From 91fdd25e14ab2053caebce14dce66f4b149bff6a Mon Sep 17 00:00:00 2001 From: Antonis Christofides Date: Mon, 5 Jun 2023 17:28:05 +0300 Subject: [PATCH 1/6] Move playbooks to root directory (fixes #2513) Some time ago a "playbooks" subdirectory had been created and setup.yml had been moved there (as matrix.yml), together with the new jitsi_jvb.yml. However, jitsi_jvb.yml wouldn't work at all, unless a symbolic link to it was created from the root directory. A symbolic link setup.yml for playbooks/matrix.yml had already been created and committed. This seems to indicate that the developers thought they should place all playbooks in a subdirectory, but when this didn't work, they linked to one of them, leaving the other one inoperative. We fix this by moving the playbooks to the root directory. This works, and the pollution of the root directory is not too bad since it's only two playbooks. We also change the mode of setup.yml to 644 (it had inexplicably changed to 755 in 9735a2f600). This contribution is provided by GRNET S.A. (grnet.gr). --- playbooks/jitsi_jvb.yml => jitsi_jvb.yml | 0 playbooks/matrix.yml | 143 ---------------------- setup.yml | 144 ++++++++++++++++++++++- 3 files changed, 143 insertions(+), 144 deletions(-) rename playbooks/jitsi_jvb.yml => jitsi_jvb.yml (100%) delete mode 100755 playbooks/matrix.yml mode change 120000 => 100644 setup.yml diff --git a/playbooks/jitsi_jvb.yml b/jitsi_jvb.yml similarity index 100% rename from playbooks/jitsi_jvb.yml rename to jitsi_jvb.yml diff --git a/playbooks/matrix.yml b/playbooks/matrix.yml deleted file mode 100755 index 266f3b9e5..000000000 --- a/playbooks/matrix.yml +++ /dev/null @@ -1,143 +0,0 @@ ---- -- name: "Set up a Matrix server" - hosts: "{{ target if target is defined else 'matrix_servers' }}" - become: true - - roles: - # Most of the roles below are not distributed with the playbook, but downloaded separately using `ansible-galaxy` via the `just roles` command (see `justfile`). - - role: galaxy/com.devture.ansible.role.playbook_help - - - role: galaxy/com.devture.ansible.role.systemd_docker_base - - - role: custom/matrix_playbook_migration - - - when: matrix_playbook_docker_installation_enabled | bool - role: galaxy/geerlingguy.docker - vars: - docker_install_compose: false - tags: - - setup-docker - - setup-all - - install-docker - - install-all - - - when: devture_docker_sdk_for_python_installation_enabled | bool - role: galaxy/com.devture.ansible.role.docker_sdk_for_python - tags: - - setup-docker - - setup-all - - install-docker - - install-all - - - when: devture_timesync_installation_enabled | bool - role: galaxy/com.devture.ansible.role.timesync - tags: - - setup-timesync - - setup-all - - install-timesync - - install-all - - - custom/matrix-base - - custom/matrix-dynamic-dns - - custom/matrix-mailer - - - role: galaxy/com.devture.ansible.role.postgres - - - galaxy/redis - - custom/matrix-corporal - - custom/matrix-bridge-appservice-discord - - custom/matrix-bridge-appservice-slack - - custom/matrix-bridge-appservice-webhooks - - custom/matrix-bridge-appservice-irc - - custom/matrix-bridge-appservice-kakaotalk - - custom/matrix-bridge-beeper-linkedin - - custom/matrix-bridge-go-skype-bridge - - custom/matrix-bridge-mautrix-facebook - - custom/matrix-bridge-mautrix-twitter - - custom/matrix-bridge-mautrix-hangouts - - custom/matrix-bridge-mautrix-googlechat - - custom/matrix-bridge-mautrix-instagram - - custom/matrix-bridge-mautrix-signal - - custom/matrix-bridge-mautrix-telegram - - custom/matrix-bridge-mautrix-whatsapp - - custom/matrix-bridge-mautrix-discord - - custom/matrix-bridge-mautrix-slack - - custom/matrix-bridge-mx-puppet-discord - - custom/matrix-bridge-mx-puppet-groupme - - custom/matrix-bridge-mx-puppet-steam - - custom/matrix-bridge-mx-puppet-slack - - custom/matrix-bridge-mx-puppet-twitter - - custom/matrix-bridge-mx-puppet-instagram - - custom/matrix-bridge-sms - - custom/matrix-bridge-heisenbridge - - custom/matrix-bridge-hookshot - - custom/matrix-bot-matrix-reminder-bot - - custom/matrix-bot-matrix-registration-bot - - custom/matrix-bot-maubot - - custom/matrix-bot-buscarron - - custom/matrix-bot-honoroit - - custom/matrix-bot-postmoogle - - custom/matrix-bot-go-neb - - custom/matrix-bot-mjolnir - - custom/matrix-bot-draupnir - - custom/matrix-bot-chatgpt - - custom/matrix-cactus-comments - - custom/matrix-rageshake - - custom/matrix-synapse - - custom/matrix-synapse-auto-compressor - - custom/matrix-synapse-reverse-proxy-companion - - custom/matrix-dendrite - - custom/matrix-conduit - - custom/matrix-synapse-admin - - galaxy/prometheus_node_exporter - - galaxy/prometheus_postgres_exporter - - custom/matrix-prometheus-nginxlog-exporter - - galaxy/prometheus - - galaxy/grafana - - custom/matrix-prometheus-services-connect - - custom/matrix-prometheus-services-proxy-connect - - custom/matrix-registration - - custom/matrix-client-element - - custom/matrix-client-hydrogen - - custom/matrix-client-cinny - - galaxy/jitsi - - custom/matrix-user-verification-service - - custom/matrix-ldap-registration-proxy - - custom/matrix-ma1sd - - custom/matrix-dimension - - galaxy/etherpad - - custom/etherpad-proxy-connect - - custom/matrix-sliding-sync - - custom/matrix-email2matrix - - custom/matrix-sygnal - - galaxy/ntfy - - custom/matrix-nginx-proxy - - custom/matrix-coturn - - - role: galaxy/auxiliary - - - role: galaxy/com.devture.ansible.role.postgres_backup - - - role: galaxy/backup_borg - - - custom/matrix-user-creator - - custom/matrix-common-after - - - role: galaxy/com.devture.ansible.role.container_socket_proxy - - - role: galaxy/com.devture.ansible.role.traefik - - - role: galaxy/com.devture.ansible.role.traefik_certs_dumper - - - when: devture_systemd_service_manager_enabled | bool - role: galaxy/com.devture.ansible.role.systemd_service_manager - - # This is pretty much last, because we want it to better serve as a "last known good configuration". - # See: https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2217#issuecomment-1301487601 - - when: devture_playbook_state_preserver_enabled | bool - role: galaxy/com.devture.ansible.role.playbook_state_preserver - tags: - - setup-all - - install-all - - - role: galaxy/com.devture.ansible.role.playbook_runtime_messages diff --git a/setup.yml b/setup.yml deleted file mode 120000 index 7acc4c4c9..000000000 --- a/setup.yml +++ /dev/null @@ -1 +0,0 @@ -playbooks/matrix.yml \ No newline at end of file diff --git a/setup.yml b/setup.yml new file mode 100644 index 000000000..266f3b9e5 --- /dev/null +++ b/setup.yml @@ -0,0 +1,143 @@ +--- +- name: "Set up a Matrix server" + hosts: "{{ target if target is defined else 'matrix_servers' }}" + become: true + + roles: + # Most of the roles below are not distributed with the playbook, but downloaded separately using `ansible-galaxy` via the `just roles` command (see `justfile`). + - role: galaxy/com.devture.ansible.role.playbook_help + + - role: galaxy/com.devture.ansible.role.systemd_docker_base + + - role: custom/matrix_playbook_migration + + - when: matrix_playbook_docker_installation_enabled | bool + role: galaxy/geerlingguy.docker + vars: + docker_install_compose: false + tags: + - setup-docker + - setup-all + - install-docker + - install-all + + - when: devture_docker_sdk_for_python_installation_enabled | bool + role: galaxy/com.devture.ansible.role.docker_sdk_for_python + tags: + - setup-docker + - setup-all + - install-docker + - install-all + + - when: devture_timesync_installation_enabled | bool + role: galaxy/com.devture.ansible.role.timesync + tags: + - setup-timesync + - setup-all + - install-timesync + - install-all + + - custom/matrix-base + - custom/matrix-dynamic-dns + - custom/matrix-mailer + + - role: galaxy/com.devture.ansible.role.postgres + + - galaxy/redis + - custom/matrix-corporal + - custom/matrix-bridge-appservice-discord + - custom/matrix-bridge-appservice-slack + - custom/matrix-bridge-appservice-webhooks + - custom/matrix-bridge-appservice-irc + - custom/matrix-bridge-appservice-kakaotalk + - custom/matrix-bridge-beeper-linkedin + - custom/matrix-bridge-go-skype-bridge + - custom/matrix-bridge-mautrix-facebook + - custom/matrix-bridge-mautrix-twitter + - custom/matrix-bridge-mautrix-hangouts + - custom/matrix-bridge-mautrix-googlechat + - custom/matrix-bridge-mautrix-instagram + - custom/matrix-bridge-mautrix-signal + - custom/matrix-bridge-mautrix-telegram + - custom/matrix-bridge-mautrix-whatsapp + - custom/matrix-bridge-mautrix-discord + - custom/matrix-bridge-mautrix-slack + - custom/matrix-bridge-mx-puppet-discord + - custom/matrix-bridge-mx-puppet-groupme + - custom/matrix-bridge-mx-puppet-steam + - custom/matrix-bridge-mx-puppet-slack + - custom/matrix-bridge-mx-puppet-twitter + - custom/matrix-bridge-mx-puppet-instagram + - custom/matrix-bridge-sms + - custom/matrix-bridge-heisenbridge + - custom/matrix-bridge-hookshot + - custom/matrix-bot-matrix-reminder-bot + - custom/matrix-bot-matrix-registration-bot + - custom/matrix-bot-maubot + - custom/matrix-bot-buscarron + - custom/matrix-bot-honoroit + - custom/matrix-bot-postmoogle + - custom/matrix-bot-go-neb + - custom/matrix-bot-mjolnir + - custom/matrix-bot-draupnir + - custom/matrix-bot-chatgpt + - custom/matrix-cactus-comments + - custom/matrix-rageshake + - custom/matrix-synapse + - custom/matrix-synapse-auto-compressor + - custom/matrix-synapse-reverse-proxy-companion + - custom/matrix-dendrite + - custom/matrix-conduit + - custom/matrix-synapse-admin + - galaxy/prometheus_node_exporter + - galaxy/prometheus_postgres_exporter + - custom/matrix-prometheus-nginxlog-exporter + - galaxy/prometheus + - galaxy/grafana + - custom/matrix-prometheus-services-connect + - custom/matrix-prometheus-services-proxy-connect + - custom/matrix-registration + - custom/matrix-client-element + - custom/matrix-client-hydrogen + - custom/matrix-client-cinny + - galaxy/jitsi + - custom/matrix-user-verification-service + - custom/matrix-ldap-registration-proxy + - custom/matrix-ma1sd + - custom/matrix-dimension + - galaxy/etherpad + - custom/etherpad-proxy-connect + - custom/matrix-sliding-sync + - custom/matrix-email2matrix + - custom/matrix-sygnal + - galaxy/ntfy + - custom/matrix-nginx-proxy + - custom/matrix-coturn + + - role: galaxy/auxiliary + + - role: galaxy/com.devture.ansible.role.postgres_backup + + - role: galaxy/backup_borg + + - custom/matrix-user-creator + - custom/matrix-common-after + + - role: galaxy/com.devture.ansible.role.container_socket_proxy + + - role: galaxy/com.devture.ansible.role.traefik + + - role: galaxy/com.devture.ansible.role.traefik_certs_dumper + + - when: devture_systemd_service_manager_enabled | bool + role: galaxy/com.devture.ansible.role.systemd_service_manager + + # This is pretty much last, because we want it to better serve as a "last known good configuration". + # See: https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2217#issuecomment-1301487601 + - when: devture_playbook_state_preserver_enabled | bool + role: galaxy/com.devture.ansible.role.playbook_state_preserver + tags: + - setup-all + - install-all + + - role: galaxy/com.devture.ansible.role.playbook_runtime_messages From 71ed745be67e0132b67541d83ca4bbad61c642fd Mon Sep 17 00:00:00 2001 From: Antonis Christofides Date: Mon, 5 Jun 2023 17:54:29 +0300 Subject: [PATCH 2/6] Documentation typo --- docs/configuring-playbook-jitsi.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook-jitsi.md b/docs/configuring-playbook-jitsi.md index 4157231a5..ddae16b03 100644 --- a/docs/configuring-playbook-jitsi.md +++ b/docs/configuring-playbook-jitsi.md @@ -165,7 +165,7 @@ jitsi_prosody_max_participants: 4 # example value By default, a single JVB ([Jitsi VideoBridge](https://github.com/jitsi/jitsi-videobridge)) is deployed on the same host as the Matrix server. To allow more video-conferences to happen at the same time, you may need to provision additional JVB services on other hosts. There is an ansible playbook that can be run with the following tag: -` ansible-playbook -i inventory/hosts --limit jitsi_jvb_servers jitsi_jvb.yml --tags=common,setup-additional-jitsi-jvb,start` +`ansible-playbook -i inventory/hosts --limit jitsi_jvb_servers jitsi_jvb.yml --tags=common,setup-additional-jitsi-jvb,start` For this role to work you will need an additional section in the ansible hosts file with the details of the JVB hosts, for example: ``` From 6ce94ba33f749480a5dc2418a3e273ac132650ff Mon Sep 17 00:00:00 2001 From: Antonis Christofides Date: Sun, 11 Jun 2023 20:04:01 +0300 Subject: [PATCH 3/6] Fix additional JVB broken after move to external Jitsi role (fixes #2733) This contribution is provided by GRNET S.A. (grnet.gr). --- docs/configuring-playbook-jitsi.md | 10 ++++++++++ group_vars/jitsi_jvb_servers | 4 ++++ 2 files changed, 14 insertions(+) create mode 100644 group_vars/jitsi_jvb_servers diff --git a/docs/configuring-playbook-jitsi.md b/docs/configuring-playbook-jitsi.md index ddae16b03..d1353bb01 100644 --- a/docs/configuring-playbook-jitsi.md +++ b/docs/configuring-playbook-jitsi.md @@ -208,6 +208,16 @@ However, it can also be set the ip address of the matrix server. This can be use jitsi_xmpp_server: "192.168.0.1" ``` +For the JVB to be able ito contact the XMPP server, the latter must expose the XMPP port (5222). By default, the Matrix server does not expose the +port; only the XMPP container exposes it internally inside the host, which means that the first JVB (which runs on the Matrix server) can reach it but +the additional JVB cannot. The port is exposed by setting `jitsi_prosody_container_jvb_host_bind_port` like this: + +```yaml +jitsi_prosody_container_jvb_host_bind_port: 5222 +``` + +(The default is empty; if it's set then docker forwards the port.) + The nginx configuration will also need to be updated in order to deal with the additional JVB servers. This is achieved via its own configuration variable `matrix_nginx_proxy_proxy_jitsi_additional_jvbs`, which contains a dictionary of server ids to ip addresses. diff --git a/group_vars/jitsi_jvb_servers b/group_vars/jitsi_jvb_servers new file mode 100644 index 000000000..67815f7c0 --- /dev/null +++ b/group_vars/jitsi_jvb_servers @@ -0,0 +1,4 @@ +jitsi_architecture: "{{ matrix_architecture }}" +jitsi_hostname: "{{ matrix_server_fqn_jitsi }}" +jitsi_uid: "{{ matrix_user_uid }}" +jitsi_gid: "{{ matrix_user_gid }}" From 2191136369f26c43129949db7a508f1ebf3aa9eb Mon Sep 17 00:00:00 2001 From: Antonis Christofides Date: Sun, 11 Jun 2023 20:32:54 +0300 Subject: [PATCH 4/6] Enable jitsi_jvb service on additional JVB (fixes #2708) This contribution is provided by GRNET S.A. (grnet.gr). --- group_vars/jitsi_jvb_servers | 5 +++++ jitsi_jvb.yml | 3 +++ 2 files changed, 8 insertions(+) diff --git a/group_vars/jitsi_jvb_servers b/group_vars/jitsi_jvb_servers index 67815f7c0..84009e2ca 100644 --- a/group_vars/jitsi_jvb_servers +++ b/group_vars/jitsi_jvb_servers @@ -2,3 +2,8 @@ jitsi_architecture: "{{ matrix_architecture }}" jitsi_hostname: "{{ matrix_server_fqn_jitsi }}" jitsi_uid: "{{ matrix_user_uid }}" jitsi_gid: "{{ matrix_user_gid }}" + +devture_systemd_service_manager_services_list_auto: | + {{ + ([{'name': (jitsi_identifier + '-jvb.service'), 'priority': 4100, 'groups': ['matrix', 'jitsi', 'jitsi-jvb']}] if jitsi_enabled else []) + }} diff --git a/jitsi_jvb.yml b/jitsi_jvb.yml index 4054d308c..1ea63855a 100644 --- a/jitsi_jvb.yml +++ b/jitsi_jvb.yml @@ -10,3 +10,6 @@ - custom/matrix-base - galaxy/jitsi - custom/matrix-common-after + + - when: devture_systemd_service_manager_enabled | bool + role: galaxy/com.devture.ansible.role.systemd_service_manager From cfc845b45e90082ada9c9d0da70f9f169a8a5166 Mon Sep 17 00:00:00 2001 From: Antonis Christofides Date: Mon, 5 Jun 2023 19:59:27 +0300 Subject: [PATCH 5/6] Ensure docker is installed on additional JVBs (fixes #2706) This contribution is provided by GRNET S.A. (grnet.gr). --- group_vars/jitsi_jvb_servers | 2 ++ jitsi_jvb.yml | 20 ++++++++++++++++++++ 2 files changed, 22 insertions(+) diff --git a/group_vars/jitsi_jvb_servers b/group_vars/jitsi_jvb_servers index 84009e2ca..af927c9f1 100644 --- a/group_vars/jitsi_jvb_servers +++ b/group_vars/jitsi_jvb_servers @@ -7,3 +7,5 @@ devture_systemd_service_manager_services_list_auto: | {{ ([{'name': (jitsi_identifier + '-jvb.service'), 'priority': 4100, 'groups': ['matrix', 'jitsi', 'jitsi-jvb']}] if jitsi_enabled else []) }} + +matrix_playbook_docker_installation_enabled: true diff --git a/jitsi_jvb.yml b/jitsi_jvb.yml index 1ea63855a..16acd0ee6 100644 --- a/jitsi_jvb.yml +++ b/jitsi_jvb.yml @@ -7,6 +7,26 @@ - role: galaxy/com.devture.ansible.role.playbook_help - role: galaxy/com.devture.ansible.role.systemd_docker_base + - when: matrix_playbook_docker_installation_enabled | bool + role: galaxy/geerlingguy.docker + vars: + docker_install_compose: false + tags: + - setup-docker + - setup-all + - setup-additional-jitsi-jvb + - install-docker + - install-all + + - when: devture_docker_sdk_for_python_installation_enabled | bool + role: galaxy/com.devture.ansible.role.docker_sdk_for_python + tags: + - setup-docker + - setup-all + - setup-additional-jitsi-jvb + - install-docker + - install-all + - custom/matrix-base - galaxy/jitsi - custom/matrix-common-after From 8c0119d7d89c75e4de04ac444114c211a9ce7c48 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sun, 18 Jun 2023 08:50:55 +0300 Subject: [PATCH 6/6] Fix typo --- docs/configuring-playbook-jitsi.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook-jitsi.md b/docs/configuring-playbook-jitsi.md index d1353bb01..1213f46a7 100644 --- a/docs/configuring-playbook-jitsi.md +++ b/docs/configuring-playbook-jitsi.md @@ -208,7 +208,7 @@ However, it can also be set the ip address of the matrix server. This can be use jitsi_xmpp_server: "192.168.0.1" ``` -For the JVB to be able ito contact the XMPP server, the latter must expose the XMPP port (5222). By default, the Matrix server does not expose the +For the JVB to be able to contact the XMPP server, the latter must expose the XMPP port (5222). By default, the Matrix server does not expose the port; only the XMPP container exposes it internally inside the host, which means that the first JVB (which runs on the Matrix server) can reach it but the additional JVB cannot. The port is exposed by setting `jitsi_prosody_container_jvb_host_bind_port` like this: