From f798605836e46cc73daa8da937a7ea46d7778087 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 8 Apr 2020 09:37:54 +0300 Subject: [PATCH] Undefine Jitsi secrets and require their (re-)definition --- docs/configuring-playbook-jitsi.md | 24 ++++++++++++++++---- roles/matrix-jitsi/defaults/main.yml | 10 ++++---- roles/matrix-jitsi/tasks/main.yml | 6 +++++ roles/matrix-jitsi/tasks/validate_config.yml | 21 +++++++++++++++++ 4 files changed, 51 insertions(+), 10 deletions(-) create mode 100644 roles/matrix-jitsi/tasks/validate_config.yml diff --git a/docs/configuring-playbook-jitsi.md b/docs/configuring-playbook-jitsi.md index 017cb4eb3..028d2b152 100644 --- a/docs/configuring-playbook-jitsi.md +++ b/docs/configuring-playbook-jitsi.md @@ -66,11 +66,7 @@ docker exec matrix-jitsi-prosody prosodyctl --config /config/prosody.cfg.lua reg Run this command for each user you would like to create, replacing `` and `` accordingly. After you've finished, please exit the host. -**If you get an error** like this: "Error: Account creation/modification not supported.", it's likely that you had previously installed Jitsi without auth/guest support. The playbook can't yet rebuild all configuration files for some Jitsi services (like `matrix-jitsi-prosody`), which may cause such an error. **If you encounter this error**, we encourage you to: -- stop all Jitsi services (`systemctl stop matrix-jitsi-*`) -- remove the Jitsi Prosody configuration & data (`rm -rf /matrix/jitsi/prosody`) -- rebuild Jitsi configuration and restart services (`ansible-playbook -i inventory/hosts setup.yml --tags=setup-jitsi,start`) -- try the previously-failing command once again +**If you get an error** like this: "Error: Account creation/modification not supported.", it's likely that you had previously installed Jitsi without auth/guest support. In such a case, you should look into [Rebuilding your Jitsi installation](#rebuilding-your-jitsi-installation). ## Usage @@ -78,3 +74,21 @@ Run this command for each user you would like to create, replacing `` You can use the self-hosted Jitsi server through Riot, through an Integration Manager like [Dimension](docs/configuring-playbook-dimension.md) or directly at `https://jitsi.DOMAIN`. To use it via riot-web (the one configured by the playbook at `https://riot.DOMAIN`), just start a voice or a video call in a room containing more than 2 members and that would create a Jitsi widget which utilizes your self-hosted Jitsi server. + + +## Troubleshooting + +### Rebuilding your Jitsi installation + +**If you ever run into any trouble** or **if you change configuration (`matrix_jitsi_*` variables) too much**, we urge you to rebuild your Jitsi setup. + +We normally don't require such manual intervention for other services, for Jitsi services generate a lot of configuration files on their own. + +These files are not all managed by Ansible (at least not yet), so you may sometimes need to delete them all and start fresh. + +To rebuild your Jitsi configuration: + +- SSH into the server and do this: + - stop all Jitsi services (`systemctl stop matrix-jitsi-*`). + - remove all Jitsi configuration & data (`rm -rf /matrix/jitsi`) +- ask Ansible to set up Jitsi anew and restart services (`ansible-playbook -i inventory/hosts setup.yml --tags=setup-jitsi,start`) diff --git a/roles/matrix-jitsi/defaults/main.yml b/roles/matrix-jitsi/defaults/main.yml index 55f826773..83511c4c5 100644 --- a/roles/matrix-jitsi/defaults/main.yml +++ b/roles/matrix-jitsi/defaults/main.yml @@ -23,9 +23,9 @@ matrix_jitsi_recorder_domain: recorder.meet.jitsi matrix_jitsi_jibri_brewery_muc: jibribrewery matrix_jitsi_jibri_pending_timeout: 90 matrix_jitsi_jibri_xmpp_user: jibri -matrix_jitsi_jibri_xmpp_password: jibri-password +matrix_jitsi_jibri_xmpp_password: '' matrix_jitsi_jibri_recorder_user: recorder -matrix_jitsi_jibri_recorder_password: recorder-password +matrix_jitsi_jibri_recorder_password: '' matrix_jitsi_web_docker_image: "jitsi/web:4384" @@ -98,9 +98,9 @@ matrix_jitsi_jicofo_container_extra_arguments: [] # List of systemd services that matrix-jitsi-jicofo.service depends on matrix_jitsi_jicofo_systemd_required_services_list: ['docker.service', 'matrix-jitsi-prosody.service'] -matrix_jitsi_jicofo_component_secret: s3cr37 +matrix_jitsi_jicofo_component_secret: '' matrix_jitsi_jicofo_auth_user: focus -matrix_jitsi_jicofo_auth_password: passw0rd +matrix_jitsi_jicofo_auth_password: '' matrix_jitsi_jvb_docker_image: "jitsi/jvb:4384" @@ -116,7 +116,7 @@ matrix_jitsi_jvb_container_extra_arguments: [] matrix_jitsi_jvb_systemd_required_services_list: ['docker.service', 'matrix-jitsi-prosody.service'] matrix_jitsi_jvb_auth_user: jvb -matrix_jitsi_jvb_auth_password: passw0rd +matrix_jitsi_jvb_auth_password: '' # STUN servers used by JVB on the server-side, so it can discover its own external IP address. # Pointing this to a STUN server running on the same Docker network may lead to incorrect IP address discovery. diff --git a/roles/matrix-jitsi/tasks/main.yml b/roles/matrix-jitsi/tasks/main.yml index 2bc4a57ff..e4f3508f3 100644 --- a/roles/matrix-jitsi/tasks/main.yml +++ b/roles/matrix-jitsi/tasks/main.yml @@ -2,6 +2,12 @@ tags: - always +- import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup|bool and matrix_jitsi_enabled|bool" + tags: + - setup-all + - setup-jitsi + - import_tasks: "{{ role_path }}/tasks/setup_jitsi_base.yml" when: run_setup|bool tags: diff --git a/roles/matrix-jitsi/tasks/validate_config.yml b/roles/matrix-jitsi/tasks/validate_config.yml new file mode 100644 index 000000000..ea92c914d --- /dev/null +++ b/roles/matrix-jitsi/tasks/validate_config.yml @@ -0,0 +1,21 @@ +--- + +- name: Fail if required Jitsi settings not defined + fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`) for using Jitsi. + + If you're setting up Jitsi for the first time, you may have missed a step. + Refer to our setup instructions (docs/configuring-playbook-jitsi.md). + + If you had setup Jitsi successfully before and it's just now that you're observing this failure, + it means that your installation may be using some default passwords that the playbook used to define until now. + This is not secure and we urge you to rebuild your Jitsi setup. + Refer to the "Rebuilding your Jitsi installation" section in our setup instructions (docs/configuring-playbook-jitsi.md). + when: "vars[item] == ''" + with_items: + - "matrix_jitsi_jibri_xmpp_password" + - "matrix_jitsi_jibri_recorder_password" + - "matrix_jitsi_jicofo_component_secret" + - "matrix_jitsi_jicofo_auth_password" + - "matrix_jitsi_jvb_auth_password"