Undefine Jitsi secrets and require their (re-)definition

5 лет назад · f798605836
--- a/docs/configuring-playbook-jitsi.md
+++ b/docs/configuring-playbook-jitsi.md
@@ -66,11 +66,7 @@ docker exec matrix-jitsi-prosody prosodyctl --config /config/prosody.cfg.lua reg
 Run this command for each user you would like to create, replacing `<USERNAME>` and `<PASSWORD>` accordingly. After you've finished, please exit the host.
 **If you get an error** like this: "Error: Account creation/modification not supported.", it's likely that you had previously installed Jitsi without auth/guest support. The playbook can't yet rebuild all configuration files for some Jitsi services (like `matrix-jitsi-prosody`), which may cause such an error. **If you encounter this error**, we encourage you to:
 - stop all Jitsi services (`systemctl stop matrix-jitsi-*`)
 - remove the Jitsi Prosody configuration & data (`rm -rf /matrix/jitsi/prosody`)
 - rebuild Jitsi configuration and restart services (`ansible-playbook -i inventory/hosts setup.yml --tags=setup-jitsi,start`)
 - try the previously-failing command once again
 **If you get an error** like this: "Error: Account creation/modification not supported.", it's likely that you had previously installed Jitsi without auth/guest support. In such a case, you should look into [Rebuilding your Jitsi installation](#rebuilding-your-jitsi-installation).
 ## Usage
@@ -78,3 +74,21 @@ Run this command for each user you would like to create, replacing `<USERNAME>`
 You can use the self-hosted Jitsi server through Riot, through an Integration Manager like [Dimension](docs/configuring-playbook-dimension.md) or directly at `https://jitsi.DOMAIN`.
 To use it via riot-web (the one configured by the playbook at `https://riot.DOMAIN`), just start a voice or a video call in a room containing more than 2 members and that would create a Jitsi widget which utilizes your self-hosted Jitsi server.
 ## Troubleshooting
 ### Rebuilding your Jitsi installation
 **If you ever run into any trouble** or **if you change configuration (`matrix_jitsi_*` variables) too much**, we urge you to rebuild your Jitsi setup.
 We normally don't require such manual intervention for other services, for Jitsi services generate a lot of configuration files on their own.
 These files are not all managed by Ansible (at least not yet), so you may sometimes need to delete them all and start fresh.
 To rebuild your Jitsi configuration:
 - SSH into the server and do this:
  - stop all Jitsi services (`systemctl stop matrix-jitsi-*`).
  - remove all Jitsi configuration & data (`rm -rf /matrix/jitsi`)
 - ask Ansible to set up Jitsi anew and restart services (`ansible-playbook -i inventory/hosts setup.yml --tags=setup-jitsi,start`)
--- a/roles/matrix-jitsi/defaults/main.yml
+++ b/roles/matrix-jitsi/defaults/main.yml
@@ -23,9 +23,9 @@ matrix_jitsi_recorder_domain: recorder.meet.jitsi
 matrix_jitsi_jibri_brewery_muc: jibribrewery
 matrix_jitsi_jibri_pending_timeout: 90
 matrix_jitsi_jibri_xmpp_user: jibri
 matrix_jitsi_jibri_xmpp_password: jibri-password
 matrix_jitsi_jibri_xmpp_password: ''
 matrix_jitsi_jibri_recorder_user: recorder
 matrix_jitsi_jibri_recorder_password: recorder-password
 matrix_jitsi_jibri_recorder_password: ''
 matrix_jitsi_web_docker_image: "jitsi/web:4384"
@@ -98,9 +98,9 @@ matrix_jitsi_jicofo_container_extra_arguments: []
 # List of systemd services that matrix-jitsi-jicofo.service depends on
 matrix_jitsi_jicofo_systemd_required_services_list: ['docker.service', 'matrix-jitsi-prosody.service']
 matrix_jitsi_jicofo_component_secret: s3cr37
 matrix_jitsi_jicofo_component_secret: ''
 matrix_jitsi_jicofo_auth_user: focus
 matrix_jitsi_jicofo_auth_password: passw0rd
 matrix_jitsi_jicofo_auth_password: ''
 matrix_jitsi_jvb_docker_image: "jitsi/jvb:4384"
@@ -116,7 +116,7 @@ matrix_jitsi_jvb_container_extra_arguments: []
 matrix_jitsi_jvb_systemd_required_services_list: ['docker.service', 'matrix-jitsi-prosody.service']
 matrix_jitsi_jvb_auth_user: jvb
 matrix_jitsi_jvb_auth_password: passw0rd
 matrix_jitsi_jvb_auth_password: ''
 # STUN servers used by JVB on the server-side, so it can discover its own external IP address.
 # Pointing this to a STUN server running on the same Docker network may lead to incorrect IP address discovery.
--- a/roles/matrix-jitsi/tasks/main.yml
+++ b/roles/matrix-jitsi/tasks/main.yml
@@ -2,6 +2,12 @@
  tags:
    - always
 - import_tasks: "{{ role_path }}/tasks/validate_config.yml"
  when: "run_setup|bool and matrix_jitsi_enabled|bool"
  tags:
    - setup-all
    - setup-jitsi
 - import_tasks: "{{ role_path }}/tasks/setup_jitsi_base.yml"
  when: run_setup|bool
  tags:
--- a/roles/matrix-jitsi/tasks/validate_config.yml
+++ b/roles/matrix-jitsi/tasks/validate_config.yml
@@ -0,0 +1,21 @@
 ---
 - name: Fail if required Jitsi settings not defined
  fail:
    msg: >-
      You need to define a required configuration setting (`{{ item }}`) for using Jitsi.
      If you're setting up Jitsi for the first time, you may have missed a step.
      Refer to our setup instructions (docs/configuring-playbook-jitsi.md).
      If you had setup Jitsi successfully before and it's just now that you're observing this failure,
      it means that your installation may be using some default passwords that the playbook used to define until now.
      This is not secure and we urge you to rebuild your Jitsi setup.
      Refer to the "Rebuilding your Jitsi installation" section in our setup instructions (docs/configuring-playbook-jitsi.md).
  when: "vars[item] == ''"
  with_items:
    - "matrix_jitsi_jibri_xmpp_password"
    - "matrix_jitsi_jibri_recorder_password"
    - "matrix_jitsi_jicofo_component_secret"
    - "matrix_jitsi_jicofo_auth_password"
    - "matrix_jitsi_jvb_auth_password"