diff --git a/add-jvb2-node.sh b/add-jvb2-node.sh new file mode 100644 index 0000000..3c4a3e3 --- /dev/null +++ b/add-jvb2-node.sh @@ -0,0 +1,316 @@ +#!/bin/bash +# JVB2 Node Aggregator +# SwITNet Ltd © - 2020, https://switnet.net/ +# GPLv3 or later. + +### 0_LAST EDITION TIME STAMP ### +# LETS: AUTOMATED_EDITION_TIME +### 1_LAST EDITION ### + +#Make sure the file name is the required one +if [ ! "$(basename $0)" = "add-jvb2-node.sh" ]; then + echo "For most cases naming won't matter, for this one it does." + echo "Please use the original name for this script: \`add-jvb2-node.sh', and run again." + exit +fi + +while getopts m: option +do + case "${option}" + in + m) MODE=${OPTARG};; + \?) echo "Usage: sudo ./add-jvb2-node.sh [-m debug]" && exit;; + esac +done + +#DEBUG +if [ "$MODE" = "debug" ]; then +set -x +fi + +#Check admin rights +if ! [ "$(id -u)" = 0 ]; then + echo "You need to be root or have sudo privileges!" + exit 0 +fi + +### 0_VAR_DEF +MAIN_SRV_DIST=TBD +MAIN_SRV_REPO=TBD +MAIN_SRV_DOMAIN=TBD + +JVB_HOSTNAME=TBD +JVB_HOST=TBD +JVB_PORT=TBD +JVB_SECRET=TBD +JVB_OPTS=TBD +SYS_PROPS=TBD +AWS_HARVEST=TBD +STUN_MAPPING=TBD +ENABLE_STATISTICS=TBD +SHARD_HOSTNAME=TBD +SHARD_DOMAIN=TBD +SHARD_PASS=TBD +MUC_JID=TBD + +MJS_USER=TBD +MJS_USER_PASS=TBD +START=0 +LAST=TBD + +THIS_SRV_DIST=$(lsb_release -sc) +JITSI_REPO=$(apt-cache policy | grep http | grep jitsi | grep stable | awk '{print $3}' | head -n 1 | cut -d "/" -f1) +JVB2_CONF="/etc/jitsi/videobridge/config" +JVB2_SIP="/etc/jitsi/videobridge/sip-communicator.properties" +#PUBLIC_IP="$(dig -4 @resolver1.opendns.com ANY myip.opendns.com +short)" +NJN_RAND_TAIL="$(tr -dc "a-zA-Z0-9" < /dev/urandom | fold -w 4 | head -n1)" +NJN_USER="jvbnode${ADDUP}_${NJN_RAND_TAIL}" +NJN_USER_PASS="$(tr -dc "a-zA-Z0-9#_*=" < /dev/urandom | fold -w 32 | head -n1)" +#GITHUB_RAW="https://raw.githubusercontent.com" +#GIT_REPO="switnet-ltd/quick-jibri-installer" +### 1_VAR_DEF + +# sed limiters for add-jvb2-node.sh variables +var_dlim() { + grep -n $1 add-jvb2-node.sh|head -n1|cut -d ":" -f1 +} + +check_var() { + if [ -z "$2" ]; then + echo -e "Check if variable $1 is set: \xE2\x9C\x96 \nExiting..." + exit + else + echo -e "Check if variable $1 is set: \xE2\x9C\x94" + fi +} + +if [ -z "$LAST" ]; then + echo "There is an error on the LAST definition, please report." + exit +elif [ "$LAST" = "TBD" ]; then + ADDUP=$((START + 1)) +else + ADDUP=$((LAST + 1)) +fi + +#Check server and node OS +if [ ! "$THIS_SRV_DIST" = "$MAIN_SRV_DIST" ]; then + echo "Please use the same OS for the JVB2 setup on both servers." + echo "This server is based on: $THIS_SRV_DIST" + echo "The main server record claims is based on: $MAIN_SRV_DIST" + exit +fi + +#Check system resources +echo "Verifying System Resources:" +if [ "$(nproc --all)" -lt 4 ];then + echo " +Warning!: The system do not meet the CPU recomendations for a JVB node for heavy loads. +>> We recommend 4 cores/threads for JVB2! +" + CPU_MIN="N" +else + echo "CPU Cores/Threads: OK ($(nproc --all))" + CPU_MIN="Y" +fi +### Test RAM size (8GB min) ### +mem_available=$(grep MemTotal /proc/meminfo| grep -o '[0-9]\+') +if [ ${mem_available} -lt 7700000 ]; then + echo " +Warning!: The system do not meet the CPU recomendations for a JVB node for heavy loads. +>> We recommend 8GB RAM for JVB2! +" + MEM_MIN="N" +else + echo "Memory: OK ($((mem_available/1024)) MiB)" + MEM_MIN="Y" +fi +if [ "$CPU_MIN" = "Y" ] && [ "$MEM_MIN" = "Y" ];then + echo "All requirements seems meet!" + echo " + - We hope you have a nice recording/streaming session + " +else + echo "CPU ($(nproc --all))/RAM ($((mem_available/1024)) MiB) does NOT meet minimum recommended requirements!" + echo "We highly advice to increase the resources in order to install this JVB2 node." + while [[ "$CONTINUE_LOW_RES" != "yes" && "$CONTINUE_LOW_RES" != "no" ]] + do + read -p "> Do you want to continue?: (yes or no)"$'\n' -r CONTINUE_LOW_RES + if [ "$CONTINUE_LOW_RES" = "no" ]; then + echo "See you next time with more resources!..." + exit + elif [ "$CONTINUE_LOW_RES" = "yes" ]; then + echo "Please keep in mind that we might not support underpowered nodes." + fi + done +fi + +echo " +#----------------------------------------------------------------------- +# Checking initial necessary variables... +#-----------------------------------------------------------------------" + +check_var JVB_HOSTNNAME "$JVB_HOSTNAME" +check_var JVB_HOST "$JVB_HOST" +check_var JVB_PORT "$JVB_PORT" +check_var JVB_SECRET "$JVB_SECRET" +check_var JVB_OPTS "$JVB_OPTS" +check_var SYS_PROPS "$SYS_PROPS" +check_var AWS_HARVEST "$AWS_HARVEST" +check_var STUN_MAPPING "$STUN_MAPPING" +check_var ENABLE_STATISTICS "$ENABLE_STATISTICS" +check_var SHARD_HOSTNAME "$SHARD_HOSTNAME" +check_var SHARD_DOMAIN "$SHARD_DOMAIN" +check_var SHARD_PASS "$SHARD_PASS" +check_var MUC_JID "$MUC_JID" +check_var MAIN_SRV_DOMAIN "$MAIN_SRV_DOMAIN" + +# Rename hostname for each jvb2 node +hostnamectl set-hostname "jvb${ADDUP}.${MAIN_SRV_DOMAIN}" +sed -i "1i 127.0.0.1 jvb${ADDUP}.${MAIN_SRV_DOMAIN}" /etc/hosts + +# Jitsi-Meet Repo +echo "Add Jitsi repo" +if [ -z "$JITSI_REPO" ]; then + echo "deb http://download.jitsi.org $MAIN_SRV_REPO/" > /etc/apt/sources.list.d/jitsi-$MAIN_SRV_REPO.list + wget -qO - https://download.jitsi.org/jitsi-key.gpg.key | apt-key add - +elif [ ! "$JITSI_REPO" = "$MAIN_SRV_REPO" ]; then + echo "Main and node servers repository don't match, extiting.." + exit +elif [ "$JITSI_REPO" = "$MAIN_SRV_REPO" ]; then + echo "Main and node servers repository match, continuing..." +else + echo "Jitsi $JITSI_REPO repository already installed" +fi + +# Requirements +echo "We'll start by installing system requirements this may take a while please be patient..." +apt-get update -q2 +apt-get dist-upgrade -yq2 + +apt-get -y install \ + apt-show-versions \ + bmon \ + curl \ + git \ + htop \ + ssh \ + unzip \ + wget + +echo "# Check and Install HWE kernel if possible..." +HWE_VIR_MOD=$(apt-cache madison linux-modules-extra-virtual-hwe-$(lsb_release -sr) 2>/dev/null|head -n1|grep -c "extra-virtual-hwe") +if [ "$HWE_VIR_MOD" == "1" ]; then + apt-get -y install \ + linux-image-generic-hwe-$(lsb_release -sr) \ + linux-modules-extra-virtual-hwe-$(lsb_release -sr) + else + apt-get -y install \ + linux-modules-extra-$(uname -r) +fi + +echo " +#-------------------------------------------------- +# Install JVB2 +#-------------------------------------------------- +" +apt-get -y install \ + jitsi-videobridge2 \ + openjdk-8-jre-headless + +echo ' +######################################################################## + Start JVB2 configuration +######################################################################## +' + +mv $JVB2_CONF ${JVB2_CONF}-dpkg-file + +## JVB2 - CONFIG +cat << JVB2_CONF > $JVB2_CONF +# Jitsi Videobridge settings + +# sets the XMPP domain (default: none) +JVB_HOSTNAME=$JVB_HN + +# sets the hostname of the XMPP server (default: domain if set, localhost otherwise) +JVB_HOST=$JVB_HOST + +# sets the port of the XMPP server (default: 5275) +JVB_PORT=$JVB_PORT + +# sets the shared secret used to authenticate to the XMPP server +JVB_SECRET=$JVB_SECRET + +# extra options to pass to the JVB daemon +JVB_OPTS=$JVB_OPTS + +# adds java system props that are passed to jvb (default are for home and logging config file) +JAVA_SYS_PROPS=$SYS_PROPS + +JVB2_CONF + + +mv $JVB2_SIP $JVB2_SIP-dpkg-file +## JVB2 - SIP +cat << JVB2_SIP > $JVB2_SIP +org.ice4j.ice.harvest.DISABLE_AWS_HARVESTER=$AWS_HARVEST +org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES=$STUN_MAPPING +org.jitsi.videobridge.ENABLE_STATISTICS=$ENABLE_STATISTICS +org.jitsi.videobridge.STATISTICS_TRANSPORT=muc +org.jitsi.videobridge.xmpp.user.shard.HOSTNAME=$MAIN_SRV_DOMAIN +org.jitsi.videobridge.xmpp.user.shard.DOMAIN=auth.$MAIN_SRV_DOMAIN +org.jitsi.videobridge.xmpp.user.shard.USERNAME=jvb +org.jitsi.videobridge.xmpp.user.shard.PASSWORD=$SHARD_PASS +org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS=JvbBrewery@internal.auth.$MAIN_SRV_DOMAIN +org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME=jvb2-$ADDUP +JVB2_SIP + +echo -e "\n---- Create random nodesync user ----" +useradd -m -g jvb $NJN_USER +echo "$NJN_USER:$NJN_USER_PASS" | chpasswd + +echo -e "\n---- We'll connect to main server ----" +read -n 1 -s -r -p "Press any key to continue..."$'\n' +sudo su $NJN_USER -c "ssh-keygen -t rsa -f ~/.ssh/id_rsa -b 4096 -o -a 100 -q -N ''" +echo "Remote pass: $MJS_USER_PASS" +ssh-keyscan -t rsa $MAIN_SRV_DOMAIN >> ~/.ssh/known_hosts +ssh $MJS_USER@$MAIN_SRV_DOMAIN sh -c "'cat >> .ssh/authorized_keys'" < /home/$NJN_USER/.ssh/id_rsa.pub +sudo su $NJN_USER -c "ssh-keyscan -t rsa $MAIN_SRV_DOMAIN >> /home/$NJN_USER/.ssh/known_hosts" + +echo "Writting last node number..." +sed -i "$(var_dlim 0_VAR),$(var_dlim 1_VAR){s|LAST=.*|LAST=$ADDUP|}" add-jvb2-node.sh +sed -i "$(var_dlim 0_LAST),$(var_dlim 1_LAST){s|LETS: .*|LETS: $(date -R)|}" add-jvb2-node.sh +echo "Last file edition at: $(grep "LETS:" add-jvb2-node.sh|head -n1|awk -F'LETS:' '{print$2}')" + +#Enable jvb2 services +systemctl enable jvb2 +systemctl restart jvb2 + +echo -e "\nSending updated add-jvb2-node.sh file to main server sync user...\n" +cp $PWD/add-jvb2-node.sh /tmp +sudo -u $NJN_USER scp /tmp/add-jvb2-node.sh $MJS_USER@$MAIN_SRV_DOMAIN:/home/$MJS_USER/ +rm $PWD/add-jvb2-node.sh /tmp/add-jvb2-node.sh + +echo " +######################################################################## + Node addition complete!! + + IMPORTANT: + The updated version of this file has been sent to the main server + at the sync user home directory, please use that one in order to + install new nodes. For security reason this version has been deleted + from this very node. + + For customized support: http://switnet.net +######################################################################## +" + +echo "Rebooting in..." +secs=$((15)) +while [ $secs -gt 0 ]; do + echo -ne "$secs\033[0K\r" + sleep 1 + : $((secs--)) +done +reboot diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index 05e079f..03f522f 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -362,16 +362,18 @@ echo ' ' # MEET / JIBRI SETUP DOMAIN=$(ls /etc/prosody/conf.d/ | grep -v localhost | awk -F'.cfg' '{print $1}' | awk '!NF || !seen[$0]++') -WS_CONF=/etc/nginx/sites-enabled/$DOMAIN.conf +WS_CONF="/etc/nginx/sites-enabled/$DOMAIN.conf" JB_AUTH_PASS="$(tr -dc "a-zA-Z0-9#*=" < /dev/urandom | fold -w 10 | head -n1)" JB_REC_PASS="$(tr -dc "a-zA-Z0-9#*=" < /dev/urandom | fold -w 10 | head -n1)" -PROSODY_FILE=/etc/prosody/conf.d/$DOMAIN.cfg.lua -PROSODY_SYS=/etc/prosody/prosody.cfg.lua -JICOFO_SIP=/etc/jitsi/jicofo/sip-communicator.properties -MEET_CONF=/etc/jitsi/meet/$DOMAIN-config.js -JIBRI_CONF=/etc/jitsi/jibri/jibri.conf +PROSODY_FILE="/etc/prosody/conf.d/$DOMAIN.cfg.lua" +PROSODY_SYS="/etc/prosody/prosody.cfg.lua" +JICOFO_SIP="/etc/jitsi/jicofo/sip-communicator.properties" +MEET_CONF="/etc/jitsi/meet/$DOMAIN-config.js" +JIBRI_CONF="/etc/jitsi/jibri/jibri.conf" +JVB2_CONF="/etc/jitsi/videobridge/config" +JVB2_SIP="/etc/jitsi/videobridge/sip-communicator.properties" DIR_RECORD=/var/jbrecord -REC_DIR=/home/jibri/finalize_recording.sh +REC_DIR="/home/jibri/finalize_recording.sh" JB_NAME="Jibri Sessions" LE_RENEW_LOG="/var/log/letsencrypt/renew.log" MOD_LISTU="https://prosody.im/files/mod_listusers.lua" @@ -621,6 +623,9 @@ restart_services() { check_jibri } +# Configure Jvb2 +sed -i "/shard.HOSTNAME/s|localhost|$DOMAIN|" /etc/jitsi/videobridge/sip-communicator.properties + # Configure Jibri ## PROSODY if dpkg-compare prosody lt 0.11.0 ; then @@ -841,7 +846,6 @@ sudo su $MJS_USER -c "ssh-keygen -t rsa -f ~/.ssh/id_rsa -b 4096 -o -a 100 -q -N sed -i "s|PasswordAuthentication .*|PasswordAuthentication yes|" /etc/ssh/sshd_config systemctl restart sshd - #Setting varibales for add-jibri-node.sh sed -i "s|MAIN_SRV_DIST=.*|MAIN_SRV_DIST=\"$DIST\"|" add-jibri-node.sh sed -i "s|MAIN_SRV_REPO=.*|MAIN_SRV_REPO=\"$JITSI_REPO\"|" add-jibri-node.sh @@ -855,6 +859,45 @@ sed -i "s|MJS_USER_PASS=.*|MJS_USER_PASS=\"$MJS_USER_PASS\"|" add-jibri-node.sh sed -i "$(var_dlim 0_LAST),$(var_dlim 1_LAST){s|LETS: .*|LETS: $(date -R)|}" add-jibri-node.sh echo "Last file edition at: $(grep "LETS:" add-jibri-node.sh|head -n1|awk -F'LETS:' '{print$2}')" +#-- Setting variables for add-jvb2-node.sh +g_conf_value() { + grep "$1" $JVB2_CONF|sed "s|$1||" +} +JVB_HOSTNAME=$(g_sys_value JVB_HOSTNAME=) +JVB_HOST=$(g_sys_value JVB_HOST=) +JVB_PORT=$(g_sys_value JVB_PORT=) +JVB_SECRET=$(g_sys_value JVB_SECRET=) +JVB_OPTS=$(g_sys_value JVB_OPTS=) +JAVA_SYS_PROPS=$(g_sys_value JAVA_SYS_PROPS=) + +g_sip_value() { + grep "$1" $JVB2_SIP|sed "s|$1||" +} +DISABLE_AWS_HARVESTER=$(g_sip_value DISABLE_AWS_HARVESTER=) +STUN_MAPPING_HARVESTER_ADDRESSES=$(g_sip_value STUN_MAPPING_HARVESTER_ADDRESSES=) +ENABLE_STATISTICS=$(g_sip_value ENABLE_STATISTICS=) +SHARD_HOSTNAME=$(g_sip_value shard.HOSTNAME=) +SHARD_DOMAIN=$(g_sip_value shard.DOMAIN=) +SHARD_PASSWORD=$(g_sip_value shard.PASSWORD=) +MUC_JID=$(g_sip_value MUC_JIDS=) + +##-- Replacing on add-jvb2-node.sh +sed -i "s|JVB_HOSTNAME=.*|JVB_HOSTNAME=\'$JVB_HOSTNAME\'|" add-jvb2-node.sh +sed -i "s|JVB_HOST=.*|JVB_HOST=\'$JVB_HOST\'|" add-jvb2-node.sh +sed -i "s|JVB_PORT=.*|JVB_PORT=\'$JVB_PORT\'|" add-jvb2-node.sh +sed -i "s|JVB_SECRET=.*|JVB_SECRET=\'$JVB_SECRET\'|" add-jvb2-node.sh +sed -i "s|JVB_OPTS=.*|JVB_OPTS=\'$JVB_OPTS\'|" add-jvb2-node.sh +sed -i "s|SYS_PROPS=.*|SYS_PROPS=\'$JAVA_SYS_PROPS\'|" add-jvb2-node.sh +#- +sed -i "s|AWS_HARVEST=.*|AWS_HARVEST=\'$DISABLE_AWS_HARVESTER\'|" add-jvb2-node.sh +sed -i "s|STUN_MAPPING=.*|STUN_MAPPING=\'$STUN_MAPPING_HARVESTER_ADDRESSES\'|" add-jvb2-node.sh +sed -i "s|ENABLE_STATISTICS=.*|ENABLE_STATISTICS=\'$ENABLE_STATISTICS\'|" add-jvb2-node.sh +sed -i "s|SHARD_HOSTNAME=.*|SHARD_HOSTNAME=\'$SHARD_HOSTNAME\'|" add-jvb2-node.sh +sed -i "s|SHARD_DOMAIN=.*|SHARD_DOMAIN=\'$SHARD_DOMAIN\'|" add-jvb2-node.sh +sed -i "s|SHARD_PASS=.*|SHARD_PASS=\'$SHARD_PASSWORD\'|" add-jvb2-node.sh +sed -i "s|MUC_JID=.*|MUC_JID=\'$MUC_JID\'|" add-jvb2-node.sh +##-- + #Tune webserver for Jitsi App control if [ -f $WS_CONF ]; then sed -i "/Anything that didn't match above/i \\\n" $WS_CONF @@ -966,12 +1009,7 @@ VirtualHost "guest.$DOMAIN" P_SR else - cat << P_SR >> $PROSODY_FILE - ---VirtualHost "guest.$DOMAIN" --- authentication = "anonymous" --- c2s_require_encryption = false -P_SR + echo "No authentication method selected." fi #======================