From 6b8a94ba2efc85970e66ad2a863f8240cddfde70 Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Sat, 11 Mar 2023 11:44:17 +0100 Subject: [PATCH] wip coturn --- .../app/coturn/config/docker-entrypoint.sh | 15 ++++ cluster/prod/app/coturn/deploy/coturn.hcl | 87 +++++++++++++++++++ cluster/prod/app/coturn/integration/cmd.sh | 7 ++ cluster/prod/app/coturn/readme.md | 6 ++ cluster/prod/app/coturn/secrets.toml | 5 ++ 5 files changed, 120 insertions(+) create mode 100755 cluster/prod/app/coturn/config/docker-entrypoint.sh create mode 100644 cluster/prod/app/coturn/deploy/coturn.hcl create mode 100644 cluster/prod/app/coturn/integration/cmd.sh create mode 100644 cluster/prod/app/coturn/readme.md create mode 100644 cluster/prod/app/coturn/secrets.toml diff --git a/cluster/prod/app/coturn/config/docker-entrypoint.sh b/cluster/prod/app/coturn/config/docker-entrypoint.sh new file mode 100755 index 0000000..cd945b0 --- /dev/null +++ b/cluster/prod/app/coturn/config/docker-entrypoint.sh @@ -0,0 +1,15 @@ +#!/bin/sh + +turnserver \ + -n \ + --external-ip=$(detect-external-ip) \ + --min-port=49160 \ + --max-port=49169 \ + --log-file=stdout \ + --use-auth-secret \ + --realm turn.deuxfleurs.fr \ + --no-cli \ + --no-tls \ + --no-dtls \ + --prometheus \ + --static-auth-secret '{{ key "secrets/coturn/static-auth-secret" | trimSpace }}' diff --git a/cluster/prod/app/coturn/deploy/coturn.hcl b/cluster/prod/app/coturn/deploy/coturn.hcl new file mode 100644 index 0000000..2a48f3c --- /dev/null +++ b/cluster/prod/app/coturn/deploy/coturn.hcl @@ -0,0 +1,87 @@ +job "coturn" { + datacenters = ["neptune", "orion"] + type = "service" + + priority = 100 + + constraint { + attribute = "${attr.cpu.arch}" + value = "amd64" + } + + group "main" { + count = 1 + + network { + port "prometheus" { static = 9641 } + port "turn_ctrl" { static = 3478 } + port "turn_data0" { static = 49160 } + port "turn_data1" { static = 49161 } + port "turn_data2" { static = 49162 } + port "turn_data3" { static = 49163 } + port "turn_data4" { static = 49164 } + port "turn_data5" { static = 49165 } + port "turn_data6" { static = 49166 } + port "turn_data7" { static = 49167 } + port "turn_data8" { static = 49168 } + port "turn_data9" { static = 49169 } + } + + task "turnserver" { + driver = "docker" + config { + image = "coturn/coturn:4.6.1-r2-alpine" + ports = [ "prometheus", "turn_ctrl", "turn_data0", "turn_data1", "turn_data2", + "turn_data3", "turn_data4", "turn_data5", "turn_data6", "turn_data7", + "turn_data8", "turn_data9" ] + network_mode = "host" + volumes = [ + "secrets/docker-entrypoint.sh:/usr/local/bin/docker-entrypoint.sh", + ] + } + + template { + data = file("../config/docker-entrypoint.sh") + destination = "secrets/docker-entrypoint.sh" + perms = 555 + } + + resources { + memory = 20 + memory_max = 50 + cpu = 50 + } + + service { + name = "coturn" + tags = [ + "coturn", + "d53-cname turn.deuxfleurs.fr", + "(diplonat (tcp_port 3478) (udp_port 3478 49160 49161 49162 49163 49164 49165 49166 49167 49168 49169))", + ] + port = "turn_ctrl" + check { + type = "http" + protocol = "http" + port = "prometheus" + path = "/" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "600s" + ignore_warnings = false + } + } + } + + restart { + interval = "30m" + attempts = 20 + delay = "15s" + mode = "delay" + } + } + } +} + diff --git a/cluster/prod/app/coturn/integration/cmd.sh b/cluster/prod/app/coturn/integration/cmd.sh new file mode 100644 index 0000000..262cf49 --- /dev/null +++ b/cluster/prod/app/coturn/integration/cmd.sh @@ -0,0 +1,7 @@ +docker run \ + --name coturn \ + --rm \ + -it \ + -v `pwd`/docker-entrypoint.sh:/usr/local/bin/docker-entrypoint.sh \ + --network=host \ + coturn/coturn:4.6.1-r2-alpine diff --git a/cluster/prod/app/coturn/readme.md b/cluster/prod/app/coturn/readme.md new file mode 100644 index 0000000..0036ab2 --- /dev/null +++ b/cluster/prod/app/coturn/readme.md @@ -0,0 +1,6 @@ +stun+turn +tcp: 3478 +udp: 49160-49169 + +prometheus: +tcp: 9641 diff --git a/cluster/prod/app/coturn/secrets.toml b/cluster/prod/app/coturn/secrets.toml new file mode 100644 index 0000000..8b41a31 --- /dev/null +++ b/cluster/prod/app/coturn/secrets.toml @@ -0,0 +1,5 @@ +# coturn +[secrets."coturn/static-auth-secret"] +type = 'command' +rotate = true +command = "openssl rand -base64 64|tr -d '\n'"