Added documentation and examples for multitenancy setups.

2020-12-12 11:13:01 -08:00 · 2020-12-12 11:13:01 -08:00 · 689bf0860e
commit 689bf0860e
parent 0d0724245e
11 changed files with 148 additions and 0 deletions
--- a/examples/multitenancy/group_vars/all.yml
+++ b/examples/multitenancy/group_vars/all.yml
@ -0,0 +1,8 @@
+# Deployment users and paths
+default_user: '{{ ansible_user }}'
+default_install_path: "/home/{{ default_user }}"
+default_services_path: "{{ default_install_path }}/services"
+
+# Defaults for multitenant setups
+tenant_name: ''
+tenant_install_path: "{{ default_services_path }}{{ '/' + tenant_name if (tenant_name) else '' }}"
--- a/examples/multitenancy/host_vars/server1/firewall.yml
+++ b/examples/multitenancy/host_vars/server1/firewall.yml
@ -0,0 +1,16 @@
+# Firewall
+firewall_disable_ufw: true
+firewall_flush_rules_and_chains: true
+firewall_additional_rules:
+  - "iptables --policy INPUT DENY"
+firewall_allowed_tcp_ports:
+  - "22"
+  - "80"
+  - "443"
+  # Jitsi
+  - "4443" # tenant_a
+  - "4543" # tenant_b
+firewall_allowed_udp_ports:
+  # Jitsi
+  - "10000" # tenant_a
+  - "11000" # tenant_b
--- a/examples/multitenancy/host_vars/server1/server1.yml
+++ b/examples/multitenancy/host_vars/server1/server1.yml
@ -0,0 +1,6 @@
+# General settings
+ansible_user: deploy
+update_hostname: yes
+hostname: "multitenant-server1"
+users: []
+sudoers: []
--- a/examples/multitenancy/host_vars/server1/traefik.yml
+++ b/examples/multitenancy/host_vars/server1/traefik.yml
@ -0,0 +1,8 @@
+# Traefik proxy
+traefik_letsencrypt_email: max@example.com
+traefik_install_user: "{{ default_user }}"
+traefik_expose_internally: True
+traefik_expose_externally: False
+traefik_enable_acme: True
+traefik_use_acme_staging: False
+traefik_dns_challenge_provider: False
--- a/examples/multitenancy/host_vars/server1_tenant_a/jitsi_docker.yml
+++ b/examples/multitenancy/host_vars/server1_tenant_a/jitsi_docker.yml
@ -0,0 +1,26 @@
+jitsi_install_user: "{{ default_user }}"
+jitsi_install_path: "{{ tenant_install_path }}"
+jitsi_multitenant_label: "tenant_a"
+jitsi_docker_image_tag: 'latest'
+jitsi_public_url: https://tenant-a.example.com
+jitsi_docker_host_address: "{{ ansible_host }}"
+jitsi_exposed_http_port: 8010
+jitsi_exposed_https_port: 8453
+jitsi_bridge_udp_port: 11000
+jitsi_bridge_tcp_port: 4543
+jitsi_timezone: Europe/Amsterdam
+jitsi_enable_letsencrypt: False
+jitsi_virtual_host: tenant-a.example.com
+jitsi_jvb_stun_servers: meet-jit-si-turnrelay.jitsi.net:443
+# Passwords
+jitsi_jibri_recorder_password: secret1-CHANGE-ME
+jitsi_jibri_recorder_user: recorder
+jitsi_jibri_xmpp_password: secret2-CHANGE-ME
+jitsi_jibri_xmpp_user: jibri
+jitsi_jicofo_auth_password: secret3-CHANGE-ME
+jitsi_jicofo_auth_user: focus
+jitsi_jicofo_component_secret: secret4-CHANGE-ME
+jitsi_jigasi_xmpp_password: secret5-CHANGE-ME
+jitsi_jigasi_xmpp_user: jigasi
+jitsi_jvb_auth_user: jvb
+jitsi_jvb_auth_password: secret6-CHANGE-ME
--- a/examples/multitenancy/host_vars/server1_tenant_a/server1_tenant_a.yml
+++ b/examples/multitenancy/host_vars/server1_tenant_a/server1_tenant_a.yml
@ -0,0 +1,3 @@
+ansible_user: deploy
+# Multitenant setup for tenant_a
+tenant_name: "tenant_a"
--- a/examples/multitenancy/host_vars/server1_tenant_b/jitsi_docker.yml
+++ b/examples/multitenancy/host_vars/server1_tenant_b/jitsi_docker.yml
@ -0,0 +1,26 @@
+jitsi_install_user: "{{ default_user }}"
+jitsi_install_path: "{{ tenant_install_path }}"
+jitsi_multitenant_label: "tenant_b"
+jitsi_docker_image_tag: 'latest'
+jitsi_public_url: https://tenant-b.example.com
+jitsi_docker_host_address: "{{ ansible_host }}"
+jitsi_exposed_http_port: 8010
+jitsi_exposed_https_port: 8453
+jitsi_bridge_udp_port: 11000
+jitsi_bridge_tcp_port: 4543
+jitsi_timezone: Europe/Amsterdam
+jitsi_enable_letsencrypt: False
+jitsi_virtual_host: tenant-b.example.com
+jitsi_jvb_stun_servers: meet-jit-si-turnrelay.jitsi.net:443
+# Passwords
+jitsi_jibri_recorder_password: secret1-CHANGE-ME
+jitsi_jibri_recorder_user: recorder
+jitsi_jibri_xmpp_password: secret2-CHANGE-ME
+jitsi_jibri_xmpp_user: jibri
+jitsi_jicofo_auth_password: secret3-CHANGE-ME
+jitsi_jicofo_auth_user: focus
+jitsi_jicofo_component_secret: secret4-CHANGE-ME
+jitsi_jigasi_xmpp_password: secret5-CHANGE-ME
+jitsi_jigasi_xmpp_user: jigasi
+jitsi_jvb_auth_user: jvb
+jitsi_jvb_auth_password: secret6-CHANGE-ME
--- a/examples/multitenancy/host_vars/server1_tenant_b/server1_tenant_b.yml
+++ b/examples/multitenancy/host_vars/server1_tenant_b/server1_tenant_b.yml
@ -0,0 +1,3 @@
+ansible_user: deploy
+# Multitenant setup for tenant_b
+tenant_name: "tenant_b"
--- a/examples/multitenancy/inventory.ini.sample
+++ b/examples/multitenancy/inventory.ini.sample
@ -0,0 +1,35 @@
+[server1_hosts]
+# Main host
+server1
+# Tenants
+server1_tenant_a
+server1_tenant_b
+
+[server1_hosts:vars]
+ansible_host=1.2.3.4
+ansible_ssh_host=1.2.3.4
+
+[common]
+server1
+
+[docker]
+server1
+
+[traefik]
+server1 # Must only be running on the main host
+
+[nextcloud]
+tenant_a
+
+[jitsi_docker]
+tenant_a
+tenant_b # Tenant B might only use Jitsi service
+
+[collabora]
+tenant_a
+
+[onlyoffice]
+tenant_a
+
+[cryptpad]
+tenant_a