Merge branch 'feature/rebase'
This commit is contained in:
commit
484c3fe667
206 changed files with 204 additions and 139 deletions
2
.gitmodules
vendored
2
.gitmodules
vendored
|
@ -1,5 +1,5 @@
|
||||||
[submodule "docker/static/goStatic"]
|
[submodule "docker/static/goStatic"]
|
||||||
path = docker/static/goStatic
|
path = app/build/static/goStatic
|
||||||
url = https://github.com/PierreZ/goStatic
|
url = https://github.com/PierreZ/goStatic
|
||||||
[submodule "docker/blog/quentin.dufour.io"]
|
[submodule "docker/blog/quentin.dufour.io"]
|
||||||
path = docker/blog-quentin/quentin.dufour.io
|
path = docker/blog-quentin/quentin.dufour.io
|
||||||
|
|
17
README.md
17
README.md
|
@ -10,7 +10,7 @@ We try to build a generic abstraction stack between our different resources (CPU
|
||||||
* ansible (physical node conf)
|
* ansible (physical node conf)
|
||||||
* nomad (schedule containers)
|
* nomad (schedule containers)
|
||||||
* consul (distributed key value store / lock / service discovery)
|
* consul (distributed key value store / lock / service discovery)
|
||||||
* glusterfs (file storage)
|
* garage/glusterfs (file storage)
|
||||||
* stolon + postgresql (distributed relational database)
|
* stolon + postgresql (distributed relational database)
|
||||||
* docker (container tool)
|
* docker (container tool)
|
||||||
* bottin (LDAP server, auth)
|
* bottin (LDAP server, auth)
|
||||||
|
@ -23,6 +23,21 @@ Some services we provide:
|
||||||
|
|
||||||
As a generic abstraction is provided, deploying new services should be easy.
|
As a generic abstraction is provided, deploying new services should be easy.
|
||||||
|
|
||||||
|
## I am lost, how this repo works?
|
||||||
|
|
||||||
|
To ease the development, we make the choice of a fully integrated environment
|
||||||
|
|
||||||
|
1. `os` the base os for the cluster
|
||||||
|
1. `build`: where you will build our OS image based on Debian that you will install on your server
|
||||||
|
2. `config`: our Ansible recipes to configure and update your freshly installed server
|
||||||
|
2. `apps` apps we deploy on the cluster
|
||||||
|
1. `build`: our Docker files to build immutable images of our applications
|
||||||
|
2. `integration`: Our Docker compose files to test locally how our built images interact together
|
||||||
|
3. `config`: Files containing application configurations to be deployed on Consul Key Value Store
|
||||||
|
4. `deployment`: Files containing application definitions to be deployed on Nomad Scheduler
|
||||||
|
3. `op_guide`: Guides to explain you operations you can do cluster wide (like configuring postgres)
|
||||||
|
|
||||||
|
|
||||||
## Start hacking
|
## Start hacking
|
||||||
|
|
||||||
### Clone the repository
|
### Clone the repository
|
||||||
|
|
63
app/build/docker-compose.yml
Normal file
63
app/build/docker-compose.yml
Normal file
|
@ -0,0 +1,63 @@
|
||||||
|
version: '3.4'
|
||||||
|
services:
|
||||||
|
|
||||||
|
# Instant Messaging
|
||||||
|
riot:
|
||||||
|
build:
|
||||||
|
context: ./riotweb
|
||||||
|
args:
|
||||||
|
# https://github.com/vector-im/riot-web/releases
|
||||||
|
VERSION: 1.7.5
|
||||||
|
image: superboum/amd64_riotweb:v15
|
||||||
|
|
||||||
|
synapse:
|
||||||
|
build:
|
||||||
|
context: ./matrix-synapse
|
||||||
|
args:
|
||||||
|
# https://github.com/matrix-org/synapse/releases
|
||||||
|
VERSION: 1.19.1
|
||||||
|
image: superboum/amd64_synapse:v33
|
||||||
|
|
||||||
|
# Email
|
||||||
|
sogo:
|
||||||
|
build:
|
||||||
|
context: ./sogo
|
||||||
|
args:
|
||||||
|
# fake for now
|
||||||
|
VERSION: 5.0.0
|
||||||
|
image: superboum/amd64_sogo:v7
|
||||||
|
|
||||||
|
# VoIP
|
||||||
|
jitsi-meet:
|
||||||
|
build:
|
||||||
|
context: ./jitsi-meet
|
||||||
|
args:
|
||||||
|
# https://github.com/jitsi/jitsi-meet
|
||||||
|
PREFIXV: stable/jitsi-meet_
|
||||||
|
VERSION: 4966
|
||||||
|
image: superboum/amd64_jitsi_meet:v1
|
||||||
|
|
||||||
|
jitsi-conference-focus:
|
||||||
|
build:
|
||||||
|
context: ./jitsi-conference-focus
|
||||||
|
args:
|
||||||
|
# https://github.com/jitsi/jicofo
|
||||||
|
PREFIXV: stable/jitsi-meet_
|
||||||
|
VERSION: 4966
|
||||||
|
image: superboum/amd64_jitsi_conference_focus:v5
|
||||||
|
|
||||||
|
jitsi-videobridge:
|
||||||
|
build:
|
||||||
|
context: ./jitsi-videobridge
|
||||||
|
args:
|
||||||
|
# https://github.com/jitsi/jitsi-videobridge
|
||||||
|
PREFIXV: stable/jitsi-meet_
|
||||||
|
VERSION: 4966
|
||||||
|
image: superboum/amd64_jitsi_videobridge:v15
|
||||||
|
|
||||||
|
jitsi-xmpp:
|
||||||
|
build:
|
||||||
|
context: ./jitsi-xmpp
|
||||||
|
args:
|
||||||
|
VERSION: fake-1
|
||||||
|
image: superboum/amd64_jitsi_xmpp:v4
|
27
app/build/jitsi-conference-focus/Dockerfile
Normal file
27
app/build/jitsi-conference-focus/Dockerfile
Normal file
|
@ -0,0 +1,27 @@
|
||||||
|
FROM debian:buster AS builder
|
||||||
|
|
||||||
|
ARG PREFIXV
|
||||||
|
ARG VERSION
|
||||||
|
RUN apt-get update && \
|
||||||
|
apt-get install -y openjdk-11-jdk maven wget unzip && \
|
||||||
|
wget https://github.com/jitsi/jicofo/archive/${PREFIXV}${VERSION}.zip -O jicofo.zip
|
||||||
|
|
||||||
|
RUN unzip jicofo.zip && \
|
||||||
|
mv jicofo*${VERSION} jicofo && \
|
||||||
|
cd jicofo && \
|
||||||
|
mvn package -DskipTests -Dassembly.skipAssembly=false && \
|
||||||
|
unzip target/jicofo-1.1-SNAPSHOT-archive.zip && \
|
||||||
|
mv jicofo-1.1-SNAPSHOT /srv/build
|
||||||
|
|
||||||
|
FROM debian:buster
|
||||||
|
|
||||||
|
RUN apt-get update && \
|
||||||
|
apt-get install -y openjdk-11-jre-headless ca-certificates
|
||||||
|
|
||||||
|
ENV JAVA_SYS_PROPS="-Dnet.java.sip.communicator.SC_HOME_DIR_LOCATION=/root -Dnet.java.sip.communicator.SC_HOME_DIR_NAME=.sip-communicator -Dnet.java.sip.communicator.SC_LOG_DIR_LOCATION=/var/log/jitsi"
|
||||||
|
|
||||||
|
COPY --from=builder /srv/build /srv/jicofo
|
||||||
|
COPY jicofo /usr/local/bin/jicofo
|
||||||
|
COPY sip-communicator.properties /root/.sip-communicator/sip-communicator.properties
|
||||||
|
|
||||||
|
CMD ["/usr/local/bin/jicofo"]
|
|
@ -0,0 +1,2 @@
|
||||||
|
org.jitsi.jicofo.SHORT_ID=1
|
||||||
|
org.jitsi.jicofo.BRIDGE_MUC=JvbBrewery@internal.auth.jitsi.deuxfleurs.fr
|
28
app/build/jitsi-meet/Dockerfile
Normal file
28
app/build/jitsi-meet/Dockerfile
Normal file
|
@ -0,0 +1,28 @@
|
||||||
|
FROM debian:buster AS builder
|
||||||
|
|
||||||
|
ARG PREFIXV
|
||||||
|
ARG VERSION
|
||||||
|
|
||||||
|
RUN apt-get update && \
|
||||||
|
apt-get install -y curl && \
|
||||||
|
curl -sL https://deb.nodesource.com/setup_14.x | bash - && \
|
||||||
|
apt-get install -y git nodejs make wget unzip && \
|
||||||
|
wget https://github.com/jitsi/jitsi-meet/archive/${PREFIXV}${VERSION}.zip -O jitsi-meet.zip
|
||||||
|
|
||||||
|
RUN unzip jitsi-meet.zip && \
|
||||||
|
mv jitsi-meet-*${VERSION} jitsi-meet && \
|
||||||
|
cd jitsi-meet && \
|
||||||
|
npm install && \
|
||||||
|
make
|
||||||
|
|
||||||
|
FROM debian:buster
|
||||||
|
|
||||||
|
COPY --from=builder /jitsi-meet /srv/jitsi-meet
|
||||||
|
RUN apt-get update && \
|
||||||
|
apt-get install -y nginx && \
|
||||||
|
rm /etc/nginx/sites-enabled/*
|
||||||
|
|
||||||
|
COPY config.js /srv/jitsi-meet/config.js
|
||||||
|
COPY entrypoint.sh /usr/local/bin/entrypoint
|
||||||
|
ENTRYPOINT ["/usr/local/bin/entrypoint"]
|
||||||
|
CMD ["/usr/sbin/nginx", "-g", "daemon off;"]
|
|
@ -1,21 +1,24 @@
|
||||||
FROM debian:buster AS builder
|
FROM debian:buster AS builder
|
||||||
|
|
||||||
RUN apt-get update && \
|
ARG PREFIXV
|
||||||
apt-get install -y wget unzip maven openjdk-11-jdk
|
ARG VERSION
|
||||||
|
|
||||||
ENV VERSION=4468
|
RUN apt-get update && \
|
||||||
RUN wget https://github.com/jitsi/jitsi-videobridge/archive/stable/jitsi-meet_${VERSION}.zip -O jvb.zip && \
|
apt-get install -y wget unzip maven openjdk-11-jdk && \
|
||||||
unzip jvb.zip && \
|
wget https://github.com/jitsi/jitsi-videobridge/archive/${PREFIXV}${VERSION}.zip -O jvb.zip
|
||||||
mv jitsi-videobridge-stable-jitsi-meet_${VERSION} jvb && \
|
|
||||||
|
RUN unzip jvb.zip && \
|
||||||
|
mv jitsi-videobridge*${VERSION} jvb && \
|
||||||
cd jvb && \
|
cd jvb && \
|
||||||
mvn package -DskipTests && \
|
mvn package -DskipTests && \
|
||||||
unzip target/jitsi-videobridge-*.zip && \
|
ls jvb/target && \
|
||||||
|
unzip jvb/target/jitsi-videobridge*.zip && \
|
||||||
mv jitsi-videobridge-*-SNAPSHOT build
|
mv jitsi-videobridge-*-SNAPSHOT build
|
||||||
|
|
||||||
FROM debian:buster
|
FROM debian:buster
|
||||||
|
|
||||||
RUN apt-get update && \
|
RUN apt-get update && \
|
||||||
apt-get install -y openjdk-11-jdk
|
apt-get install -y openjdk-11-jre-headless
|
||||||
|
|
||||||
COPY --from=builder /jvb/build /srv/jvb
|
COPY --from=builder /jvb/build /srv/jvb
|
||||||
ENV HOME=/root
|
ENV HOME=/root
|
|
@ -8,9 +8,24 @@ EOF
|
||||||
mkdir -p /root/.sip-communicator
|
mkdir -p /root/.sip-communicator
|
||||||
|
|
||||||
cat > /root/.sip-communicator/sip-communicator.properties <<EOF
|
cat > /root/.sip-communicator/sip-communicator.properties <<EOF
|
||||||
|
# Enable broadcasting stats/presence in a MUC
|
||||||
|
org.jitsi.videobridge.ENABLE_STATISTICS=true
|
||||||
|
org.jitsi.videobridge.STATISTICS_TRANSPORT=muc
|
||||||
|
|
||||||
|
# Connect to the first XMPP server
|
||||||
|
org.jitsi.videobridge.xmpp.user.shard.HOSTNAME=jitsi.deuxfleurs.fr
|
||||||
|
org.jitsi.videobridge.xmpp.user.shard.DOMAIN=auth.jitsi.deuxfleurs.fr
|
||||||
|
org.jitsi.videobridge.xmpp.user.shard.USERNAME=jvb
|
||||||
|
org.jitsi.videobridge.xmpp.user.shard.PASSWORD=${JITSI_SECRET_VIDEOBRIDGE}
|
||||||
|
org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS=JvbBrewery@internal.auth.jitsi.deuxfleurs.fr
|
||||||
|
org.jitsi.videobridge.xmpp.user.shard.MUC=JvbBrewery@internal.auth.jitsi.deuxfleurs.fr
|
||||||
|
org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME=singleton
|
||||||
|
org.jitsi.videobridge.xmpp.user.shard.DISABLE_CERTIFICATE_VERIFICATION=true
|
||||||
|
|
||||||
|
# Do we need it? @FIXME
|
||||||
org.jitsi.impl.neomedia.transform.srtp.SRTPCryptoContext.checkReplay=false
|
org.jitsi.impl.neomedia.transform.srtp.SRTPCryptoContext.checkReplay=false
|
||||||
# The videobridge uses 443 by default with 4443 as a fallback, but since we're already
|
|
||||||
# running nginx on 443 in this example doc, we specify 4443 manually to avoid a race condition
|
# NAT things, two times just in case...
|
||||||
org.ice4j.ice.harvest.TCP_HARVESTER_PORT=${JITSI_VIDEO_TCP}
|
org.ice4j.ice.harvest.TCP_HARVESTER_PORT=${JITSI_VIDEO_TCP}
|
||||||
org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=${JITSI_NAT_LOCAL_IP}
|
org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=${JITSI_NAT_LOCAL_IP}
|
||||||
org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=${JITSI_NAT_PUBLIC_IP}
|
org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=${JITSI_NAT_PUBLIC_IP}
|
||||||
|
@ -35,4 +50,5 @@ EOF
|
||||||
--host=${JITSI_PROSODY_HOST} \
|
--host=${JITSI_PROSODY_HOST} \
|
||||||
--domain=jitsi.deuxfleurs.fr \
|
--domain=jitsi.deuxfleurs.fr \
|
||||||
--port=5347 \
|
--port=5347 \
|
||||||
--secret=${JITSI_SECRET_VIDEOBRIDGE}
|
--secret=${JITSI_SECRET_VIDEOBRIDGE} \
|
||||||
|
--apis=xmpp,rest
|
|
@ -8,31 +8,36 @@ EOF
|
||||||
mkdir -p /etc/prosody/conf.{d,avail}/
|
mkdir -p /etc/prosody/conf.{d,avail}/
|
||||||
cat > /etc/prosody/conf.avail/jitsi.deuxfleurs.fr.cfg.lua <<EOF
|
cat > /etc/prosody/conf.avail/jitsi.deuxfleurs.fr.cfg.lua <<EOF
|
||||||
VirtualHost "jitsi.deuxfleurs.fr"
|
VirtualHost "jitsi.deuxfleurs.fr"
|
||||||
authentication = "anonymous"
|
authentication = "anonymous"
|
||||||
ssl = {
|
ssl = {
|
||||||
key = "/var/lib/prosody/jitsi.deuxfleurs.fr.key";
|
key = "/var/lib/prosody/jitsi.deuxfleurs.fr.key";
|
||||||
certificate = "/var/lib/prosody/jitsi.deuxfleurs.fr.crt";
|
certificate = "/var/lib/prosody/jitsi.deuxfleurs.fr.crt";
|
||||||
}
|
}
|
||||||
modules_enabled = {
|
modules_enabled = {
|
||||||
"bosh";
|
"bosh";
|
||||||
"pubsub";
|
"pubsub";
|
||||||
}
|
}
|
||||||
c2s_require_encryption = false
|
c2s_require_encryption = false
|
||||||
|
|
||||||
VirtualHost "auth.jitsi.deuxfleurs.fr"
|
VirtualHost "auth.jitsi.deuxfleurs.fr"
|
||||||
ssl = {
|
ssl = {
|
||||||
key = "/var/lib/prosody/auth.jitsi.deuxfleurs.fr.key";
|
key = "/var/lib/prosody/auth.jitsi.deuxfleurs.fr.key";
|
||||||
certificate = "/var/lib/prosody/auth.jitsi.deuxfleurs.fr.crt";
|
certificate = "/var/lib/prosody/auth.jitsi.deuxfleurs.fr.crt";
|
||||||
}
|
}
|
||||||
authentication = "internal_plain"
|
authentication = "internal_plain"
|
||||||
|
admins = { "focus@auth.jitsi.deuxfleurs.fr"}
|
||||||
admins = { "focus@auth.jitsi.deuxfleurs.fr" }
|
|
||||||
|
|
||||||
Component "conference.jitsi.deuxfleurs.fr" "muc"
|
Component "conference.jitsi.deuxfleurs.fr" "muc"
|
||||||
|
Component "internal.auth.jitsi.deuxfleurs.fr" "muc"
|
||||||
|
storage = "memory"
|
||||||
|
modules_enabled = { "ping"; }
|
||||||
|
admins = { "focus@auth.jitsi.deuxfleurs.fr", "jvb@auth.jitsi.deuxfleurs.fr" }
|
||||||
|
|
||||||
Component "jitsi-videobridge.jitsi.deuxfleurs.fr"
|
Component "jitsi-videobridge.jitsi.deuxfleurs.fr"
|
||||||
component_secret = "${JITSI_SECRET_VIDEOBRIDGE}"
|
component_secret = "${JITSI_SECRET_VIDEOBRIDGE}"
|
||||||
Component "focus.jitsi.deuxfleurs.fr"
|
Component "focus.jitsi.deuxfleurs.fr"
|
||||||
component_secret = "${JITSI_SECRET_JICOFO_COMPONENT}"
|
component_secret = "${JITSI_SECRET_JICOFO_COMPONENT}"
|
||||||
|
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
ln -sf \
|
ln -sf \
|
|
@ -10,6 +10,7 @@ ln -sf \
|
||||||
/usr/local/share/ca-certificates/auth.jitsi.deuxfleurs.fr.crt
|
/usr/local/share/ca-certificates/auth.jitsi.deuxfleurs.fr.crt
|
||||||
|
|
||||||
prosodyctl register focus auth.jitsi.deuxfleurs.fr ${JITSI_SECRET_JICOFO_USER}
|
prosodyctl register focus auth.jitsi.deuxfleurs.fr ${JITSI_SECRET_JICOFO_USER}
|
||||||
|
prosodyctl register jvb auth.jitsi.deuxfleurs.fr ${JITSI_SECRET_VIDEOBRIDGE}
|
||||||
|
|
||||||
mkdir /run/prosody
|
mkdir /run/prosody
|
||||||
touch /run/prosody/prosody.pid
|
touch /run/prosody/prosody.pid
|
Some files were not shown because too many files have changed in this diff Show more
Reference in a new issue