diff --git a/.gitignore b/.gitignore index 3819313..590dc4e 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ *.swp *.swo +ansible/roles.galaxy diff --git a/.travis.yml b/.travis.yml index 0cce775..b63e513 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,15 +1,15 @@ --- -os: linux dist: bionic language: python -python: - - "3.7" +python: "3.8" jobs: include: - name: "Testing ansible playbook `deploy-discourse.yml`" env: TEST_ROLE=discourse + - name: "Testing ansible playbook `deploy-bigbluebutton.yml`" + env: TEST_ROLE=bigbluebutton - name: "Testing ansible playbook `deploy-matterbridge.yml`" env: TEST_ROLE=matterbridge @@ -18,35 +18,12 @@ cache: - /home/travis/.vagrant.d/boxes - /home/travis/.cache/pipenv -before_install: - # Install libvirt, travis and KVM - # https://github.com/alvistack/ansible-role-virtualbox/blob/master/.travis.yml - - | - curl -Os https://releases.hashicorp.com/vagrant/2.2.7/vagrant_2.2.7_x86_64.deb - curl -Os https://releases.hashicorp.com/vagrant/2.2.7/vagrant_2.2.7_SHA256SUMS - curl -Os https://releases.hashicorp.com/vagrant/2.2.7/vagrant_2.2.7_SHA256SUMS.sig - gpg --receive-key 51852D87348FFC4C - gpg --verify vagrant_2.2.7_SHA256SUMS.sig vagrant_2.2.7_SHA256SUMS - sha256sum -c vagrant_2.2.7_SHA256SUMS 2>&1 | grep OK - sudo apt-get -qq update - sudo apt-get -qq install bridge-utils dnsmasq-base ebtables libvirt-bin \ - libvirt-dev qemu-kvm qemu-utils ruby-dev - sudo dpkg -i vagrant_2.2.7_x86_64.deb - sudo vagrant plugin install vagrant-libvirt - sudo vagrant plugin list - rm -rf vagrant_2.2.7_* - # pipenv installation - # https://github.com/jonashackt/molecule-ansible-docker-aws/blob/master/.travis.yml - - | - sudo apt-get -qq install python3.7 - curl -skL https://bootstrap.pypa.io/get-pip.py | sudo -H python3.7 - sudo -H pip3 install pipenv - sudo -H pipenv install +install: + - cd ci && ./install.sh script: - - | - cd ansible/roles/$TEST_ROLE - sudo -E pipenv run molecule lint - sudo -E pipenv run molecule syntax - travis_wait 30 sudo -E pipenv run molecule converge - travis_wait 30 sudo -E pipenv run molecule idempotence + - cd ${TRAVIS_BUILD_DIR}/ansible/roles/$TEST_ROLE + - sudo -E pipenv run molecule lint + - sudo -E pipenv run molecule syntax + - travis_wait 30 sudo -E pipenv run molecule converge + - travis_wait 30 sudo -E pipenv run molecule idempotence diff --git a/.yamllint b/.yamllint index 8827676..64295bc 100644 --- a/.yamllint +++ b/.yamllint @@ -4,7 +4,8 @@ extends: default rules: braces: - max-spaces-inside: 1 + max-spaces-inside: -1 + min-spaces-inside: 2 level: error brackets: max-spaces-inside: 1 @@ -29,5 +30,5 @@ rules: new-line-at-end-of-file: disable new-lines: type: unix - trailing-spaces: disable + trailing-spaces: enable truthy: disable diff --git a/Pipfile b/Pipfile deleted file mode 100644 index a2a9f80..0000000 --- a/Pipfile +++ /dev/null @@ -1,14 +0,0 @@ -[[source]] -name = "pypi" -url = "https://pypi.org/simple" -verify_ssl = true - -[packages] -ansible = "==2.9.6" -molecule = "==3.0.2" -molecule-vagrant = "==0.2" -python-vagrant = "==0.5.15" -testinfra = "==5.0.0" - -[requires] -python_version = "3.7" diff --git a/README.md b/README.md index 528e9bb..86d6954 100644 --- a/README.md +++ b/README.md @@ -106,6 +106,10 @@ after package upgrades: `cd ansible && ansible-playbook --vault-id @prompt -i inventory/production deploy-update.yml --extra-vars=reboot_enabled=true` +### Deploy BigBlueButton + +`cd ansible && ansible-playbook --vault-id @prompt -i inventory/production deploy-bigbluebutton.yml` + ## Adding SSH fingerprints to known hosts 1. Get an SSH fingerprint from a local `known_hosts` file for a given hostname @@ -124,11 +128,29 @@ List almost all group/host variables: `ansible --vault-id @prompt -i inventory/testing -m debug group/host -a "var=vars"` +### Ansible vault + +#### Create encrypted strings + +Use `encrypt_string` to create encrypted variables to embed in inventory file: + +`ansible-vault encrypt_string --vault-id prompt --stdin-name 'variable_name'` + +**Note:** Do not press Enter after supplying the string. That will add a newline +to the encrypted value. + +#### View encrypted strings + +You can view the original value of an encrypted string by using the debug module: + +`ansible localhost -m debug -a var="variable_name" -e "@ansible/inventory/testing/group_vars/all/vars.yml" --vault-id prompt` + ### Docs - [Ansible Documentation: Playbook Filters](https://docs.ansible.com/ansible/latest/user_guide/playbooks_filters.html) - [Ansible Documentation: Using Variables]( https://docs.ansible.com/ansible/latest/user_guide/playbooks_variables.html) - [Ansible Documentation: Special Variables](https://docs.ansible.com/ansible/latest/reference_appendices/special_variables.html) +- [Ansible Documentation: Vault](https://docs.ansible.com/ansible/latest/user_guide/vault.html) ## Naming convention diff --git a/ansible/ansible-version.yml b/ansible/ansible-version.yml index ac24795..9f4d9bd 100644 --- a/ansible/ansible-version.yml +++ b/ansible/ansible-version.yml @@ -4,20 +4,14 @@ connection: local gather_facts: false tags: always - tasks: + pre_tasks: + - name: Set minimun required Ansible version + set_fact: + ansible_version_min: 2.10.0 - name: Ensure we have minimum Ansible version "{{ ansible_version_min }}" assert: - msg: "ansible_version: {{ ansible_version }}" - that: "ansible_version.full is version_compare('{{ ansible_version_min }}', '>=')" - when: "ansible_version.full is version_compare('2.7', '<')" - run_once: true - - - name: Ensure we have minimum Ansible version "{{ ansible_version_min }}" - assert: - that: "ansible_version.full is version_compare('{{ ansible_version_min }}', '>=')" - fail_msg: >- - "ansible_version: {{ ansible_version.full }}" - "You must install Ansible version >= {{ ansible_version_min }}" - success_msg: "ansible_version: {{ ansible_version.full }}" - when: "ansible_version.full is version_compare('2.7', '>=')" + that: ansible_version.full is version('{{ ansible_version_min }}', '>=') + msg: | + You are using Ansible version: {{ ansible_version.full }} + The minimum required version of Ansible is: {{ ansible_version_min }} run_once: true diff --git a/ansible/deploy-bigbluebutton.yml b/ansible/deploy-bigbluebutton.yml new file mode 100644 index 0000000..fd28bfb --- /dev/null +++ b/ansible/deploy-bigbluebutton.yml @@ -0,0 +1,11 @@ +--- + +- import_playbook: ansible-version.yml + +- name: "Deploy a BigBlueButton server" + hosts: "{{ target if target is defined else 'bigbluebutton' }}" + become: true + + roles: + - role: bigbluebutton + tags: molecule-idempotence-notest diff --git a/ansible/inventory/molecule/group_vars/all/vars.yml b/ansible/inventory/molecule/group_vars/all/vars.yml index 706b75c..bc8bed2 100644 --- a/ansible/inventory/molecule/group_vars/all/vars.yml +++ b/ansible/inventory/molecule/group_vars/all/vars.yml @@ -1,6 +1,3 @@ -# Minimun required Ansible version -ansible_version_min: 2.8 - # Admin email address admin_email: admin@example.org diff --git a/ansible/inventory/molecule/group_vars/bigbluebutton/vars.yml b/ansible/inventory/molecule/group_vars/bigbluebutton/vars.yml new file mode 100644 index 0000000..cc202b7 --- /dev/null +++ b/ansible/inventory/molecule/group_vars/bigbluebutton/vars.yml @@ -0,0 +1,67 @@ +bbb_letsencrypt_enable: false +bbb_letsencrypt_email: mail@example.com +# Use latest to update BBB and present to keep currently installed version. +bbb_state: "latest" +bbb_api_demos_enable: false +bbb_disable_recordings: true +# Greenlight registration mode: open (default), invite, approval +bbb_greenlight_default_registration: approval +# https://docs.bigbluebutton.org/2.2/troubleshooting.html#freeswitch-fails-to-start-with-a-setscheduler-error +bbb_cpuschedule: false +# https://docs.bigbluebutton.org/2.2/troubleshooting.html#freeswitch-fails-to-bind-to-port-8021 +bbb_freeswitch_ipv6: false +# Generate Diff-Hellmann for nginx +bbb_nginx_dh: yes +bbb_app_log_level: 'ERROR' + +# https://github.com/bigbluebutton/bigbluebutton/blob/develop/bigbluebutton-html5/private/config/settings.yml +bbb_meteor: + public: + app: + clientTitle: "Molecule - BigBlueButton" + helpLink: "https://privacylx.org/community/" + mirrorOwnWebcam: true + kurento: + cameraProfiles: + - id: low + name: Low quality + default: true + bitrate: 50 + - id: medium + name: Medium quality + default: false + bitrate: 100 + - id: high + name: High quality + default: false + bitrate: 200 + - id: hd + name: High definition + default: false + bitrate: 400 + hidden: true + cameraQualityThresholds: + enabled: true + thresholds: + - threshold: 8 + profile: low-u8 + - threshold: 12 + profile: low-u12 + - threshold: 15 + profile: low-u15 + - threshold: 20 + profile: low-u20 + - threshold: 25 + profile: low-u25 + - threshold: 30 + profile: low-u30 + +bbb_coturn_secret: "{{ lookup('password', '/tmp/passwordfile length=80') }}" +bbb_turn_secret: "{{ lookup('password', '/tmp/passwordfile length=80') }}" +bbb_greenlight_secret: "{{ lookup('password', '/tmp/passwordfile length=80') }}" +bbb_greenlight_db_password: "{{ lookup('password', '/tmp/passwordfile length=80') }}" +# BigBlueButton admin user +bbb_adm: + name: Admin Test User + email: admintestusr@example.org + pass: "{{ lookup('password', '/tmp/passwordfile length=30 chars=ascii_letters') }}" diff --git a/ansible/inventory/production/group_vars/all/vars.yml b/ansible/inventory/production/group_vars/all/vars.yml index bfe9c2a..523edad 100644 --- a/ansible/inventory/production/group_vars/all/vars.yml +++ b/ansible/inventory/production/group_vars/all/vars.yml @@ -1,6 +1,3 @@ -# Minimun required Ansible version -ansible_version_min: 2.8 - # PrivacyLx website website_host: privacylx.org diff --git a/ansible/inventory/production/host_vars/bbb.privacylx.org/vars.yml b/ansible/inventory/production/host_vars/bbb.privacylx.org/vars.yml new file mode 100644 index 0000000..06ea7de --- /dev/null +++ b/ansible/inventory/production/host_vars/bbb.privacylx.org/vars.yml @@ -0,0 +1,197 @@ +bbb_hostname: "{{ inventory_hostname }}" +bbb_letsencrypt_email: "{{ le_email }}" +# Use latest to update BBB and present to keep currently installed version. +bbb_state: "latest" +bbb_api_demos_enable: false +bbb_disable_recordings: true +# Greenlight registration mode: open (default), invite, approval +bbb_greenlight_default_registration: approval +# https://docs.bigbluebutton.org/2.2/troubleshooting.html#freeswitch-fails-to-start-with-a-setscheduler-error +bbb_cpuschedule: false +# https://docs.bigbluebutton.org/2.2/troubleshooting.html#freeswitch-fails-to-bind-to-port-8021 +bbb_freeswitch_ipv6: false +# Generate Diff-Hellmann for nginx +bbb_nginx_dh: yes +bbb_app_log_level: 'ERROR' + +# https://github.com/bigbluebutton/bigbluebutton/blob/develop/bigbluebutton-html5/private/config/settings.yml +bbb_meteor: + public: + app: + clientTitle: "PrivacyLX - BigBlueButton" + helpLink: "https://privacylx.org/community/" + mirrorOwnWebcam: true + kurento: + cameraProfiles: + - id: low + name: Low quality + default: true + bitrate: 50 + - id: medium + name: Medium quality + default: false + bitrate: 100 + - id: high + name: High quality + default: false + bitrate: 200 + - id: hd + name: High definition + default: false + bitrate: 400 + hidden: true + cameraQualityThresholds: + enabled: true + thresholds: + - threshold: 8 + profile: low-u8 + - threshold: 12 + profile: low-u12 + - threshold: 15 + profile: low-u15 + - threshold: 20 + profile: low-u20 + - threshold: 25 + profile: low-u25 + - threshold: 30 + profile: low-u30 + +bbb_coturn_secret: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 63366364386235633262393036613638653964633933386337373165353339386238323833636538 + 6237353636623436343035383963393831663833623061310a613533356238313234663739636239 + 35653832383339363730323764623734613830333836363265613534326435366662303539666263 + 3061333333316639340a623265623132623932343736386565323731323438663232326266363233 + 38346563303530386336313037383535396662386230306134373539346532383433653638373631 + 38643265616666383431366665653334396138623464653730353837373739613134356434373030 + 61343531336266653137613234666633366462626566396466366534353662613135396165333538 + 66393338333962346331353265303831303536663966653433326131653064383937353863636232 + 64316130396431623333666436386433313062633761316133393531643465656433653139376235 + 31633231396430363034613536336262366664336365633165643034363934643535636632383537 + 66643032663465623539616432326139373939613136393136386338346666353632383036353661 + 31653337386537363735363062643932313330613264626538373531363661353465353965663934 + 30623630646433653536646463376636363630323437326433616661333563633737643438373837 + 31393439356431333065613562633933663734333937306266333539396361346561313531613935 + 36313461316361646564666438363634373364323761623061343638376135613939343031393632 + 33353364343437363038343935623964323635313761396162366164376131646662383131313831 + 63313533313263633032376364656333643366666632633363323838333630376462 +bbb_turn_secret: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 35343731613035303331623736396563336664356532343638356261643265376561616239363431 + 3263313830396234613533383963643839323035643032350a633534393066343363326535343066 + 37653333336161313931386234303634376637646261653537393365646434666136653435633033 + 6164633332646330310a373661386637346233356366366330623364303161646562353065353635 + 65363831623030633866343233323763666437363863646361323135623065643233393432623461 + 32336261323333623034373765643665346465663534343062373335633933323136613963653262 + 31333333633530646631393364363931373666626432643238386661656561306131633736393966 + 38336662623635623135306139646133333838633566366630323135666430653530313730303266 + 36376261656339323935373666643939646334356366666434356165326539326565356134653462 + 32666236663333366366613637383765373463383339613939313465363637373666663234663435 + 31666235616662643337343539626137656566396231313930363130363837313630353261366536 + 65303234393431303534653633393635633866336639313266653537653430336133333038346338 + 65346539386630633639336163303333346639616333653964363934393631353334306664653138 + 37393866383462653830373066643066336163333631313463623932346465386231626564623364 + 32333738306433323433366131656665396138363634313264666261646333616666303237633234 + 35643162653263613136633231653731356166393831393764623662623463653363366133353166 + 30373233363439613533643137303838346134643338616537613338313563366438 +bbb_greenlight_secret: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 66383961633430626633336435316437646134613937666564643631316639366365636265336566 + 6133653338383862326636613033326430316535636239330a343130653636356339666530323239 + 36396632646530343830343762613236643732323637326333373532343364623838633264633533 + 3033316537313561330a666461376665623863626535316632353334353332306430653063396432 + 65393437633866326666393963303835336634363738663133353536363864643535346464633737 + 37376237643830666432363135393535366265353333626432623165626436333733313838333263 + 34363664306665663237383063326465643738633737633763643263393734366262326136313966 + 33643766383861303464353834323464363064343638626236636636316531343037333239346534 + 30393231386435616462366536383762353930373361666434356531383563303732333462353265 + 61616534373636306561643034616633373933636364613562363839303433633137346232366439 + 35316363353032626637656233353937313763373663643939393762343561643964633134343035 + 38326135366263326534363036613935613666333465373666363332376565333966353030666133 + 62386536383137303565666335633837663063616261626334633336643639303666323030383633 + 31303264333964326466623861643766336466303232343333636263373763666161373265373932 + 35353533636366653564613034323839636565613139386232633163636639643432616230343061 + 38333534386538653636373236383865313064383966656664373961623538386531353630346238 + 62373332336165363164633534623931653132343231643530396665366135356237633338366131 + 64346132353732656633623436333363623638396432633530616333323034393232663163643662 + 66663437643461306363353265663139306434346339393337613662373861653134613665636534 + 33363665653535316332346235373733363862663837663133653539313361383264313238343464 + 39313035356566663664323733393330313334336630393730633765653164396239383434656134 + 3861363435656134616330623431303561366534633261356165 +bbb_greenlight_db_password: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 39353163373532653739373163613038363666336239383238383839633733386437313566323765 + 6366626130643133316165613131353333313566376336370a333964356465623733306237363066 + 66333933376630656234303739343934616334613664313238333838396366363462653037346539 + 6337633263633137650a383361326536356634663766656666313035383163303535633637376561 + 39333436356265363535346631656634333237663366343933346434333135376166323131613437 + 62313437393264366234653637643361646366383631343061623462336136303833343334323834 + 31613434316563383833326563323561616233663463623135646532336531363066656330616236 + 30393035643734386664383837313763643236323062346366653639663363323335306334663832 + 63633836346265386265316331643939313332663465316438653338626433646238393865626239 + 30316264646131393638316534663132623837613062666164643331376438613937353561343766 + 64326564356632313139306436616363616335626363633932623739356632646532623663336536 + 36393133316236306130623464326665366339623839633138623466363435316138363766643332 + 30373134656337663839653261623738373530646238646639633235343938613039616336636464 + 35333162633935346138376435363338323530326635353739396330343639396332393136636464 + 35356235626266623061626438333431343739323937363334313761363261626662333535646535 + 35643262346163356636646164316535373162323334643463643132623131396464626665323964 + 37323931303139363232313936616561313838376538636139313364343761336534313534396332 + 37356637393431353838636138333364653539326566623935623538326336393865393037376133 + 64633533656237613236343561333331623333333136643130363132386336366137393562366239 + 36333436396562616339333765383838616462336538363134336635346534623262353462613439 + 62306565666566323765363036303533323337346537633362303937333332356633363866376335 + 3930643631336635653062616335396630653836626564333963 + +# BigBlueButton SMTP user +bbb_greenlight_smtp: + server: mail.privacylx.org + domain: privacylx.org + port: 587 + auth: plain + starttls_auto: true + username: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 38343135646635346433313364373563613164643364663030303731323065356231346538623566 + 3438306565643235356262383932663966633831383334630a323463396261643032643464326161 + 38643837353235626261636437396533353235366439323365633066343763306334623639626361 + 3763383739373264640a366139343964383530323630363139303132646538306362343733333033 + 32346337323035346533363566393138643064323162356333663736613535393861 + password: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 64396163353633643938303161316131313037633737643266626562303838633336623364333261 + 3266613133386363666435373035653061326666383764310a303938306533666161313139303662 + 31656534616364636637316333613333343463633465313364656465366533306166313938313037 + 3632346632336665620a326163333131353033346336336462303035366632326238376264326164 + 32636534366566623562643330363637316264333965316665356630333432303662383365653636 + 65643966323364373263666432656435376637656632663336633934633763313739336566323139 + 39643636303737636238636339663432363465383935393965646234376261386134386561326136 + 30626434653031383064383231363065623235653939636239363438363530616134393732306331 + 3236 + sender: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 38343135646635346433313364373563613164643364663030303731323065356231346538623566 + 3438306565643235356262383932663966633831383334630a323463396261643032643464326161 + 38643837353235626261636437396533353235366439323365633066343763306334623639626361 + 3763383739373264640a366139343964383530323630363139303132646538306362343733333033 + 32346337323035346533363566393138643064323162356333663736613535393861 + +# BigBlueButton admin user +bbb_adm: + name: Administrator User + email: "{{ admin_email }}" + pass: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 33643366383030653638653836663033343433663233316630653136613039653639653338316533 + 3932323764646636643765633531366266643335373861350a633232383236373466613339616638 + 39396535343630366135373131316431643736346633336236336430363661633933376366323031 + 3233383238396135380a393438323530386436313064326230313034633931386531343737363165 + 61393561666163663839313563663562376565356662326663643062633530383264313931396630 + 39313961366333313535396336613166363132366462333663353733656436613362626661326435 + 39393265646565653637336536636266363536613763323434646436653935396633373965313562 + 35623363363433666565643837346630663835313864613338646162306661373830646266376239 + 36373161373730343262336366333730626631613634633735316466363962353838316639396565 + 32633166343366646561633731306565346665633333393831623835656161646562343965323230 + 64303333636234623136376165326261323662383264626631336637323061323765336632303334 + 38353364346239643234316365346636613065613138303235363264363932663166306430333336 + 63623165333137343938316564616533303561313165313030316163313462356463 diff --git a/ansible/inventory/production/hosts b/ansible/inventory/production/hosts index d1462fc..e12c799 100644 --- a/ansible/inventory/production/hosts +++ b/ansible/inventory/production/hosts @@ -1,12 +1,16 @@ $ANSIBLE_VAULT;1.1;AES256 -66643030353261376665663365373031653233336335636666663537623238376632383833353730 -6531656465396538333664333036333636373338303765610a643761653331636330376462326531 -37623131636264626631333534376634363965393931333665356233306630313466636633623038 -6538356530616631320a623336306563326662393161376265623361653362303162633334336465 -63343135353361613366383761653038376265646262633165613736343834306563663364613863 -36353830653266353266623137373636316637663264633137353837303162306361306565376336 -63633264363032663037633331343731336535363137356162663436336133623639366163633064 -61346564303638373066393334313238313536663261613064616138653030386337323562346462 -66643731656437363562626665653635613338613937666138336461376635316231316438393536 -35646138643534656265633138663862303962373564643935386130633739666565343238333261 -313062306164336539353062303637353464 +38643638396532313665663137383030613562356265313163396435363465623539353139386562 +3563363466313231633566636665626130376337343761390a343133373138393766636462643365 +38366664636334326139333538393066356235626238306333343963343130613861313739336330 +3566633730316634380a333062666336653837653830316630663235656362356330656134666439 +62373664663139356265386636623563383333316231376132643532656666333265313961313630 +30663736303139313334376230343064333664666165323436386632623037326661653130663261 +32343335623061633539623965353436656362396235643666663239656337626236366137383862 +64333537613265323763643634656163356161633733326534626664613133363062663633333765 +31333266363665663234313233613538396663663938663363306436383463336161363039626431 +37363936326234363938333236663831303530633065323534376137373334653163323738373438 +31333964313138623764333765393938343261366534626533373132636538323430303135643039 +35613533383062653238636437343737353563626434343035633835306530663236383762396661 +64636231363061663834633033396238346362376432633566386331343564313062623761323534 +61313333376663663964656633656439653765643639396537666164333234316366353261623738 +376439366535393038323338313864343963 diff --git a/ansible/inventory/testing/group_vars/all/vars.yml b/ansible/inventory/testing/group_vars/all/vars.yml index a97784f..ae59a12 100644 --- a/ansible/inventory/testing/group_vars/all/vars.yml +++ b/ansible/inventory/testing/group_vars/all/vars.yml @@ -1,6 +1,3 @@ -# Minimun required Ansible version -ansible_version_min: 2.8 - # Admin email address admin_email: admin@privacylx.org diff --git a/ansible/roles/bigbluebutton/defaults/main.yml b/ansible/roles/bigbluebutton/defaults/main.yml new file mode 100644 index 0000000..51282f0 --- /dev/null +++ b/ansible/roles/bigbluebutton/defaults/main.yml @@ -0,0 +1,19 @@ +--- + +galaxy_path: "{{ playbook_dir }}/roles.galaxy" +# Git commit or release version of bbb_role_git +bbb_role_ver: 5f1e22498921e10f2c18bfb4a311aede18a2b62f +# https://github.com/n0emis/ansible-role-bigbluebutton +bbb_galaxy_role: n0emis.bigbluebutton + +# https://github.com/geerlingguy/ansible-role-nodejs/releases +nodejs_galaxy_role: geerlingguy.nodejs +nodejs_role_ver: 5.1.1 +# User for whom the npm packages will be installed, defaults to ansible_user. +nodejs_install_npm_user: npmuser +# https://github.com/geerlingguy/ansible-role-docker/releases +docker_galaxy_role: geerlingguy.docker +docker_role_ver: 3.0.0 +# https://github.com/geerlingguy/ansible-role-pip/releases +pip_galaxy_role: geerlingguy.pip +pip_role_ver: 2.0.0 diff --git a/ansible/roles/bigbluebutton/files/requirements.yml b/ansible/roles/bigbluebutton/files/requirements.yml new file mode 100644 index 0000000..e69de29 diff --git a/ansible/roles/bigbluebutton/molecule/default/molecule.yml b/ansible/roles/bigbluebutton/molecule/default/molecule.yml new file mode 100644 index 0000000..495e4f9 --- /dev/null +++ b/ansible/roles/bigbluebutton/molecule/default/molecule.yml @@ -0,0 +1,39 @@ +--- + +driver: + name: vagrant + provider: + name: libvirt + +lint: | + set -e + yamllint . + +platforms: + - name: ubuntu1604-instance + box: generic/ubuntu1604 + memory: 4000 + cpus: 2 + groups: + - bigbluebutton + +provisioner: + name: ansible + options: + verbose: true + lint: + name: ansible-lint + inventory: + links: + group_vars: ../../../../inventory/molecule/group_vars/ + playbooks: + prepare: prepare.yml + converge: ../../../../deploy-bigbluebutton.yml + +verifier: + name: testinfra + directory: tests + options: + verbose: true + lint: + name: flake8 diff --git a/ansible/roles/bigbluebutton/molecule/default/prepare.yml b/ansible/roles/bigbluebutton/molecule/default/prepare.yml new file mode 100644 index 0000000..021f7ed --- /dev/null +++ b/ansible/roles/bigbluebutton/molecule/default/prepare.yml @@ -0,0 +1,14 @@ +--- + +- name: Prepare + hosts: all + become: True + tasks: + - name: Install PyOpenSSL build requirements + apt: + name: python3-pip + update_cache: yes + - name: pip self-update + pip: + name: pip + state: latest diff --git a/ansible/roles/bigbluebutton/molecule/default/tests/test_default.py b/ansible/roles/bigbluebutton/molecule/default/tests/test_default.py new file mode 100644 index 0000000..f35687a --- /dev/null +++ b/ansible/roles/bigbluebutton/molecule/default/tests/test_default.py @@ -0,0 +1,9 @@ +import os +import testinfra.utils.ansible_runner +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') + +def test_docker(host): + daemon = host.service("docker") + assert daemon.is_running + assert daemon.is_enabled diff --git a/ansible/roles/bigbluebutton/tasks/main.yml b/ansible/roles/bigbluebutton/tasks/main.yml new file mode 100644 index 0000000..a826458 --- /dev/null +++ b/ansible/roles/bigbluebutton/tasks/main.yml @@ -0,0 +1,44 @@ +--- + +- name: Install BigBlueButton dependencies via Ansible Galaxy + become: false + delegate_to: localhost + command: | + ansible-galaxy install --force --roles-path "{{ galaxy_path }}" + "{{ item.name }}","{{ item.version }}" + args: + creates: "{{ galaxy_path }}/{{ item.name }}" + with_items: + # yamllint disable rule:braces + - { name: "{{ bbb_galaxy_role }}", version: "{{ bbb_role_ver }}" } + - { name: "{{ nodejs_galaxy_role }}", version: "{{ nodejs_role_ver }}" } + - { name: "{{ docker_galaxy_role }}", version: "{{ docker_role_ver }}" } + - { name: "{{ pip_galaxy_role }}", version: "{{ pip_role_ver }}" } + # yamllint disable rule:braces + +- name: Create NodeJS npm user + user: + name: "{{ nodejs_install_npm_user }}" + create_home: false + comment: NodeJS npm user + +- name: Import BigBlueButton Ansible Galaxy role + include_role: + name: "{{ galaxy_path }}/{{ bbb_galaxy_role }}" + public: true + vars: + playbook_dir: "{{ galaxy_path }}/{{ bbb_galaxy_role }}" + +- name: Wait for 20 seconds for Greenlight DB to initialize + wait_for: + timeout: 20 + delegate_to: localhost + + # https://docs.bigbluebutton.org/greenlight/gl-admin.html#creating-an-administrator-account +- name: Create Greenlight admin user + # https://yamllint.readthedocs.io/en/stable/disable_with_comments.html + # yamllint disable rule:line-length + command: > + docker exec greenlight-v2 bundle exec rake + user:create['{{ bbb_adm.name }}','{{ bbb_adm.email }}','{{ bbb_adm.pass }}','admin'] + # yamllint enable rule:line-length diff --git a/ansible/roles/discourse/molecule/default/prepare.yml b/ansible/roles/discourse/molecule/default/prepare.yml index 06720f6..f40b4ef 100644 --- a/ansible/roles/discourse/molecule/default/prepare.yml +++ b/ansible/roles/discourse/molecule/default/prepare.yml @@ -7,3 +7,15 @@ openssh_keypair: path: /tmp/id_ssh_rsa register: m_ssh_key + + # Satisfy CI Molecule error + # Docker SDK for Python: docker (Python >= 2.7) or docker-py (Python 2.6) + - name: Install python-package + become: True + apt: + name: python3-pip + + - name: Install python-package + become: True + pip: + name: docker diff --git a/ansible/roles/matterbridge/molecule/default/prepare.yml b/ansible/roles/matterbridge/molecule/default/prepare.yml index 06720f6..f40b4ef 100644 --- a/ansible/roles/matterbridge/molecule/default/prepare.yml +++ b/ansible/roles/matterbridge/molecule/default/prepare.yml @@ -7,3 +7,15 @@ openssh_keypair: path: /tmp/id_ssh_rsa register: m_ssh_key + + # Satisfy CI Molecule error + # Docker SDK for Python: docker (Python >= 2.7) or docker-py (Python 2.6) + - name: Install python-package + become: True + apt: + name: python3-pip + + - name: Install python-package + become: True + pip: + name: docker diff --git a/ansible/ssh/known_hosts b/ansible/ssh/known_hosts index a9b53fe..f265e7a 100644 --- a/ansible/ssh/known_hosts +++ b/ansible/ssh/known_hosts @@ -2,4 +2,5 @@ cafe.privacylx.org,37.218.245.27 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHA mail.privacylx.org,37.218.245.28 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEO3WIg89nI504rk8MGB6woBxHL3JVJDYheg3kgE9gtMnWocc6Ae85XV67XSHlAmaJO9TT144i0wb89v+MV4MuE= privacylx.org,37.218.245.53 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMf1ZuIh/5qXRAFUoMlK+SE0YhMKNKJsKZRrpkq7o2YsmnzSrxGZE4KbImjnoutCLxfqlMWfMcW6zGEwDFP1lvY= johndoe.privacylx.org,37.218.242.44 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBF6toPYWJuqj9Y+XZ6JnGtvMqzMu1q+UxtvkKXpGEb/m+wT2mZDRI6H0dA/tPQV1ZZ4//1Pl1+cieHSXNxvAHww= -testing.privacylx.org,37.218.241.145 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBDok2hLGVfO4hKdHhXa1s4T1jh9p1mrV80yqEaGIzIfWOEMEFYn4badT8v689pwlgRW06Gp/0ThViMHihbmBssY= +bbb.privacylx.org,37.218.245.35 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLHohylt60bfjYGWWQ5v76P5AcxaDwqrAoQN+BKE0jwmUYgdtHLypQy/ePicvIk/I9go3LXoz4Pp24Ds0jcipyM= +testing.privacylx.org,37.218.241.145 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBDok2hLGVfO4hKdHhXa1s4T1jh9p1mrV80yqEaGIzIfWOEMEFYn4badT8v689pwlgRW06Gp/0ThViMHihbmBssY= \ No newline at end of file diff --git a/ci/Pipfile b/ci/Pipfile new file mode 100644 index 0000000..808145c --- /dev/null +++ b/ci/Pipfile @@ -0,0 +1,19 @@ +[[source]] +name = "pypi" +url = "https://pypi.org/simple" +verify_ssl = true + +[packages] +# https://pypi.org/project/ansible/ +ansible = "==2.10.0" +# https://pypi.org/project/molecule-vagrant/ +molecule = "==3.0.8" +# https://github.com/ansible-community/molecule-vagrant/releases +molecule-vagrant = "==0.3" +# https://pypi.org/project/python-vagrant/ +python-vagrant = "==0.5.15" +# https://pypi.org/project/testinfra/ +testinfra = "==5.3.1" + +[requires] +python_version = "${TRAVIS_PYTHON_VERSION}" diff --git a/ci/install.sh b/ci/install.sh new file mode 100755 index 0000000..05c521b --- /dev/null +++ b/ci/install.sh @@ -0,0 +1,27 @@ +#!/bin/bash + +# Vagrant version +export vg_ver="2.2.14" +export python_ver="${TRAVIS_PYTHON_VERSION}" + +# Install libvirt, travis and KVM +# https://github.com/alvistack/ansible-role-virtualbox/blob/master/.travis.yml +curl -OSs https://releases.hashicorp.com/vagrant/${vg_ver}/vagrant_${vg_ver}_x86_64.deb +curl -OSs https://releases.hashicorp.com/vagrant/${vg_ver}/vagrant_${vg_ver}_SHA256SUMS +curl -OSs https://releases.hashicorp.com/vagrant/${vg_ver}/vagrant_${vg_ver}_SHA256SUMS.sig +gpg --keyserver hkps://keys.openpgp.org --receive-key 51852D87348FFC4C +gpg --verify vagrant_${vg_ver}_SHA256SUMS.sig vagrant_${vg_ver}_SHA256SUMS +sha256sum -c vagrant_${vg_ver}_SHA256SUMS 2>&1 | grep OK +sudo apt-get -qq update +sudo apt-get -qq install bridge-utils dnsmasq-base ebtables libvirt-bin \ + libvirt-dev qemu-kvm qemu-utils ruby-dev python${python_ver} +sudo dpkg -i vagrant_${vg_ver}_x86_64.deb +sudo vagrant plugin install vagrant-libvirt +sudo vagrant plugin list +rm -rf vagrant_${vg_ver}_* +Install pipenv and pip +# https://github.com/jonashackt/molecule-ansible-docker-aws/blob/master/.travis.yml +curl -skL https://bootstrap.pypa.io/get-pip.py | sudo -H python${python_ver} +sudo -H pip3 install pipenv +sudo -H pipenv install +sudo -H pipenv check