi_multitenant_label if (jitsi_multitenant_label) else '' }}" \ No newline at end of file diff --git a/src b/src index eae3f5c..9b686c6 160000 --- a/src +++ b/src @@ -1 +1 @@ -Subproject commit eae3f5ce2d7627afe4115f52a61cc7ae3e3e8a31 +Subproject commit 9b686c6f4aa74cd33ddcd4dd35decc76a9470e1e diff --git a/tasks/main.yml b/tasks/main.yml index fc79769..1912265 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -62,6 +62,16 @@ mode: '0640' tags: config +- name: Provide metric exporter environment + template: + src: templates/exporter.env.j2 + dest: "{{ jitsi_install_path }}/jitsi/exporter.env" + owner: "{{ jitsi_install_user }}" + group: "{{ jitsi_install_user }}" + mode: '0640' + tags: config + when: jitsi_expose_metrics + - name: "docker-compose: Teardown existing Jitsi service" docker_compose: project_src: "{{ jitsi_install_path }}/jitsi/" diff --git a/templates/docker-compose.jitsi.yml.j2 b/templates/docker-compose.jitsi.yml.j2 index 21b622e..5e6b8a0 100644 --- a/templates/docker-compose.jitsi.yml.j2 +++ b/templates/docker-compose.jitsi.yml.j2 @@ -179,6 +179,20 @@ services: networks: meet.jitsi: + {% if jitsi_expose_metrics %} + # Data exporter + exporter: + image: goberle/jitsi-prom-exporter + restart: unless-stopped + env_file: exporter.env + depends_on: + - jicofo + networks: + # Expose the data exporter to the public network managed by traefik + public: + meet.jitsi: + {% endif %} + # Custom network so all services can communicate using a FQDN networks: meet.jitsi: diff --git a/templates/exporter.env.j2 b/templates/exporter.env.j2 new file mode 100644 index 0000000..fdc04ff --- /dev/null +++ b/templates/exporter.env.j2 @@ -0,0 +1,6 @@ +XMPP_USER={{ jitsi_jicofo_auth_user }} +XMPP_PW={{ jitsi_jicofo_auth_password }} +XMPP_SERVER=xmpp.meet.jitsi +XMPP_PORT=5222 +XMPP_AUTH_DOMAIN=auth.meet.jitsi +XMPP_INTERNAL_MUC_DOMAIN=internal-muc.meet.jitsi \ No newline at end of file From 89a5c3571052fe00d60f5cde39df959e20d11ffb Mon Sep 17 00:00:00 2001 From: Joschka Seydell Date: Sat, 12 Dec 2020 06:59:14 -0800 Subject: [PATCH 4/5] Add PUBLIC_URL to all Jitsi containers to allow for proper routing by Traefik. --- templates/docker-compose.jitsi.yml.j2 | 3 +++ 1 file changed, 3 insertions(+) diff --git a/templates/docker-compose.jitsi.yml.j2 b/templates/docker-compose.jitsi.yml.j2 index 1273131..2c1a6ae 100644 --- a/templates/docker-compose.jitsi.yml.j2 +++ b/templates/docker-compose.jitsi.yml.j2 @@ -87,6 +87,7 @@ services: - LDAP_TLS_CACERT_FILE - LDAP_TLS_CACERT_DIR - LDAP_START_TLS + - PUBLIC_URL - XMPP_DOMAIN - XMPP_AUTH_DOMAIN - XMPP_GUEST_DOMAIN @@ -130,6 +131,7 @@ services: - ${CONFIG}/jicofo:/config environment: - ENABLE_AUTH + - PUBLIC_URL - XMPP_DOMAIN - XMPP_AUTH_DOMAIN - XMPP_INTERNAL_MUC_DOMAIN @@ -159,6 +161,7 @@ services: - ${CONFIG}/jvb:/config environment: - DOCKER_HOST_ADDRESS + - PUBLIC_URL - XMPP_AUTH_DOMAIN - XMPP_INTERNAL_MUC_DOMAIN - XMPP_SERVER From 63f8b543024d98e74bd8cd6d2fb0dd21ae3d8a70 Mon Sep 17 00:00:00 2001 From: Joschka Seydell Date: Sat, 13 Nov 2021 12:31:39 -0800 Subject: [PATCH 5/5] Add exporter container if metrics shall be exposed. --- README.md | 1 + defaults/main.yml | 1 + src | 2 +- tasks/main.yml | 10 ++++++++++ templates/docker-compose.jitsi.yml.j2 | 14 ++++++++++++++ templates/exporter.env.j2 | 6 ++++++ 6 files changed, 33 insertions(+), 1 deletion(-) create mode 100644 templates/exporter.env.j2 diff --git a/README.md b/README.md index 04c23cd..e2ae4fd 100644 --- a/README.md +++ b/README.md @@ -45,6 +45,7 @@ Role Variables | jitsi_public_url | The public URL under which Jitsi Meet can be accessed | http://localhost | | jitsi_timezone | | Europe/Amsterdam | | jitsi_virtual_host | The virtual host that is e.g. used by Traefik, usually part of the public url | localhost | +| jitsi_expose_metrics | Determine whether an additional expoerter for the Jitsi metrics shall be run | False | \* It is important to provide a dedicated secure password for each service. Generate passwords with e.g. `openssl rand -hex 16` diff --git a/defaults/main.yml b/defaults/main.yml index 053e9e6..f339808 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -17,5 +17,6 @@ jitsi_web_channel_last_n: 3 jitsi_build_latest_image_from_source: yes jitsi_docker_upstream_repo_url: https://github.com/jitsi/docker-jitsi-meet.git jitsi_enable_third_party_requests: no +jitsi_expose_metrics: False # Internal variables jitsi_multitenant_postfix: "{{ '_' + jitsi_multitenant_label if (jitsi_multitenant_label) else '' }}" \ No newline at end of file diff --git a/src b/src index eae3f5c..9b686c6 160000 --- a/src +++ b/src @@ -1 +1 @@ -Subproject commit eae3f5ce2d7627afe4115f52a61cc7ae3e3e8a31 +Subproject commit 9b686c6f4aa74cd33ddcd4dd35decc76a9470e1e diff --git a/tasks/main.yml b/tasks/main.yml index fc79769..1912265 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -62,6 +62,16 @@ mode: '0640' tags: config +- name: Provide metric exporter environment + template: + src: templates/exporter.env.j2 + dest: "{{ jitsi_install_path }}/jitsi/exporter.env" + owner: "{{ jitsi_install_user }}" + group: "{{ jitsi_install_user }}" + mode: '0640' + tags: config + when: jitsi_expose_metrics + - name: "docker-compose: Teardown existing Jitsi service" docker_compose: project_src: "{{ jitsi_install_path }}/jitsi/" diff --git a/templates/docker-compose.jitsi.yml.j2 b/templates/docker-compose.jitsi.yml.j2 index 2c1a6ae..7f5a8c8 100644 --- a/templates/docker-compose.jitsi.yml.j2 +++ b/templates/docker-compose.jitsi.yml.j2 @@ -179,6 +179,20 @@ services: networks: meet.jitsi: + {% if jitsi_expose_metrics %} + # Data exporter + exporter: + image: goberle/jitsi-prom-exporter + restart: unless-stopped + env_file: exporter.env + depends_on: + - jicofo + networks: + # Expose the data exporter to the public network managed by traefik + public: + meet.jitsi: + {% endif %} + # Custom network so all services can communicate using a FQDN networks: meet.jitsi: diff --git a/templates/exporter.env.j2 b/templates/exporter.env.j2 new file mode 100644 index 0000000..fdc04ff --- /dev/null +++ b/templates/exporter.env.j2 @@ -0,0 +1,6 @@ +XMPP_USER={{ jitsi_jicofo_auth_user }} +XMPP_PW={{ jitsi_jicofo_auth_password }} +XMPP_SERVER=xmpp.meet.jitsi +XMPP_PORT=5222 +XMPP_AUTH_DOMAIN=auth.meet.jitsi +XMPP_INTERNAL_MUC_DOMAIN=internal-muc.meet.jitsi \ No newline at end of file