Update..

2020-04-23 16:31:14 +02:00 · 2020-04-23 16:31:14 +02:00 · bd44e1968d
commit bd44e1968d
parent 010e8d2f52
4 changed files with 228 additions and 3 deletions
--- a/group_vars/all/main.yml
+++ b/group_vars/all/main.yml
@ -19,6 +19,7 @@ apt_ansible_dependencies:
  - ca-certificates
  - openssl
  - mc
+  - software-properties-common


 # ---
@ -915,6 +916,11 @@ git_lxc_guest_repositories:
    repo: https://git.codecoop.org/so36intern/dehydrated-cron.git
    dest: /usr/local/src/dehydrated-cron

+  # Monitoring
+  - name: monitoring
+    repo: https://git.oopen.de/script/monitoring
+    dest: /root/bin/monitoring
+
 # ---
 # group [gateway_server]
 # ---
@ -954,6 +960,10 @@ git_nginx_repositories:
    repo: https://git.oopen.de/install/nginx
    dest: /usr/local/src/nginx

+  - name: php
+    repo: https://git.oopen.de/install/php
+    dest: /usr/local/src/php
+

 # ---
 # group [mysql_server]
--- a/55
+++ b/55
@ -104,6 +104,7 @@ www3.oopen.de

 o17.oopen.de
 test.mx.oopen.de
+meet2.oopen.de

 o20.oopen.de

@ -123,6 +124,7 @@ cl-01.oopen.de
 cp-01.oopen.de
 bbb.oopen.de
 meet.oopen.de
+moodle.oopen.de

 o24.oopen.de
 cl-irights.oopen.de
@ -133,7 +135,11 @@ cl-fm.oopen.de
 mail.faire-mobilitaet.de
 meet.faire-mobilitaet.de

+# Hetzner Cloud CX31 - AK
+o26.oopen.de

+# netcup - Jitsi Meet Martin Beck
+o27.oopen.de

 [initial_setup]

@ -262,6 +268,7 @@ www3.oopen.de
 o17.oopen.de
 test.mx.oopen.de
 test.mariadb.oopen.de
+meet2.oopen.de

 # o19.oopen.de
 o19.oopen.de
@ -290,6 +297,7 @@ cl-01.oopen.de
 cp-01.oopen.de
 bbb.oopen.de
 meet.oopen.de
+moodle.oopen.de

 # - o24.oopen.de
 o24.oopen.de
@ -301,6 +309,12 @@ cl-fm.oopen.de
 mail.faire-mobilitaet.de
 meet.faire-mobilitaet.de

+# Hetzner Cloud CX31 - AK
+o26.oopen.de
+
+# netcup - Jitsi Meet Martin Beck
+o27.oopen.de
+
 # - Vserver von Sinma
 a.ns.oopen.de

@ -387,6 +401,7 @@ oolm-web.oopen.de

 # o23.oopen.de
 cl-01.oopen.de
+moodle.oopen.de

 # o24.oopen.de
 cl-irights.oopen.de
@ -394,7 +409,6 @@ cl-irights.oopen.de
 # o25.oopen.de
 cl-fm.oopen.de
 mail.faire-mobilitaet.de
-meet.faire-mobilitaet.de

 # ---
 #  O.OPEN office network
@ -495,11 +509,23 @@ stolpersteine.oopen.de
 o13-board.oopen.de
 o13-pad.oopen.de

+# o17.oopen.de
+meet2.oopen.de
+
 # o23.oopen.de
 cp-01.oopen.de
 meet.oopen.de
 bbb.oopen.de

+# o25.oopen.de
+meet.faire-mobilitaet.de
+
+# Hetzner Cloud CX31 - AK
+o26.oopen.de
+
+# netcup - Jitsi Meet Martin Beck
+o27.oopen.de
+

 [ftp_server]

@ -529,6 +555,9 @@ o20.oopen.de
 # o22.oopen.de
 oolm-web.oopen.de

+# Hetzner Cloud CX31 - AK
+o26.oopen.de
+

 # ---
 # Warenform server
@ -684,6 +713,7 @@ oolm-web.oopen.de

 # o23.oopen.de
 cl-01.oopen.de
+moodle.oopen.de

 # o24.oopen.de
 cl-irights.oopen.de
@ -691,6 +721,13 @@ cl-irights.oopen.de
 # o25.oopen.de
 cl-fm.oopen.de

+# Hetzner Cloud CX31 - AK
+o26.oopen.de
+
+
+# Hetzner Cloud CX31 - AK
+o26.oopen.de
+
 # ---
 # Warenform
 # ---
@ -954,6 +991,7 @@ www3.oopen.de
 # - o17.oopen.de
 test.mx.oopen.de
 test.mariadb.oopen.de
+meet2.oopen.de

 # - o19.oopen.de
 backup.oopen.de
@ -977,6 +1015,7 @@ cl-01.oopen.de
 cp-01.oopen.de
 bbb.oopen.de
 meet.oopen.de
+moodle.oopen.de

 # - o24.oopen.de
 cl-irights.oopen.de
@ -986,6 +1025,12 @@ cl-fm.oopen.de
 mail.faire-mobilitaet.de
 meet.faire-mobilitaet.de

+# Hetzner Cloud CX31 - AK
+o26.oopen.de
+
+# netcup - Jitsi Meet Martin Beck
+o27.oopen.de
+
 # - Vserver von Sinma
 a.ns.oopen.de

@ -1099,6 +1144,7 @@ www3.oopen.de
 o17.oopen.de
 test.mx.oopen.de
 test.mariadb.oopen.de
+meet2.oopen.de

 # - o19.oopen.de
 o19.oopen.de
@ -1129,6 +1175,7 @@ cl-01.oopen.de
 cp-01.oopen.de
 bbb.oopen.de
 meet.oopen.de
+moodle.oopen.de

 # - o24.oopen.de
 o24.oopen.de
@ -1140,6 +1187,12 @@ cl-fm.oopen.de
 mail.faire-mobilitaet.de
 meet.faire-mobilitaet.de

+# Hetzner Cloud CX31 - AK
+o26.oopen.de
+
+# netcup - Jitsi Meet Martin Beck
+o27.oopen.de
+
 # - Vserver von Sinma
 a.ns.oopen.de

--- a/scripts/modify-ipt-gateway.yml
+++ b/scripts/modify-ipt-gateway.yml
@ -122,6 +122,46 @@
      - main_ipv6_exists.stat.exists
      - nc_talk_out_ipv6_present is changed

+  # ---
+  # allow_bigbluebutton_video_conference_out
+  # ---
+
+  - name: Check if String 'allow_bigbluebutton_video_conference_out..' (IPv4) is present
+    shell: grep -q -E "^allow_bigbluebutton_video_conference_out=" /etc/ipt-firewall/main_ipv4.conf
+    register: bigbluebutton_video_conference_out_ipv4_present
+    when: main_ipv4_exists.stat.exists
+    failed_when: "bigbluebutton_video_conference_out_ipv4_present.rc > 1"
+    changed_when: "bigbluebutton_video_conference_out_ipv4_present.rc > 0"
+
+  - name: Adjust file '/etc/ipt-firewall/main_ipv4.conf' (bigbluebutton)
+    lineinfile:
+      dest: /etc/ipt-firewall/main_ipv4.conf
+      state: present
+      regexp: '^allow_bigbluebutton_video_conference_out'
+      line: 'allow_bigbluebutton_video_conference_out=true'
+      insertafter: '^#?\s*allow_mumble_request_out'
+    when: 
+      - main_ipv4_exists.stat.exists
+      - bigbluebutton_video_conference_out_ipv4_present is changed
+
+  - name: Check if String 'allow_bigbluebutton_video_conference_out..' (IPv6) is present
+    shell: grep -q -E "^allow_bigbluebutton_video_conference_out=" /etc/ipt-firewall/main_ipv6.conf
+    register: bigbluebutton_video_conference_out_ipv6_present
+    when: main_ipv6_exists.stat.exists
+    failed_when: "bigbluebutton_video_conference_out_ipv6_present.rc > 1"
+    changed_when: "bigbluebutton_video_conference_out_ipv6_present.rc > 0"
+
+  - name: Adjust file '/etc/ipt-firewall/main_ipv6.conf' (bigbluebutton)
+    lineinfile:
+      dest: /etc/ipt-firewall/main_ipv6.conf
+      state: present
+      regexp: '^allow_bigbluebutton_video_conference_out'
+      line: 'allow_bigbluebutton_video_conference_out=true'
+      insertafter: '^#?\s*allow_mumble_request_out'
+    when: 
+      - main_ipv6_exists.stat.exists
+      - bigbluebutton_video_conference_out_ipv6_present is changed
+
  # ---
  # jitsi video conference service
  # ---
@ -273,6 +313,84 @@
      - main_ipv6_exists.stat.exists
      - nc_turn_service_ipv6_present is changed

+  # ---
+  # BigBlueButton video conference service
+  # ---
+
+  - name: Check if String 'bigbluebutton_tcp_ports=..' (IPv4) is present
+    shell: grep -q -E "^bigbluebutton_tcp_ports=" /etc/ipt-firewall/main_ipv4.conf
+    register: bigbluebutton_service_ipv4_present
+    when: main_ipv4_exists.stat.exists
+    failed_when: "bigbluebutton_service_ipv4_present.rc > 1"
+    changed_when: "bigbluebutton_service_ipv4_present.rc > 0"
+
+  - name: Adjust file '/etc/ipt-firewall/main_ipv4.conf' (bigbluebutton service)
+    blockinfile:
+      path: /etc/ipt-firewall/main_ipv4.conf
+      insertafter: '^#?\s*mumble_ports'
+      block: |
+        
+        # ======
+        # - BigBlueButton Video Conference Service
+        # ======
+
+        # - BigBlueButton Video Conference Service Gateway
+        # -
+        # - NOT YET IMPLEMENTED
+        # -
+        local_bigbluebutton_video_conference_service=false
+
+        # - BigBlueButton Video Conference Service Ports
+        # -
+        # - TCP 80:    Webinterface.
+        # - TCP 443:   Webinterface (SSL)
+        # -
+        # - UDP 16384-32768:   FreeSWITCH/HTML5 RTP streams
+        # -
+        bigbluebutton_tcp_ports="$standard_bigbluebutton_tcp_ports"
+        bigbluebutton_udp_ports="$standard_bigbluebutton_udp_port_range"
+      marker: "# Marker set by modify-ipt-gateway.yml (bigbluebutton service)"
+    when: 
+      - main_ipv4_exists.stat.exists
+      - bigbluebutton_service_ipv4_present is changed
+
+  - name: Check if String 'bigbluebutton_tcp_ports=..' (IPv6) is present
+    shell: grep -q -E "^bigbluebutton_tcp_ports=" /etc/ipt-firewall/main_ipv6.conf
+    register: bigbluebutton_service_ipv6_present
+    when: main_ipv6_exists.stat.exists
+    failed_when: "bigbluebutton_service_ipv6_present.rc > 1"
+    changed_when: "bigbluebutton_service_ipv6_present.rc > 0"
+
+  - name: Adjust file '/etc/ipt-firewall/main_ipv6.conf' (bigbluebutton service)
+    blockinfile:
+      path: /etc/ipt-firewall/main_ipv6.conf
+      insertafter: '^#?\s*mumble_ports'
+      block: |
+        
+        # ======
+        # - BigBlueButton Video Conference Service
+        # ======
+
+        # - BigBlueButton Video Conference Service Gateway
+        # -
+        # - NOT YET IMPLEMENTED
+        # -
+        local_bigbluebutton_video_conference_service=false
+
+        # - BigBlueButton Video Conference Service Ports
+        # -
+        # - TCP 80:    Webinterface.
+        # - TCP 443:   Webinterface (SSL)
+        # -
+        # - UDP 16384-32768:   FreeSWITCH/HTML5 RTP streams
+        # -
+        bigbluebutton_tcp_ports="$standard_bigbluebutton_tcp_ports"
+        bigbluebutton_udp_ports="$standard_bigbluebutton_udp_port_range"
+      marker: "# Marker set by modify-ipt-gateway.yml (bigbluebutton service)"
+    when: 
+      - main_ipv6_exists.stat.exists
+      - bigbluebutton_service_ipv6_present is changed
+

  # ---
  # Remove Marker set by blockinfile
--- a/scripts/modify-ipt-server.yml
+++ b/scripts/modify-ipt-server.yml
@ -513,8 +513,8 @@
    shell: grep -q -E "^jitsi_server_ips=" /etc/ipt-firewall/main_ipv6.conf
    register: jitsi_service_ipv6_present
    when: main_ipv4_exists.stat.exists
-    failed_when: "jitsi_service_ipv4_present.rc > 1"
-    changed_when: "jitsi_service_ipv4_present.rc > 0"
+    failed_when: "jitsi_service_ipv6_present.rc > 1"
+    changed_when: "jitsi_service_ipv6_present.rc > 0"

  - name: Adjust file '/etc/ipt-firewall/main_ipv6.conf' (jitsi service)
    blockinfile:
@ -538,6 +538,50 @@
      - main_ipv6_exists.stat.exists
      - jitsi_service_ipv6_present is changed

+  - name: Check if String 'jitsi_tcp_ports_out=..' (IPv4) is present
+    shell: grep -q -E "^jitsi_tcp_ports_out=" /etc/ipt-firewall/main_ipv4.conf
+    register: jitsi_tcp_ports_out_ipv4_present
+    when: main_ipv4_exists.stat.exists
+    failed_when: "jitsi_tcp_ports_out_ipv4_present.rc > 1"
+    changed_when: "jitsi_tcp_ports_out_ipv4_present.rc > 0"
+
+  - name: Adjust file '/etc/ipt-firewall/main_ipv4.conf' (jitsi outgoing ports)
+    blockinfile:
+      path: /etc/ipt-firewall/main_ipv4.conf
+      insertafter: '^#?\s*jitsi_udp_port_range'
+      block: |
+        
+        # - Jitsi (outgoing) Ports (STUN Services)
+        # -
+        jitsi_tcp_ports_out="$standard_turn_service_ports,4443,4444,4445,4446"
+        jitsi_udp_ports_out="$standard_http_ports,$standard_turn_service_ports,4443,4444,4445,4446"
+      marker: "# Marker set by modify-ipt-server.yml (jitsi outgoing ports)"
+    when: 
+      - main_ipv4_exists.stat.exists
+      - jitsi_tcp_ports_out_ipv4_present is changed
+
+  - name: Check if String 'jitsi_tcp_ports_out=..' (IPv6) is present
+    shell: grep -q -E "^jitsi_tcp_ports_out=" /etc/ipt-firewall/main_ipv6.conf
+    register: jitsi_tcp_ports_out_ipv6_present
+    when: main_ipv4_exists.stat.exists
+    failed_when: "jitsi_tcp_ports_out_ipv6_present.rc > 1"
+    changed_when: "jitsi_tcp_ports_out_ipv6_present.rc > 0"
+
+  - name: Adjust file '/etc/ipt-firewall/main_ipv6.conf' (jitsi service)
+    blockinfile:
+      path: /etc/ipt-firewall/main_ipv6.conf
+      insertafter: '^#?\s*jitsi_udp_port_range'
+      block: |
+        
+        # - Jitsi (outgoing) Ports (STUN Services)
+        # -
+        jitsi_tcp_ports_out="$standard_turn_service_ports,4443,4444,4445,4446"
+        jitsi_udp_ports_out="$standard_http_ports,$standard_turn_service_ports,4443,4444,4445,4446"
+      marker: "# Marker set by modify-ipt-server.yml (jitsi service)"
+    when: 
+      - main_ipv6_exists.stat.exists
+      - jitsi_tcp_ports_out_ipv6_present is changed
+

  # ---
  # TURN Server (Stun Server) (for Nextcloud 'talk' app)