Add BigBlueButton role

- Add documentation about Ansible encrypted strings - Bump minimum Ansible version, simplify version comparison - Add molecule testing of BigBlueButton Ansible role - Add Travis CI scripts to a separate directory - Bump versions of CI package dependencies - Update yamllint configuration Co-authored-by: core <core>
PrivacyLx · Jan 27, 2021 · 6cd8194 · 6cd8194
1 parent 492558f
commit 6cd8194
Show file tree

Hide file tree

Showing 24 changed files with 531 additions and 84 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,2 +1,3 @@
 *.swp
 *.swo
+ansible/roles.galaxy
diff --git a/.travis.yml b/.travis.yml
@@ -1,15 +1,15 @@
 ---
 
-os: linux
 dist: bionic
 language: python
-python:
-  - "3.7"
+python: "3.8"
 
 jobs:
   include:
   - name: "Testing ansible playbook `deploy-discourse.yml`"
     env: TEST_ROLE=discourse
+  - name: "Testing ansible playbook `deploy-bigbluebutton.yml`"
+    env: TEST_ROLE=bigbluebutton
   - name: "Testing ansible playbook `deploy-matterbridge.yml`"
     env: TEST_ROLE=matterbridge
 
@@ -18,35 +18,12 @@ cache:
     - /home/travis/.vagrant.d/boxes
     - /home/travis/.cache/pipenv
 
-before_install:
-  # Install libvirt, travis and KVM
-  # https://github.com/alvistack/ansible-role-virtualbox/blob/master/.travis.yml
-  - |
-    curl -Os https://releases.hashicorp.com/vagrant/2.2.7/vagrant_2.2.7_x86_64.deb
-    curl -Os https://releases.hashicorp.com/vagrant/2.2.7/vagrant_2.2.7_SHA256SUMS
-    curl -Os https://releases.hashicorp.com/vagrant/2.2.7/vagrant_2.2.7_SHA256SUMS.sig
-    gpg --receive-key 51852D87348FFC4C
-    gpg --verify vagrant_2.2.7_SHA256SUMS.sig vagrant_2.2.7_SHA256SUMS
-    sha256sum -c vagrant_2.2.7_SHA256SUMS 2>&1 | grep OK
-    sudo apt-get -qq update
-    sudo apt-get -qq install bridge-utils dnsmasq-base ebtables libvirt-bin \
-        libvirt-dev qemu-kvm qemu-utils ruby-dev
-    sudo dpkg -i vagrant_2.2.7_x86_64.deb
-    sudo vagrant plugin install vagrant-libvirt
-    sudo vagrant plugin list
-    rm -rf vagrant_2.2.7_*
-  # pipenv installation
-  # https://github.com/jonashackt/molecule-ansible-docker-aws/blob/master/.travis.yml
-  - |
-    sudo apt-get -qq install python3.7
-    curl -skL https://bootstrap.pypa.io/get-pip.py | sudo -H python3.7
-    sudo -H pip3 install pipenv
-    sudo -H pipenv install
+install:
+  - cd ci && ./install.sh
 
 script:
-  - |
-    cd ansible/roles/$TEST_ROLE
-    sudo -E pipenv run molecule lint
-    sudo -E pipenv run molecule syntax
-    travis_wait 30 sudo -E pipenv run molecule converge
-    travis_wait 30 sudo -E pipenv run molecule idempotence
+  - cd ${TRAVIS_BUILD_DIR}/ansible/roles/$TEST_ROLE
+  - sudo -E pipenv run molecule lint
+  - sudo -E pipenv run molecule syntax
+  - travis_wait 30 sudo -E pipenv run molecule converge
+  - travis_wait 30 sudo -E pipenv run molecule idempotence
diff --git a/.yamllint b/.yamllint
@@ -4,7 +4,8 @@ extends: default
 
 rules:
   braces:
-    max-spaces-inside: 1
+    max-spaces-inside: -1
+    min-spaces-inside: 2
     level: error
   brackets:
     max-spaces-inside: 1
@@ -29,5 +30,5 @@ rules:
   new-line-at-end-of-file: disable
   new-lines:
     type: unix
-  trailing-spaces: disable
+  trailing-spaces: enable
   truthy: disable
diff --git a/Pipfile b/Pipfile
diff --git a/README.md b/README.md
@@ -106,6 +106,10 @@ after package upgrades:
 
 `cd ansible && ansible-playbook --vault-id @prompt -i inventory/production deploy-update.yml --extra-vars=reboot_enabled=true`
 
+### Deploy BigBlueButton
+
+`cd ansible && ansible-playbook --vault-id @prompt -i inventory/production deploy-bigbluebutton.yml`
+
 ## Adding SSH fingerprints to known hosts
 
 1. Get an SSH fingerprint from a local `known_hosts` file for a given hostname
@@ -124,11 +128,29 @@ List almost all group/host variables:
 
 `ansible --vault-id @prompt -i inventory/testing -m debug group/host -a "var=vars"`
 
+### Ansible vault
+
+#### Create encrypted strings
+
+Use `encrypt_string` to create encrypted variables to embed in inventory file:
+
+`ansible-vault encrypt_string --vault-id prompt --stdin-name 'variable_name'`
+
+**Note:** Do not press Enter after supplying the string. That will add a newline
+to the encrypted value.
+
+#### View encrypted strings
+
+You can view the original value of an encrypted string by using the debug module:
+
+`ansible localhost -m debug -a var="variable_name" -e "@ansible/inventory/testing/group_vars/all/vars.yml" --vault-id prompt`
+
 ### Docs
 
 - [Ansible Documentation: Playbook Filters](https://docs.ansible.com/ansible/latest/user_guide/playbooks_filters.html)
 - [Ansible Documentation: Using Variables]( https://docs.ansible.com/ansible/latest/user_guide/playbooks_variables.html)
 - [Ansible Documentation: Special Variables](https://docs.ansible.com/ansible/latest/reference_appendices/special_variables.html)
+- [Ansible Documentation: Vault](https://docs.ansible.com/ansible/latest/user_guide/vault.html)
 
 ## Naming convention
 

diff --git a/ansible/ansible-version.yml b/ansible/ansible-version.yml
@@ -4,20 +4,14 @@
   connection: local
   gather_facts: false
   tags: always
-  tasks:
+  pre_tasks:
+    - name: Set minimun required Ansible version
+      set_fact:
+        ansible_version_min: 2.10.0
     - name: Ensure we have minimum Ansible version "{{ ansible_version_min }}"
       assert:
-        msg: "ansible_version: {{ ansible_version }}"
-        that: "ansible_version.full is version_compare('{{ ansible_version_min }}', '>=')"
-      when: "ansible_version.full is version_compare('2.7', '<')"
-      run_once: true
-
-    - name: Ensure we have minimum Ansible version "{{ ansible_version_min }}"
-      assert:
-        that: "ansible_version.full is version_compare('{{ ansible_version_min }}', '>=')"
-        fail_msg: >-
-                  "ansible_version: {{ ansible_version.full }}"
-                  "You must install Ansible version >= {{ ansible_version_min }}"
-        success_msg: "ansible_version: {{ ansible_version.full }}"
-      when: "ansible_version.full is version_compare('2.7', '>=')"
+        that: ansible_version.full is version('{{ ansible_version_min }}', '>=')
+        msg: |
+          You are using Ansible version: {{ ansible_version.full }}
+          The minimum required version of Ansible is: {{ ansible_version_min }}
       run_once: true
diff --git a/ansible/deploy-bigbluebutton.yml b/ansible/deploy-bigbluebutton.yml
@@ -0,0 +1,11 @@
+---
+
+- import_playbook: ansible-version.yml
+
+- name: "Deploy a BigBlueButton server"
+  hosts: "{{ target if target is defined else 'bigbluebutton' }}"
+  become: true
+
+  roles:
+    - role: bigbluebutton
+      tags: molecule-idempotence-notest
diff --git a/ansible/inventory/molecule/group_vars/all/vars.yml b/ansible/inventory/molecule/group_vars/all/vars.yml
@@ -1,6 +1,3 @@
-# Minimun required Ansible version
-ansible_version_min: 2.8
-
 # Admin email address
 admin_email: [email protected]
 

diff --git a/ansible/inventory/molecule/group_vars/bigbluebutton/vars.yml b/ansible/inventory/molecule/group_vars/bigbluebutton/vars.yml
@@ -0,0 +1,67 @@
+bbb_letsencrypt_enable: false
+bbb_letsencrypt_email: [email protected]
+# Use latest to update BBB and present to keep currently installed version.
+bbb_state: "latest"
+bbb_api_demos_enable: false
+bbb_disable_recordings: true
+# Greenlight registration mode: open (default), invite, approval
+bbb_greenlight_default_registration: approval
+# https://docs.bigbluebutton.org/2.2/troubleshooting.html#freeswitch-fails-to-start-with-a-setscheduler-error
+bbb_cpuschedule: false
+# https://docs.bigbluebutton.org/2.2/troubleshooting.html#freeswitch-fails-to-bind-to-port-8021
+bbb_freeswitch_ipv6: false
+# Generate Diff-Hellmann for nginx
+bbb_nginx_dh: yes
+bbb_app_log_level: 'ERROR'
+
+# https://github.com/bigbluebutton/bigbluebutton/blob/develop/bigbluebutton-html5/private/config/settings.yml
+bbb_meteor:
+  public:
+    app:
+      clientTitle: "Molecule - BigBlueButton"
+      helpLink: "https://privacylx.org/community/"
+      mirrorOwnWebcam: true
+    kurento:
+      cameraProfiles:
+      - id: low
+        name: Low quality
+        default: true
+        bitrate: 50
+      - id: medium
+        name: Medium quality
+        default: false
+        bitrate: 100
+      - id: high
+        name: High quality
+        default: false
+        bitrate: 200
+      - id: hd
+        name: High definition
+        default: false
+        bitrate: 400
+        hidden: true
+      cameraQualityThresholds:
+        enabled: true
+        thresholds:
+          - threshold: 8
+            profile: low-u8
+          - threshold: 12
+            profile: low-u12
+          - threshold: 15
+            profile: low-u15
+          - threshold: 20
+            profile: low-u20
+          - threshold: 25
+            profile: low-u25
+          - threshold: 30
+            profile: low-u30
+
+bbb_coturn_secret: "{{ lookup('password', '/tmp/passwordfile length=80') }}"
+bbb_turn_secret: "{{ lookup('password', '/tmp/passwordfile length=80') }}"
+bbb_greenlight_secret: "{{ lookup('password', '/tmp/passwordfile length=80') }}"
+bbb_greenlight_db_password: "{{ lookup('password', '/tmp/passwordfile length=80') }}"
+# BigBlueButton admin user
+bbb_adm:
+    name: Admin Test User
+    email: [email protected]
+    pass: "{{ lookup('password', '/tmp/passwordfile length=30 chars=ascii_letters') }}"
diff --git a/ansible/inventory/production/group_vars/all/vars.yml b/ansible/inventory/production/group_vars/all/vars.yml
@@ -1,6 +1,3 @@
-# Minimun required Ansible version
-ansible_version_min: 2.8
-
 # PrivacyLx website
 website_host: privacylx.org