Merge branch 'feature/rebase'

This commit is contained in:
Quentin 2020-09-13 12:03:07 +02:00
commit 484c3fe667
206 changed files with 204 additions and 139 deletions

2
.gitmodules vendored
View file

@ -1,5 +1,5 @@
[submodule "docker/static/goStatic"] [submodule "docker/static/goStatic"]
path = docker/static/goStatic path = app/build/static/goStatic
url = https://github.com/PierreZ/goStatic url = https://github.com/PierreZ/goStatic
[submodule "docker/blog/quentin.dufour.io"] [submodule "docker/blog/quentin.dufour.io"]
path = docker/blog-quentin/quentin.dufour.io path = docker/blog-quentin/quentin.dufour.io

View file

@ -10,7 +10,7 @@ We try to build a generic abstraction stack between our different resources (CPU
* ansible (physical node conf) * ansible (physical node conf)
* nomad (schedule containers) * nomad (schedule containers)
* consul (distributed key value store / lock / service discovery) * consul (distributed key value store / lock / service discovery)
* glusterfs (file storage) * garage/glusterfs (file storage)
* stolon + postgresql (distributed relational database) * stolon + postgresql (distributed relational database)
* docker (container tool) * docker (container tool)
* bottin (LDAP server, auth) * bottin (LDAP server, auth)
@ -23,6 +23,21 @@ Some services we provide:
As a generic abstraction is provided, deploying new services should be easy. As a generic abstraction is provided, deploying new services should be easy.
## I am lost, how this repo works?
To ease the development, we make the choice of a fully integrated environment
1. `os` the base os for the cluster
1. `build`: where you will build our OS image based on Debian that you will install on your server
2. `config`: our Ansible recipes to configure and update your freshly installed server
2. `apps` apps we deploy on the cluster
1. `build`: our Docker files to build immutable images of our applications
2. `integration`: Our Docker compose files to test locally how our built images interact together
3. `config`: Files containing application configurations to be deployed on Consul Key Value Store
4. `deployment`: Files containing application definitions to be deployed on Nomad Scheduler
3. `op_guide`: Guides to explain you operations you can do cluster wide (like configuring postgres)
## Start hacking ## Start hacking
### Clone the repository ### Clone the repository

View file

@ -0,0 +1,63 @@
version: '3.4'
services:
# Instant Messaging
riot:
build:
context: ./riotweb
args:
# https://github.com/vector-im/riot-web/releases
VERSION: 1.7.5
image: superboum/amd64_riotweb:v15
synapse:
build:
context: ./matrix-synapse
args:
# https://github.com/matrix-org/synapse/releases
VERSION: 1.19.1
image: superboum/amd64_synapse:v33
# Email
sogo:
build:
context: ./sogo
args:
# fake for now
VERSION: 5.0.0
image: superboum/amd64_sogo:v7
# VoIP
jitsi-meet:
build:
context: ./jitsi-meet
args:
# https://github.com/jitsi/jitsi-meet
PREFIXV: stable/jitsi-meet_
VERSION: 4966
image: superboum/amd64_jitsi_meet:v1
jitsi-conference-focus:
build:
context: ./jitsi-conference-focus
args:
# https://github.com/jitsi/jicofo
PREFIXV: stable/jitsi-meet_
VERSION: 4966
image: superboum/amd64_jitsi_conference_focus:v5
jitsi-videobridge:
build:
context: ./jitsi-videobridge
args:
# https://github.com/jitsi/jitsi-videobridge
PREFIXV: stable/jitsi-meet_
VERSION: 4966
image: superboum/amd64_jitsi_videobridge:v15
jitsi-xmpp:
build:
context: ./jitsi-xmpp
args:
VERSION: fake-1
image: superboum/amd64_jitsi_xmpp:v4

View file

@ -0,0 +1,27 @@
FROM debian:buster AS builder
ARG PREFIXV
ARG VERSION
RUN apt-get update && \
apt-get install -y openjdk-11-jdk maven wget unzip && \
wget https://github.com/jitsi/jicofo/archive/${PREFIXV}${VERSION}.zip -O jicofo.zip
RUN unzip jicofo.zip && \
mv jicofo*${VERSION} jicofo && \
cd jicofo && \
mvn package -DskipTests -Dassembly.skipAssembly=false && \
unzip target/jicofo-1.1-SNAPSHOT-archive.zip && \
mv jicofo-1.1-SNAPSHOT /srv/build
FROM debian:buster
RUN apt-get update && \
apt-get install -y openjdk-11-jre-headless ca-certificates
ENV JAVA_SYS_PROPS="-Dnet.java.sip.communicator.SC_HOME_DIR_LOCATION=/root -Dnet.java.sip.communicator.SC_HOME_DIR_NAME=.sip-communicator -Dnet.java.sip.communicator.SC_LOG_DIR_LOCATION=/var/log/jitsi"
COPY --from=builder /srv/build /srv/jicofo
COPY jicofo /usr/local/bin/jicofo
COPY sip-communicator.properties /root/.sip-communicator/sip-communicator.properties
CMD ["/usr/local/bin/jicofo"]

View file

@ -0,0 +1,2 @@
org.jitsi.jicofo.SHORT_ID=1
org.jitsi.jicofo.BRIDGE_MUC=JvbBrewery@internal.auth.jitsi.deuxfleurs.fr

View file

@ -0,0 +1,28 @@
FROM debian:buster AS builder
ARG PREFIXV
ARG VERSION
RUN apt-get update && \
apt-get install -y curl && \
curl -sL https://deb.nodesource.com/setup_14.x | bash - && \
apt-get install -y git nodejs make wget unzip && \
wget https://github.com/jitsi/jitsi-meet/archive/${PREFIXV}${VERSION}.zip -O jitsi-meet.zip
RUN unzip jitsi-meet.zip && \
mv jitsi-meet-*${VERSION} jitsi-meet && \
cd jitsi-meet && \
npm install && \
make
FROM debian:buster
COPY --from=builder /jitsi-meet /srv/jitsi-meet
RUN apt-get update && \
apt-get install -y nginx && \
rm /etc/nginx/sites-enabled/*
COPY config.js /srv/jitsi-meet/config.js
COPY entrypoint.sh /usr/local/bin/entrypoint
ENTRYPOINT ["/usr/local/bin/entrypoint"]
CMD ["/usr/sbin/nginx", "-g", "daemon off;"]

View file

@ -1,21 +1,24 @@
FROM debian:buster AS builder FROM debian:buster AS builder
RUN apt-get update && \ ARG PREFIXV
apt-get install -y wget unzip maven openjdk-11-jdk ARG VERSION
ENV VERSION=4468 RUN apt-get update && \
RUN wget https://github.com/jitsi/jitsi-videobridge/archive/stable/jitsi-meet_${VERSION}.zip -O jvb.zip && \ apt-get install -y wget unzip maven openjdk-11-jdk && \
unzip jvb.zip && \ wget https://github.com/jitsi/jitsi-videobridge/archive/${PREFIXV}${VERSION}.zip -O jvb.zip
mv jitsi-videobridge-stable-jitsi-meet_${VERSION} jvb && \
RUN unzip jvb.zip && \
mv jitsi-videobridge*${VERSION} jvb && \
cd jvb && \ cd jvb && \
mvn package -DskipTests && \ mvn package -DskipTests && \
unzip target/jitsi-videobridge-*.zip && \ ls jvb/target && \
unzip jvb/target/jitsi-videobridge*.zip && \
mv jitsi-videobridge-*-SNAPSHOT build mv jitsi-videobridge-*-SNAPSHOT build
FROM debian:buster FROM debian:buster
RUN apt-get update && \ RUN apt-get update && \
apt-get install -y openjdk-11-jdk apt-get install -y openjdk-11-jre-headless
COPY --from=builder /jvb/build /srv/jvb COPY --from=builder /jvb/build /srv/jvb
ENV HOME=/root ENV HOME=/root

View file

@ -8,9 +8,24 @@ EOF
mkdir -p /root/.sip-communicator mkdir -p /root/.sip-communicator
cat > /root/.sip-communicator/sip-communicator.properties <<EOF cat > /root/.sip-communicator/sip-communicator.properties <<EOF
# Enable broadcasting stats/presence in a MUC
org.jitsi.videobridge.ENABLE_STATISTICS=true
org.jitsi.videobridge.STATISTICS_TRANSPORT=muc
# Connect to the first XMPP server
org.jitsi.videobridge.xmpp.user.shard.HOSTNAME=jitsi.deuxfleurs.fr
org.jitsi.videobridge.xmpp.user.shard.DOMAIN=auth.jitsi.deuxfleurs.fr
org.jitsi.videobridge.xmpp.user.shard.USERNAME=jvb
org.jitsi.videobridge.xmpp.user.shard.PASSWORD=${JITSI_SECRET_VIDEOBRIDGE}
org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS=JvbBrewery@internal.auth.jitsi.deuxfleurs.fr
org.jitsi.videobridge.xmpp.user.shard.MUC=JvbBrewery@internal.auth.jitsi.deuxfleurs.fr
org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME=singleton
org.jitsi.videobridge.xmpp.user.shard.DISABLE_CERTIFICATE_VERIFICATION=true
# Do we need it? @FIXME
org.jitsi.impl.neomedia.transform.srtp.SRTPCryptoContext.checkReplay=false org.jitsi.impl.neomedia.transform.srtp.SRTPCryptoContext.checkReplay=false
# The videobridge uses 443 by default with 4443 as a fallback, but since we're already
# running nginx on 443 in this example doc, we specify 4443 manually to avoid a race condition # NAT things, two times just in case...
org.ice4j.ice.harvest.TCP_HARVESTER_PORT=${JITSI_VIDEO_TCP} org.ice4j.ice.harvest.TCP_HARVESTER_PORT=${JITSI_VIDEO_TCP}
org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=${JITSI_NAT_LOCAL_IP} org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=${JITSI_NAT_LOCAL_IP}
org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=${JITSI_NAT_PUBLIC_IP} org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=${JITSI_NAT_PUBLIC_IP}
@ -35,4 +50,5 @@ EOF
--host=${JITSI_PROSODY_HOST} \ --host=${JITSI_PROSODY_HOST} \
--domain=jitsi.deuxfleurs.fr \ --domain=jitsi.deuxfleurs.fr \
--port=5347 \ --port=5347 \
--secret=${JITSI_SECRET_VIDEOBRIDGE} --secret=${JITSI_SECRET_VIDEOBRIDGE} \
--apis=xmpp,rest

View file

@ -8,31 +8,36 @@ EOF
mkdir -p /etc/prosody/conf.{d,avail}/ mkdir -p /etc/prosody/conf.{d,avail}/
cat > /etc/prosody/conf.avail/jitsi.deuxfleurs.fr.cfg.lua <<EOF cat > /etc/prosody/conf.avail/jitsi.deuxfleurs.fr.cfg.lua <<EOF
VirtualHost "jitsi.deuxfleurs.fr" VirtualHost "jitsi.deuxfleurs.fr"
authentication = "anonymous" authentication = "anonymous"
ssl = { ssl = {
key = "/var/lib/prosody/jitsi.deuxfleurs.fr.key"; key = "/var/lib/prosody/jitsi.deuxfleurs.fr.key";
certificate = "/var/lib/prosody/jitsi.deuxfleurs.fr.crt"; certificate = "/var/lib/prosody/jitsi.deuxfleurs.fr.crt";
} }
modules_enabled = { modules_enabled = {
"bosh"; "bosh";
"pubsub"; "pubsub";
} }
c2s_require_encryption = false c2s_require_encryption = false
VirtualHost "auth.jitsi.deuxfleurs.fr" VirtualHost "auth.jitsi.deuxfleurs.fr"
ssl = { ssl = {
key = "/var/lib/prosody/auth.jitsi.deuxfleurs.fr.key"; key = "/var/lib/prosody/auth.jitsi.deuxfleurs.fr.key";
certificate = "/var/lib/prosody/auth.jitsi.deuxfleurs.fr.crt"; certificate = "/var/lib/prosody/auth.jitsi.deuxfleurs.fr.crt";
} }
authentication = "internal_plain" authentication = "internal_plain"
admins = { "focus@auth.jitsi.deuxfleurs.fr"}
admins = { "focus@auth.jitsi.deuxfleurs.fr" }
Component "conference.jitsi.deuxfleurs.fr" "muc" Component "conference.jitsi.deuxfleurs.fr" "muc"
Component "internal.auth.jitsi.deuxfleurs.fr" "muc"
storage = "memory"
modules_enabled = { "ping"; }
admins = { "focus@auth.jitsi.deuxfleurs.fr", "jvb@auth.jitsi.deuxfleurs.fr" }
Component "jitsi-videobridge.jitsi.deuxfleurs.fr" Component "jitsi-videobridge.jitsi.deuxfleurs.fr"
component_secret = "${JITSI_SECRET_VIDEOBRIDGE}" component_secret = "${JITSI_SECRET_VIDEOBRIDGE}"
Component "focus.jitsi.deuxfleurs.fr" Component "focus.jitsi.deuxfleurs.fr"
component_secret = "${JITSI_SECRET_JICOFO_COMPONENT}" component_secret = "${JITSI_SECRET_JICOFO_COMPONENT}"
EOF EOF
ln -sf \ ln -sf \

View file

@ -10,6 +10,7 @@ ln -sf \
/usr/local/share/ca-certificates/auth.jitsi.deuxfleurs.fr.crt /usr/local/share/ca-certificates/auth.jitsi.deuxfleurs.fr.crt
prosodyctl register focus auth.jitsi.deuxfleurs.fr ${JITSI_SECRET_JICOFO_USER} prosodyctl register focus auth.jitsi.deuxfleurs.fr ${JITSI_SECRET_JICOFO_USER}
prosodyctl register jvb auth.jitsi.deuxfleurs.fr ${JITSI_SECRET_VIDEOBRIDGE}
mkdir /run/prosody mkdir /run/prosody
touch /run/prosody/prosody.pid touch /run/prosody/prosody.pid

Some files were not shown because too many files have changed in this diff Show more