ansible/oopen-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

modify-ipt-gateway-ro,modify-ipt-gateway: add support for webes video conferences.

Browse Source
This commit is contained in:
Christoph 2021-03-19 02:47:32 +01:00
parent 843912d125
commit d387ba032d
3 changed files with 252 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
hosts
View File

@ -1431,7 +1431,6 @@ gw-d11.oopen.de
gw-flr.oopen.de gw-flr.oopen.de
gw-replacement.local.netz gw-replacement.local.netz
gw-replacement2.local.netz gw-replacement2.local.netz
gw-replacement3.local.netz
gw-replacement.wf.netz gw-replacement.wf.netz
@ -1453,6 +1452,8 @@ ga-st-gw.ga.netz
ga-al-gw.ga.netz ga-al-gw.ga.netz
ga-nh-gw.ga.netz ga-nh-gw.ga.netz
gw-replacement3.local.netz
[warenform_server] [warenform_server]

131
roles/modify-ipt-gateway-ro/tasks/main.yml
View File

@ -157,6 +157,47 @@
- nc_talk_out_ipv6_present is changed - nc_talk_out_ipv6_present is changed
# ---
# allow_webex_video_conference_out
# ---
- name: Check if String 'allow_webex_video_conference_out..' (IPv4) is present
shell: grep -q -E "^allow_webex_video_conference_out=" /ro/etc/ipt-firewall/main_ipv4.conf
register: webex_video_conference_out_ipv4_present
when: main_ipv4_exists.stat.exists
failed_when: "webex_video_conference_out_ipv4_present.rc > 1"
changed_when: "webex_video_conference_out_ipv4_present.rc > 0"
- name: Adjust file '/ro/etc/ipt-firewall/main_ipv4.conf' (webex)
lineinfile:
dest: /ro/etc/ipt-firewall/main_ipv4.conf
state: present
regexp: '^allow_webex_video_conference_out'
line: 'allow_webex_video_conference_out=true'
insertafter: '^#?\s*allow_bigbluebutton_video_conference_out'
when:
- main_ipv4_exists.stat.exists
- webex_video_conference_out_ipv4_present is changed
- name: Check if String 'allow_webex_video_conference_out..' (IPv6) is present
shell: grep -q -E "^allow_webex_video_conference_out=" /ro/etc/ipt-firewall/main_ipv6.conf
register: webex_video_conference_out_ipv6_present
when: main_ipv6_exists.stat.exists
failed_when: "webex_video_conference_out_ipv6_present.rc > 1"
changed_when: "webex_video_conference_out_ipv6_present.rc > 0"
- name: Adjust file '/ro/etc/ipt-firewall/main_ipv6.conf' (webex)
lineinfile:
dest: /ro/etc/ipt-firewall/main_ipv6.conf
state: present
regexp: '^allow_webex_video_conference_out'
line: 'allow_webex_video_conference_out=true'
insertafter: '^#?\s*allow_bigbluebutton_video_conference_out'
when:
- main_ipv6_exists.stat.exists
- webex_video_conference_out_ipv6_present is changed
# --- # ---
# allow_alfaview_video_conference_out # allow_alfaview_video_conference_out
# --- # ---
@ -553,6 +594,86 @@
- jitsi_service_ipv6_present is changed - jitsi_service_ipv6_present is changed
# ---
# webex video conference service
# ---
- name: Check if String 'webex_tcp_ports=..' (IPv4) is present
shell: grep -q -E "^webex_tcp_ports=" /ro/etc/ipt-firewall/main_ipv4.conf
register: webex_service_ipv4_present
when: main_ipv4_exists.stat.exists
failed_when: "webex_service_ipv4_present.rc > 1"
changed_when: "webex_service_ipv4_present.rc > 0"
- name: Adjust file '/ro/etc/ipt-firewall/main_ipv4.conf' (webex service)
blockinfile:
path: /ro/etc/ipt-firewall/main_ipv4.conf
insertafter: '^#?\s*bigbluebutton_udp_ports'
block: |
# ======
# - Webex Meeting
# ======
# - Webex Meeting (Videokonferenz)
# -
# - TCP 80/443: Outbound Client Zugriffsport und Webes Events (Audiostreaming)
# -
# - UDP 9000: Outbound (VoIP and RTP)
# -
# - ---
# -
# - TCP 5004: Fall-back ports for media connectivity when UDP port 9000
# - is not open in the firewall
# -
webex_tcp_ports="$standard_webex_tcp_ports"
webex_udp_ports="$standard_webex_udp_ports"
webex_tcp_fall_back_ports="$standard_webex_tcp_fall_back_ports"
marker: "# Marker set by modify-ipt-gateway.yml (webex service)"
when:
- main_ipv4_exists.stat.exists
- webex_service_ipv4_present is changed
- name: Check if String 'webex_tcp_ports=..' (IPv6) is present
shell: grep -q -E "^webex_tcp_ports=" /ro/etc/ipt-firewall/main_ipv6.conf
register: webex_service_ipv6_present
when: main_ipv6_exists.stat.exists
failed_when: "webex_service_ipv6_present.rc > 1"
changed_when: "webex_service_ipv6_present.rc > 0"
- name: Adjust file '/ro/etc/ipt-firewall/main_ipv6.conf' (webex service)
blockinfile:
path: /ro/etc/ipt-firewall/main_ipv6.conf
insertafter: '^#?\s*bigbluebutton_udp_ports'
block: |
# ======
# - Webex Meeting
# ======
# - Webex Meeting (Videokonferenz)
# -
# - TCP 80/443: Outbound Client Zugriffsport und Webes Events (Audiostreaming)
# -
# - UDP 9000: Outbound (VoIP and RTP)
# -
# - ---
# -
# - TCP 5004: Fall-back ports for media connectivity when UDP port 9000
# - is not open in the firewall
# -
webex_tcp_ports="$standard_webex_tcp_ports"
webex_udp_ports="$standard_webex_udp_ports"
webex_tcp_fall_back_ports="$standard_webex_tcp_fall_back_ports"
marker: "# Marker set by modify-ipt-gateway.yml (webex service)"
when:
- main_ipv6_exists.stat.exists
- webex_service_ipv6_present is changed
# --- # ---
# alfaview video conference service # alfaview video conference service
# --- # ---
@ -564,7 +685,7 @@
failed_when: "alfaview_service_ipv4_present.rc > 1" failed_when: "alfaview_service_ipv4_present.rc > 1"
changed_when: "alfaview_service_ipv4_present.rc > 0" changed_when: "alfaview_service_ipv4_present.rc > 0"
- name: Adjust file '/etc/ipt-firewall/main_ipv4.conf' (alfaview service) - name: Adjust file '/ro/etc/ipt-firewall/main_ipv4.conf' (alfaview service)
blockinfile: blockinfile:
path: /ro/etc/ipt-firewall/main_ipv4.conf path: /ro/etc/ipt-firewall/main_ipv4.conf
insertafter: '^#?\s*mumble_ports' insertafter: '^#?\s*mumble_ports'
@ -721,7 +842,7 @@
# 1 -> changed # 1 -> changed
# 2 -> not present # 2 -> not present
failed_when: "diff_script_output.rc > 2" failed_when: "diff_script_output.rc > 2"
when: git_firewall_repository is defined and git_firewall_repository > 0 when: (git_firewall_repository is defined) and (git_firewall_repository|length > 0)
loop: loop:
- default_ports.conf - default_ports.conf
- include_functions.conf - include_functions.conf
@ -743,7 +864,7 @@
- logging_ipv6.conf - logging_ipv6.conf
- post_decalrations.conf - post_decalrations.conf
when: when:
- git_firewall_repository is defined and git_firewall_repository > 0 - (git_firewall_repository is defined) and (git_firewall_repository|length > 0)
- diff_script_output.changed - diff_script_output.changed
notify: notify:
- Restart IPv4 Firewall - Restart IPv4 Firewall
@ -761,7 +882,7 @@
# 1 -> changed # 1 -> changed
# 2 -> not present # 2 -> not present
failed_when: "diff_script_output.rc > 2" failed_when: "diff_script_output.rc > 2"
when: git_firewall_repository is defined and git_firewall_repository > 0 when: (git_firewall_repository is defined) and (git_firewall_repository|length > 0)
loop: loop:
- ipt-firewall-gateway - ipt-firewall-gateway
- ip6t-firewall-gateway - ip6t-firewall-gateway
@ -773,7 +894,7 @@
- ipt-firewall-gateway - ipt-firewall-gateway
- ip6t-firewall-gateway - ip6t-firewall-gateway
when: when:
- git_firewall_repository is defined and git_firewall_repository > 0 - (git_firewall_repository is defined) and (git_firewall_repository|length > 0)
- diff_script_output.changed - diff_script_output.changed
notify: notify:
- Restart IPv4 Firewall - Restart IPv4 Firewall

128
roles/modify-ipt-gateway/tasks/main.yml
View File

@ -206,6 +206,47 @@
- bigbluebutton_video_conference_out_ipv6_present is changed - bigbluebutton_video_conference_out_ipv6_present is changed
# ---
# allow_webex_video_conference_out
# ---
- name: Check if String 'allow_webex_video_conference_out..' (IPv4) is present
shell: grep -q -E "^allow_webex_video_conference_out=" /etc/ipt-firewall/main_ipv4.conf
register: webex_video_conference_out_ipv4_present
when: main_ipv4_exists.stat.exists
failed_when: "webex_video_conference_out_ipv4_present.rc > 1"
changed_when: "webex_video_conference_out_ipv4_present.rc > 0"
- name: Adjust file '/etc/ipt-firewall/main_ipv4.conf' (webex)
lineinfile:
dest: /etc/ipt-firewall/main_ipv4.conf
state: present
regexp: '^allow_webex_video_conference_out'
line: 'allow_webex_video_conference_out=true'
insertafter: '^#?\s*allow_bigbluebutton_video_conference_out'
when:
- main_ipv4_exists.stat.exists
- webex_video_conference_out_ipv4_present is changed
- name: Check if String 'allow_webex_video_conference_out..' (IPv6) is present
shell: grep -q -E "^allow_webex_video_conference_out=" /etc/ipt-firewall/main_ipv6.conf
register: webex_video_conference_out_ipv6_present
when: main_ipv6_exists.stat.exists
failed_when: "webex_video_conference_out_ipv6_present.rc > 1"
changed_when: "webex_video_conference_out_ipv6_present.rc > 0"
- name: Adjust file '/etc/ipt-firewall/main_ipv6.conf' (webex)
lineinfile:
dest: /etc/ipt-firewall/main_ipv6.conf
state: present
regexp: '^allow_webex_video_conference_out'
line: 'allow_webex_video_conference_out=true'
insertafter: '^#?\s*allow_bigbluebutton_video_conference_out'
when:
- main_ipv6_exists.stat.exists
- webex_video_conference_out_ipv6_present is changed
# --- # ---
# allow_alfaview_video_conference_out # allow_alfaview_video_conference_out
# --- # ---
@ -601,6 +642,85 @@
- jitsi_service_ipv6_present is changed - jitsi_service_ipv6_present is changed
# ---
# webex video conference service
# ---
- name: Check if String 'webex_tcp_ports=..' (IPv4) is present
shell: grep -q -E "^webex_tcp_ports=" /etc/ipt-firewall/main_ipv4.conf
register: webex_service_ipv4_present
when: main_ipv4_exists.stat.exists
failed_when: "webex_service_ipv4_present.rc > 1"
changed_when: "webex_service_ipv4_present.rc > 0"
- name: Adjust file '/etc/ipt-firewall/main_ipv4.conf' (webex service)
blockinfile:
path: /etc/ipt-firewall/main_ipv4.conf
insertafter: '^#?\s*bigbluebutton_udp_ports'
block: |
# ======
# - Webex Meeting
# ======
# - Webex Meeting (Videokonferenz)
# -
# - TCP 80/443: Outbound Client Zugriffsport und Webes Events (Audiostreaming)
# -
# - UDP 9000: Outbound (VoIP and RTP)
# -
# - ---
# -
# - TCP 5004: Fall-back ports for media connectivity when UDP port 9000
# - is not open in the firewall
# -
webex_tcp_ports="$standard_webex_tcp_ports"
webex_udp_ports="$standard_webex_udp_ports"
webex_tcp_fall_back_ports="$standard_webex_tcp_fall_back_ports"
marker: "# Marker set by modify-ipt-gateway.yml (webex service)"
when:
- main_ipv4_exists.stat.exists
- webex_service_ipv4_present is changed
- name: Check if String 'webex_tcp_ports=..' (IPv6) is present
shell: grep -q -E "^webex_tcp_ports=" /etc/ipt-firewall/main_ipv6.conf
register: webex_service_ipv6_present
when: main_ipv6_exists.stat.exists
failed_when: "webex_service_ipv6_present.rc > 1"
changed_when: "webex_service_ipv6_present.rc > 0"
- name: Adjust file '/etc/ipt-firewall/main_ipv6.conf' (webex service)
blockinfile:
path: /etc/ipt-firewall/main_ipv6.conf
insertafter: '^#?\s*bigbluebutton_udp_ports'
block: |
# ======
# - Webex Meeting
# ======
# - Webex Meeting (Videokonferenz)
# -
# - TCP 80/443: Outbound Client Zugriffsport und Webes Events (Audiostreaming)
# -
# - UDP 9000: Outbound (VoIP and RTP)
# -
# - ---
# -
# - TCP 5004: Fall-back ports for media connectivity when UDP port 9000
# - is not open in the firewall
# -
webex_tcp_ports="$standard_webex_tcp_ports"
webex_udp_ports="$standard_webex_udp_ports"
webex_tcp_fall_back_ports="$standard_webex_tcp_fall_back_ports"
marker: "# Marker set by modify-ipt-gateway.yml (webex service)"
when:
- main_ipv6_exists.stat.exists
- webex_service_ipv6_present is changed
# --- # ---
# alfaview video conference service # alfaview video conference service
# --- # ---
@ -847,7 +967,7 @@
# 1 -> changed # 1 -> changed
# 2 -> not present # 2 -> not present
failed_when: "diff_script_output.rc > 2" failed_when: "diff_script_output.rc > 2"
when: git_firewall_repository is defined and git_firewall_repository > 0 when: (git_firewall_repository is defined) and (git_firewall_repository|length > 0)
loop: loop:
- default_ports.conf - default_ports.conf
- include_functions.conf - include_functions.conf
@ -869,7 +989,7 @@
- logging_ipv6.conf - logging_ipv6.conf
- post_decalrations.conf - post_decalrations.conf
when: when:
- git_firewall_repository is defined and git_firewall_repository > 0 - (git_firewall_repository is defined) and (git_firewall_repository|length > 0)
- diff_script_output.changed - diff_script_output.changed
notify: notify:
- Restart IPv4 Firewall - Restart IPv4 Firewall
@ -887,7 +1007,7 @@
# 1 -> changed # 1 -> changed
# 2 -> not present # 2 -> not present
failed_when: "diff_script_output.rc > 2" failed_when: "diff_script_output.rc > 2"
when: git_firewall_repository is defined and git_firewall_repository > 0 when: (git_firewall_repository is defined) and (git_firewall_repository|length > 0)
loop: loop:
- ipt-firewall-gateway - ipt-firewall-gateway
- ip6t-firewall-gateway - ip6t-firewall-gateway
@ -899,7 +1019,7 @@
- ipt-firewall-gateway - ipt-firewall-gateway
- ip6t-firewall-gateway - ip6t-firewall-gateway
when: when:
- git_firewall_repository is defined and git_firewall_repository > 0 - (git_firewall_repository is defined) and (git_firewall_repository|length > 0)
- diff_script_output.changed - diff_script_output.changed
notify: notify:
- Restart IPv4 Firewall - Restart IPv4 Firewall