From 682e3e904483e3cfb9a3f21e07cafef8903232bb Mon Sep 17 00:00:00 2001 From: Ark74 Date: Wed, 22 Jan 2025 01:56:49 -0600 Subject: [PATCH] (WIP)update add-jibri-node for latest changes. --- add-jibri-node.sh | 253 ++++++++++++++-------------------------------- 1 file changed, 75 insertions(+), 178 deletions(-) diff --git a/add-jibri-node.sh b/add-jibri-node.sh index f821a11..6d56389 100644 --- a/add-jibri-node.sh +++ b/add-jibri-node.sh @@ -49,17 +49,17 @@ JITSI_REPO=$(apt-cache policy | awk '/jitsi/&&/stable/{print$3}' | awk -F / 'NR= JIBRI_CONF="/etc/jitsi/jibri/jibri.conf" DIR_RECORD="/var/jbrecord" REC_DIR="/home/jibri/finalize_recording.sh" -CHD_VER="$(curl -sL https://chromedriver.storage.googleapis.com/LATEST_RELEASE)" GOOGL_REPO="/etc/apt/sources.list.d/dl_google_com_linux_chrome_deb.list" GOOGLE_ACTIVE_REPO=$(apt-cache policy | awk '/chrome/{print$3}' | awk -F "/" 'NR==1{print$2}') GCMP_JSON="/etc/opt/chrome/policies/managed/managed_policies.json" -#PUBLIC_IP="$(dig -4 @resolver1.opendns.com ANY myip.opendns.com +short)" +#PUBLIC_IP="$(dig -4 +short myip.opendns.com @resolver1.opendns.com)" +JITSI_GPG_KEY="/etc/apt/trusted.gpg.d/jitsi-key.gpg.key" NJN_RAND_TAIL="$(tr -dc "a-zA-Z0-9" < /dev/urandom | fold -w 4 | head -n1)" NJN_USER="jbnode${ADDUP}_${NJN_RAND_TAIL}" NJN_USER_PASS="$(tr -dc "a-zA-Z0-9#_*=" < /dev/urandom | fold -w 32 | head -n1)" -GITHUB_RAW="https://raw.githubusercontent.com" -GIT_REPO="switnet-ltd/quick-jibri-installer" -TEST_JIBRI_ENV="$GITHUB_RAW/$GIT_REPO/unstable/tools/test-jibri-env.sh" +GIT_FORGE="https://forge.switnet.net" +GIT_REPO="switnet/quick-jibri-installer" +TEST_JIBRI_ENV="$GIT_FORGE/$GIT_REPO/raw/branch/master/tools/test-jibri-env.sh" SHORT_ID="$(awk '{print substr($0,0,7)}' /etc/machine-id)" JIBRI_XORG_CONF="/etc/jitsi/jibri/xorg-video-dummy.conf" ### 1_VAR_DEF @@ -186,18 +186,19 @@ hostnamectl set-hostname "jbnode_${SHORT_ID}.${MAIN_SRV_DOMAIN}" sed -i "1i 127.0.0.1 jbnode_${SHORT_ID}.${MAIN_SRV_DOMAIN}" /etc/hosts # Jitsi-Meet Repo -echo "Add Jitsi repo" -if [ -z "$JITSI_REPO" ]; then - echo "deb http://download.jitsi.org $MAIN_SRV_REPO/" > /etc/apt/sources.list.d/jitsi-"$MAIN_SRV_REPO".list - wget -qO - https://download.jitsi.org/jitsi-key.gpg.key | apt-key add - -elif [ ! "$JITSI_REPO" = "$MAIN_SRV_REPO" ]; then - echo "Main and node servers repository don't match, extiting.." - exit -elif [ "$JITSI_REPO" = "$MAIN_SRV_REPO" ]; then - echo "Main and node servers repository match, continuing..." +printf "\nAdd Jitsi repo\n" +if [ "$JITSI_REPO" = "stable" ]; then + printf " - Jitsi stable repository already installed\n\n" else - echo "Jitsi $JITSI_REPO repository already installed" + echo "deb [signed-by=$JITSI_GPG_KEY] http://download.jitsi.org stable/" \ + > /etc/apt/sources.list.d/jitsi-stable.list + curl -s https://download.jitsi.org/jitsi-key.gpg.key \ + > "$JITSI_GPG_KEY" + apt-get update -q2 + JITSI_REPO="stable" fi +sleep .1 + # Requirements echo "We'll start by installing system requirements this may take a while please be patient..." @@ -210,7 +211,7 @@ apt-get -y install \ curl \ ffmpeg \ git \ - htop \ + btop \ inotify-tools \ jq \ rsync \ @@ -219,32 +220,30 @@ apt-get -y install \ wget check_snd_driver() { -echo -e "\n# Checking ALSA - Loopback module..." -echo "snd-aloop" | tee -a /etc/modules -modprobe snd-aloop -if [ "$(lsmod | grep snd_aloop | head -n 1 | cut -d " " -f1)" = "snd_aloop" ]; then - echo " -#----------------------------------------------------------------------- -# Audio driver seems - OK. -#-----------------------------------------------------------------------" -else - echo " -#----------------------------------------------------------------------- -# Your audio driver might not be able to load. -# We'll check the state of this Jibri with our 'test-jibri-env.sh' tool. -#-----------------------------------------------------------------------" -curl -s "$TEST_JIBRI_ENV" > /tmp/test-jibri-env.sh -#Test tool - if [ "$MODE" = "debug" ]; then - bash /tmp/test-jibri-env.sh -m debug - else - bash /tmp/test-jibri-env.sh - fi -rm /tmp/test-jibri-env.sh -read -n 1 -s -r -p "Press any key to continue..."$'\n' -fi + printf "\n# Checking ALSA - Loopback module..." + echo "snd-aloop" | tee -a /etc/modules + modprobe snd-aloop + if [ "$(lsmod|awk '/snd_aloop/{print$1}'|awk 'NR==1')" = "snd_aloop" ]; then + echo -e "\n#-----------------------------------------------------------------------" + echo "# Audio driver seems - OK." + echo -e "#-----------------------------------------------------------------------\n" + else + echo -e "\n#-----------------------------------------------------------------------" + echo "# Your audio driver might not be able to load." + echo "# We'll check the state of this Jibri with our 'test-jibri-env.sh' tool." + echo -e "#-----------------------------------------------------------------------\n" + curl -s "$TEST_JIBRI_ENV" > /tmp/test-jibri-env.sh + #Test tool + if [ "$MODE" = "debug" ]; then + bash /tmp/test-jibri-env.sh -m debug + else + bash /tmp/test-jibri-env.sh + fi + read -n 1 -s -r -p "Press any key to continue..."$'\n' + fi } +###FIXME: Trisquel support broken by lsb_release usage### echo "# Check and Install HWE kernel if possible..." HWE_VIR_MOD="$(apt-cache madison linux-image-generic-hwe-"$(lsb_release -sr)" 2>/dev/null|head -n1|grep -c hwe-"$(lsb_release -sr)")" if [ "$HWE_VIR_MOD" = "1" ]; then @@ -270,27 +269,37 @@ if [ "$GOOGLE_ACTIVE_REPO" = "main" ]; then echo "Google repository already set." else echo "Installing Google Chrome Stable" - wget -q -O - https://dl.google.com/linux/linux_signing_key.pub | apt-key add - + curl -s https://dl.google.com/linux/linux_signing_key.pub | \ + gpg --dearmor | tee /etc/apt/trusted.gpg.d/google-chrome-key.gpg >/dev/null echo "deb http://dl.google.com/linux/chrome/deb/ stable main" | tee "$GOOGL_REPO" fi apt-get -q2 update -apt-get install -y google-chrome-stable -rm -rf /etc/apt/sources.list.d/dl_google_com_linux_chrome_deb.list +apt-get install -yq2 google-chrome-stable +rm -rf "$GOOGL_REPO" + +G_CHROME=$(apt-cache madison google-chrome-stable|awk '{print$3}'|cut -d. -f1-3) +CHROMELAB_URL="https://googlechromelabs.github.io/chrome-for-testing" +CHD_LTST_DWNL=$(curl -s $CHROMELAB_URL/known-good-versions-with-downloads.json | \ + jq -r ".versions[].downloads.chromedriver | \ + select(. != null) | .[].url" | grep linux64 | \ + grep "$G_CHROME" | tail -1) +CHD_LTST=$(awk -F '/' '{print$7}' <<< "$CHD_LTST_DWNL") +GCMP_JSON="/etc/opt/chrome/policies/managed/managed_policies.json" if [ -f /usr/local/bin/chromedriver ]; then echo "Chromedriver already installed." else echo "Installing Chromedriver" - wget -q https://chromedriver.storage.googleapis.com/"$CHD_VER"/chromedriver_linux64.zip -O /tmp/chromedriver_linux64.zip - unzip /tmp/chromedriver_linux64.zip -d /usr/local/bin/ + wget -q "$CHD_LTST_DWNL" \ + -O /tmp/chromedriver_linux64.zip + unzip -o /tmp/chromedriver_linux64.zip -d /usr/local/bin/ + mv /usr/local/bin/chromedriver-linux64/chromedriver /usr/local/bin/chromedriver chown root:root /usr/local/bin/chromedriver chmod 0755 /usr/local/bin/chromedriver - rm -rf /tpm/chromedriver_linux64.zip + rm -rf /tmp/chromedriver_linux64.zip fi -echo " -Check Google Software Working... -" +printf "\nCheck Google Software Working...\n" /usr/bin/google-chrome --version /usr/local/bin/chromedriver --version | awk '{print$1,$2}' @@ -299,15 +308,13 @@ echo ' Start Jibri configuration ######################################################################## ' -echo " -Remove Chrome warning... -" +printf "\nRemove Chrome warning...\n" mkdir -p /etc/opt/chrome/policies/managed echo '{ "CommandLineFlagSecurityWarningsEnabled": false }' > "$GCMP_JSON" # Recording directory if [ ! -d "$DIR_RECORD" ]; then -mkdir "$DIR_RECORD" + mkdir "$DIR_RECORD" fi chown -R jibri:jibri "$DIR_RECORD" @@ -323,19 +330,10 @@ echo "or storage provider, etc.) in this script" >> /tmp/finalize.out chmod -R 770 \$RECORDINGS_DIR -#Rename folder. -LJF_PATH="\$(find \$RECORDINGS_DIR -exec stat --printf="%Y\t%n\n" {} \; | sort -n -r|awk '{print\$2}'| grep -v "meta\|-" | head -n1)" -NJF_NAME="\$(find \$LJF_PATH |grep -e "-"|sed "s|\$LJF_PATH/||"|cut -d "." -f1)" +LJF_PATH="\$(find \$RECORDINGS_DIR -exec stat --printf="%Y\t%n\n" {} \; | sort -nr|sed 1d|awk '{print\$2}'| grep -v "meta\|_" | head -n1)" +NJF_NAME="\$(find \$LJF_PATH |grep "mp4"|sed "s|\$LJF_PATH/||"|cut -d "." -f1)" NJF_PATH="\$RECORDINGS_DIR/\$NJF_NAME" - -##Prevent empty recording directory failsafe -if [ "\$LJF_PATH" != "\$RECORDINGS_DIR" ]; then - mv \$LJF_PATH \$NJF_PATH - #Workaround for jibri to do cleaning. - ssh -i /home/jibri/jbsync.pem $MJS_USER@$MAIN_SRV_DOMAIN "rm -r \$LJF_PATH" -else - echo "No new folder recorded, not removing anything." -fi +mv \$LJF_PATH \$NJF_PATH exit 0 REC_DIR @@ -344,117 +342,15 @@ chmod +x "$REC_DIR" ## New Jibri Config (2020) mv "$JIBRI_CONF" "${JIBRI_CONF}"-dpkg-file -cat << NEW_CONF > "$JIBRI_CONF" -// New XMPP environment config. -jibri { - streaming { - // A list of regex patterns for allowed RTMP URLs. The RTMP URL used - // when starting a stream must match at least one of the patterns in - // this list. - rtmp-allow-list = [ - // By default, all services are allowed - ".*" - ] - } - ffmpeg { - resolution = "$JIBRI_RES_CONF" - } - chrome { - // The flags which will be passed to chromium when launching - flags = [ - "--use-fake-ui-for-media-stream", - "--start-maximized", - "--kiosk", - "--enabled", - "--disable-infobars", - "--autoplay-policy=no-user-gesture-required", - "--ignore-certificate-errors", - "--disable-dev-shm-usage" - ] - } - stats { - enable-stats-d = true - } - call-status-checks { - // If all clients have their audio and video muted and if Jibri does not - // detect any data stream (audio or video) comming in, it will stop - // recording after NO_MEDIA_TIMEOUT expires. - no-media-timeout = 30 seconds - - // If all clients have their audio and video muted, Jibri consideres this - // as an empty call and stops the recording after ALL_MUTED_TIMEOUT expires. - all-muted-timeout = 10 minutes - - // When detecting if a call is empty, Jibri takes into consideration for how - // long the call has been empty already. If it has been empty for more than - // DEFAULT_CALL_EMPTY_TIMEOUT, it will consider it empty and stop the recording. - default-call-empty-timeout = 30 seconds - } - recording { - recordings-directory = $DIR_RECORD - finalize-script = $REC_DIR - } - api { - xmpp { - environments = [ - { - // A user-friendly name for this environment - name = "$JB_NAME" - - // A list of XMPP server hosts to which we'll connect - xmpp-server-hosts = [ "$MAIN_SRV_DOMAIN" ] - - // The base XMPP domain - xmpp-domain = "$MAIN_SRV_DOMAIN" - - // The MUC we'll join to announce our presence for - // recording and streaming services - control-muc { - domain = "internal.auth.$MAIN_SRV_DOMAIN" - room-name = "$JibriBrewery" - nickname = "machine-id" - } - - // The login information for the control MUC - control-login { - domain = "auth.$MAIN_SRV_DOMAIN" - username = "jibri" - password = "$JB_AUTH_PASS" - } - - // An (optional) MUC configuration where we'll - // join to announce SIP gateway services - // sip-control-muc { - // domain = "domain" - // room-name = "room-name" - // nickname = "nickname" - // } - - // The login information the selenium web client will use - call-login { - domain = "recorder.$MAIN_SRV_DOMAIN" - username = "recorder" - password = "$JB_REC_PASS" - } - - // The value we'll strip from the room JID domain to derive - // the call URL - strip-from-room-domain = "conference." - - // How long Jibri sessions will be allowed to last before - // they are stopped. A value of 0 allows them to go on - // indefinitely - usage-timeout = 0 hour - - // Whether or not we'll automatically trust any cert on - // this XMPP domain - trust-all-xmpp-certs = true - } - ] - } - } -} -NEW_CONF +cp files/jibri.conf "$JIBRI_CONF" +sed -i "s|JIBRI_RES_CONF|$JIBRI_RES_CONF|g" "$JIBRI_CONF" +sed -i "s|DIR_RECORD|$DIR_RECORD|g" "$JIBRI_CONF" +sed -i "s|REC_DIR|$REC_DIR|g" "$JIBRI_CONF" +sed -i "s|JB_NAME|$JB_NAME|g" "$JIBRI_CONF" +sed -i "s|DOMAIN|$DOMAIN|g" "$JIBRI_CONF" +sed -i "s|JibriBrewery|$JibriBrewery|g" "$JIBRI_CONF" +sed -i "s|JB_AUTH_PASS|$JB_AUTH_PASS|g" "$JIBRI_CONF" +sed -i "s|JB_REC_PASS|$JB_REC_PASS|g" "$JIBRI_CONF" #Jibri xorg resolution sed -i "s|[[:space:]]Virtual .*|Virtual $JIBRI_RES_XORG_CONF|" "$JIBRI_XORG_CONF" @@ -465,15 +361,16 @@ echo "$NJN_USER:$NJN_USER_PASS" | chpasswd echo -e "\n---- We'll connect to main server ----" read -n 1 -s -r -p "Press any key to continue..."$'\n' -sudo su "$NJN_USER" -c "ssh-keygen -t rsa -f ~/.ssh/id_rsa -b 4096 -o -a 100 -q -N ''" +sudo su "$NJN_USER" -c "ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519 -o -a 200 -q -N ''" -#Workaround for jibri to do cleaning. install -m 0600 -o jibri /home/"$NJN_USER"/.ssh/id_rsa /home/jibri/jbsync.pem sudo su jibri -c "install -D /dev/null /home/jibri/.ssh/known_hosts" sudo su jibri -c "ssh-keyscan -t rsa $MAIN_SRV_DOMAIN >> /home/jibri/.ssh/known_hosts" +sudo su jibri -c "ssh-keyscan -t ed25519 $MAIN_SRV_DOMAIN >> /home/jibri/.ssh/known_hosts" echo -e "\n\n##################\nRemote pass: $MJS_USER_PASS\n################## \n\n" ssh-keyscan -t rsa "$MAIN_SRV_DOMAIN" >> ~/.ssh/known_hosts +ssh-keyscan -t ed25519 "$MAIN_SRV_DOMAIN" >> ~/.ssh/known_hosts ssh "$MJS_USER"@"$MAIN_SRV_DOMAIN" sh -c "'cat >> .ssh/authorized_keys'" < /home/"$NJN_USER"/.ssh/id_rsa.pub sudo su "$NJN_USER" -c "ssh-keyscan -t rsa $MAIN_SRV_DOMAIN >> /home/$NJN_USER/.ssh/known_hosts"