diff --git a/README.md b/README.md index e70e88f..111df8b 100644 --- a/README.md +++ b/README.md @@ -1,49 +1,75 @@ # Quick Jibri Installer -Bash installer for Jibri on **\*buntu LTS** based systems using **nginx** as default webserver. +Bash installer for Jibri on **Ubuntu LTS** based systems using **nginx** as default webserver. ## Usage +As for our current latest release, as we have integrated more and more features, we highly recommend to use a purpose specific-newly spawn server to host the jitsi-meet framework, making sure you stick to the requirements and recommendations as much as possible, in order to avoid issues. + + +### Main Server +Login into your clean server, clone git repository and run the installer, ``` git clone https://github.com/switnet-ltd/quick-jibri-installer cd quick-jibri-installer bash quick-jibri-installer.sh ``` -Please check more details on our wiki. + +### Add Jibri node + +Copy the modified `add-jibri-node.sh` file from your early cloned installation directory once it's completed to the new server meant to be a jibri node using your preferred method, then run it + +**WARNING:** This file contains sensitive information from your setup, please handle with care. + +``` +bash add-jibri-node.sh +``` + + +Check more details on our wiki. ## Requirements * Clean VM/VPS/Server using Ubuntu LTS * Valid domain with DNS record, **mandatory** for SSL certs via Let's Encrypt. * Ports open for ACME (SSL) interaction & validation. -* Minimum recommended for video recording: 8 GB RAM / 4 Cores. +* Highly recommended: 8 GB RAM / 4 Cores. * Webcam ### Jigasi Transcript * SIP account * Google Cloud Account with Billing setup. + ### Jibri Recodings Access via Nextcloud * Valid domain with DNS record for Nextcloud SSL. +## Kernel warning +For AWS users or any cloud service provider that might use their own kernel on their products (servers/vm/vps), might cause Jibri failure to start due not allowing `snd_aloop` module. + +Make sure that you update your grub to boot the right one. + +Feel free to use our (new) `test-jibri-env.sh` tool to find some details on your current setup. ## Features -* Enabled Session (video) Recording using Jibri +* Enabled Session Recording using Jibri * Enabled Jitsi Electron app detection server side. * Standalone SSL Certbot/LE implementation * Jigasi Transcript - Speech to Text powered by Google API * JRA (Jibri Recordings Access) via Nextcloud * Improved recurring updater * Customized brandless mode - * (New) Setting up custom interface_config.js -* (New) Grafana Dashboard -* (New) Lobby Rooms - Secure Rooms -* (New) Conference Duration - Secure Rooms + * Setting up custom interface_config.js +* Grafana Dashboard +* Lobby Rooms - Secure Rooms +* Conference Duration - Secure Rooms +* (New) Automatic Jibri nodes network sync ([see more](https://github.com/switnet-ltd/quick-jibri-installer/wiki/Jibri-Nodes)). +## Tools (New) +* (New) Jibri Environment Tester + * (New) Jibri Conf Upgrader (late 2020). ## Optional custom changes * Optional default language * Option to enable Secure Rooms * Option to enable Welcome Page -* Option to enable Local audio recording using flac. -* Option to use Rodentia static avatar (icon credit: sixsixfive) - Legacy ## Custom changes * Start with video muted by default diff --git a/add-jibri-node.sh b/add-jibri-node.sh index 22ad407..d1d360a 100644 --- a/add-jibri-node.sh +++ b/add-jibri-node.sh @@ -42,16 +42,25 @@ JibriBrewery=TBD JB_NAME=TBD JB_AUTH_PASS=TBD JB_REC_PASS=TBD +MJS_USER=TBD +MJS_USER_PASS=TBD THIS_SRV_DIST=$(lsb_release -sc) JITSI_REPO=$(apt-cache policy | grep http | grep jitsi | grep stable | awk '{print $3}' | head -n 1 | cut -d "/" -f1) START=0 LAST=TBD -CONF_JSON="/etc/jitsi/jibri/config.json" +JIBRI_CONF="/etc/jitsi/jibri/jibri.conf" DIR_RECORD="/var/jbrecord" REC_DIR="/home/jibri/finalize_recording.sh" CHD_VER="$(curl -sL https://chromedriver.storage.googleapis.com/LATEST_RELEASE)" GOOGL_REPO="/etc/apt/sources.list.d/dl_google_com_linux_chrome_deb.list" GCMP_JSON="/etc/opt/chrome/policies/managed/managed_policies.json" +PUBLIC_IP="$(dig -4 @resolver1.opendns.com ANY myip.opendns.com +short)" +NJN_RAND_TAIL="$(tr -dc "a-zA-Z0-9" < /dev/urandom | fold -w 4 | head -n1)" +NJN_USER="jbnode${ADDUP}_${NJN_RAND_TAIL}" +NJN_USER_PASS="$(tr -dc "a-zA-Z0-9#_*=" < /dev/urandom | fold -w 32 | head -n1)" +GITHUB_RAW="https://raw.githubusercontent.com" +GIT_REPO="switnet-ltd/quick-jibri-installer" +TEST_JIBRI_ENV="$GITHUB_RAW/$GIT_REPO/unstable/tools/test-jibri-env.sh" ### 1_VAR_DEF # sed limiters for add-jibri-node.sh variables @@ -61,12 +70,12 @@ var_dlim() { check_var() { if [ -z "$2" ]; then - echo "$1 is not defined, please check. Exiting..." + echo -e "Check if variable $1 is set: \xE2\x9C\x96 \nExiting..." exit else - echo "$1 is set to: $2" + echo -e "Check if variable $1 is set: \xE2\x9C\x94" fi - } +} if [ -z "$LAST" ]; then echo "There is an error on the LAST definition, please report." @@ -85,6 +94,51 @@ if [ ! "$THIS_SRV_DIST" = "$MAIN_SRV_DIST" ]; then exit fi +#Check system resources +echo "Verifying System Resources:" +if [ "$(nproc --all)" -lt 4 ];then + echo " +Warning!: The system do not meet the minimum CPU requirements for Jibri to run. +>> We recommend 4 cores/threads for Jibri! +" + CPU_MIN="N" +else + echo "CPU Cores/Threads: OK ($(nproc --all))" + CPU_MIN="Y" +fi +### Test RAM size (8GB min) ### +mem_available=$(grep MemTotal /proc/meminfo| grep -o '[0-9]\+') +if [ ${mem_available} -lt 7700000 ]; then + echo " +Warning!: The system do not meet the minimum RAM requirements for Jibri to run. +>> We recommend 8GB RAM for Jibri! +" + MEM_MIN="N" +else + echo "Memory: OK ($((mem_available/1024)) MiB)" + MEM_MIN="Y" +fi +if [ "$CPU_MIN" = "Y" ] && [ "$MEM_MIN" = "Y" ];then + echo "All requirements seems meet!" + echo " + - We hope you have a nice recording/streaming session + " +else + echo "CPU ($(nproc --all))/RAM ($((mem_available/1024)) MiB) does NOT meet minimum recommended requirements!" + echo "Since this is a Jibri node installation there is no point on not having the necessary resources." + echo "We highly advice to increase the resources in order to install this Jibri node." + while [[ "$CONTINUE_LOW_RES" != "yes" && "$CONTINUE_LOW_RES" != "no" ]] + do + read -p "> Do you want to continue?: (yes or no)"$'\n' -r CONTINUE_LOW_RES + if [ "$CONTINUE_LOW_RES" = "no" ]; then + echo "See you next time with more resources!..." + exit + elif [ "$CONTINUE_LOW_RES" = "yes" ]; then + echo "Please keep in mind that we might not support underpowered nodes." + fi + done +fi + echo " #----------------------------------------------------------------------- # Checking initial necessary variables... @@ -97,6 +151,12 @@ check_var JibriBrewery "$JibriBrewery" check_var JB_NAME "$JB_NAME" check_var JB_AUTH_PASS "$JB_AUTH_PASS" check_var JB_REC_PASS "$JB_REC_PASS" +check_var MJS_USER "$MJS_USER" +check_var MJS_USER_PASS "$MJS_USER_PASS" + +# Rename hostname for each jibri node +hostnamectl set-hostname "jbnode${ADDUP}.${MAIN_SRV_DOMAIN}" +sed -i "1i 127.0.0.1 jbnode${ADDUP}.${MAIN_SRV_DOMAIN}" /etc/hosts # Jitsi-Meet Repo echo "Add Jitsi repo" @@ -112,9 +172,29 @@ else echo "Jitsi $JITSI_REPO repository already installed" fi +# Requirements +echo "We'll start by installing system requirements this may take a while please be patient..." +apt-get update -q2 +apt-get dist-upgrade -yq2 + +apt-get -y install \ + apt-show-versions \ + bmon \ + curl \ + ffmpeg \ + git \ + htop \ + inotify-tools \ + jq \ + rsync \ + ssh \ + unzip \ + wget + check_snd_driver() { +echo -e "\n# Checking ALSA - Loopback module..." +echo "snd-aloop" | tee -a /etc/modules modprobe snd-aloop -echo "snd-aloop" >> /etc/modules if [ "$(lsmod | grep snd_aloop | head -n 1 | cut -d " " -f1)" = "snd_aloop" ]; then echo " #----------------------------------------------------------------------- @@ -123,30 +203,31 @@ if [ "$(lsmod | grep snd_aloop | head -n 1 | cut -d " " -f1)" = "snd_aloop" ]; t else echo " #----------------------------------------------------------------------- -# Your audio driver might not be able to load, once the installation -# is complete and server restarted, please run: \`lsmod | grep snd_aloop' -# to make sure it did. If not, any feedback for your setup is welcome. +# Your audio driver might not be able to load. +# We'll check the state of this Jibri with our 'test-jibri-env.sh' tool. #-----------------------------------------------------------------------" +curl -s $TEST_JIBRI_ENV > /tmp/test-jibri-env.sh +#Test tool + if [ "$MODE" = "debug" ]; then + bash /tmp/test-jibri-env.sh -m debug + else + bash /tmp/test-jibri-env.sh + fi +rm /tmp/test-jibri-env.sh read -n 1 -s -r -p "Press any key to continue..."$'\n' fi } -# Requirements -echo "We'll start by installing system requirements this may take a while please be patient..." -apt-get update -q2 -apt-get dist-upgrade -yq2 - -apt-get -y install \ - bmon \ - curl \ - ffmpeg \ - git \ - htop \ - linux-image-generic-hwe-"$(lsb_release -r|awk '{print$2}')" \ - unzip \ - wget - -check_snd_driver +echo "# Check and Install HWE kernel if possible..." +HWE_VIR_MOD=$(apt-cache madison linux-modules-extra-virtual-hwe-$(lsb_release -sr) 2>/dev/null|head -n1|grep -c "extra-virtual-hwe") +if [ "$HWE_VIR_MOD" == "1" ]; then + apt-get -y install \ + linux-image-generic-hwe-$(lsb_release -sr) \ + linux-modules-extra-virtual-hwe-$(lsb_release -sr) + else + apt-get -y install \ + linux-modules-extra-$(uname -r) +fi echo " #-------------------------------------------------- @@ -220,42 +301,152 @@ REC_DIR chown jibri:jibri $REC_DIR chmod +x $REC_DIR -## JSON Config -cp $CONF_JSON ${CONF_JSON}.orig +## New Jibri Config (2020) +mv $JIBRI_CONF ${JIBRI_CONF}-dpkg-file +cat << NEW_CONF > $JIBRI_CONF +// New XMPP environment config. +jibri { + recording { + recordings-directory = $DIR_RECORD + finalize-script = $REC_DIR + } + api { + xmpp { + environments = [ + { + // A user-friendly name for this environment + name = "$JB_NAME" -cat << CONF_JSON > $CONF_JSON -{ - "recording_directory":"$DIR_RECORD", - "finalize_recording_script_path": "$REC_DIR", - "xmpp_environments": [ - { - "name": "$JB_NAME", - "xmpp_server_hosts": [ - "$MAIN_SRV_DOMAIN" - ], - "xmpp_domain": "$MAIN_SRV_DOMAIN", - "control_login": { - "domain": "auth.$MAIN_SRV_DOMAIN", - "username": "jibri", - "password": "$JB_AUTH_PASS" - }, - "control_muc": { - "domain": "internal.auth.$MAIN_SRV_DOMAIN", - "room_name": "$JibriBrewery", - "nickname": "Live-$ADDUP" - }, - "call_login": { - "domain": "recorder.$MAIN_SRV_DOMAIN", - "username": "recorder", - "password": "$JB_REC_PASS" - }, + // A list of XMPP server hosts to which we'll connect + xmpp-server-hosts = [ "$MAIN_SRV_DOMAIN" ] - "room_jid_domain_string_to_strip_from_start": "conference.", - "usage_timeout": "0" + // The base XMPP domain + xmpp-domain = "$MAIN_SRV_DOMAIN" + + // The MUC we'll join to announce our presence for + // recording and streaming services + control-muc { + domain = "internal.auth.$MAIN_SRV_DOMAIN" + room-name = "$JibriBrewery" + nickname = "Live-$ADDUP" + } + + // The login information for the control MUC + control-login { + domain = "auth.$MAIN_SRV_DOMAIN" + username = "jibri" + password = "$JB_AUTH_PASS" + } + + // An (optional) MUC configuration where we'll + // join to announce SIP gateway services + // sip-control-muc { + // domain = "domain" + // room-name = "room-name" + // nickname = "nickname" + // } + + // The login information the selenium web client will use + call-login { + domain = "recorder.$MAIN_SRV_DOMAIN" + username = "recorder" + password = "$JB_REC_PASS" + } + + // The value we'll strip from the room JID domain to derive + // the call URL + strip-from-room-domain = "conference." + + // How long Jibri sessions will be allowed to last before + // they are stopped. A value of 0 allows them to go on + // indefinitely + usage-timeout = 0 hour + + // Whether or not we'll automatically trust any cert on + // this XMPP domain + trust-all-xmpp-certs = true + } + ] } - ] + } } -CONF_JSON +NEW_CONF + +echo -e "\n---- Create random nodesync user ----" +useradd -m -g jibri $NJN_USER +echo "$NJN_USER:$NJN_USER_PASS" | chpasswd + +echo -e "\n---- We'll connect to main server ----" +read -n 1 -s -r -p "Press any key to continue..."$'\n' +sudo su $NJN_USER -c "ssh-keygen -t rsa -f ~/.ssh/id_rsa -b 4096 -o -a 100 -q -N ''" +echo "Remote pass: $MJS_USER_PASS" +ssh-keyscan -t rsa $MAIN_SRV_DOMAIN >> ~/.ssh/known_hosts +ssh $MJS_USER@$MAIN_SRV_DOMAIN sh -c "'cat >> .ssh/authorized_keys'" < /home/$NJN_USER/.ssh/id_rsa.pub +sudo su $NJN_USER -c "ssh-keyscan -t rsa $MAIN_SRV_DOMAIN >> /home/$NJN_USER/.ssh/known_hosts" + +echo -e "\n---- Setup Log system ----" +cat << INOT_RSYNC > /etc/jitsi/jibri/remote-jbsync.sh +#!/bin/bash + +# Log process +exec 3>&1 4>&2 +trap 'exec 2>&4 1>&3' 0 1 2 3 +exec 1>/var/log/$NJN_USER/remote_jnsync.log 2>&1 + +# Run sync +while true; do + inotifywait -t 60 -r -e modify,attrib,close_write,move,delete $DIR_RECORD + sudo su $NJN_USER -c "rsync -Aax --info=progress2 --remove-source-files --exclude '.*/' $DIR_RECORD/ $MJS_USER@$MAIN_SRV_DOMAIN:$DIR_RECORD" + find $DIR_RECORD -depth -type d -empty -not -path $DIR_RECORD -delete +done +INOT_RSYNC + + +mkdir /var/log/$NJN_USER + +cat << LOG_ROT >> /etc/logrotate.d/$NJN_USER +/var/log/$NJN_USER/*.log { + monthly + missingok + rotate 12 + compress + notifempty + create 0640 root root + sharedscripts + postrotate + service remote_jnsync restart + endscript +} +LOG_ROT + +echo -e "\n---- Create systemd service file ----" +cat << REMOTE_SYNC_SERVICE > /etc/systemd/system/remote_jnsync.service +[Unit] +Description = Sync Node to Main Jibri Service +After = network.target + +[Service] +PIDFile = /run/syncservice/remote_jnsync.pid +User = root +Group = root +WorkingDirectory = /var +ExecStartPre = /bin/mkdir /run/syncservice +ExecStartPre = /bin/chown -R root:root /run/syncservice +ExecStart = /bin/bash /etc/jitsi/jibri/remote-jbsync.sh +ExecReload = /bin/kill -s HUP \$MAINPID +ExecStop = /bin/kill -s TERM \$MAINPID +ExecStopPost = /bin/rm -rf /run/syncservice +PrivateTmp = true + +[Install] +WantedBy = multi-user.target +REMOTE_SYNC_SERVICE + +chmod 755 /etc/systemd/system/remote_jnsync.service +systemctl daemon-reload + +systemctl enable remote_jnsync.service +systemctl start remote_jnsync.service echo "Writting last node number..." sed -i "$(var_dlim 0_VAR),$(var_dlim 1_VAR){s|LAST=.*|LAST=$ADDUP|}" add-jibri-node.sh @@ -267,10 +458,24 @@ systemctl enable jibri systemctl enable jibri-xorg systemctl enable jibri-icewm +check_snd_driver + +echo -e "\nSending updated add-jibri-node.sh file to main server sync user...\n" +cp $PWD/add-jibri-node.sh /tmp +sudo -u $NJN_USER scp /tmp/add-jibri-node.sh $MJS_USER@$MAIN_SRV_DOMAIN:/home/$MJS_USER/ +rm $PWD/add-jibri-node.sh /tmp/add-jibri-node.sh + echo " ######################################################################## Node addition complete!! - for customized support: http://switnet.net + + IMPORTANT: + The updated version of this file has been sent to the main server + at the sync user home directory, please use that one in order to + install new nodes. For security reason this version has been deleted + from this very node. + + For customized support: http://switnet.net ######################################################################## " diff --git a/jm-bm.sh b/jm-bm.sh index 36484f9..338ac04 100644 --- a/jm-bm.sh +++ b/jm-bm.sh @@ -74,4 +74,6 @@ else sed -i "s|'me'|'$LOCAL_USER'|" $INT_CONF sed -i "s|LIVE_STREAMING_HELP_LINK: .*|LIVE_STREAMING_HELP_LINK: '#',|g" $INT_CONF sed -i "s|SUPPORT_URL: .*|SUPPORT_URL: '#',|g" $INT_CONF + #Logo 2 + sed -i "s|watermark.png|watermark2.png|g" $INT_CONF fi diff --git a/jra_nextcloud.sh b/jra_nextcloud.sh index 9fd3f80..9b0195e 100644 --- a/jra_nextcloud.sh +++ b/jra_nextcloud.sh @@ -2,51 +2,41 @@ # JRA (Jibri Recordings Access) via Nextcloud # SwITNet Ltd © - 2020, https://switnet.net/ # GPLv3 or later. +while getopts m: option +do + case "${option}" + in + m) MODE=${OPTARG};; + \?) echo "Usage: sudo ./jra_nextcloud.sh [-m debug]" && exit;; + esac +done + +#DEBUG +if [ "$MODE" = "debug" ]; then +set -x +fi + if ! [ $(id -u) = 0 ]; then echo "You need to be root or have sudo privileges!" exit 0 fi - +exit_if_not_installed() { +if [ "$(dpkg-query -W -f='${Status}' $1 2>/dev/null | grep -c "ok installed")" != "1" ]; then + echo " This instance doesn't have $1 installed, exiting..." + echo " If you think this is an error, please report to: + -> https://github.com/switnet-ltd/quick-jibri-installer/issues " + exit +fi +} clear -echo ' +echo -e '\n ######################################################################## Jibri Recordings Access via Nextcloud ######################################################################## by Software, IT & Networks Ltd -' -while [[ -z "$NC_DOMAIN" ]] -do -read -p "Please enter the domain to use for Nextcloud: " -r NC_DOMAIN -if [ -z "$NC_DOMAIN" ]; then - echo "-- This field is mandatory." -fi -done -while [[ -z "$NC_USER" ]] -do -read -p "Nextcloud user: " -r NC_USER -if [ -z "$NC_USER" ]; then - echo "-- This field is mandatory." -fi -done -while [[ -z "$NC_PASS" ]] -do -read -p "Nextcloud user password: " -r NC_PASS -if [ -z "$NC_PASS" ]; then - echo "-- This field is mandatory." -fi -done -#Enable HSTS -while [[ "$ENABLE_HSTS" != "yes" && "$ENABLE_HSTS" != "no" ]] -do -read -p "> Do you want to enable HSTS for this domain?: (yes or no) - Be aware this option apply mid-term effects on the domain, choose \"no\" - in case you don't know what you are doing. More at https://hstspreload.org/"$'\n' -r ENABLE_HSTS -if [ "$ENABLE_HSTS" = "no" ]; then - echo "-- HSTS won't be enabled." -elif [ "$ENABLE_HSTS" = "yes" ]; then - echo "-- HSTS will be enabled." -fi -done +\n' +exit_if_not_installed jitsi-meet + DISTRO_RELEASE="$(lsb_release -sc)" DOMAIN=$(ls /etc/prosody/conf.d/ | grep -v localhost | awk -F'.cfg' '{print $1}' | awk '!NF || !seen[$0]++') PHP_REPO=$(apt-cache policy | grep http | grep php | head -n 1 | awk '{print $2}' | cut -d "/" -f5) @@ -55,7 +45,6 @@ PSGVER="$(apt-cache madison postgresql | head -n1 | awk '{print $3}' | cut -d "+ PHP_FPM_DIR="/etc/php/$PHPVER/fpm" PHP_INI="$PHP_FPM_DIR/php.ini" PHP_CONF="/etc/php/$PHPVER/fpm/pool.d/www.conf" -NC_NGINX_CONF="/etc/nginx/sites-available/$NC_DOMAIN.conf" NC_NGINX_SSL_PORT="$(grep "listen 44" /etc/nginx/sites-enabled/$DOMAIN.conf | awk '{print$2}')" NC_REPO="https://download.nextcloud.com/server/releases" NCVERSION="$(curl -s -m 900 $NC_REPO/ | sed --silent 's/.*href="nextcloud-\([^"]\+\).zip.asc".*/\1/p' | sort --version-sort | tail -1)" @@ -71,10 +60,59 @@ JITSI_MEET_PROXY="/etc/nginx/modules-enabled/60-jitsi-meet.conf" if [ -f $JITSI_MEET_PROXY ];then PREAD_PROXY=$(grep -nr "preread_server_name" $JITSI_MEET_PROXY | cut -d ":" -f1) fi + +while [[ -z "$NC_DOMAIN" ]] +do +read -p "Please enter the domain to use for Nextcloud: " -r NC_DOMAIN +if [ -z "$NC_DOMAIN" ];then + echo "-- This field is mandatory." +elif [ "$NC_DOMAIN" = "$DOMAIN" ]; then + echo "-- You can not use the same domain for both, Jitsi Meet and JRA via Nextcloud." +fi +done +NC_NGINX_CONF="/etc/nginx/sites-available/$NC_DOMAIN.conf" +while [[ -z "$NC_USER" ]] +do +read -p "Nextcloud user: " -r NC_USER +if [ -z "$NC_USER" ]; then + echo "-- This field is mandatory." +fi +done +while [ -z "$NC_PASS" ] || [ ${#NC_PASS} -lt 6 ] +do +read -p "Nextcloud user password: " -r NC_PASS + +if [ -z "$NC_PASS" ] || [ ${#NC_PASS} -lt 6 ]; then + echo -e "-- This field is mandatory. \nPlease make sure it's at least 6 caracters.\n" +fi +done +#Enable HSTS +while [[ "$ENABLE_HSTS" != "yes" && "$ENABLE_HSTS" != "no" ]] +do +read -p "> Do you want to enable HSTS for this domain?: (yes or no) + Be aware this option apply mid-term effects on the domain, choose \"no\" + in case you don't know what you are doing. More at https://hstspreload.org/"$'\n' -r ENABLE_HSTS +if [ "$ENABLE_HSTS" = "no" ]; then + echo "-- HSTS won't be enabled." +elif [ "$ENABLE_HSTS" = "yes" ]; then + echo "-- HSTS will be enabled." +fi +done + +echo -e "\n# Check for jitsi-meet/jibri\n" +if [ "$(dpkg-query -W -f='${Status}' jibri 2>/dev/null | grep -c "ok installed")" == "1" ] || \ + [ -f /etc/prosody/conf.d/$DOMAIN.conf ]; then + echo "jitsi meet/jibri is installed, checking version:" + apt-show-versions jibri +else + echo "Wait!, jitsi-meet/jibri is not installed on this system using apt, exiting..." + exit +fi + exit_ifinstalled() { if [ "$(dpkg-query -W -f='${Status}' $1 2>/dev/null | grep -c "ok installed")" == "1" ]; then echo " This instance already has $1 installed, exiting..." - echo " Please report to: + echo " If you think this is an error, please report to: -> https://github.com/switnet-ltd/quick-jibri-installer/issues " exit fi @@ -128,7 +166,8 @@ apt-get install -y \ php$PHPVER-zip \ php-imagick \ php-redis \ - redis-server + redis-server \ + unzip #System related install_ifnot smbclient @@ -175,6 +214,7 @@ systemctl restart php$PHPVER-fpm.service #-------------------------------------------------- echo -e "\n---- Creating the PgSQL DB & User ----" +cd /tmp sudo -u postgres psql </dev/null | grep -c "ok installed") DIST=$(lsb_release -sc) GOOGL_REPO="/etc/apt/sources.list.d/dl_google_com_linux_chrome_deb.list" PROSODY_REPO=$(apt-cache policy | grep http | grep prosody| awk '{print $3}' | head -n 1 | cut -d "/" -f2) -HWE_VIR_MOD=$(apt-cache madison linux-modules-extra-virtual-hwe-$(lsb_release -sr) 2>/dev/null|head -n1|grep -c "extra-virtual-hwe") CR=`echo $'\n> '` if [ $DIST = flidas ]; then @@ -63,8 +62,9 @@ Installing nginx webserver! fi } check_snd_driver() { +echo -e "\n# Checking ALSA - Loopback module..." +echo "snd-aloop" | tee -a /etc/modules modprobe snd-aloop -echo "snd-aloop" >> /etc/modules if [ "$(lsmod | grep snd_aloop | head -n 1 | cut -d " " -f1)" = "snd_aloop" ]; then echo " #----------------------------------------------------------------------- @@ -73,10 +73,15 @@ if [ "$(lsmod | grep snd_aloop | head -n 1 | cut -d " " -f1)" = "snd_aloop" ]; t else echo " #----------------------------------------------------------------------- -# Your audio driver might not be able to load, once the installation -# is complete and server restarted, please run: \`lsmod | grep snd_aloop' -# to make sure it did. If not, any feedback for your setup is welcome. +# Your audio driver might not be able to load. +# We'll check the state of this Jibri with our 'test-jibri-env.sh' tool. #-----------------------------------------------------------------------" +#Test tool + if [ "$MODE" = "debug" ]; then + bash $PWD/tools/test-jibri-env.sh -m debug + else + bash $PWD/tools/test-jibri-env.sh + fi read -n 1 -s -r -p "Press any key to continue..."$'\n' fi } @@ -120,8 +125,8 @@ Featuring: Learn more about these at, Main repository: https://github.com/switnet-ltd/quick-jibri-installer -Wiki and documentation: https://github.com/switnet-ltd/quick-jibri-installer/wiki\n' \ -&& \ +Wiki and documentation: https://github.com/switnet-ltd/quick-jibri-installer/wiki\n' + read -n 1 -s -r -p "Press any key to continue..."$'\n' #Check if user is root @@ -145,7 +150,7 @@ echo " > $(lsb_release -sc), even when it's compatible and functional. We suggest to use the next (LTS) release, for longer support and security reasons." read -n 1 -s -r -p "Press any key to continue..."$'\n' fi -#Check resources +#Check system resources echo "Verifying System Resources:" if [ "$(nproc --all)" -lt 4 ];then echo " @@ -184,7 +189,37 @@ else echo "See you next time with more resources!..." exit elif [ "$CONTINUE_LOW_RES" = "yes" ]; then - echo "Please keep in mind that trying to use Jibri with low resources might fail." + echo "We highly recommend to increase the server resources." + echo "Otherwise, please think about adding dedicated jibri nodes instead." + fi + done +fi + +if [ "$CONTINUE_LOW_RES" = "yes" ]; then +echo -e "\nThis server will likely have issues due the lack of resources. +If you plan to enable other components such as, + + - JRA via Nextcloud + - Jigasi Transcriber + - Additional Jibri Nodes + - others. + +We higly recommend to increase resources of this server. + +For now we advice to disable the Jibri service locally and add an external +Jibri node once this installation has finished, using our script: + + >> add-jibri-node.sh + +So you can add a Jibri server on a instance with enough resources.\n" + + while [[ "$DISABLE_LOCAL_JIBRI" != "yes" && "$DISABLE_LOCAL_JIBRI" != "no" ]] + do + read -p "> Do you want to disable local jibri service?: (yes or no)"$'\n' -r DISABLE_LOCAL_JIBRI + if [ "$DISABLE_LOCAL_JIBRI" = "no" ]; then + echo -e "Please keep in mind that we might not support underpowered servers.\n" + elif [ "$DISABLE_LOCAL_JIBRI" = "yes" ]; then + echo -e "You can add dedicated jibri nodes later, see more at the wiki.\n" fi done fi @@ -192,14 +227,13 @@ fi add_prosody_repo # Jitsi-Meet Repo -echo " -Add Jitsi repo -" +echo -e "\nAdd Jitsi repo\n" if [ "$JITSI_REPO" = "stable" ]; then echo "Jitsi stable repository already installed" else echo 'deb http://download.jitsi.org stable/' > /etc/apt/sources.list.d/jitsi-stable.list wget -qO - https://download.jitsi.org/jitsi-key.gpg.key | apt-key add - + JITSI_REPO="stable" fi #Default to LE SSL? while [[ $LE_SSL != yes && $LE_SSL != no ]] @@ -218,17 +252,22 @@ apt-get update -q2 apt-get dist-upgrade -yq2 apt-get -y install \ + apt-show-versions \ bmon \ curl \ ffmpeg \ git \ htop \ + jq \ letsencrypt \ net-tools \ + rsync \ + ssh \ unzip \ wget echo "# Check and Install HWE kernel if possible..." +HWE_VIR_MOD=$(apt-cache madison linux-modules-extra-virtual-hwe-$(lsb_release -sr) 2>/dev/null|head -n1|grep -c "extra-virtual-hwe") if [ "$HWE_VIR_MOD" == "1" ]; then apt-get -y install \ linux-image-generic-hwe-$(lsb_release -sr) \ @@ -278,9 +317,6 @@ elif [ "$(npm list -g esprima 2>/dev/null | grep -c "esprima")" == "1" ]; then echo "Good. Esprima package is already installed" fi -# ALSA - Loopback -echo "snd-aloop" | tee -a /etc/modules -check_snd_driver CHD_VER=$(curl -sL https://chromedriver.storage.googleapis.com/LATEST_RELEASE) GCMP_JSON="/etc/opt/chrome/policies/managed/managed_policies.json" @@ -333,7 +369,7 @@ PROSODY_FILE=/etc/prosody/conf.d/$DOMAIN.cfg.lua PROSODY_SYS=/etc/prosody/prosody.cfg.lua JICOFO_SIP=/etc/jitsi/jicofo/sip-communicator.properties MEET_CONF=/etc/jitsi/meet/$DOMAIN-config.js -CONF_JSON=/etc/jitsi/jibri/config.json +JIBRI_CONF=/etc/jitsi/jibri/jibri.conf DIR_RECORD=/var/jbrecord REC_DIR=/home/jibri/finalize_recording.sh JB_NAME="Jibri Sessions" @@ -344,6 +380,13 @@ ENABLE_SA="yes" CERTBOT_REPO=$(apt-cache policy | grep http | grep certbot | head -n 1 | awk '{print $2}' | cut -d "/" -f4) CERTBOT_REL_FILE="http://ppa.launchpad.net/certbot/certbot/ubuntu/dists/$(lsb_release -sc)/Release" GC_SDK_REL_FILE="http://packages.cloud.google.com/apt/dists/cloud-sdk-$(lsb_release -sc)/Release" +MJS_RAND_TAIL="$(tr -dc "a-zA-Z0-9" < /dev/urandom | fold -w 4 | head -n1)" +MJS_USER="jbsync_$MJS_RAND_TAIL" +MJS_USER_PASS="$(tr -dc "a-zA-Z0-9#_*=" < /dev/urandom | fold -w 32 | head -n1)" + +# Rename hostname for jitsi server +#hostnamectl set-hostname "jibri.${DOMAIN}" +#sed -i "1i ${PUBLIC_IP} jibri.${DOMAIN}" /etc/hosts #Sysadmin email while [[ -z $SYSADMIN_EMAIL ]] @@ -359,7 +402,7 @@ https://github.com/jitsi/jitsi-meet/blob/master/lang/languages.json Jitsi Meet web interface will be set to use such language. " -read -p "Please set your language (Press enter to default to 'en'):"$'\n' -r LANG +read -p "Please set your language (Press enter to default to 'en'):"$'\n' -r JB_LANG #Drop unsecure TLS while [[ "$DROP_TLS1" != "yes" && "$DROP_TLS1" != "no" ]] do @@ -482,7 +525,7 @@ read -p "> Do you want to setup Jigasi Transcription: (yes or no) fi done else - echo "No valid option for Jigasi.Please report this to + echo "No valid option for Jigasi. Please report this to https://github.com/switnet-ltd/quick-jibri-installer/issues " fi #Grafana @@ -541,24 +584,17 @@ echo ' echo "#Set and upgrade certbot PPA if posssible..." if [ "$CERTBOT_REPO" = "certbot" ]; then - echo " -Cerbot repository already on the system! -Checking for updates... -" + echo -e "\nCerbot repository already on the system!\nChecking for updates...\n" apt-get -q2 update apt-get -yq2 dist-upgrade elif [ "$(curl -s -o /dev/null -w "%{http_code}" $CERTBOT_REL_FILE )" == "200" ]; then - echo " -Adding cerbot (formerly letsencrypt) PPA repository for latest updates -" + echo -e "\nAdding cerbot (formerly letsencrypt) PPA repository for latest updates\n" echo "deb http://ppa.launchpad.net/certbot/certbot/ubuntu $DIST main" > /etc/apt/sources.list.d/certbot.list apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 75BCA694 apt-get -q2 update apt-get -yq2 dist-upgrade elif [ "$(curl -s -o /dev/null -w "%{http_code}" $CERTBOT_REL_FILE )" == "404" ]; then - echo " -Certbot PPA is not available for $(lsb_release -sc) just yet, it won't be installed... -" + echo -e "\nCertbot PPA is not available for $(lsb_release -sc) just yet, it won't be installed...\n" fi else @@ -627,18 +663,13 @@ if [ ! -z $L10N_ME ]; then sed -i "s|LOCAL_USER=.*|LOCAL_USER=\"$L10N_ME\"|" jm-bm.sh fi if [ ! -f $MOD_LIST_FILE ]; then -echo " --> Adding external module to list prosody users... -" +echo -e "\n-> Adding external module to list prosody users...\n" curl -s $MOD_LISTU > $MOD_LIST_FILE -echo "Now you can check registered users with: -prosodyctl mod_listusers -" +echo -e "Now you can check registered users with:\nprosodyctl mod_listusers\n" else -echo "Prosody support for listing users seems to be enabled. -check with: prosodyctl mod_listusers -" +echo -e "Prosody support for listing users seems to be enabled. +check with: prosodyctl mod_listusers\n" fi ### Prosody users @@ -686,23 +717,19 @@ sed -i "s|LOC_REC=.*|LOC_REC=\"on\"|" jitsi-updater.sh fi #Setup main language -if [ -z $LANG ] || [ "$LANG" = "en" ]; then +if [ -z $JB_LANG ] || [ "$JB_LANG" = "en" ]; then echo "Leaving English (en) as default language..." sed -i "s|// defaultLanguage: 'en',|defaultLanguage: 'en',|" $MEET_CONF else - echo "Changing default language to: $LANG" - sed -i "s|// defaultLanguage: 'en',|defaultLanguage: \'$LANG\',|" $MEET_CONF + echo "Changing default language to: $JB_LANG" + sed -i "s|// defaultLanguage: 'en',|defaultLanguage: \'$JB_LANG\',|" $MEET_CONF fi #Check config file -echo " -# Checking $MEET_CONF file for errors -" +echo -e "\n# Checking $MEET_CONF file for errors\n" CHECKJS=$(esvalidate $MEET_CONF| cut -d ":" -f2) if [[ -z "$CHECKJS" ]]; then -echo " -# The $MEET_CONF configuration seems correct. =) -" +echo -e "\n# The $MEET_CONF configuration seems correct. =)\n" else echo " Watch out!, there seems to be an issue on $MEET_CONF line: @@ -735,41 +762,86 @@ REC_DIR chown jibri:jibri $REC_DIR chmod +x $REC_DIR -## JSON Config -cp $CONF_JSON ${CONF_JSON}.orig -cat << CONF_JSON > $CONF_JSON -{ - "recording_directory":"$DIR_RECORD", - "finalize_recording_script_path": "$REC_DIR", - "xmpp_environments": [ - { - "name": "$JB_NAME", - "xmpp_server_hosts": [ - "$DOMAIN" - ], - "xmpp_domain": "$DOMAIN", - "control_login": { - "domain": "auth.$DOMAIN", - "username": "jibri", - "password": "$JB_AUTH_PASS" - }, - "control_muc": { - "domain": "internal.auth.$DOMAIN", - "room_name": "$JibriBrewery", - "nickname": "Live" - }, - "call_login": { - "domain": "recorder.$DOMAIN", - "username": "recorder", - "password": "$JB_REC_PASS" - }, +## New Jibri Config (2020) +mv $JIBRI_CONF ${JIBRI_CONF}-dpkg-file +cat << NEW_CONF > $JIBRI_CONF +// New XMPP environment config. +jibri { + recording { + recordings-directory = $DIR_RECORD + finalize-script = $REC_DIR + } + api { + xmpp { + environments = [ + { + // A user-friendly name for this environment + name = "$JB_NAME" - "room_jid_domain_string_to_strip_from_start": "conference.", - "usage_timeout": "0" + // A list of XMPP server hosts to which we'll connect + xmpp-server-hosts = [ "$DOMAIN" ] + + // The base XMPP domain + xmpp-domain = "$DOMAIN" + + // The MUC we'll join to announce our presence for + // recording and streaming services + control-muc { + domain = "internal.auth.$DOMAIN" + room-name = "$JibriBrewery" + nickname = "Live" + } + + // The login information for the control MUC + control-login { + domain = "auth.$DOMAIN" + username = "jibri" + password = "$JB_AUTH_PASS" + } + + // An (optional) MUC configuration where we'll + // join to announce SIP gateway services + // sip-control-muc { + // domain = "domain" + // room-name = "room-name" + // nickname = "nickname" + // } + + // The login information the selenium web client will use + call-login { + domain = "recorder.$DOMAIN" + username = "recorder" + password = "$JB_REC_PASS" + } + + // The value we'll strip from the room JID domain to derive + // the call URL + strip-from-room-domain = "conference." + + // How long Jibri sessions will be allowed to last before + // they are stopped. A value of 0 allows them to go on + // indefinitely + usage-timeout = 0 hour + + // Whether or not we'll automatically trust any cert on + // this XMPP domain + trust-all-xmpp-certs = true + } + ] } - ] + } } -CONF_JSON +NEW_CONF +#Create receiver user +useradd -m -g jibri $MJS_USER +echo "$MJS_USER:$MJS_USER_PASS" | chpasswd + +#Create ssh key and restrict connections +sudo su $MJS_USER -c "ssh-keygen -t rsa -f ~/.ssh/id_rsa -b 4096 -o -a 100 -q -N ''" +#Allow password authentication +sed -i "s|PasswordAuthentication .*|PasswordAuthentication yes|" /etc/ssh/sshd_config +systemctl restart sshd + #Setting varibales for add-jibri-node.sh sed -i "s|MAIN_SRV_DIST=.*|MAIN_SRV_DIST=\"$DIST\"|" add-jibri-node.sh @@ -779,6 +851,8 @@ sed -i "s|JB_NAME=.*|JB_NAME=\"$JB_NAME\"|" add-jibri-node.sh sed -i "s|JibriBrewery=.*|JibriBrewery=\"$JibriBrewery\"|" add-jibri-node.sh sed -i "s|JB_AUTH_PASS=.*|JB_AUTH_PASS=\"$JB_AUTH_PASS\"|" add-jibri-node.sh sed -i "s|JB_REC_PASS=.*|JB_REC_PASS=\"$JB_REC_PASS\"|" add-jibri-node.sh +sed -i "s|MJS_USER=.*|MJS_USER=\"$MJS_USER\"|" add-jibri-node.sh +sed -i "s|MJS_USER_PASS=.*|MJS_USER_PASS=\"$MJS_USER_PASS\"|" add-jibri-node.sh sed -i "$(var_dlim 0_LAST),$(var_dlim 1_LAST){s|LETS: .*|LETS: $(date -R)|}" add-jibri-node.sh echo "Last file edition at: $(grep "LETS:" add-jibri-node.sh|head -n1|awk -F'LETS:' '{print$2}')" @@ -807,11 +881,11 @@ if [ "$ENABLE_SA" = "yes" ] && [ -f $WS_CONF ]; then fi #nginx -tlsv1/1.1 if [ "$DROP_TLS1" = "yes" ] && [ "$DIST" != "xenial" ];then - echo "Dropping TLSv1/1.1 in favor of v1.3" + echo -e "\nDropping TLSv1/1.1 in favor of v1.3" sed -i "s|TLSv1 TLSv1.1|TLSv1.3|" /etc/nginx/nginx.conf #sed -i "s|TLSv1 TLSv1.1|TLSv1.3|" $WS_CONF elif [ "$DROP_TLS1" = "yes" ] && [ "$DIST" = "xenial" ];then - echo "Only dropping TLSv1/1.1" + echo -e "\nOnly dropping TLSv1/1.1" sed -i "s|TLSv1 TLSv1.1||" /etc/nginx/nginx.conf sed -i "s| TLSv1.3||" $WS_CONF elif [ "$DROP_TLS1" = "no" ];then @@ -821,7 +895,7 @@ echo "No contidion meet, please report to https://github.com/switnet-ltd/quick-jibri-installer/issues " fi -echo "Disable \"Blur my background\" until new notice" +echo -e "\nDisable \"Blur my background\" until new notice\n" sed -i "s|'videobackgroundblur', ||" $INT_CONF #================== Setup prosody conf file ================= @@ -862,7 +936,7 @@ fi #====================== #Secure room initial user if [ "$ENABLE_SC" = "yes" ]; then -echo "Secure rooms are being enabled..." +echo -e "\nSecure rooms are being enabled..." echo "You'll be able to login Secure Room chat with '${SEC_ROOM_USER}' \ or '${SEC_ROOM_USER}@${DOMAIN}' using the password you just entered. If you have issues with the password refer to your sysadmin." @@ -890,11 +964,17 @@ systemctl enable jibri systemctl enable jibri-xorg systemctl enable jibri-icewm restart_services +if [ "$DISABLE_LOCAL_JIBRI" = "yes" ]; then + systemctl stop jibri* + systemctl disable jibri + systemctl disable jibri-xorg + systemctl disable jibri-icewm +fi enable_letsencrypt if dpkg-compare prosody gt 0.11.0 && [ "$ENABLE_SC" = "yes" ]; then -echo "Waiting prosody restart, wait 15s..." +echo "Waiting prosody restart to continue configuration, 15s..." wait_seconds 15 #Move mucs when using secure rooms - https://community.jitsi.org/t/27752/112 sed -i "s| lobby_muc = \"lobby.|-- lobby_muc = \"lobby.|" $PROSODY_FILE @@ -938,25 +1018,42 @@ else fi #JRA via Nextcloud if [ "$ENABLE_NC_ACCESS" = "yes" ]; then - echo "JRA via Nextcloud will be enabled." - bash $PWD/jra_nextcloud.sh + echo -n "\nJRA via Nextcloud will be enabled." + if [ "$MODE" = "debug" ]; then + bash $PWD/jra_nextcloud.sh -m debug + else + bash $PWD/jra_nextcloud.sh + fi fi } > >(tee -a qj-installer.log) 2> >(tee -a qj-installer.log >&2) #Jigasi Transcript if [ "$ENABLE_TRANSCRIPT" = "yes" ]; then - echo "Jigasi Transcription will be enabled." - bash $PWD/jigasi.sh + echo -e "\nJigasi Transcription will be enabled." + # ToDo: Analyze behavior on debug + #if [ "$MODE" = "debug" ]; then + # bash $PWD/jigasi.sh -m debug + #else + bash $PWD/jigasi.sh + #fi fi { #Grafana Dashboard if [ "$ENABLE_GRAFANA_DSH" = "yes" ]; then - echo "Grafana Dashboard will be enabled." - bash $PWD/grafana.sh + echo -e "\nGrafana Dashboard will be enabled." + if [ "$MODE" = "debug" ]; then + bash $PWD/grafana.sh -m debug + else + bash $PWD/grafana.sh + fi fi #Docker Etherpad if [ "$ENABLE_DOCKERPAD" = "yes" ]; then - echo "Docker Etherpad will be enabled." - bash $PWD/etherpad.sh + echo -e "\nDocker Etherpad will be enabled." + if [ "$MODE" = "debug" ]; then + bash $PWD/etherpad.sh -m debug + else + bash $PWD/etherpad.sh + fi fi #Prevent Jibri conecction issue if [ -z "$(grep -n $DOMAIN /etc/hosts)" ];then @@ -966,6 +1063,8 @@ else echo "Local host already in place..." fi +check_snd_driver + echo " ######################################################################## Installation complete!! diff --git a/tools/jibri-conf-upgrade.sh b/tools/jibri-conf-upgrade.sh new file mode 100644 index 0000000..f80cec9 --- /dev/null +++ b/tools/jibri-conf-upgrade.sh @@ -0,0 +1,202 @@ +#!/bin/bash +# Simple Jibri conf updater +# 2020 - SwITNet Ltd +# GNU GPLv3 or later. + +while getopts m: option +do + case "${option}" + in + m) MODE=${OPTARG};; + \?) echo "Usage: sudo ./test-jibri-env.sh [-m debug]" && exit;; + esac +done + +#DEBUG +if [ "$MODE" = "debug" ]; then +set -x +fi + +echo -e ' +######################################################################## + Welcome to Jibri Config Upgrader +######################################################################## + by Software, IT & Networks Ltd +\n' + +#Check if user is root +if ! [ $(id -u) = 0 ]; then + echo "You need to be root or have sudo privileges!" + exit 0 +fi + +echo "Checking for updates...." +apt -q2 update +apt install -y \ + apt-show-versions \ + jq + +echo -e "\n# Check for jibri\n" +if [ "$(dpkg-query -W -f='${Status}' jibri 2>/dev/null | grep -c "ok installed")" == "1" ]; then + echo "Jibri is installed, checking version:" + apt-show-versions jibri +else + echo "Wait!, jibri is not installed on this system using apt, exiting..." + exit +fi + +if [ -d /etc/prosody/ ];then +DOMAIN=$(ls /etc/prosody/conf.d/ | grep -v localhost | awk -F'.cfg' '{print $1}' | awk '!NF || !seen[$0]++') +fi +CONF_JSON="/etc/jitsi/jibri/config.json" +JIBRI_CONF="/etc/jitsi/jibri/jibri.conf" +DIR_RECORD=/var/jbrecord +REC_DIR=/home/jibri/finalize_recording.sh +JibriBrewery=JibriBrewery + +check_read_vars() { + echo "Checking $1" + if [ -z "$2" ];then + echo "This variable seems wrong, please check before continue" + exit 1 + fi +} +restart_services_jibri() { +if [ "$(dpkg-query -W -f='${Status}' "jibri" 2>/dev/null | grep -c "ok installed")" == "1" ] +then + systemctl restart jibri + systemctl restart jibri-icewm + systemctl restart jibri-xorg +else + echo "Jibri service not installed" +fi +} + +#Prevent re-run on completed jibri upgraded instance +if [ -f $CONF_JSON_disabled ] && \ + [ -f $JIBRI_CONF ] && \ + [ -f $JIBRI_CONF-dpkg-file ]; then + echo -e "\n> This jibri config has been upgraded already, we'll exit...\n\nIf you think there maybe an error on checking you current jibri configuration.\nPlease report this to \ +https://github.com/switnet-ltd/quick-jibri-installer/issues\n" + exit +elif [ ! -f $CONF_JSON ] && \ + [ -f $JIBRI_CONF ] && \ + [ -f $JIBRI_CONF-dpkg-file ]; then + echo -e "\n> This jibri seems to be running the lastest configuration already, we'll exit...\n\nIf you think there maybe an error on checking you current jibri configuration.\nPlease report this to \ +https://github.com/switnet-ltd/quick-jibri-installer/issues\n" + exit +elif [ -f $CONF_JSON ] && \ + [ -f $JIBRI_CONF ]; then + echo -e "\n> This jibri config seems to be candidate for upgrading, we'll continue...\nIf you think there maybe an error on checking you current jibri configuration.\nPlease report this to \ +https://github.com/switnet-ltd/quick-jibri-installer/issues\n" +fi + +#Read missing variables +if [ -f $CONF_JSON ]; then + echo "Reading current config.json file..." + if [ -z $DOMAIN ]; then + DOMAIN=$(jq .xmpp_environments[0].xmpp_domain $CONF_JSON|cut -d '"' -f2) + fi + JB_NAME=$(jq .xmpp_environments[0].name $CONF_JSON|cut -d '"' -f2) + JB_AUTH_PASS=$(jq .xmpp_environments[0].control_login.password $CONF_JSON|cut -d '"' -f2) + JB_REC_PASS=$(jq .xmpp_environments[0].call_login.password $CONF_JSON|cut -d '"' -f2) + JB_NICKN=$(jq .xmpp_environments[0].control_muc.nickname $CONF_JSON|cut -d '"' -f2) +else + echo "Can't find the instance config.json file, exiting..." + exit +fi + +check_read_vars "Jibri Name" $JB_NAME +check_read_vars "(Main server) Domain" $DOMAIN +check_read_vars "Control login passwd" $JB_AUTH_PASS +check_read_vars "Call login passwd" $JB_REC_PASS +check_read_vars "Jibri Node nickname" $JB_NICKN + +if [ "$MODE" = "debug" ]; then +echo "$JB_NAME" +echo "$DOMAIN" +echo "$JB_AUTH_PASS" +echo "$JB_REC_PASS" +echo "$JB_NICKN" +fi + +#Backup and setup new conf file +echo -e "Backing up config.json for historical porpuses at:\n ${CONF_JSON}_disabled" +mv $CONF_JSON ${CONF_JSON}_disabled + +mv $JIBRI_CONF ${JIBRI_CONF}-dpkg-file +cat << NEW_CONF > $JIBRI_CONF +// New XMPP environment config. +jibri { + recording { + recordings-directory = $DIR_RECORD + finalize-script = $REC_DIR + } + api { + xmpp { + environments = [ + { + // A user-friendly name for this environment + name = "$JB_NAME" + + // A list of XMPP server hosts to which we'll connect + xmpp-server-hosts = [ "$DOMAIN" ] + + // The base XMPP domain + xmpp-domain = "$DOMAIN" + + // The MUC we'll join to announce our presence for + // recording and streaming services + control-muc { + domain = "internal.auth.$DOMAIN" + room-name = "$JibriBrewery" + nickname = "$JB_NICKN" + } + + // The login information for the control MUC + control-login { + domain = "auth.$DOMAIN" + username = "jibri" + password = "$JB_AUTH_PASS" + } + + // An (optional) MUC configuration where we'll + // join to announce SIP gateway services + // sip-control-muc { + // domain = "domain" + // room-name = "room-name" + // nickname = "nickname" + // } + + // The login information the selenium web client will use + call-login { + domain = "recorder.$DOMAIN" + username = "recorder" + password = "$JB_REC_PASS" + } + + // The value we'll strip from the room JID domain to derive + // the call URL + strip-from-room-domain = "conference." + + // How long Jibri sessions will be allowed to last before + // they are stopped. A value of 0 allows them to go on + // indefinitely + usage-timeout = 0 hour + + // Whether or not we'll automatically trust any cert on + // this XMPP domain + trust-all-xmpp-certs = true + } + ] + } + } +} +NEW_CONF + +echo "Check final jibri.conf file:" +cat $JIBRI_CONF +read -n 1 -s -r -p "Press any key to continue..."$'\n' + +restart_services_jibri +systemctl status jibri diff --git a/tools/test-jibri-env.sh b/tools/test-jibri-env.sh index b3e4cc1..8e2fc38 100644 --- a/tools/test-jibri-env.sh +++ b/tools/test-jibri-env.sh @@ -30,22 +30,48 @@ if ! [ $(id -u) = 0 ]; then exit 0 fi +echo "Checking for updates...." +apt-get -q2 update +apt-get -yq2 install apt-show-versions + JITSI_REPO=$(apt-cache policy | grep http | grep jitsi | grep stable | awk '{print $3}' | head -n 1 | cut -d "/" -f1) SND_AL_MODULE=$(lsmod | awk '{print$1}'| grep snd_aloop) HWE_VIR_MOD=$(apt-cache madison linux-modules-extra-virtual-hwe-$(lsb_release -sr) 2>/dev/null|head -n1|grep -c "extra-virtual-hwe") +CONF_JSON="/etc/jitsi/jibri/config.json" +JIBRI_CONF="/etc/jitsi/jibri/jibri.conf" +CHD_VER="$(/usr/local/bin/chromedriver --version 2>/dev/null| awk '{print$1,$2}')" +GOOGL_VER="$(/usr/bin/google-chrome --version 2>/dev/null)" -echo "Checking for updates...." -apt -q2 update -apt -yq2 install apt-show-versions +check_google_binaries() { +if [ -z "$2" ]; then + echo "Warning: No $1 doesn't seem installed" +else + echo $2 +fi +} -echo -e "\n# Check repository\n" +#T1 +echo -e "\n#1 -- Check repository --\n" if [ -z $JITSI_REPO ]; then echo "No repository detected, wait whaaaat?..." + while [[ "$CONT_TEST" != "yes" && "$CONT_TEST" != "no" ]] + do + read -p "> Do you still want to continue the test?: (yes or no)"$'\n' -r CONT_TEST + if [ "$CONT_TEST" = "no" ]; then + echo "Exiting..." + exit + elif [ "$CONT_TEST" = "yes" ]; then + echo "Hmm, seems there won't be anything to test, continuing anyway..." + T=0 + fi + done else echo "This installation is using the \"$JITSI_REPO\" repository." + T1=1 fi -echo -e "\n# Check latest updates for jibri\n" +#T2 +echo -e "\n#2 -- Check latest updates for jibri --\n" if [ "$(dpkg-query -W -f='${Status}' jibri 2>/dev/null | grep -c "ok installed")" == "1" ]; then echo "Jibri is installed, checking version:" apt-show-versions jibri @@ -54,14 +80,30 @@ else exit fi -echo -e "\nAttempting (any possible) jibri upgrade!" +if [ "$(apt-show-versions jibri | grep -c "uptodate")" = "1" ]; then +echo -e "Jibri is already up to date: \xE2\x9C\x94" +else +echo -e "\nAttempting jibri upgrade!" apt -y install --only-upgrade jibri +fi +T2=1 -echo -e "\n# Test kernel modules\n" +#T3 +echo -e "\n#3 -- Check Google Chrome/driver software. --\n" +check_google_binaries "Chromedriver" "$CHD_VER" +check_google_binaries "Google Chrome" "$GOOGL_VER" +if [ ! -z "$CHD_VER" ] && [ ! -z "$GOOGL_VER" ]; then +T3=1 +elif [ -z "$CHD_VER" ] || [ -z "$GOOGL_VER" ]; then +T3=0 +else +T3=0 +fi + +#T4 +echo -e "\n#4 -- Test kernel modules --\n" if [ -z $SND_AL_MODULE ]; then - echo -e "No module snd_aloop detected.\nIf you just installed a new kernel, \ -please try rebooting.\nFor now wait 'til the end of the recommended kernel installation." - echo "# Check and Install HWE kernel if possible..." +#First make sure the recommended kernel is installed. if [ "$HWE_VIR_MOD" == "1" ]; then apt-get -y install \ linux-image-generic-hwe-$(lsb_release -sr) \ @@ -70,10 +112,26 @@ please try rebooting.\nFor now wait 'til the end of the recommended kernel insta apt-get -y install \ linux-modules-extra-$(uname -r) fi + echo -e "\nNo module snd_aloop detected. \xE2\x9C\x96 <== IMPORTANT! \nCurrent kernel: $(uname -r)\n" + echo -e "\nIf you just installed a new kernel, \ +please try rebooting.\nFor now wait 'til the end of the recommended kernel installation." + echo "# Check and Install HWE kernel if possible..." + if uname -r | grep -q aws;then + KNL_HWE="$(apt-cache madison linux-image-generic-hwe-$(lsb_release -sr)|head -n1|awk '{print$3}'|cut -d "." -f1-4)" + KNL_MENU="$(awk -F\' '/menuentry / {print $2}' /boot/grub/grub.cfg | grep generic | grep -v recovery | awk '{print$3,$4}'|grep $KNL_HWE)" + if [ ! -z "$KNL_MENU" ];then + echo -e "\nSeems you are using an AWS kernel \xE2\x9C\x96 <== IMPORTANT! \nYou might consider modify your grub (/etc/default/grub) to use the following:" && \ + echo -e "\n > $KNL_MENU" + fi + fi + T4=0 else echo -e "Great!\nModule snd-aloop found!" + T4=1 fi -echo -e "\n# Test .asoundrc file\n" + +#T5 +echo -e "\n#5 -- Test .asoundrc file --\n" ASRC_MASTER="https://raw.githubusercontent.com/jitsi/jibri/master/resources/debian-package/etc/jitsi/jibri/asoundrc" ASRC_INSTALLED="/home/jibri/.asoundrc" ASRC_MASTER_MD5SUM=$(curl -sL $ASRC_MASTER | md5sum | cut -d ' ' -f 1) @@ -81,13 +139,40 @@ ASRC_INSTALLED_MD5SUM=$(md5sum $ASRC_INSTALLED | cut -d ' ' -f 1) if [ "$ASRC_MASTER_MD5SUM" == "$ASRC_INSTALLED_MD5SUM" ]; then echo "Seems to be using the latest asoundrc file available!" + T5=1 else echo "asoundrc files differ, if you have errors, you might wanna check this file!" + T5=0 fi -echo -e "\n# Old or new config (ToDo)\n" +#T6 +echo -e "\n#6 -- Old or new config --\n" echo -e "What config version is this using?" -echo -e "(Not implemented yet)" +if [ -f ${CONF_JSON}_disabled ] && \ + [ -f $JIBRI_CONF ] && \ + [ -f $JIBRI_CONF-dpkg-file ]; then + echo -e "\n> This jibri config has been upgraded already.\n\nIf you think there maybe an error on checking you current jibri configuration.\nPlease report this to \ +https://github.com/switnet-ltd/quick-jibri-installer/issues\n" +T6=1 +elif [ ! -f $CONF_JSON ] && \ + [ -f $JIBRI_CONF ] && \ + [ -f ${JIBRI_CONF}-dpkg-file ]; then + echo -e "\n> This jibri seems to be running the lastest configuration already.\n\nIf you think there maybe an error on checking you current jibri configuration.\nPlease report this to \ +https://github.com/switnet-ltd/quick-jibri-installer/issues\n" +T6=1 +elif [ -f ${CONF_JSON} ] && \ + [ -f $JIBRI_CONF ]; then + echo -e "\n> This jibri config seems to be candidate for upgrading.\nIf you think there maybe an error on checking you current jibri configuration.\nPlease report this to \ +https://github.com/switnet-ltd/quick-jibri-installer/issues\n" +T6=0 +fi +TEST_TOTAL=$((T1 + T2 + T3 + T4 + T5 + T6)) +echo " +########################### + \ +Score: $TEST_TOTAL out of 6 +########################### +" echo -e "\nJibri Test complete, thanks for testing.\n"