Compare commits
28 commits
Author | SHA1 | Date | |
---|---|---|---|
6f387b029c | |||
7b74e320c9 | |||
c34fe9a477 | |||
0dbd76f077 | |||
b442d5787e | |||
9e25821ecc | |||
1c91913c2a | |||
82b798972f | |||
90e25c708a | |||
8b94e94165 | |||
8be19c9032 | |||
e5f03413a7 | |||
2860546f00 | |||
ecdd26f350 | |||
e4c0f7838d | |||
f20eb73ed5 | |||
b0510d37ce | |||
879d7fc044 | |||
0350a97f8c | |||
3b8834ffce | |||
e57b3578f3 | |||
91588a7737 | |||
47de051ab9 | |||
68c443acd1 | |||
0ac6befce2 | |||
e52811b7eb | |||
f51dadc93e | |||
230c561292 |
52
CHANGELOG.md
52
CHANGELOG.md
|
@ -15,50 +15,26 @@ The **patch** part is incremented if multiple releases happen the same month
|
|||
|
||||
### Changed
|
||||
|
||||
* autosysadmin-agent: upstream release 24.03.2
|
||||
* evolinux-base: Add new variable to disable global customisation of bash config
|
||||
* roundcube: Use /var/log/roundcube directly
|
||||
* evolinux-users: Add sudo mvcli for nagios user
|
||||
* vrrpd : configure and restart minifirewall before starting VRRP
|
||||
* nrpe: !disk1 exclude filesystem type overlay
|
||||
|
||||
### Fixed
|
||||
|
||||
* certbot: Fix HAProxy renewal hook
|
||||
* keepalived: Fix tasks that use file instead of copy
|
||||
* memcached: Fix conditions not properly writen (installation was always in multi-instance mode)
|
||||
* fail2ban: SQLite purge script didn't vacuum as expected + error when vacuum cannot be done
|
||||
* nagios-nrpe: create /etc/bash_completion.d if missing
|
||||
* packweb: fix old bug (2017!) .orig file created by module patch and taken in account by ProFTPd
|
||||
|
||||
### Removed
|
||||
|
||||
### Security
|
||||
|
||||
## [24.04] 2024-04-30
|
||||
|
||||
### Added
|
||||
|
||||
proftpd: optional configuration of IP whitelists per groups of users
|
||||
|
||||
### Changed
|
||||
|
||||
* autosysadmin-agent: upstream release 24.03.2
|
||||
* evobackup-client: replace non-functional role with install tasks
|
||||
* evobackup-client: upstream release 24.04.1
|
||||
* evolinux-base: Add new variable to disable global customisation of bash config
|
||||
* evolinux-base: Disable logcheck monitoring of journald only if journald.logfiles exists
|
||||
* evolinux-users: Add sudo mvcli for nagios user
|
||||
* haproxy: support bookworm for backport packages
|
||||
* nrpe: !disk1 exclude filesystem type overlay
|
||||
* postfix/amavis: max servers is now 3 (previously 2)
|
||||
* roundcube: Use /var/log/roundcube directly
|
||||
* vrrpd: configure and restart minifirewall before starting VRRP
|
||||
* vrrpd: configure minifirewall with blocks instead of lines
|
||||
|
||||
### Fixed
|
||||
|
||||
* certbot: Fix HAPEE renewal hook
|
||||
* certbot: Fix HAProxy renewal hook
|
||||
* evolinux-base/logcheck: fix conf patch, journal check was not disabled when asked
|
||||
* fail2ban: SQLite purge script didn't vacuum as expected + error when vacuum cannot be done
|
||||
* keepalived: Fix tasks that use file instead of copy
|
||||
* memcached: Fix conditions not properly writen (installation was always in multi-instance mode)
|
||||
* nagios-nrpe: create /etc/bash_completion.d if missing
|
||||
* openvpn: install packages manually, because openbsd_pkg module is broken since OpenBSD 7.4 with the version of Ansible we currently use
|
||||
* packweb: fix old bug (2017!) .orig file created by module patch and taken in account by ProFTPd
|
||||
* redis: replace inline argument with environment variable for the password
|
||||
|
||||
### Removed
|
||||
|
||||
* docker-host: Removed `docker_conf_use_iptables` variable (iptable usage forced to true)
|
||||
|
||||
## [24.03] 2024-03-01
|
||||
|
||||
### Added
|
||||
|
|
|
@ -39,7 +39,7 @@ $sa_spam_subject_tag = '[SPAM]';
|
|||
$log_level = 2;
|
||||
|
||||
# En fonction besoin/ressources, on a juste le nbre de process
|
||||
$max_servers = 3;
|
||||
$max_servers = 2;
|
||||
|
||||
$enable_ldap = 1;
|
||||
$default_ldap = {
|
||||
|
|
|
@ -40,7 +40,7 @@ concat_files() {
|
|||
}
|
||||
cert_and_key_mismatch() {
|
||||
hapee_cert_md5=$(openssl x509 -noout -pubkey -in "${hapee_cert_file}" | openssl md5)
|
||||
hapee_key_md5=$(openssl pkey -pubout -in "${hapee_cert_file}" | openssl md5)
|
||||
hapee_key_md5=$(openssl pkey -noout -pubout -in "${hapee_cert_file}" | openssl md5)
|
||||
|
||||
test "${hapee_cert_md5}" != "${hapee_key_md5}"
|
||||
}
|
||||
|
|
|
@ -3,25 +3,28 @@
|
|||
docker_home: /var/lib/docker
|
||||
docker_tmpdir: "{{ docker_home }}/tmp"
|
||||
|
||||
# Chose to use iptables instead of docker-proxy userland process
|
||||
docker_conf_use_iptables: False
|
||||
|
||||
# Disable the possibility for containers processes to gain new privileges
|
||||
docker_conf_no_newprivileges: false
|
||||
docker_conf_no_newprivileges: False
|
||||
|
||||
# Toggle live restore (need to be disabled in swarm mode)
|
||||
docker_conf_live_restore: true
|
||||
docker_conf_live_restore: True
|
||||
|
||||
# Toggle user namespace
|
||||
docker_conf_user_namespace: true
|
||||
docker_conf_user_namespace: True
|
||||
|
||||
# Disable all default network connectivity
|
||||
docker_conf_disable_default_networking: false
|
||||
docker_conf_disable_default_networking: False
|
||||
|
||||
# Remote access
|
||||
docker_remote_access_enabled: false
|
||||
docker_remote_access_enabled: False
|
||||
docker_daemon_port: 2376
|
||||
docker_daemon_listening_ip: 0.0.0.0
|
||||
|
||||
# TLS
|
||||
docker_tls_enabled: false
|
||||
docker_tls_enabled: False
|
||||
docker_tls_path: "{{ docker_home }}/tls"
|
||||
docker_tls_ca: ca/ca.pem
|
||||
docker_tls_ca_key: ca/ca-key.pem
|
||||
|
@ -29,4 +32,4 @@ docker_tls_cert: server/cert.pem
|
|||
docker_tls_key: server/key.pem
|
||||
docker_tls_csr: server/server.csr
|
||||
|
||||
apt_keyring_dir: "{{ ansible_distribution_major_version is version('12', '<') | ternary('/etc/apt/trusted.gpg.d', '/etc/apt/keyrings') }}"
|
||||
apt_keyring_dir: "{{ ansible_distribution_major_version is version('12', '<') | ternary('/etc/apt/trusted.gpg.d', '/etc/apt/keyrings') }}"
|
|
@ -1,14 +1,5 @@
|
|||
# This role installs the docker daemon
|
||||
---
|
||||
|
||||
- name: Fail if docker_conf_use_iptables is defined
|
||||
ansible.builtin.fail:
|
||||
msg: "Variable docker_conf_use_iptables is deprecated and not configurable anymore. Please remove it from your variables. Also double-check the daemon.json config for docker"
|
||||
when:
|
||||
- docker_conf_use_iptables is defined
|
||||
tags:
|
||||
- always
|
||||
|
||||
- name: Remove older docker packages
|
||||
ansible.builtin.apt:
|
||||
name:
|
||||
|
@ -32,7 +23,7 @@
|
|||
when: ansible_distribution_major_version is version('10', '<')
|
||||
|
||||
- name: "Ensure {{ apt_keyring_dir }} directory exists"
|
||||
ansible.builtin.file:
|
||||
file:
|
||||
path: "{{ apt_keyring_dir }}"
|
||||
state: directory
|
||||
mode: "755"
|
||||
|
@ -53,34 +44,35 @@
|
|||
repo: 'deb [signed-by={{ apt_keyring_dir }}/docker-debian.asc] https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable'
|
||||
filename: docker
|
||||
state: present
|
||||
update_cache: true
|
||||
update_cache: yes
|
||||
when: ansible_distribution_major_version is version('12', '<')
|
||||
|
||||
- name: Add Docker repository (Debian >=12)
|
||||
ansible.builtin.template:
|
||||
src: docker.sources.j2
|
||||
dest: /etc/apt/sources.list.d/docker.sources
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
register: docker_sources
|
||||
when: ansible_distribution_major_version is version('12', '>=')
|
||||
|
||||
- name: Update APT cache
|
||||
ansible.builtin.apt:
|
||||
update_cache: yes
|
||||
when: docker_sources is changed
|
||||
|
||||
- name: Install Docker
|
||||
ansible.builtin.apt:
|
||||
name:
|
||||
- docker-ce
|
||||
- docker-ce-cli
|
||||
- containerd.io
|
||||
update_cache: true
|
||||
cache_valid_time: 3600
|
||||
|
||||
- name: Package python-docker is installed
|
||||
- name: python-docker is installed
|
||||
ansible.builtin.apt:
|
||||
name: python-docker
|
||||
state: present
|
||||
when: ansible_python_version is version('3', '<')
|
||||
|
||||
- name: Package python3-docker is installed
|
||||
- name: python3-docker is installed
|
||||
ansible.builtin.apt:
|
||||
name: python3-docker
|
||||
state: present
|
||||
|
@ -90,9 +82,6 @@
|
|||
ansible.builtin.template:
|
||||
src: daemon.json.j2
|
||||
dest: /etc/docker/daemon.json
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
notify: restart docker
|
||||
|
||||
- name: Creating Docker tmp directory
|
||||
|
|
|
@ -1,6 +1,5 @@
|
|||
{
|
||||
"debug": false
|
||||
,"iptables": true
|
||||
{# Docker data-dir (default to /var/lib/docker) #}
|
||||
,"data-root": "{{ docker_home }}"
|
||||
{# Keep containers running while docker daemon downtime #}
|
||||
|
@ -8,6 +7,11 @@
|
|||
{% if docker_conf_user_namespace %}
|
||||
{# Turn on user namespace remaping #}
|
||||
,"userns-remap": "default"
|
||||
{% endif %}
|
||||
{% if docker_conf_use_iptables %}
|
||||
{# Use iptables instead of docker-proxy #}
|
||||
,"userland-proxy": false
|
||||
,"iptables": true
|
||||
{% endif %}
|
||||
{# Disable the possibility for containers processes to gain new privileges #}
|
||||
,"no-new-privileges": {{ docker_conf_no_newprivileges | to_json }}
|
||||
|
|
|
@ -1,16 +1,23 @@
|
|||
# evobackup-client
|
||||
|
||||
Install the necessary libraries and script to configure backup scripts.
|
||||
Allows the configuration of backups to one or more remote filesystems.
|
||||
|
||||
Additional information:
|
||||
The backup hosts and the ports in use need to be defined in
|
||||
evobackup-client__hosts before running it.
|
||||
|
||||
* [evobackup-client documentation](https://gitea.evolix.org/evolix/evobackup/src/branch/master/client/README.md)
|
||||
* canary
|
||||
The default zzz_evobackup.sh configures a system only backup, but the
|
||||
template can be overriden to configure a full backup instead. If
|
||||
you change the variables in defaults/main.yml you can easily run
|
||||
this again and configure backups to a second set of hosts.
|
||||
|
||||
## Available variables
|
||||
Do not forget to set the evobackup-client__mail variable to an
|
||||
email adress you control.
|
||||
|
||||
* `evobackup_client__lib_dir` : directory for libraries (default: `/usr/local/lib/evobackup`)
|
||||
* `evobackup_client__bin_dir` : directory for scripts/binaries (default: `/usr/local/bin`)
|
||||
* `evobackup_client__update_canary_enable` : should the canary be updated (default: `True`)
|
||||
* `evobackup_client__update_canary_path` : path for the canary update script (default: `/etc/cron.daily/000-update-evobackup-canary`)
|
||||
* `evobackup_client__update_canary_who` : who the canary update must be attributed to (default: `@daily`)
|
||||
You can add this example to an installation playbook to create the
|
||||
ssh key without running the rest of the role.
|
||||
|
||||
~~~
|
||||
post_tasks:
|
||||
- include_role:
|
||||
name: evobackup-client tasks_from: ssh_key.yml
|
||||
~~~
|
||||
|
|
|
@ -1,22 +1,15 @@
|
|||
---
|
||||
# evobackup_client__root_key_path: "/root/.ssh/id_ed25519"
|
||||
# evobackup_client__root_key_type: "ed25519"
|
||||
# evobackup_client__cron_path: "/etc/cron.daily/zzz_evobackup"
|
||||
# evobackup_client__cron_template_name: "zzz_evobackup"
|
||||
# evobackup_client__mail: null
|
||||
# evobackup_client__servers_fallback: -1
|
||||
# evobackup_client__pid_path: "/var/run/evobackup.pid"
|
||||
# evobackup_client__log_path: "/var/log/evobackup.log"
|
||||
# evobackup_client__backup_path: "/home/backup"
|
||||
# evobackup_client__hosts: null
|
||||
evobackup_client__root_key_path: "/root/.ssh/id_ed25519"
|
||||
evobackup_client__root_key_type: "ed25519"
|
||||
evobackup_client__cron_path: "/etc/cron.daily/zzz_evobackup"
|
||||
evobackup_client__cron_template_name: "zzz_evobackup"
|
||||
evobackup_client__mail: null
|
||||
evobackup_client__servers_fallback: -1
|
||||
evobackup_client__pid_path: "/var/run/evobackup.pid"
|
||||
evobackup_client__log_path: "/var/log/evobackup.log"
|
||||
evobackup_client__backup_path: "/home/backup"
|
||||
evobackup_client__hosts: null
|
||||
# - name: "backups.example.org"
|
||||
# ip: "xxx.xxx.xxx.xxx"
|
||||
# fingerprint: "ecdsa-sha2-nistp256 ..."
|
||||
# port: xxxx
|
||||
|
||||
evobackup_client__lib_dir: "/usr/local/lib/evobackup"
|
||||
evobackup_client__bin_dir: "/usr/local/bin"
|
||||
|
||||
evobackup_client__update_canary_enable: True
|
||||
evobackup_client__update_canary_path: /etc/cron.daily/000-update-evobackup-canary
|
||||
evobackup_client__update_canary_who: "@daily"
|
||||
|
|
|
@ -1,82 +0,0 @@
|
|||
# Changelog
|
||||
|
||||
All notable changes to this project will be documented in this file.
|
||||
|
||||
The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/).
|
||||
|
||||
This project does not follow semantic versioning.
|
||||
The **major** part of the version is the year
|
||||
The **minor** part changes is the month
|
||||
The **patch** part changes is incremented if multiple releases happen the same month
|
||||
|
||||
## [Unreleased]
|
||||
|
||||
### Added
|
||||
|
||||
### Changed
|
||||
|
||||
### Deprecated
|
||||
|
||||
### Removed
|
||||
|
||||
### Fixed
|
||||
|
||||
### Security
|
||||
|
||||
## [24.04.1]
|
||||
|
||||
### Fixed
|
||||
|
||||
* evobackupctl: quote ARGS variable for options parsing.
|
||||
|
||||
## [24.04]
|
||||
|
||||
### Added
|
||||
|
||||
* Vagrant definition for manual tests
|
||||
|
||||
### Changed
|
||||
|
||||
* split functions into libraries
|
||||
* add evobackupctl script
|
||||
* change the "zzz_evobackup" script to a template, easy to copy with evobackupctl
|
||||
* use env-based shebang for shell scripts
|
||||
* use $TMPDIR if available
|
||||
|
||||
### Removed
|
||||
|
||||
* update-evobackup-canary is managed by ansible-roles.git
|
||||
* deployment by Ansible is managed elsewhere (now in evolix-private.git, later in ansible-roles.git)
|
||||
|
||||
### Fixed
|
||||
|
||||
* don't exit the whole program if a sync task can't be done
|
||||
|
||||
## [22.12]
|
||||
|
||||
### Changed
|
||||
|
||||
* Use --dump-dir instead of --backup-dir to suppress dump-server-state warning
|
||||
* Do not use rsync compression
|
||||
* Replace rsync option --verbose by --itemize-changes
|
||||
* Add canary to zzz_evobackup
|
||||
* update-evobackup-canary: do not use GNU date, for it to be compatible with OpenBSD
|
||||
* Add AGPL License and README
|
||||
* Script now depends on Bash
|
||||
* tolerate absence of mtr or traceroute
|
||||
* Only one loop for all Redis instances
|
||||
* remodel how we build the rsync command
|
||||
* use sub shells instead of moving around
|
||||
* Separate Rsync for the canary file if the main Rsync has finished without errors
|
||||
|
||||
### Removed
|
||||
|
||||
* No more fallback if dump-server-state is missing
|
||||
|
||||
### Fixed
|
||||
|
||||
* Make start_time and stop_time compatible with OpenBSD
|
||||
|
||||
## [22.03]
|
||||
|
||||
Split client and server parts of the project
|
|
@ -1,153 +0,0 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
# shellcheck disable=SC2155
|
||||
readonly PROGNAME=$(basename "${0}")
|
||||
# shellcheck disable=SC2155
|
||||
readonly PROGDIR=$(readlink -m "$(dirname "${0}")")
|
||||
# shellcheck disable=SC2124
|
||||
readonly ARGS=$@
|
||||
|
||||
# Change this to wherever you install the libraries
|
||||
readonly LIBDIR="/usr/local/lib/evobackup"
|
||||
|
||||
source "${LIBDIR}/main.sh"
|
||||
|
||||
show_version() {
|
||||
cat <<END
|
||||
${PROGNAME} version ${VERSION}
|
||||
|
||||
Copyright 2024 Evolix <info@evolix.fr>,
|
||||
Jérémy Lecour <jlecour@evolix.fr>.
|
||||
|
||||
${PROGNAME} comes with ABSOLUTELY NO WARRANTY. This is free software,
|
||||
and you are welcome to redistribute it under certain conditions.
|
||||
See the GNU General Public License v3.0 for details.
|
||||
END
|
||||
}
|
||||
show_help() {
|
||||
cat <<END
|
||||
${PROGNAME} helps managing evobackup scripts
|
||||
|
||||
Options
|
||||
-h, --help print this message and exit
|
||||
-V, --version print version and exit
|
||||
--jail-init-commands print jail init commands
|
||||
--copy-template=PATH copy the backup template to PATH
|
||||
END
|
||||
}
|
||||
|
||||
jail_init_commands() {
|
||||
if [ ! -f /root/.ssh/id_ed25519.pub ]; then
|
||||
ssh-keygen -t ed25519 -f /root/.ssh/id_ed25519 -N ''
|
||||
echo ""
|
||||
fi
|
||||
|
||||
SSH_KEY=$(cat /root/.ssh/id_ed25519.pub)
|
||||
SERVER_NAME=$(hostname -s)
|
||||
if [ "$(uname -s)" = "OpenBSD" ]; then
|
||||
SERVER_IP=$(ifconfig egress | grep "inet " | head -1 | awk '{ print $2}')
|
||||
else
|
||||
SERVER_IP=$(curl -4 https://ifconfig.me 2> /dev/null || hostname -I | awk '{ print $1}')
|
||||
fi
|
||||
|
||||
echo "Copy-paste those lines on backup server(s) :"
|
||||
echo "----------"
|
||||
echo "SERVER_NAME=${SERVER_NAME}"
|
||||
echo "SERVER_IP=${SERVER_IP}"
|
||||
echo "echo '${SSH_KEY}' > /root/\${SERVER_NAME}.pub"
|
||||
echo "bkctld init \${SERVER_NAME}"
|
||||
echo "bkctld key \${SERVER_NAME} /root/\${SERVER_NAME}.pub"
|
||||
echo "bkctld ip \${SERVER_NAME} \${SERVER_IP}"
|
||||
echo "bkctld start \${SERVER_NAME}"
|
||||
echo "bkctld status \${SERVER_NAME}"
|
||||
echo "grep --quiet --extended-regexp \"^\\s?NODE=\" /etc/default/bkctld && bkctld sync \${SERVER_NAME}"
|
||||
echo "----------"
|
||||
}
|
||||
|
||||
copy_template() {
|
||||
dest_path=${1}
|
||||
dest_dir="$(dirname "${dest_path}")"
|
||||
|
||||
if [ -e "${dest_path}" ]; then
|
||||
printf "Path for new evobackup script '%s' already exists.\n" "${dest_path}" >&2
|
||||
exit 1
|
||||
elif [ ! -e "${dest_dir}" ]; then
|
||||
printf "Parent directory '%s' doesn't exist. Create it first.\n" "${dest_dir}" >&2
|
||||
exit 1
|
||||
else
|
||||
if cp "${LIBDIR}/zzz_evobackup.sh" "${dest_path}"; then
|
||||
chmod 750 "${dest_path}"
|
||||
|
||||
sed -i "s|@COMMAND@|${PROGDIR}/${PROGNAME} ${ARGS}|" "${dest_path}"
|
||||
sed -i "s|@DATE@|$(date --iso-8601=seconds)|" "${dest_path}"
|
||||
sed -i "s|@VERSION@|${VERSION}|" "${dest_path}"
|
||||
|
||||
printf "New evobackup script has been saved to '%s'.\n" "${dest_path}"
|
||||
printf "Remember to customize it (mail notifications, backup servers…).\n"
|
||||
exit 0
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
main() {
|
||||
# If no argument is provided, print help and exit
|
||||
# shellcheck disable=SC2086
|
||||
if [ -z "${ARGS}" ]; then
|
||||
show_help
|
||||
exit 0
|
||||
fi
|
||||
# Parse options, based on https://gist.github.com/deshion/10d3cb5f88a21671e17a
|
||||
while :; do
|
||||
case ${1:-''} in
|
||||
-V|--version)
|
||||
show_version
|
||||
exit 0
|
||||
;;
|
||||
-h|--help)
|
||||
show_help
|
||||
exit 0
|
||||
;;
|
||||
--jail-init-commands)
|
||||
jail_init_commands
|
||||
exit 0
|
||||
;;
|
||||
--copy-template)
|
||||
# copy-template option, with value separated by space
|
||||
if [ -n "$2" ]; then
|
||||
copy_template "${2}"
|
||||
shift
|
||||
else
|
||||
printf "'%s' requires a non-empty option argument.\n" "--copy-template" >&2
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
--copy-template=?*)
|
||||
# copy-template option, with value separated by =
|
||||
copy_template "${1#*=}"
|
||||
;;
|
||||
--copy-template=)
|
||||
# copy-template option, without value
|
||||
printf "'%s' requires a non-empty option argument.\n" "--copy-template" >&2
|
||||
exit 1
|
||||
;;
|
||||
--)
|
||||
# End of all options.
|
||||
shift
|
||||
break
|
||||
;;
|
||||
-?*|[[:alnum:]]*)
|
||||
# ignore unknown options
|
||||
printf "unknown option '%s'.\n" "${1}" >&2
|
||||
exit 1
|
||||
;;
|
||||
*)
|
||||
# Default case: If no more options then break out of the loop.
|
||||
break
|
||||
;;
|
||||
esac
|
||||
|
||||
shift
|
||||
done
|
||||
}
|
||||
|
||||
main ${ARGS}
|
|
@ -1,301 +0,0 @@
|
|||
#!/usr/bin/env bash
|
||||
# shellcheck disable=SC2034,SC2317,SC2155
|
||||
|
||||
#######################################################################
|
||||
# Snapshot Elasticsearch data
|
||||
#
|
||||
# Arguments:
|
||||
# --protocol=<http|https> (default: http)
|
||||
# --cacert=[String] (default: <none>)
|
||||
# path to the CA certificate to use when using https
|
||||
# --host=[String] (default: localhost)
|
||||
# --port=[Integer] (default: 9200)
|
||||
# --user=[String] (default: <none>)
|
||||
# --password=[String] (default: <none>)
|
||||
# --repository=[String] (default: snaprepo)
|
||||
# --snapshot=[String] (default: snapshot.daily)
|
||||
#######################################################################
|
||||
dump_elasticsearch() {
|
||||
local option_protocol="http"
|
||||
local option_cacert=""
|
||||
local option_host="localhost"
|
||||
local option_port="9200"
|
||||
local option_user=""
|
||||
local option_password=""
|
||||
local option_repository="snaprepo"
|
||||
local option_snapshot="snapshot.daily"
|
||||
local option_others=""
|
||||
|
||||
# Parse options, based on https://gist.github.com/deshion/10d3cb5f88a21671e17a
|
||||
while :; do
|
||||
case ${1:-''} in
|
||||
--protocol)
|
||||
# protocol options, with value separated by space
|
||||
if [ -n "$2" ]; then
|
||||
option_protocol="${2}"
|
||||
shift
|
||||
else
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--protocol' requires a non-empty option argument."
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
--protocol=?*)
|
||||
# protocol options, with value separated by =
|
||||
option_protocol="${1#*=}"
|
||||
;;
|
||||
--protocol=)
|
||||
# protocol options, without value
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--protocol' requires a non-empty option argument."
|
||||
exit 1
|
||||
;;
|
||||
--cacert)
|
||||
# cacert options, with value separated by space
|
||||
if [ -n "$2" ]; then
|
||||
option_cacert="${2}"
|
||||
shift
|
||||
else
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--cacert' requires a non-empty option argument."
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
--cacert=?*)
|
||||
# cacert options, with value separated by =
|
||||
option_cacert="${1#*=}"
|
||||
;;
|
||||
--cacert=)
|
||||
# cacert options, without value
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--cacert' requires a non-empty option argument."
|
||||
exit 1
|
||||
;;
|
||||
--host)
|
||||
# host options, with value separated by space
|
||||
if [ -n "$2" ]; then
|
||||
option_host="${2}"
|
||||
shift
|
||||
else
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--host' requires a non-empty option argument."
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
--host=?*)
|
||||
# host options, with value separated by =
|
||||
option_host="${1#*=}"
|
||||
;;
|
||||
--host=)
|
||||
# host options, without value
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--host' requires a non-empty option argument."
|
||||
exit 1
|
||||
;;
|
||||
--port)
|
||||
# port options, with value separated by space
|
||||
if [ -n "$2" ]; then
|
||||
option_port="${2}"
|
||||
shift
|
||||
else
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--port' requires a non-empty option argument."
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
--port=?*)
|
||||
# port options, with value separated by =
|
||||
option_port="${1#*=}"
|
||||
;;
|
||||
--port=)
|
||||
# port options, without value
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--port' requires a non-empty option argument."
|
||||
exit 1
|
||||
;;
|
||||
--user)
|
||||
# user options, with value separated by space
|
||||
if [ -n "$2" ]; then
|
||||
option_user="${2}"
|
||||
shift
|
||||
else
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--user' requires a non-empty option argument."
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
--user=?*)
|
||||
# user options, with value separated by =
|
||||
option_user="${1#*=}"
|
||||
;;
|
||||
--user=)
|
||||
# user options, without value
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--user' requires a non-empty option argument."
|
||||
exit 1
|
||||
;;
|
||||
--password)
|
||||
# password options, with value separated by space
|
||||
if [ -n "$2" ]; then
|
||||
option_password="${2}"
|
||||
shift
|
||||
else
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--password' requires a non-empty option argument."
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
--password=?*)
|
||||
# password options, with value separated by =
|
||||
option_password="${1#*=}"
|
||||
;;
|
||||
--password=)
|
||||
# password options, without value
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--password' requires a non-empty option argument."
|
||||
exit 1
|
||||
;;
|
||||
--repository)
|
||||
# repository options, with value separated by space
|
||||
if [ -n "$2" ]; then
|
||||
option_repository="${2}"
|
||||
shift
|
||||
else
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--repository' requires a non-empty option argument."
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
--repository=?*)
|
||||
# repository options, with value separated by =
|
||||
option_repository="${1#*=}"
|
||||
;;
|
||||
--repository=)
|
||||
# repository options, without value
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--repository' requires a non-empty option argument."
|
||||
exit 1
|
||||
;;
|
||||
--snapshot)
|
||||
# snapshot options, with value separated by space
|
||||
if [ -n "$2" ]; then
|
||||
option_snapshot="${2}"
|
||||
shift
|
||||
else
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--snapshot' requires a non-empty option argument."
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
--snapshot=?*)
|
||||
# snapshot options, with value separated by =
|
||||
option_snapshot="${1#*=}"
|
||||
;;
|
||||
--snapshot=)
|
||||
# snapshot options, without value
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--snapshot' requires a non-empty option argument."
|
||||
exit 1
|
||||
;;
|
||||
--)
|
||||
# End of all options.
|
||||
shift
|
||||
option_others=${*}
|
||||
break
|
||||
;;
|
||||
-?*|[[:alnum:]]*)
|
||||
# ignore unknown options
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: unknown option '${1}' (ignored)"
|
||||
;;
|
||||
*)
|
||||
# Default case: If no more options then break out of the loop.
|
||||
break
|
||||
;;
|
||||
esac
|
||||
|
||||
shift
|
||||
done
|
||||
|
||||
# Use the default Elasticsearch CA certificate when using HTTPS, if not specified directly
|
||||
local default_cacert="/etc/elasticsearch/certs/http_ca.crt"
|
||||
if [ "${option_protocol}" = "https" ] && [ -z "${option_cacert}" ] && [ -f "${default_cacert}" ]; then
|
||||
option_cacert="${default_cacert}"
|
||||
fi
|
||||
|
||||
local errors_dir="${ERRORS_DIR}/elasticsearch-${option_repository}-${option_snapshot}"
|
||||
rm -rf "${errors_dir}"
|
||||
mkdir -p "${errors_dir}"
|
||||
# No need to change recursively, the top directory is enough
|
||||
chmod 700 "${errors_dir}"
|
||||
|
||||
log "LOCAL_TASKS - ${FUNCNAME[0]}: start ${option_snapshot}"
|
||||
|
||||
## Take a snapshot as a backup.
|
||||
## Warning: You need to have a path.repo configured.
|
||||
## See: https://wiki.evolix.org/HowtoElasticsearch#snapshots-et-sauvegardes
|
||||
|
||||
local base_url="${option_protocol}://${option_host}:${option_port}"
|
||||
local repository_url="${base_url}/_snapshot/${option_repository}"
|
||||
local snapshot_url="${repository_url}/${option_snapshot}"
|
||||
|
||||
# Verify snapshot repository
|
||||
|
||||
local error_file="${errors_dir}/verify.err"
|
||||
|
||||
declare -a connect_options
|
||||
connect_options=()
|
||||
if [ -n "${option_cacert}" ]; then
|
||||
connect_options+=(--cacert "${option_cacert}")
|
||||
fi
|
||||
if [ -n "${option_user}" ] || [ -n "${option_password}" ]; then
|
||||
local connect_options+=("--user ${option_user}:${option_password}")
|
||||
fi
|
||||
if [ -n "${option_others}" ]; then
|
||||
# word splitting is deliberate here
|
||||
# shellcheck disable=SC2206
|
||||
connect_options+=(${option_others})
|
||||
fi
|
||||
# Add the http return code at the end of the output
|
||||
connect_options+=(--write-out '%{http_code}\n')
|
||||
connect_options+=(--silent)
|
||||
|
||||
declare -a dump_options
|
||||
dump_options=()
|
||||
dump_options+=(--request POST)
|
||||
|
||||
dump_cmd="curl ${connect_options[*]} ${dump_options[*]} ${repository_url}/_verify?pretty"
|
||||
log "LOCAL_TASKS - ${FUNCNAME[0]}: ${dump_cmd}"
|
||||
${dump_cmd} > "${error_file}"
|
||||
|
||||
# test if the last line of the log file is "200"
|
||||
tail -n 1 "${error_file}" | grep --quiet "^200$" "${error_file}"
|
||||
|
||||
local last_rc=$?
|
||||
# shellcheck disable=SC2086
|
||||
if [ ${last_rc} -ne 0 ]; then
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: repository verification returned an error ${last_rc}" "${error_file}"
|
||||
GLOBAL_RC=${E_DUMPFAILED}
|
||||
else
|
||||
rm -f "${error_file}"
|
||||
|
||||
# Delete snapshot
|
||||
|
||||
declare -a dump_options
|
||||
dump_options=()
|
||||
dump_options+=(--request DELETE)
|
||||
|
||||
dump_cmd="curl ${connect_options[*]} ${dump_options[*]} ${snapshot_url}"
|
||||
log "LOCAL_TASKS - ${FUNCNAME[0]}: ${dump_cmd}"
|
||||
${dump_cmd} > /dev/null
|
||||
|
||||
# Create snapshot
|
||||
|
||||
local error_file="${errors_dir}/create.err"
|
||||
|
||||
declare -a dump_options
|
||||
dump_options=()
|
||||
dump_options+=(--request PUT)
|
||||
|
||||
dump_cmd="curl ${connect_options[*]} ${dump_options[*]} ${snapshot_url}?wait_for_completion=true"
|
||||
log "LOCAL_TASKS - ${FUNCNAME[0]}: ${dump_cmd}"
|
||||
${dump_cmd} > "${error_file}"
|
||||
|
||||
# test if the last line of the log file is "200"
|
||||
tail -n 1 "${error_file}" | grep --quiet "^200$" "${error_file}"
|
||||
|
||||
local last_rc=$?
|
||||
# shellcheck disable=SC2086
|
||||
if [ ${last_rc} -ne 0 ]; then
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: curl returned an error ${last_rc}" "${error_file}"
|
||||
GLOBAL_RC=${E_DUMPFAILED}
|
||||
else
|
||||
rm -f "${error_file}"
|
||||
fi
|
||||
fi
|
||||
|
||||
log "LOCAL_TASKS - ${FUNCNAME[0]}: stop ${option_snapshot}"
|
||||
}
|
|
@ -1,559 +0,0 @@
|
|||
#!/usr/bin/env bash
|
||||
# shellcheck disable=SC2034,SC2317,SC2155
|
||||
|
||||
#######################################################################
|
||||
# Dump LDAP files (config, data, all)
|
||||
#
|
||||
# Arguments: <none>
|
||||
#######################################################################
|
||||
dump_ldap() {
|
||||
## OpenLDAP : example with slapcat
|
||||
local dump_dir="${LOCAL_BACKUP_DIR}/ldap"
|
||||
rm -rf "${dump_dir}"
|
||||
mkdir -p "${dump_dir}"
|
||||
chmod 700 "${dump_dir}"
|
||||
|
||||
log "LOCAL_TASKS - ${FUNCNAME[0]}: start ${FUNCNAME[0]} to ${dump_dir}"
|
||||
|
||||
dump_cmd="slapcat -n 0 -l ${dump_dir}/config.bak"
|
||||
log "LOCAL_TASKS - ${FUNCNAME[0]}: ${dump_cmd}"
|
||||
${dump_cmd}
|
||||
|
||||
dump_cmd="slapcat -n 1 -l ${dump_dir}/data.bak"
|
||||
log "LOCAL_TASKS - ${FUNCNAME[0]}: ${dump_cmd}"
|
||||
${dump_cmd}
|
||||
|
||||
dump_cmd="slapcat -l ${dump_dir}/all.bak"
|
||||
log "LOCAL_TASKS - ${FUNCNAME[0]}: ${dump_cmd}"
|
||||
${dump_cmd}
|
||||
|
||||
log "LOCAL_TASKS - ${FUNCNAME[0]}: stop ${FUNCNAME[0]}"
|
||||
}
|
||||
|
||||
#######################################################################
|
||||
# Copy dump file of Redis instances
|
||||
#
|
||||
# Arguments:
|
||||
# --instances=[Integer] (default: all)
|
||||
#######################################################################
|
||||
dump_redis() {
|
||||
all_instances=$(find /var/lib/ -mindepth 1 -maxdepth 1 '(' -type d -o -type l ')' -name 'redis*')
|
||||
|
||||
local option_instances=""
|
||||
# Parse options, based on https://gist.github.com/deshion/10d3cb5f88a21671e17a
|
||||
while :; do
|
||||
case ${1:-''} in
|
||||
--instances)
|
||||
# instances options, with key and value separated by space
|
||||
if [ -n "$2" ]; then
|
||||
if [ "${2}" == "all" ]; then
|
||||
read -a option_instances <<< "${all_instances}"
|
||||
else
|
||||
IFS="," read -a option_instances <<< "${2}"
|
||||
fi
|
||||
shift
|
||||
else
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--instances' requires a non-empty option argument."
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
--instances=?*)
|
||||
# instances options, with key and value separated by =
|
||||
if [ "${1#*=}" == "all" ]; then
|
||||
read -a option_instances <<< "${all_instances}"
|
||||
else
|
||||
IFS="," read -a option_instances <<< "${1#*=}"
|
||||
fi
|
||||
;;
|
||||
--instances=)
|
||||
# instances options, without value
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--instances' requires a non-empty option argument."
|
||||
exit 1
|
||||
;;
|
||||
--)
|
||||
# End of all options.
|
||||
shift
|
||||
break
|
||||
;;
|
||||
-?*|[[:alnum:]]*)
|
||||
# ignore unknown options
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: unknown option '${1}' (ignored)"
|
||||
;;
|
||||
*)
|
||||
# Default case: If no more options then break out of the loop.
|
||||
break
|
||||
;;
|
||||
esac
|
||||
|
||||
shift
|
||||
done
|
||||
|
||||
for instance in "${option_instances[@]}"; do
|
||||
name=$(basename "${instance}")
|
||||
local dump_dir="${LOCAL_BACKUP_DIR}/${name}"
|
||||
local errors_dir=$(errors_dir_from_dump_dir "${dump_dir}")
|
||||
rm -rf "${dump_dir}" "${errors_dir}"
|
||||
mkdir -p "${dump_dir}" "${errors_dir}"
|
||||
# No need to change recursively, the top directory is enough
|
||||
chmod 700 "${dump_dir}" "${errors_dir}"
|
||||
|
||||
if [ -f "${instance}/dump.rdb" ]; then
|
||||
local error_file="${errors_dir}/${name}.err"
|
||||
log "LOCAL_TASKS - ${FUNCNAME[0]}: start ${dump_dir}"
|
||||
|
||||
# Copy the Redis database
|
||||
dump_cmd="cp -a ${instance}/dump.rdb ${dump_dir}/dump.rdb"
|
||||
log "LOCAL_TASKS - ${FUNCNAME[0]}: ${dump_cmd}"
|
||||
${dump_cmd} 2> "${error_file}"
|
||||
|
||||
local last_rc=$?
|
||||
# shellcheck disable=SC2086
|
||||
if [ ${last_rc} -ne 0 ]; then
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: cp ${instance}/dump.rdb to ${dump_dir} returned an error ${last_rc}" "${error_file}"
|
||||
GLOBAL_RC=${E_DUMPFAILED}
|
||||
else
|
||||
rm -f "${error_file}"
|
||||
fi
|
||||
|
||||
# Compress the Redis database
|
||||
dump_cmd="gzip ${dump_dir}/dump.rdb"
|
||||
log "LOCAL_TASKS - ${FUNCNAME[0]}: ${dump_cmd}"
|
||||
${dump_cmd}
|
||||
|
||||
local last_rc=$?
|
||||
# shellcheck disable=SC2086
|
||||
if [ ${last_rc} -ne 0 ]; then
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: gzip ${dump_dir}/dump.rdb returned an error ${last_rc}" "${error_file}"
|
||||
GLOBAL_RC=${E_DUMPFAILED}
|
||||
else
|
||||
rm -f "${error_file}"
|
||||
fi
|
||||
|
||||
log "LOCAL_TASKS - ${FUNCNAME[0]}: stop ${dump_dir}"
|
||||
else
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '${instance}/dump.rdb' not found."
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
#######################################################################
|
||||
# Dump all collections of a MongoDB database
|
||||
# using a custom authentication, instead of /etc/mysql/debian.cnf
|
||||
#
|
||||
# Arguments:
|
||||
# --port=[String] (default: <blank>)
|
||||
# --user=[String] (default: <blank>)
|
||||
# --password=[String] (default: <blank>)
|
||||
# --dump-label=[String] (default: "default")
|
||||
# used as suffix of the dump dir to differenciate multiple instances
|
||||
# Other options after -- are passed as-is to mongodump
|
||||
#
|
||||
# don't forget to create use with read-only access
|
||||
# > use admin
|
||||
# > db.createUser( { user: "mongobackup", pwd: "PASS", roles: [ "backup", ] } )
|
||||
#######################################################################
|
||||
dump_mongodb() {
|
||||
local option_port=""
|
||||
local option_user=""
|
||||
local option_password=""
|
||||
local option_dump_label=""
|
||||
local option_others=""
|
||||
|
||||
# Parse options, based on https://gist.github.com/deshion/10d3cb5f88a21671e17a
|
||||
while :; do
|
||||
case ${1:-''} in
|
||||
--port)
|
||||
# port options, with value separated by space
|
||||
if [ -n "$2" ]; then
|
||||
option_port="${2}"
|
||||
shift
|
||||
else
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--port' requires a non-empty option argument."
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
--port=?*)
|
||||
# port options, with value separated by =
|
||||
option_port="${1#*=}"
|
||||
;;
|
||||
--port=)
|
||||
# port options, without value
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--port' requires a non-empty option argument."
|
||||
exit 1
|
||||
;;
|
||||
--user)
|
||||
# user options, with value separated by space
|
||||
if [ -n "$2" ]; then
|
||||
option_user="${2}"
|
||||
shift
|
||||
else
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--user' requires a non-empty option argument."
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
--user=?*)
|
||||
# user options, with value separated by =
|
||||
option_user="${1#*=}"
|
||||
;;
|
||||
--user=)
|
||||
# user options, without value
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--user' requires a non-empty option argument."
|
||||
exit 1
|
||||
;;
|
||||
--password)
|
||||
# password options, with value separated by space
|
||||
if [ -n "$2" ]; then
|
||||
option_password="${2}"
|
||||
shift
|
||||
else
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--password' requires a non-empty option argument."
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
--password=?*)
|
||||
# password options, with value separated by =
|
||||
option_password="${1#*=}"
|
||||
;;
|
||||
--password=)
|
||||
# password options, without value
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--password' requires a non-empty option argument."
|
||||
exit 1
|
||||
;;
|
||||
--dump-label)
|
||||
# dump-label options, with value separated by space
|
||||
if [ -n "$2" ]; then
|
||||
option_dump_label="${2}"
|
||||
shift
|
||||
else
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--dump-label' requires a non-empty option argument."
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
--dump-label=?*)
|
||||
# dump-label options, with value separated by =
|
||||
option_dump_label="${1#*=}"
|
||||
;;
|
||||
--dump-label=)
|
||||
# dump-label options, without value
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--dump-label' requires a non-empty option argument."
|
||||
exit 1
|
||||
;;
|
||||
--)
|
||||
# End of all options.
|
||||
shift
|
||||
option_others=${*}
|
||||
break
|
||||
;;
|
||||
-?*|[[:alnum:]]*)
|
||||
# ignore unknown options
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: unknown option '${1}' (ignored)"
|
||||
;;
|
||||
*)
|
||||
# Default case: If no more options then break out of the loop.
|
||||
break
|
||||
;;
|
||||
esac
|
||||
|
||||
shift
|
||||
done
|
||||
|
||||
if [ -z "${option_dump_label}" ]; then
|
||||
if [ -n "${option_port}" ]; then
|
||||
option_dump_label="${option_port}"
|
||||
else
|
||||
option_dump_label="default"
|
||||
fi
|
||||
fi
|
||||
|
||||
local dump_dir="${LOCAL_BACKUP_DIR}/mongodb-${option_dump_label}"
|
||||
local errors_dir=$(errors_dir_from_dump_dir "${dump_dir}")
|
||||
rm -rf "${dump_dir}" "${errors_dir}"
|
||||
mkdir -p "${dump_dir}" "${errors_dir}"
|
||||
# No need to change recursively, the top directory is enough
|
||||
chmod 700 "${dump_dir}" "${errors_dir}"
|
||||
|
||||
local error_file="${errors_dir}.err"
|
||||
log "LOCAL_TASKS - ${FUNCNAME[0]}: start ${dump_dir}"
|
||||
|
||||
declare -a dump_options
|
||||
dump_options=()
|
||||
if [ -n "${option_port}" ]; then
|
||||
dump_options+=(--port="${option_port}")
|
||||
fi
|
||||
if [ -n "${option_user}" ]; then
|
||||
dump_options+=(--username="${option_user}")
|
||||
fi
|
||||
if [ -n "${option_password}" ]; then
|
||||
dump_options+=(--password="${option_password}")
|
||||
fi
|
||||
dump_options+=(--out="${dump_dir}/")
|
||||
if [ -n "${option_others}" ]; then
|
||||
# word splitting is deliberate here
|
||||
# shellcheck disable=SC2206
|
||||
dump_options+=(${option_others})
|
||||
fi
|
||||
|
||||
dump_cmd="mongodump ${dump_options[*]}"
|
||||
log "LOCAL_TASKS - ${FUNCNAME[0]}: ${dump_cmd} > /dev/null"
|
||||
${dump_cmd} 2> "${error_file}" > /dev/null
|
||||
|
||||
local last_rc=$?
|
||||
# shellcheck disable=SC2086
|
||||
if [ ${last_rc} -ne 0 ]; then
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: mongodump to ${dump_dir} returned an error ${last_rc}" "${error_file}"
|
||||
GLOBAL_RC=${E_DUMPFAILED}
|
||||
else
|
||||
rm -f "${error_file}"
|
||||
fi
|
||||
log "LOCAL_TASKS - stop ${FUNCNAME[0]}: ${dump_dir}"
|
||||
}
|
||||
|
||||
#######################################################################
|
||||
# Dump RAID configuration
|
||||
#
|
||||
# Arguments: <none>
|
||||
#######################################################################
|
||||
dump_raid_config() {
|
||||
local dump_dir="${LOCAL_BACKUP_DIR}/raid"
|
||||
local errors_dir=$(errors_dir_from_dump_dir "${dump_dir}")
|
||||
rm -rf "${dump_dir}" "${errors_dir}"
|
||||
mkdir -p "${dump_dir}" "${errors_dir}"
|
||||
# No need to change recursively, the top directory is enough
|
||||
chmod 700 "${dump_dir}" "${errors_dir}"
|
||||
|
||||
if command -v megacli > /dev/null; then
|
||||
local error_file="${errors_dir}/megacli.cfg"
|
||||
local dump_file="${dump_dir}/megacli.err"
|
||||
log "LOCAL_TASKS - ${FUNCNAME[0]}: start ${dump_file}"
|
||||
|
||||
dump_cmd="megacli -CfgSave -f ${dump_file} -a0"
|
||||
log "LOCAL_TASKS - ${FUNCNAME[0]}: ${dump_cmd}"
|
||||
${dump_cmd} 2> "${error_file}"
|
||||
|
||||
local last_rc=$?
|
||||
# shellcheck disable=SC2086
|
||||
if [ ${last_rc} -ne 0 ]; then
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: megacli to ${dump_file} returned an error ${last_rc}" "${error_file}"
|
||||
GLOBAL_RC=${E_DUMPFAILED}
|
||||
else
|
||||
rm -f "${error_file}"
|
||||
fi
|
||||
log "LOCAL_TASKS - ${FUNCNAME[0]}: stop ${dump_file}"
|
||||
elif command -v perccli > /dev/null; then
|
||||
local error_file="${errors_dir}/perccli.cfg"
|
||||
local dump_file="${dump_dir}/perccli.err"
|
||||
# log "LOCAL_TASKS - ${FUNCNAME[0]}: start ${dump_file}"
|
||||
|
||||
# TODO: find out what the correct command is
|
||||
|
||||
# dump_cmd="perccli XXXX"
|
||||
# log "LOCAL_TASKS - ${FUNCNAME[0]}: ${dump_cmd}"
|
||||
# ${dump_cmd} 2> ${error_file}
|
||||
|
||||
# local last_rc=$?
|
||||
# # shellcheck disable=SC2086
|
||||
# if [ ${last_rc} -ne 0 ]; then
|
||||
# log_error "LOCAL_TASKS - ${FUNCNAME[0]}: perccli to ${dump_file} returned an error ${last_rc}" "${error_file}"
|
||||
# GLOBAL_RC=${E_DUMPFAILED}
|
||||
# else
|
||||
# rm -f "${error_file}"
|
||||
# fi
|
||||
# log "LOCAL_TASKS - ${FUNCNAME[0]}: stop ${dump_file}"
|
||||
else
|
||||
log "LOCAL_TASKS - ${FUNCNAME[0]}: 'megacli' and 'perccli' not found, unable to dump RAID configuration"
|
||||
fi
|
||||
}
|
||||
|
||||
#######################################################################
|
||||
# Save some traceroute/mtr results
|
||||
#
|
||||
# Arguments:
|
||||
# --targets=[IP,HOST] (default: <none>)
|
||||
#######################################################################
|
||||
dump_traceroute() {
|
||||
local option_targets=""
|
||||
|
||||
# Parse options, based on https://gist.github.com/deshion/10d3cb5f88a21671e17a
|
||||
while :; do
|
||||
case ${1:-''} in
|
||||
--targets)
|
||||
# targets options, with key and value separated by space
|
||||
if [ -n "$2" ]; then
|
||||
IFS="," read -a option_targets <<< "${2}"
|
||||
shift
|
||||
else
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--targets' requires a non-empty option argument."
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
--targets=?*)
|
||||
# targets options, with key and value separated by =
|
||||
IFS="," read -a option_targets <<< "${1#*=}"
|
||||
;;
|
||||
--targets=)
|
||||
# targets options, without value
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--targets' requires a non-empty option argument."
|
||||
exit 1
|
||||
;;
|
||||
--)
|
||||
# End of all options.
|
||||
shift
|
||||
break
|
||||
;;
|
||||
-?*|[[:alnum:]]*)
|
||||
# ignore unknown options
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: unknown option '${1}' (ignored)"
|
||||
;;
|
||||
*)
|
||||
# Default case: If no more options then break out of the loop.
|
||||
break
|
||||
;;
|
||||
esac
|
||||
|
||||
shift
|
||||
done
|
||||
|
||||
local dump_dir="${LOCAL_BACKUP_DIR}/traceroute"
|
||||
local errors_dir=$(errors_dir_from_dump_dir "${dump_dir}")
|
||||
rm -rf "${dump_dir}" "${errors_dir}"
|
||||
mkdir -p "${dump_dir}" "${errors_dir}"
|
||||
# No need to change recursively, the top directory is enough
|
||||
chmod 700 "${dump_dir}" "${errors_dir}"
|
||||
|
||||
|
||||
mtr_bin=$(command -v mtr)
|
||||
if [ -n "${mtr_bin}" ]; then
|
||||
for target in "${option_targets[@]}"; do
|
||||
local dump_file="${dump_dir}/mtr-${target}"
|
||||
log "LOCAL_TASKS - ${FUNCNAME[0]}: start ${dump_file}"
|
||||
|
||||
${mtr_bin} -r "${target}" > "${dump_file}"
|
||||
|
||||
log "LOCAL_TASKS - ${FUNCNAME[0]}: stop ${dump_file}"
|
||||
done
|
||||
fi
|
||||
|
||||
traceroute_bin=$(command -v traceroute)
|
||||
if [ -n "${traceroute_bin}" ]; then
|
||||
for target in "${option_targets[@]}"; do
|
||||
local dump_file="${dump_dir}/traceroute-${target}"
|
||||
log "LOCAL_TASKS - ${FUNCNAME[0]}: start ${dump_file}"
|
||||
|
||||
${traceroute_bin} -n "${target}" > "${dump_file}" 2>&1
|
||||
|
||||
log "LOCAL_TASKS - ${FUNCNAME[0]}: stop ${dump_file}"
|
||||
done
|
||||
fi
|
||||
}
|
||||
|
||||
#######################################################################
|
||||
# Save many system information, using dump_server_state
|
||||
#
|
||||
# Arguments:
|
||||
# any option for dump-server-state (except --dump-dir) is usable
|
||||
# (default: --all)
|
||||
#######################################################################
|
||||
dump_server_state() {
|
||||
local dump_dir="${LOCAL_BACKUP_DIR}/server-state"
|
||||
rm -rf "${dump_dir}"
|
||||
# Do not create the directory
|
||||
# mkdir -p -m 700 "${dump_dir}"
|
||||
|
||||
log "LOCAL_TASKS - ${FUNCNAME[0]}: start ${dump_dir}"
|
||||
|
||||
# pass all options
|
||||
read -a options <<< "${@}"
|
||||
# if no option is given, use "--all" as fallback
|
||||
if [ ${#options[@]} -le 0 ]; then
|
||||
options=(--all)
|
||||
fi
|
||||
# add "--dump-dir" in case it is missing (as it should)
|
||||
options+=(--dump-dir "${dump_dir}")
|
||||
|
||||
dump_server_state_bin=$(command -v dump-server-state)
|
||||
if [ -z "${dump_server_state_bin}" ]; then
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: dump-server-state is missing"
|
||||
rc=1
|
||||
else
|
||||
dump_cmd="${dump_server_state_bin} ${options[*]}"
|
||||
log "LOCAL_TASKS - ${FUNCNAME[0]}: ${dump_cmd}"
|
||||
${dump_cmd}
|
||||
|
||||
local last_rc=$?
|
||||
# shellcheck disable=SC2086
|
||||
if [ ${last_rc} -ne 0 ]; then
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: dump-server-state returned an error ${last_rc}, check ${dump_dir}"
|
||||
GLOBAL_RC=${E_DUMPFAILED}
|
||||
fi
|
||||
fi
|
||||
log "LOCAL_TASKS - ${FUNCNAME[0]}: stop ${dump_dir}"
|
||||
}
|
||||
|
||||
#######################################################################
|
||||
# Save RabbitMQ data
|
||||
#
|
||||
# Arguments: <none>
|
||||
#
|
||||
# Warning: This has been poorly tested
|
||||
#######################################################################
|
||||
dump_rabbitmq() {
|
||||
local dump_dir="${LOCAL_BACKUP_DIR}/rabbitmq"
|
||||
local errors_dir=$(errors_dir_from_dump_dir "${dump_dir}")
|
||||
rm -rf "${dump_dir}" "${errors_dir}"
|
||||
mkdir -p "${dump_dir}" "${errors_dir}"
|
||||
# No need to change recursively, the top directory is enough
|
||||
chmod 700 "${dump_dir}" "${errors_dir}"
|
||||
|
||||
local error_file="${errors_dir}.err"
|
||||
local dump_file="${dump_dir}/config"
|
||||
|
||||
log "LOCAL_TASKS - ${FUNCNAME[0]}: start ${dump_file}"
|
||||
|
||||
dump_cmd="rabbitmqadmin export ${dump_file}"
|
||||
log "LOCAL_TASKS - ${FUNCNAME[0]}: ${dump_cmd}"
|
||||
${dump_cmd} 2> "${error_file}"
|
||||
|
||||
local last_rc=$?
|
||||
# shellcheck disable=SC2086
|
||||
if [ ${last_rc} -ne 0 ]; then
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: pg_dump to ${dump_file} returned an error ${last_rc}" "${error_file}"
|
||||
GLOBAL_RC=${E_DUMPFAILED}
|
||||
else
|
||||
rm -f "${error_file}"
|
||||
fi
|
||||
log "LOCAL_TASKS - ${FUNCNAME[0]}: stop ${dump_file}"
|
||||
}
|
||||
|
||||
#######################################################################
|
||||
# Save Files ACL on various partitions.
|
||||
#
|
||||
# Arguments: <none>
|
||||
#######################################################################
|
||||
dump_facl() {
|
||||
local dump_dir="${LOCAL_BACKUP_DIR}/facl"
|
||||
local errors_dir=$(errors_dir_from_dump_dir "${dump_dir}")
|
||||
rm -rf "${dump_dir}" "${errors_dir}"
|
||||
mkdir -p "${dump_dir}" "${errors_dir}"
|
||||
# No need to change recursively, the top directory is enough
|
||||
chmod 700 "${dump_dir}" "${errors_dir}"
|
||||
|
||||
log "LOCAL_TASKS - ${FUNCNAME[0]}: start ${dump_dir}"
|
||||
|
||||
dump_cmd="getfacl -R /etc > ${dump_dir}/etc.txt"
|
||||
log "LOCAL_TASKS - ${FUNCNAME[0]}: ${dump_cmd}"
|
||||
${dump_cmd}
|
||||
|
||||
dump_cmd="getfacl -R /home > ${dump_dir}/home.txt"
|
||||
log "LOCAL_TASKS - ${FUNCNAME[0]}: ${dump_cmd}"
|
||||
${dump_cmd}
|
||||
|
||||
dump_cmd="getfacl -R /usr > ${dump_dir}/usr.txt"
|
||||
log "LOCAL_TASKS - ${FUNCNAME[0]}: ${dump_cmd}"
|
||||
${dump_cmd}
|
||||
|
||||
dump_cmd="getfacl -R /var > ${dump_dir}/var.txt"
|
||||
log "LOCAL_TASKS - ${FUNCNAME[0]}: ${dump_cmd}"
|
||||
${dump_cmd}
|
||||
|
||||
log "LOCAL_TASKS - ${FUNCNAME[0]}: stop ${dump_dir}"
|
||||
}
|
|
@ -1,1551 +0,0 @@
|
|||
#!/usr/bin/env bash
|
||||
# shellcheck disable=SC2034,SC2317,SC2155
|
||||
|
||||
#######################################################################
|
||||
# Dump complete summary of an instance (using pt-mysql-summary)
|
||||
#
|
||||
# Arguments:
|
||||
# --port=[Integer] (default: <blank>)
|
||||
# --socket=[String] (default: <blank>)
|
||||
# --user=[String] (default: <blank>)
|
||||
# --password=[String] (default: <blank>)
|
||||
# --defaults-file=[String] (default: <blank>)
|
||||
# --defaults-extra-file=[String] (default: <blank>)
|
||||
# --defaults-group-suffix=[String] (default: <blank>)
|
||||
# --dump-label=[String] (default: "default")
|
||||
# used as suffix of the dump dir to differenciate multiple instances
|
||||
#######################################################################
|
||||
dump_mysql_summary() {
|
||||
local option_port=""
|
||||
local option_socket=""
|
||||
local option_defaults_file=""
|
||||
local option_defaults_extra_file=""
|
||||
local option_defaults_group_suffix=""
|
||||
local option_user=""
|
||||
local option_password=""
|
||||
local option_dump_label=""
|
||||
|
||||
# Parse options, based on https://gist.github.com/deshion/10d3cb5f88a21671e17a
|
||||
while :; do
|
||||
case ${1:-''} in
|
||||
--defaults-file)
|
||||
# defaults-file options, with value separated by space
|
||||
if [ -n "$2" ]; then
|
||||
option_defaults_file="${2}"
|
||||
shift
|
||||
else
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--defaults-file' requires a non-empty option argument."
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
--defaults-file=?*)
|
||||
# defaults-file options, with value separated by =
|
||||
option_defaults_file="${1#*=}"
|
||||
;;
|
||||
--defaults-file=)
|
||||
# defaults-file options, without value
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--defaults-file' requires a non-empty option argument."
|
||||
exit 1
|
||||
;;
|
||||
--defaults-extra-file)
|
||||
# defaults-file options, with value separated by space
|
||||
if [ -n "$2" ]; then
|
||||
option_defaults_extra_file="${2}"
|
||||
shift
|
||||
else
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--defaults-file' requires a non-empty option argument."
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
--defaults-extra-file=?*)
|
||||
# defaults-extra-file options, with value separated by =
|
||||
option_defaults_extra_file="${1#*=}"
|
||||
;;
|
||||
--defaults-extra-file=)
|
||||
# defaults-extra-file options, without value
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--defaults-extra-file' requires a non-empty option argument."
|
||||
exit 1
|
||||
;;
|
||||
--defaults-group-suffix)
|
||||
# defaults-group-suffix options, with value separated by space
|
||||
if [ -n "$2" ]; then
|
||||
option_defaults_group_suffix="${2}"
|
||||
shift
|
||||
else
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--defaults-group-suffix' requires a non-empty option argument."
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
--defaults-group-suffix=?*)
|
||||
# defaults-group-suffix options, with value separated by =
|
||||
option_defaults_group_suffix="${1#*=}"
|
||||
;;
|
||||
--defaults-group-suffix=)
|
||||
# defaults-group-suffix options, without value
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--defaults-group-suffix' requires a non-empty option argument."
|
||||
exit 1
|
||||
;;
|
||||
--port)
|
||||
# port options, with value separated by space
|
||||
if [ -n "$2" ]; then
|
||||
option_port="${2}"
|
||||
shift
|
||||
else
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--port' requires a non-empty option argument."
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
--port=?*)
|
||||
# port options, with value separated by =
|
||||
option_port="${1#*=}"
|
||||
;;
|
||||
--port=)
|
||||
# port options, without value
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--port' requires a non-empty option argument."
|
||||
exit 1
|
||||
;;
|
||||
--socket)
|
||||
# socket options, with value separated by space
|
||||
if [ -n "$2" ]; then
|
||||
option_socket="${2}"
|
||||
shift
|
||||
else
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--socket' requires a non-empty option argument."
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
--socket=?*)
|
||||
# socket options, with value separated by =
|
||||
option_socket="${1#*=}"
|
||||
;;
|
||||
--socket=)
|
||||
# socket options, without value
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--socket' requires a non-empty option argument."
|
||||
exit 1
|
||||
;;
|
||||
--user)
|
||||
# user options, with value separated by space
|
||||
if [ -n "$2" ]; then
|
||||
option_user="${2}"
|
||||
shift
|
||||
else
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--user' requires a non-empty option argument."
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
--user=?*)
|
||||
# user options, with value separated by =
|
||||
option_user="${1#*=}"
|
||||
;;
|
||||
--user=)
|
||||
# user options, without value
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--user' requires a non-empty option argument."
|
||||
exit 1
|
||||
;;
|
||||
--password)
|
||||
# password options, with value separated by space
|
||||
if [ -n "$2" ]; then
|
||||
option_password="${2}"
|
||||
shift
|
||||
else
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--password' requires a non-empty option argument."
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
--password=?*)
|
||||
# password options, with value separated by =
|
||||
option_password="${1#*=}"
|
||||
;;
|
||||
--password=)
|
||||
# password options, without value
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--password' requires a non-empty option argument."
|
||||
exit 1
|
||||
;;
|
||||
--dump-label)
|
||||
# dump-label options, with value separated by space
|
||||
if [ -n "$2" ]; then
|
||||
option_dump_label="${2}"
|
||||
shift
|
||||
else
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--dump-label' requires a non-empty option argument."
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
--dump-label=?*)
|
||||
# dump-label options, with value separated by =
|
||||
option_dump_label="${1#*=}"
|
||||
;;
|
||||
--dump-label=)
|
||||
# dump-label options, without value
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--dump-label' requires a non-empty option argument."
|
||||
exit 1
|
||||
;;
|
||||
--)
|
||||
# End of all options.
|
||||
shift
|
||||
break
|
||||
;;
|
||||
-?*|[[:alnum:]]*)
|
||||
# ignore unknown options
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: unkwnown option (ignored): '${1}'"
|
||||
;;
|
||||
*)
|
||||
# Default case: If no more options then break out of the loop.
|
||||
break
|
||||
;;
|
||||
esac
|
||||
|
||||
shift
|
||||
done
|
||||
|
||||
if [ -z "${option_dump_label}" ]; then
|
||||
if [ -n "${option_defaults_group_suffix}" ]; then
|
||||
option_dump_label="${option_defaults_group_suffix}"
|
||||
elif [ -n "${option_port}" ]; then
|
||||
option_dump_label="${option_port}"
|
||||
elif [ -n "${option_socket}" ]; then
|
||||
option_dump_label=$(path_to_str "${option_socket}")
|
||||
else
|
||||
option_dump_label="default"
|
||||
fi
|
||||
fi
|
||||
|
||||
local dump_dir="${LOCAL_BACKUP_DIR}/mysql-${option_dump_label}-summary"
|
||||
local errors_dir=$(errors_dir_from_dump_dir "${dump_dir}")
|
||||
rm -rf "${dump_dir}" "${errors_dir}"
|
||||
mkdir -p "${dump_dir}" "${errors_dir}"
|
||||
# No need to change recursively, the top directory is enough
|
||||
chmod 700 "${dump_dir}" "${errors_dir}"
|
||||
|
||||
## Dump all grants (requires 'percona-toolkit' package)
|
||||
if command -v pt-mysql-summary > /dev/null; then
|
||||
local error_file="${errors_dir}/mysql-summary.err"
|
||||
local dump_file="${dump_dir}/mysql-summary.out"
|
||||
log "LOCAL_TASKS - ${FUNCNAME[0]}: start ${dump_file}"
|
||||
|
||||
## Connection options
|
||||
declare -a connect_options
|
||||
connect_options=()
|
||||
if [ -n "${option_defaults_file}" ]; then
|
||||
connect_options+=(--defaults-file="${option_defaults_file}")
|
||||
fi
|
||||
if [ -n "${option_defaults_extra_file}" ]; then
|
||||
connect_options+=(--defaults-extra-file="${option_defaults_extra_file}")
|
||||
fi
|
||||
if [ -n "${option_defaults_group_suffix}" ]; then
|
||||
connect_options+=(--defaults-group-suffix="${option_defaults_group_suffix}")
|
||||
fi
|
||||
if [ -n "${option_port}" ]; then
|
||||
connect_options+=(--protocol=tcp)
|
||||
connect_options+=(--port="${option_port}")
|
||||
fi
|
||||
if [ -n "${option_socket}" ]; then
|
||||
connect_options+=(--protocol=socket)
|
||||
connect_options+=(--socket="${option_socket}")
|
||||
fi
|
||||
if [ -n "${option_user}" ]; then
|
||||
connect_options+=(--user="${option_user}")
|
||||
fi
|
||||
if [ -n "${option_password}" ]; then
|
||||
connect_options+=(--password="${option_password}")
|
||||
fi
|
||||
|
||||
declare -a options
|
||||
options=()
|
||||
options+=(--sleep=0)
|
||||
|
||||
dump_cmd="pt-mysql-summary ${options[*]} -- ${connect_options[*]}"
|
||||
log "LOCAL_TASKS - ${FUNCNAME[0]}: ${dump_cmd}"
|
||||
${dump_cmd} 2> "${error_file}" > "${dump_file}"
|
||||
|
||||
local last_rc=$?
|
||||
# shellcheck disable=SC2086
|
||||
if [ ${last_rc} -ne 0 ]; then
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: pt-mysql-summary to ${dump_file} returned an error ${last_rc}" "${error_file}"
|
||||
GLOBAL_RC=${E_DUMPFAILED}
|
||||
else
|
||||
rm -f "${error_file}"
|
||||
fi
|
||||
log "LOCAL_TASKS - ${FUNCNAME[0]}: stop ${dump_file}"
|
||||
else
|
||||
log "LOCAL_TASKS - ${FUNCNAME[0]}: 'pt-mysql-summary' not found, unable to dump summary"
|
||||
fi
|
||||
}
|
||||
|
||||
#######################################################################
|
||||
# Dump grants of an instance
|
||||
#
|
||||
# Arguments:
|
||||
# --port=[Integer] (default: <blank>)
|
||||
# --socket=[String] (default: <blank>)
|
||||
# --user=[String] (default: <blank>)
|
||||
# --password=[String] (default: <blank>)
|
||||
# --defaults-file=[String] (default: <blank>)
|
||||
# --dump-label=[String] (default: "default")
|
||||
# used as suffix of the dump dir to differenciate multiple instances
|
||||
#######################################################################
|
||||
dump_mysql_grants() {
|
||||
local option_port=""
|
||||
local option_socket=""
|
||||
local option_defaults_file=""
|
||||
local option_user=""
|
||||
local option_password=""
|
||||
local option_dump_label=""
|
||||
|
||||
# Parse options, based on https://gist.github.com/deshion/10d3cb5f88a21671e17a
|
||||
while :; do
|
||||
case ${1:-''} in
|
||||
--defaults-file)
|
||||
# defaults-file options, with value separated by space
|
||||
if [ -n "$2" ]; then
|
||||
option_defaults_file="${2}"
|
||||
shift
|
||||
else
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--defaults-file' requires a non-empty option argument."
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
--defaults-file=?*)
|
||||
# defaults-file options, with value separated by =
|
||||
option_defaults_file="${1#*=}"
|
||||
;;
|
||||
--defaults-file=)
|
||||
# defaults-file options, without value
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--defaults-file' requires a non-empty option argument."
|
||||
exit 1
|
||||
;;
|
||||
--port)
|
||||
# port options, with value separated by space
|
||||
if [ -n "$2" ]; then
|
||||
option_port="${2}"
|
||||
shift
|
||||
else
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--port' requires a non-empty option argument."
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
--port=?*)
|
||||
# port options, with value separated by =
|
||||
option_port="${1#*=}"
|
||||
;;
|
||||
--port=)
|
||||
# port options, without value
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--port' requires a non-empty option argument."
|
||||
exit 1
|
||||
;;
|
||||
--socket)
|
||||
# socket options, with value separated by space
|
||||
if [ -n "$2" ]; then
|
||||
option_socket="${2}"
|
||||
shift
|
||||
else
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--socket' requires a non-empty option argument."
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
--socket=?*)
|
||||
# socket options, with value separated by =
|
||||
option_socket="${1#*=}"
|
||||
;;
|
||||
--socket=)
|
||||
# socket options, without value
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--socket' requires a non-empty option argument."
|
||||
exit 1
|
||||
;;
|
||||
--user)
|
||||
# user options, with value separated by space
|
||||
if [ -n "$2" ]; then
|
||||
option_user="${2}"
|
||||
shift
|
||||
else
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--user' requires a non-empty option argument."
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
--user=?*)
|
||||
# user options, with value separated by =
|
||||
option_user="${1#*=}"
|
||||
;;
|
||||
--user=)
|
||||
# user options, without value
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--user' requires a non-empty option argument."
|
||||
exit 1
|
||||
;;
|
||||
--password)
|
||||
# password options, with value separated by space
|
||||
if [ -n "$2" ]; then
|
||||
option_password="${2}"
|
||||
shift
|
||||
else
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--password' requires a non-empty option argument."
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
--password=?*)
|
||||
# password options, with value separated by =
|
||||
option_password="${1#*=}"
|
||||
;;
|
||||
--password=)
|
||||
# password options, without value
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--password' requires a non-empty option argument."
|
||||
exit 1
|
||||
;;
|
||||
--dump-label)
|
||||
# dump-label options, with value separated by space
|
||||
if [ -n "$2" ]; then
|
||||
option_dump_label="${2}"
|
||||
shift
|
||||
else
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--dump-label' requires a non-empty option argument."
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
--dump-label=?*)
|
||||
# dump-label options, with value separated by =
|
||||
option_dump_label="${1#*=}"
|
||||
;;
|
||||
--dump-label=)
|
||||
# dump-label options, without value
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--dump-label' requires a non-empty option argument."
|
||||
exit 1
|
||||
;;
|
||||
--)
|
||||
# End of all options.
|
||||
shift
|
||||
break
|
||||
;;
|
||||
-?*|[[:alnum:]]*)
|
||||
# ignore unknown options
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: unknown option '${1}' (ignored)"
|
||||
;;
|
||||
*)
|
||||
# Default case: If no more options then break out of the loop.
|
||||
break
|
||||
;;
|
||||
esac
|
||||
|
||||
shift
|
||||
done
|
||||
|
||||
if [ -z "${option_dump_label}" ]; then
|
||||
if [ -n "${option_port}" ]; then
|
||||
option_dump_label="${option_port}"
|
||||
elif [ -n "${option_socket}" ]; then
|
||||
option_dump_label=$(path_to_str "${option_socket}")
|
||||
else
|
||||
option_dump_label="default"
|
||||
fi
|
||||
fi
|
||||
|
||||
local dump_dir="${LOCAL_BACKUP_DIR}/mysql-${option_dump_label}-grants"
|
||||
local errors_dir=$(errors_dir_from_dump_dir "${dump_dir}")
|
||||
rm -rf "${dump_dir}" "${errors_dir}"
|
||||
mkdir -p "${dump_dir}" "${errors_dir}"
|
||||
# No need to change recursively, the top directory is enough
|
||||
chmod 700 "${dump_dir}" "${errors_dir}"
|
||||
|
||||
## Dump all grants (requires 'percona-toolkit' package)
|
||||
if command -v pt-show-grants > /dev/null; then
|
||||
local error_file="${errors_dir}/all_grants.err"
|
||||
local dump_file="${dump_dir}/all_grants.sql"
|
||||
log "LOCAL_TASKS - ${FUNCNAME[0]}: start ${dump_file}"
|
||||
|
||||
declare -a options
|
||||
options=()
|
||||
if [ -n "${option_defaults_file}" ]; then
|
||||
options+=(--defaults-file="${option_defaults_file}")
|
||||
fi
|
||||
if [ -n "${option_port}" ]; then
|
||||
options+=(--port="${option_port}")
|
||||
fi
|
||||
if [ -n "${option_socket}" ]; then
|
||||
options+=(--socket="${option_socket}")
|
||||
fi
|
||||
if [ -n "${option_user}" ]; then
|
||||
options+=(--user="${option_user}")
|
||||
fi
|
||||
if [ -n "${option_password}" ]; then
|
||||
options+=(--password="${option_password}")
|
||||
fi
|
||||
options+=(--flush)
|
||||
options+=(--no-header)
|
||||
|
||||
dump_cmd="pt-show-grants ${options[*]}"
|
||||
log "LOCAL_TASKS - ${FUNCNAME[0]}: ${dump_cmd}"
|
||||
${dump_cmd} 2> "${error_file}" > "${dump_file}"
|
||||
|
||||
local last_rc=$?
|
||||
# shellcheck disable=SC2086
|
||||
if [ ${last_rc} -ne 0 ]; then
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: pt-show-grants to ${dump_file} returned an error ${last_rc}" "${error_file}"
|
||||
GLOBAL_RC=${E_DUMPFAILED}
|
||||
else
|
||||
rm -f "${error_file}"
|
||||
fi
|
||||
log "LOCAL_TASKS - ${FUNCNAME[0]}: stop ${dump_file}"
|
||||
else
|
||||
log "LOCAL_TASKS - ${FUNCNAME[0]}: 'pt-show-grants' not found, unable to dump grants"
|
||||
fi
|
||||
}
|
||||
|
||||
#######################################################################
|
||||
# Dump a single compressed file of all databases of an instance
|
||||
# and a file containing only the schema.
|
||||
#
|
||||
# Arguments:
|
||||
# --masterdata (default: <absent>)
|
||||
# --port=[Integer] (default: <blank>)
|
||||
# --socket=[String] (default: <blank>)
|
||||
# --user=[String] (default: <blank>)
|
||||
# --password=[String] (default: <blank>)
|
||||
# --defaults-file=[String] (default: <blank>)
|
||||
# --defaults-extra-file=[String] (default: <blank>)
|
||||
# --defaults-group-suffix=[String] (default: <blank>)
|
||||
# --dump-label=[String] (default: "default")
|
||||
# used as suffix of the dump dir to differenciate multiple instances
|
||||
# --compress=<gzip|pigz|bzip2|xz|none> (default: "gzip")
|
||||
# Other options after -- are passed as-is to mysqldump
|
||||
#######################################################################
|
||||
dump_mysql_global() {
|
||||
local option_masterdata=""
|
||||
local option_port=""
|
||||
local option_socket=""
|
||||
local option_defaults_file=""
|
||||
local option_defaults_extra_file=""
|
||||
local option_defaults_group_suffix=""
|
||||
local option_user=""
|
||||
local option_password=""
|
||||
local option_dump_label=""
|
||||
local option_compress=""
|
||||
local option_others=""
|
||||
|
||||
# Parse options, based on https://gist.github.com/deshion/10d3cb5f88a21671e17a
|
||||
while :; do
|
||||
case ${1:-''} in
|
||||
--masterdata)
|
||||
option_masterdata="--masterdata"
|
||||
;;
|
||||
--defaults-file)
|
||||
# defaults-file options, with value separated by space
|
||||
if [ -n "$2" ]; then
|
||||
option_defaults_file="${2}"
|
||||
shift
|
||||
else
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--defaults-file' requires a non-empty option argument."
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
--defaults-file=?*)
|
||||
# defaults-file options, with value separated by =
|
||||
option_defaults_file="${1#*=}"
|
||||
;;
|
||||
--defaults-file=)
|
||||
# defaults-file options, without value
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--defaults-file' requires a non-empty option argument."
|
||||
exit 1
|
||||
;;
|
||||
--defaults-extra-file)
|
||||
# defaults-file options, with value separated by space
|
||||
if [ -n "$2" ]; then
|
||||
option_defaults_extra_file="${2}"
|
||||
shift
|
||||
else
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--defaults-file' requires a non-empty option argument."
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
--defaults-extra-file=?*)
|
||||
# defaults-extra-file options, with value separated by =
|
||||
option_defaults_extra_file="${1#*=}"
|
||||
;;
|
||||
--defaults-extra-file=)
|
||||
# defaults-extra-file options, without value
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--defaults-extra-file' requires a non-empty option argument."
|
||||
exit 1
|
||||
;;
|
||||
--defaults-group-suffix)
|
||||
# defaults-group-suffix options, with value separated by space
|
||||
if [ -n "$2" ]; then
|
||||
option_defaults_group_suffix="${2}"
|
||||
shift
|
||||
else
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--defaults-group-suffix' requires a non-empty option argument."
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
--defaults-group-suffix=?*)
|
||||
# defaults-group-suffix options, with value separated by =
|
||||
option_defaults_group_suffix="${1#*=}"
|
||||
;;
|
||||
--defaults-group-suffix=)
|
||||
# defaults-group-suffix options, without value
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--defaults-group-suffix' requires a non-empty option argument."
|
||||
exit 1
|
||||
;;
|
||||
--port)
|
||||
# port options, with value separated by space
|
||||
if [ -n "$2" ]; then
|
||||
option_port="${2}"
|
||||
shift
|
||||
else
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--port' requires a non-empty option argument."
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
--port=?*)
|
||||
# port options, with value separated by =
|
||||
option_port="${1#*=}"
|
||||
;;
|
||||
--port=)
|
||||
# port options, without value
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--port' requires a non-empty option argument."
|
||||
exit 1
|
||||
;;
|
||||
--socket)
|
||||
# socket options, with value separated by space
|
||||
if [ -n "$2" ]; then
|
||||
option_socket="${2}"
|
||||
shift
|
||||
else
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--socket' requires a non-empty option argument."
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
--socket=?*)
|
||||
# socket options, with value separated by =
|
||||
option_socket="${1#*=}"
|
||||
;;
|
||||
--socket=)
|
||||
# socket options, without value
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--socket' requires a non-empty option argument."
|
||||
exit 1
|
||||
;;
|
||||
--user)
|
||||
# user options, with value separated by space
|
||||
if [ -n "$2" ]; then
|
||||
option_user="${2}"
|
||||
shift
|
||||
else
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--user' requires a non-empty option argument."
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
--user=?*)
|
||||
# user options, with value separated by =
|
||||
option_user="${1#*=}"
|
||||
;;
|
||||
--user=)
|
||||
# user options, without value
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--user' requires a non-empty option argument."
|
||||
exit 1
|
||||
;;
|
||||
--password)
|
||||
# password options, with value separated by space
|
||||
if [ -n "$2" ]; then
|
||||
option_password="${2}"
|
||||
shift
|
||||
else
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--password' requires a non-empty option argument."
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
--password=?*)
|
||||
# password options, with value separated by =
|
||||
option_password="${1#*=}"
|
||||
;;
|
||||
--password=)
|
||||
# password options, without value
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--password' requires a non-empty option argument."
|
||||
exit 1
|
||||
;;
|
||||
--dump-label)
|
||||
# dump-label options, with value separated by space
|
||||
if [ -n "$2" ]; then
|
||||
option_dump_label="${2}"
|
||||
shift
|
||||
else
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--dump-label' requires a non-empty option argument."
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
--dump-label=?*)
|
||||
# dump-label options, with value separated by =
|
||||
option_dump_label="${1#*=}"
|
||||
;;
|
||||
--dump-label=)
|
||||
# dump-label options, without value
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--dump-label' requires a non-empty option argument."
|
||||
exit 1
|
||||
;;
|
||||
--compress)
|
||||
# compress options, with value separated by space
|
||||
if [ -n "$2" ]; then
|
||||
option_compress="${2}"
|
||||
shift
|
||||
else
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--compress' requires a non-empty option argument."
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
--compress=?*)
|
||||
# compress options, with value separated by =
|
||||
option_compress="${1#*=}"
|
||||
;;
|
||||
--compress=)
|
||||
# compress options, without value
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--compress' requires a non-empty option argument."
|
||||
exit 1
|
||||
;;
|
||||
--)
|
||||
# End of all options.
|
||||
shift
|
||||
option_others=${*}
|
||||
break
|
||||
;;
|
||||
-?*|[[:alnum:]]*)
|
||||
# ignore unknown options
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: unknown option '${1}' (ignored)"
|
||||
;;
|
||||
*)
|
||||
# Default case: If no more options then break out of the loop.
|
||||
break
|
||||
;;
|
||||
esac
|
||||
|
||||
shift
|
||||
done
|
||||
|
||||
case "${option_compress}" in
|
||||
none)
|
||||
compress_cmd="cat"
|
||||
dump_ext=""
|
||||
;;
|
||||
bzip2|bz|bz2)
|
||||
compress_cmd="bzip2 --best"
|
||||
dump_ext=".bz"
|
||||
;;
|
||||
xz)
|
||||
compress_cmd="xz --best"
|
||||
dump_ext=".xz"
|
||||
;;
|
||||
pigz)
|
||||
compress_cmd="pigz --best"
|
||||
dump_ext=".gz"
|
||||
;;
|
||||
gz|gzip|*)
|
||||
compress_cmd="gzip --best"
|
||||
dump_ext=".gz"
|
||||
;;
|
||||
esac
|
||||
|
||||
if [ -z "${option_dump_label}" ]; then
|
||||
if [ -n "${option_defaults_group_suffix}" ]; then
|
||||
option_dump_label="${option_defaults_group_suffix}"
|
||||
elif [ -n "${option_port}" ]; then
|
||||
option_dump_label="${option_port}"
|
||||
elif [ -n "${option_socket}" ]; then
|
||||
option_dump_label=$(path_to_str "${option_socket}")
|
||||
else
|
||||
option_dump_label="default"
|
||||
fi
|
||||
fi
|
||||
|
||||
## Connection options
|
||||
declare -a connect_options
|
||||
connect_options=()
|
||||
if [ -n "${option_defaults_file}" ]; then
|
||||
connect_options+=(--defaults-file="${option_defaults_file}")
|
||||
fi
|
||||
if [ -n "${option_defaults_extra_file}" ]; then
|
||||
connect_options+=(--defaults-extra-file="${option_defaults_extra_file}")
|
||||
fi
|
||||
if [ -n "${option_defaults_group_suffix}" ]; then
|
||||
connect_options+=(--defaults-group-suffix="${option_defaults_group_suffix}")
|
||||
fi
|
||||
if [ -n "${option_port}" ]; then
|
||||
connect_options+=(--protocol=tcp)
|
||||
connect_options+=(--port="${option_port}")
|
||||
fi
|
||||
if [ -n "${option_socket}" ]; then
|
||||
connect_options+=(--protocol=socket)
|
||||
connect_options+=(--socket="${option_socket}")
|
||||
fi
|
||||
if [ -n "${option_user}" ]; then
|
||||
connect_options+=(--user="${option_user}")
|
||||
fi
|
||||
if [ -n "${option_password}" ]; then
|
||||
connect_options+=(--password="${option_password}")
|
||||
fi
|
||||
|
||||
## Global all databases in one file
|
||||
|
||||
local dump_dir="${LOCAL_BACKUP_DIR}/mysql-${option_dump_label}"
|
||||
local errors_dir=$(errors_dir_from_dump_dir "${dump_dir}")
|
||||
rm -rf "${dump_dir}" "${errors_dir}"
|
||||
mkdir -p "${dump_dir}" "${errors_dir}"
|
||||
# No need to change recursively, the top directory is enough
|
||||
chmod 700 "${dump_dir}" "${errors_dir}"
|
||||
|
||||
local error_file="${errors_dir}/mysqldump.err"
|
||||
local dump_file="${dump_dir}/mysqldump.sql${dump_ext}"
|
||||
log "LOCAL_TASKS - ${FUNCNAME[0]}: start ${dump_file}"
|
||||
|
||||
declare -a dump_options
|
||||
dump_options=()
|
||||
dump_options+=(--opt)
|
||||
dump_options+=(--force)
|
||||
dump_options+=(--events)
|
||||
dump_options+=(--hex-blob)
|
||||
dump_options+=(--all-databases)
|
||||
if [ -n "${option_masterdata}" ]; then
|
||||
dump_options+=("${option_masterdata}")
|
||||
fi
|
||||
if [ -n "${option_others}" ]; then
|
||||
# word splitting is deliberate here
|
||||
# shellcheck disable=SC2206
|
||||
dump_options+=(${option_others})
|
||||
fi
|
||||
|
||||
## WARNING : logging and executing the command must be separate
|
||||
## because otherwise Bash would interpret | and > as strings and not syntax.
|
||||
|
||||
dump_cmd="mysqldump ${connect_options[*]} ${dump_options[*]} 2> ${error_file} | ${compress_cmd} > ${dump_file}"
|
||||
log "LOCAL_TASKS - ${FUNCNAME[0]}: ${dump_cmd}"
|
||||
mysqldump "${connect_options[@]}" "${dump_options[@]}" 2> "${error_file}" | ${compress_cmd} > "${dump_file}"
|
||||
|
||||
local last_rc=$?
|
||||
# shellcheck disable=SC2086
|
||||
if [ ${last_rc} -ne 0 ]; then
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: mysqldump returned an error ${last_rc}" "${error_file}"
|
||||
GLOBAL_RC=${E_DUMPFAILED}
|
||||
else
|
||||
rm -f "${error_file}"
|
||||
fi
|
||||
log "LOCAL_TASKS - ${FUNCNAME[0]}: stop ${dump_file}"
|
||||
|
||||
|
||||
## Schema only (no data) for each databases
|
||||
|
||||
local error_file="${errors_dir}/mysqldump.schema.err"
|
||||
local dump_file="${dump_dir}/mysqldump.schema.sql"
|
||||
log "LOCAL_TASKS - ${FUNCNAME[0]}: start ${dump_file}"
|
||||
|
||||
declare -a dump_options
|
||||
dump_options=()
|
||||
dump_options+=(--force)
|
||||
dump_options+=(--no-data)
|
||||
dump_options+=(--all-databases)
|
||||
if [ -n "${option_others}" ]; then
|
||||
# word splitting is deliberate here
|
||||
# shellcheck disable=SC2206
|
||||
dump_options+=(${option_others})
|
||||
fi
|
||||
|
||||
dump_cmd="mysqldump ${connect_options[*]} ${dump_options[*]}"
|
||||
log "LOCAL_TASKS - ${FUNCNAME[0]}: ${dump_cmd}"
|
||||
${dump_cmd} 2> "${error_file}" > "${dump_file}"
|
||||
|
||||
local last_rc=$?
|
||||
# shellcheck disable=SC2086
|
||||
if [ ${last_rc} -ne 0 ]; then
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: mysqldump returned an error ${last_rc}" "${error_file}"
|
||||
GLOBAL_RC=${E_DUMPFAILED}
|
||||
else
|
||||
rm -f "${error_file}"
|
||||
fi
|
||||
log "LOCAL_TASKS - ${FUNCNAME[0]}: stop ${dump_file}"
|
||||
}
|
||||
|
||||
#######################################################################
|
||||
# Dump a file of each databases of an instance
|
||||
# and a file containing only the schema.
|
||||
#
|
||||
# Arguments:
|
||||
# --port=[Integer] (default: <blank>)
|
||||
# --socket=[String] (default: <blank>)
|
||||
# --user=[String] (default: <blank>)
|
||||
# --password=[String] (default: <blank>)
|
||||
# --defaults-file=[String] (default: <blank>)
|
||||
# --defaults-extra-file=[String] (default: <blank>)
|
||||
# --defaults-group-suffix=[String] (default: <blank>)
|
||||
# --dump-label=[String] (default: "default")
|
||||
# used as suffix of the dump dir to differenciate multiple instances
|
||||
# --compress=<gzip|pigz|bzip2|xz|none> (default: "gzip")
|
||||
# Other options after -- are passed as-is to mysqldump
|
||||
#######################################################################
|
||||
dump_mysql_per_base() {
|
||||
local option_port=""
|
||||
local option_socket=""
|
||||
local option_defaults_file=""
|
||||
local option_defaults_extra_file=""
|
||||
local option_defaults_group_suffix=""
|
||||
local option_user=""
|
||||
local option_password=""
|
||||
local option_dump_label=""
|
||||
local option_compress=""
|
||||
local option_others=""
|
||||
|
||||
# Parse options, based on https://gist.github.com/deshion/10d3cb5f88a21671e17a
|
||||
while :; do
|
||||
case ${1:-''} in
|
||||
--defaults-file)
|
||||
# defaults-file options, with value separated by space
|
||||
if [ -n "$2" ]; then
|
||||
option_defaults_file="${2}"
|
||||
shift
|
||||
else
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--defaults-file' requires a non-empty option argument."
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
--defaults-file=?*)
|
||||
# defaults-file options, with value separated by =
|
||||
option_defaults_file="${1#*=}"
|
||||
;;
|
||||
--defaults-file=)
|
||||
# defaults-file options, without value
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--defaults-file' requires a non-empty option argument."
|
||||
exit 1
|
||||
;;
|
||||
--defaults-extra-file)
|
||||
# defaults-file options, with value separated by space
|
||||
if [ -n "$2" ]; then
|
||||
option_defaults_extra_file="${2}"
|
||||
shift
|
||||
else
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--defaults-file' requires a non-empty option argument."
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
--defaults-extra-file=?*)
|
||||
# defaults-extra-file options, with value separated by =
|
||||
option_defaults_extra_file="${1#*=}"
|
||||
;;
|
||||
--defaults-extra-file=)
|
||||
# defaults-extra-file options, without value
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--defaults-extra-file' requires a non-empty option argument."
|
||||
exit 1
|
||||
;;
|
||||
--defaults-group-suffix)
|
||||
# defaults-group-suffix options, with value separated by space
|
||||
if [ -n "$2" ]; then
|
||||
option_defaults_group_suffix="${2}"
|
||||
shift
|
||||
else
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--defaults-group-suffix' requires a non-empty option argument."
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
--defaults-group-suffix=?*)
|
||||
# defaults-group-suffix options, with value separated by =
|
||||
option_defaults_group_suffix="${1#*=}"
|
||||
;;
|
||||
--defaults-group-suffix=)
|
||||
# defaults-group-suffix options, without value
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--defaults-group-suffix' requires a non-empty option argument."
|
||||
exit 1
|
||||
;;
|
||||
--port)
|
||||
# port options, with value separated by space
|
||||
if [ -n "$2" ]; then
|
||||
option_port="${2}"
|
||||
shift
|
||||
else
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--port' requires a non-empty option argument."
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
--port=?*)
|
||||
# port options, with value separated by =
|
||||
option_port="${1#*=}"
|
||||
;;
|
||||
--port=)
|
||||
# port options, without value
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--port' requires a non-empty option argument."
|
||||
exit 1
|
||||
;;
|
||||
--socket)
|
||||
# socket options, with value separated by space
|
||||
if [ -n "$2" ]; then
|
||||
option_socket="${2}"
|
||||
shift
|
||||
else
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--socket' requires a non-empty option argument."
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
--socket=?*)
|
||||
# socket options, with value separated by =
|
||||
option_socket="${1#*=}"
|
||||
;;
|
||||
--socket=)
|
||||
# socket options, without value
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--socket' requires a non-empty option argument."
|
||||
exit 1
|
||||
;;
|
||||
--user)
|
||||
# user options, with value separated by space
|
||||
if [ -n "$2" ]; then
|
||||
option_user="${2}"
|
||||
shift
|
||||
else
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--user' requires a non-empty option argument."
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
--user=?*)
|
||||
# user options, with value separated by =
|
||||
option_user="${1#*=}"
|
||||
;;
|
||||
--user=)
|
||||
# user options, without value
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--user' requires a non-empty option argument."
|
||||
exit 1
|
||||
;;
|
||||
--password)
|
||||
# password options, with value separated by space
|
||||
if [ -n "$2" ]; then
|
||||
option_password="${2}"
|
||||
shift
|
||||
else
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--password' requires a non-empty option argument."
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
--password=?*)
|
||||
# password options, with value separated by =
|
||||
option_password="${1#*=}"
|
||||
;;
|
||||
--password=)
|
||||
# password options, without value
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--password' requires a non-empty option argument."
|
||||
exit 1
|
||||
;;
|
||||
--dump-label)
|
||||
# dump-label options, with value separated by space
|
||||
if [ -n "$2" ]; then
|
||||
option_dump_label="${2}"
|
||||
shift
|
||||
else
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--dump-label' requires a non-empty option argument."
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
--dump-label=?*)
|
||||
# dump-label options, with value separated by =
|
||||
option_dump_label="${1#*=}"
|
||||
;;
|
||||
--dump-label=)
|
||||
# dump-label options, without value
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--dump-label' requires a non-empty option argument."
|
||||
exit 1
|
||||
;;
|
||||
--compress)
|
||||
# compress options, with value separated by space
|
||||
if [ -n "$2" ]; then
|
||||
option_compress="${2}"
|
||||
shift
|
||||
else
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--compress' requires a non-empty option argument."
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
--compress=?*)
|
||||
# compress options, with value separated by =
|
||||
option_compress="${1#*=}"
|
||||
;;
|
||||
--compress=)
|
||||
# compress options, without value
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--compress' requires a non-empty option argument."
|
||||
exit 1
|
||||
;;
|
||||
--)
|
||||
# End of all options.
|
||||
shift
|
||||
option_others=${*}
|
||||
break
|
||||
;;
|
||||
-?*|[[:alnum:]]*)
|
||||
# ignore unknown options
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: unknown option '${1}' (ignored)"
|
||||
;;
|
||||
*)
|
||||
# Default case: If no more options then break out of the loop.
|
||||
break
|
||||
;;
|
||||
esac
|
||||
|
||||
shift
|
||||
done
|
||||
|
||||
case "${option_compress}" in
|
||||
none)
|
||||
compress_cmd="cat"
|
||||
dump_ext=""
|
||||
;;
|
||||
bzip2|bz|bz2)
|
||||
compress_cmd="bzip2 --best"
|
||||
dump_ext=".bz"
|
||||
;;
|
||||
xz)
|
||||
compress_cmd="xz --best"
|
||||
dump_ext=".xz"
|
||||
;;
|
||||
pigz)
|
||||
compress_cmd="pigz --best"
|
||||
dump_ext=".gz"
|
||||
;;
|
||||
gz|gzip|*)
|
||||
compress_cmd="gzip --best"
|
||||
dump_ext=".gz"
|
||||
;;
|
||||
esac
|
||||
|
||||
if [ -z "${option_dump_label}" ]; then
|
||||
if [ -n "${option_defaults_group_suffix}" ]; then
|
||||
option_dump_label="${option_defaults_group_suffix}"
|
||||
elif [ -n "${option_port}" ]; then
|
||||
option_dump_label="${option_port}"
|
||||
elif [ -n "${option_socket}" ]; then
|
||||
option_dump_label=$(path_to_str "${option_socket}")
|
||||
else
|
||||
option_dump_label="default"
|
||||
fi
|
||||
fi
|
||||
|
||||
## Connection options
|
||||
declare -a connect_options
|
||||
connect_options=()
|
||||
if [ -n "${option_defaults_file}" ]; then
|
||||
connect_options+=(--defaults-file="${option_defaults_file}")
|
||||
fi
|
||||
if [ -n "${option_defaults_extra_file}" ]; then
|
||||
connect_options+=(--defaults-extra-file="${option_defaults_extra_file}")
|
||||
fi
|
||||
if [ -n "${option_defaults_group_suffix}" ]; then
|
||||
connect_options+=(--defaults-group-suffix="${option_defaults_group_suffix}")
|
||||
fi
|
||||
if [ -n "${option_port}" ]; then
|
||||
connect_options+=(--protocol=tcp)
|
||||
connect_options+=(--port="${option_port}")
|
||||
fi
|
||||
if [ -n "${option_socket}" ]; then
|
||||
connect_options+=(--protocol=socket)
|
||||
connect_options+=(--socket="${option_socket}")
|
||||
fi
|
||||
if [ -n "${option_user}" ]; then
|
||||
connect_options+=(--user="${option_user}")
|
||||
fi
|
||||
if [ -n "${option_password}" ]; then
|
||||
connect_options+=(--password="${option_password}")
|
||||
fi
|
||||
|
||||
local dump_dir="${LOCAL_BACKUP_DIR}/mysql-${option_dump_label}-per-base"
|
||||
local errors_dir=$(errors_dir_from_dump_dir "${dump_dir}")
|
||||
rm -rf "${dump_dir}" "${errors_dir}"
|
||||
mkdir -p "${dump_dir}" "${errors_dir}"
|
||||
# No need to change recursively, the top directory is enough
|
||||
chmod 700 "${dump_dir}" "${errors_dir}"
|
||||
|
||||
databases=$(mysql "${connect_options[@]}" --execute="show databases" --silent --skip-column-names \
|
||||
| grep --extended-regexp --invert-match "^(Database|information_schema|performance_schema|sys)")
|
||||
|
||||
for database in ${databases}; do
|
||||
local error_file="${errors_dir}/${database}.err"
|
||||
local dump_file="${dump_dir}/${database}.sql${dump_ext}"
|
||||
log "LOCAL_TASKS - ${FUNCNAME[0]}: start ${dump_file}"
|
||||
|
||||
declare -a dump_options
|
||||
dump_options=()
|
||||
dump_options+=(--opt)
|
||||
dump_options+=(--force)
|
||||
dump_options+=(--events)
|
||||
dump_options+=(--hex-blob)
|
||||
dump_options+=(--databases "${database}")
|
||||
if [ -n "${option_others}" ]; then
|
||||
# word splitting is deliberate here
|
||||
# shellcheck disable=SC2206
|
||||
dump_options+=(${option_others})
|
||||
fi
|
||||
|
||||
## WARNING : logging and executing the command must be separate
|
||||
## because otherwise Bash would interpret | and > as strings and not syntax.
|
||||
|
||||
log "LOCAL_TASKS - ${FUNCNAME[0]}: mysqldump ${connect_options[*]} ${dump_options[*]} | ${compress_cmd} > ${dump_file}"
|
||||
mysqldump "${connect_options[@]}" "${dump_options[@]}" 2> "${error_file}" | ${compress_cmd} > "${dump_file}"
|
||||
|
||||
local last_rc=$?
|
||||
# shellcheck disable=SC2086
|
||||
if [ ${last_rc} -ne 0 ]; then
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: mysqldump returned an error ${last_rc}" "${error_file}"
|
||||
GLOBAL_RC=${E_DUMPFAILED}
|
||||
else
|
||||
rm -f "${error_file}"
|
||||
fi
|
||||
log "LOCAL_TASKS - ${FUNCNAME[0]}: stop ${dump_file}"
|
||||
|
||||
|
||||
## Schema only (no data) for each databases
|
||||
|
||||
local error_file="${errors_dir}/${database}.schema.err"
|
||||
local dump_file="${dump_dir}/${database}.schema.sql"
|
||||
log "LOCAL_TASKS - ${FUNCNAME[0]}: start ${dump_file}"
|
||||
|
||||
declare -a dump_options
|
||||
dump_options=()
|
||||
dump_options+=(--force)
|
||||
dump_options+=(--no-data)
|
||||
dump_options+=(--databases "${database}")
|
||||
if [ -n "${option_others}" ]; then
|
||||
# word splitting is deliberate here
|
||||
# shellcheck disable=SC2206
|
||||
dump_options+=(${option_others})
|
||||
fi
|
||||
|
||||
dump_cmd="mysqldump ${connect_options[*]} ${dump_options[*]}"
|
||||
log "LOCAL_TASKS - ${FUNCNAME[0]}: ${dump_cmd}"
|
||||
${dump_cmd} 2> "${error_file}" > "${dump_file}"
|
||||
|
||||
local last_rc=$?
|
||||
# shellcheck disable=SC2086
|
||||
if [ ${last_rc} -ne 0 ]; then
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: mysqldump returned an error ${last_rc}" "${error_file}"
|
||||
GLOBAL_RC=${E_DUMPFAILED}
|
||||
else
|
||||
rm -f "${error_file}"
|
||||
fi
|
||||
log "LOCAL_TASKS - ${FUNCNAME[0]}: stop ${dump_file}"
|
||||
done
|
||||
}
|
||||
|
||||
#######################################################################
|
||||
# Dump "tabs style" separate schema/data for each database of an instance
|
||||
#
|
||||
# Arguments:
|
||||
# --port=[Integer] (default: <blank>)
|
||||
# --socket=[String] (default: <blank>)
|
||||
# --user=[String] (default: <blank>)
|
||||
# --password=[String] (default: <blank>)
|
||||
# --defaults-file=[String] (default: <blank>)
|
||||
# --defaults-extra-file=[String] (default: <blank>)
|
||||
# --defaults-group-suffix=[String] (default: <blank>)
|
||||
# --dump-label=[String] (default: "default")
|
||||
# used as suffix of the dump dir to differenciate multiple instances
|
||||
# --compress=<gzip|pigz|bzip2|xz|none> (default: "gzip")
|
||||
# Other options after -- are passed as-is to mysqldump
|
||||
#######################################################################
|
||||
dump_mysql_tabs() {
|
||||
local option_port=""
|
||||
local option_socket=""
|
||||
local option_defaults_file=""
|
||||
local option_defaults_extra_file=""
|
||||
local option_defaults_group_suffix=""
|
||||
local option_user=""
|
||||
local option_password=""
|
||||
local option_dump_label=""
|
||||
local option_compress=""
|
||||
local option_others=""
|
||||
|
||||
# Parse options, based on https://gist.github.com/deshion/10d3cb5f88a21671e17a
|
||||
while :; do
|
||||
case ${1:-''} in
|
||||
--defaults-file)
|
||||
# defaults-file options, with value separated by space
|
||||
if [ -n "$2" ]; then
|
||||
option_defaults_file="${2}"
|
||||
shift
|
||||
else
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--defaults-file' requires a non-empty option argument."
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
--defaults-file=?*)
|
||||
# defaults-file options, with value separated by =
|
||||
option_defaults_file="${1#*=}"
|
||||
;;
|
||||
--defaults-file=)
|
||||
# defaults-file options, without value
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--defaults-file' requires a non-empty option argument."
|
||||
exit 1
|
||||
;;
|
||||
--defaults-extra-file)
|
||||
# defaults-file options, with value separated by space
|
||||
if [ -n "$2" ]; then
|
||||
option_defaults_extra_file="${2}"
|
||||
shift
|
||||
else
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--defaults-file' requires a non-empty option argument."
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
--defaults-extra-file=?*)
|
||||
# defaults-extra-file options, with value separated by =
|
||||
option_defaults_extra_file="${1#*=}"
|
||||
;;
|
||||
--defaults-extra-file=)
|
||||
# defaults-extra-file options, without value
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--defaults-extra-file' requires a non-empty option argument."
|
||||
exit 1
|
||||
;;
|
||||
--defaults-group-suffix)
|
||||
# defaults-group-suffix options, with value separated by space
|
||||
if [ -n "$2" ]; then
|
||||
option_defaults_group_suffix="${2}"
|
||||
shift
|
||||
else
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--defaults-group-suffix' requires a non-empty option argument."
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
--defaults-group-suffix=?*)
|
||||
# defaults-group-suffix options, with value separated by =
|
||||
option_defaults_group_suffix="${1#*=}"
|
||||
;;
|
||||
--defaults-group-suffix=)
|
||||
# defaults-group-suffix options, without value
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--defaults-group-suffix' requires a non-empty option argument."
|
||||
exit 1
|
||||
;;
|
||||
--port)
|
||||
# port options, with value separated by space
|
||||
if [ -n "$2" ]; then
|
||||
option_port="${2}"
|
||||
shift
|
||||
else
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--port' requires a non-empty option argument."
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
--port=?*)
|
||||
# port options, with value separated by =
|
||||
option_port="${1#*=}"
|
||||
;;
|
||||
--port=)
|
||||
# port options, without value
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--port' requires a non-empty option argument."
|
||||
exit 1
|
||||
;;
|
||||
--socket)
|
||||
# socket options, with value separated by space
|
||||
if [ -n "$2" ]; then
|
||||
option_socket="${2}"
|
||||
shift
|
||||
else
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--socket' requires a non-empty option argument."
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
--socket=?*)
|
||||
# socket options, with value separated by =
|
||||
option_socket="${1#*=}"
|
||||
;;
|
||||
--socket=)
|
||||
# socket options, without value
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--socket' requires a non-empty option argument."
|
||||
exit 1
|
||||
;;
|
||||
--user)
|
||||
# user options, with value separated by space
|
||||
if [ -n "$2" ]; then
|
||||
option_user="${2}"
|
||||
shift
|
||||
else
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--user' requires a non-empty option argument."
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
--user=?*)
|
||||
# user options, with value separated by =
|
||||
option_user="${1#*=}"
|
||||
;;
|
||||
--user=)
|
||||
# user options, without value
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--user' requires a non-empty option argument."
|
||||
exit 1
|
||||
;;
|
||||
--password)
|
||||
# password options, with value separated by space
|
||||
if [ -n "$2" ]; then
|
||||
option_password="${2}"
|
||||
shift
|
||||
else
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--password' requires a non-empty option argument."
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
--password=?*)
|
||||
# password options, with value separated by =
|
||||
option_password="${1#*=}"
|
||||
;;
|
||||
--password=)
|
||||
# password options, without value
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--password' requires a non-empty option argument."
|
||||
exit 1
|
||||
;;
|
||||
--dump-label)
|
||||
# dump-label options, with value separated by space
|
||||
if [ -n "$2" ]; then
|
||||
option_dump_label="${2}"
|
||||
shift
|
||||
else
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--dump-label' requires a non-empty option argument."
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
--dump-label=?*)
|
||||
# dump-label options, with value separated by =
|
||||
option_dump_label="${1#*=}"
|
||||
;;
|
||||
--dump-label=)
|
||||
# dump-label options, without value
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--dump-label' requires a non-empty option argument."
|
||||
exit 1
|
||||
;;
|
||||
--compress)
|
||||
# compress options, with value separated by space
|
||||
if [ -n "$2" ]; then
|
||||
option_compress="${2}"
|
||||
shift
|
||||
else
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--compress' requires a non-empty option argument."
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
--compress=?*)
|
||||
# compress options, with value separated by =
|
||||
option_compress="${1#*=}"
|
||||
;;
|
||||
--compress=)
|
||||
# compress options, without value
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--compress' requires a non-empty option argument."
|
||||
exit 1
|
||||
;;
|
||||
--)
|
||||
# End of all options.
|
||||
shift
|
||||
option_others=${*}
|
||||
break
|
||||
;;
|
||||
-?*|[[:alnum:]]*)
|
||||
# ignore unknown options
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: unknown option '${1}' (ignored)"
|
||||
;;
|
||||
*)
|
||||
# Default case: If no more options then break out of the loop.
|
||||
break
|
||||
;;
|
||||
esac
|
||||
|
||||
shift
|
||||
done
|
||||
|
||||
case "${option_compress}" in
|
||||
none)
|
||||
compress_cmd="cat"
|
||||
dump_ext=""
|
||||
;;
|
||||
bzip2|bz|bz2)
|
||||
compress_cmd="bzip2 --best"
|
||||
dump_ext=".bz"
|
||||
;;
|
||||
xz)
|
||||
compress_cmd="xz --best"
|
||||
dump_ext=".xz"
|
||||
;;
|
||||
pigz)
|
||||
compress_cmd="pigz --best"
|
||||
dump_ext=".gz"
|
||||
;;
|
||||
gz|gzip|*)
|
||||
compress_cmd="gzip --best"
|
||||
dump_ext=".gz"
|
||||
;;
|
||||
esac
|
||||
|
||||
if [ -z "${option_dump_label}" ]; then
|
||||
if [ -n "${option_defaults_group_suffix}" ]; then
|
||||
option_dump_label="${option_defaults_group_suffix}"
|
||||
elif [ -n "${option_port}" ]; then
|
||||
option_dump_label="${option_port}"
|
||||
elif [ -n "${option_socket}" ]; then
|
||||
option_dump_label=$(path_to_str "${option_socket}")
|
||||
else
|
||||
option_dump_label="default"
|
||||
fi
|
||||
fi
|
||||
|
||||
## Connection options
|
||||
declare -a connect_options
|
||||
connect_options=()
|
||||
if [ -n "${option_defaults_file}" ]; then
|
||||
connect_options+=(--defaults-file="${option_defaults_file}")
|
||||
fi
|
||||
if [ -n "${option_defaults_extra_file}" ]; then
|
||||
connect_options+=(--defaults-extra-file="${option_defaults_extra_file}")
|
||||
fi
|
||||
if [ -n "${option_defaults_group_suffix}" ]; then
|
||||
connect_options+=(--defaults-group-suffix="${option_defaults_group_suffix}")
|
||||
fi
|
||||
if [ -n "${option_port}" ]; then
|
||||
connect_options+=(--protocol=tcp)
|
||||
connect_options+=(--port="${option_port}")
|
||||
fi
|
||||
if [ -n "${option_socket}" ]; then
|
||||
connect_options+=(--protocol=socket)
|
||||
connect_options+=(--socket="${option_socket}")
|
||||
fi
|
||||
if [ -n "${option_user}" ]; then
|
||||
connect_options+=(--user="${option_user}")
|
||||
fi
|
||||
if [ -n "${option_password}" ]; then
|
||||
connect_options+=(--password="${option_password}")
|
||||
fi
|
||||
|
||||
databases=$(mysql "${connect_options[@]}" --execute="show databases" --silent --skip-column-names \
|
||||
| grep --extended-regexp --invert-match "^(Database|information_schema|performance_schema|sys)")
|
||||
|
||||
for database in ${databases}; do
|
||||
local dump_dir="${LOCAL_BACKUP_DIR}/mysql-${option_dump_label}-tabs/${database}"
|
||||
local errors_dir=$(errors_dir_from_dump_dir "${dump_dir}")
|
||||
rm -rf "${dump_dir}" "${errors_dir}"
|
||||
mkdir -p "${dump_dir}" "${errors_dir}"
|
||||
# No need to change recursively, the top directory is enough
|
||||
chmod 700 "${dump_dir}" "${errors_dir}"
|
||||
chown -RL mysql "${dump_dir}"
|
||||
|
||||
local error_file="${errors_dir}.err"
|
||||
log "LOCAL_TASKS - ${FUNCNAME[0]}: start ${dump_dir}"
|
||||
|
||||
declare -a dump_options
|
||||
dump_options=()
|
||||
dump_options+=(--force)
|
||||
dump_options+=(--quote-names)
|
||||
dump_options+=(--opt)
|
||||
dump_options+=(--events)
|
||||
dump_options+=(--hex-blob)
|
||||
dump_options+=(--skip-comments)
|
||||
dump_options+=(--fields-enclosed-by='\"')
|
||||
dump_options+=(--fields-terminated-by=',')
|
||||
dump_options+=(--tab="${dump_dir}")
|
||||
if [ -n "${option_others}" ]; then
|
||||
# word splitting is deliberate here
|
||||
# shellcheck disable=SC2206
|
||||
dump_options+=(${option_others})
|
||||
fi
|
||||
dump_options+=("${database}")
|
||||
|
||||
dump_cmd="mysqldump ${connect_options[*]} ${dump_options[*]}"
|
||||
log "LOCAL_TASKS - ${FUNCNAME[0]}: ${dump_cmd}"
|
||||
${dump_cmd} 2> "${error_file}"
|
||||
|
||||
local last_rc=$?
|
||||
# shellcheck disable=SC2086
|
||||
if [ ${last_rc} -ne 0 ]; then
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: mysqldump to ${dump_dir} returned an error ${last_rc}" "${error_file}"
|
||||
GLOBAL_RC=${E_DUMPFAILED}
|
||||
else
|
||||
rm -f "${error_file}"
|
||||
fi
|
||||
log "LOCAL_TASKS - ${FUNCNAME[0]}: stop ${dump_dir}"
|
||||
done
|
||||
}
|
|
@ -1,343 +0,0 @@
|
|||
#!/usr/bin/env bash
|
||||
# shellcheck disable=SC2034,SC2317,SC2155
|
||||
|
||||
#######################################################################
|
||||
# Dump a single file of all PostgreSQL databases
|
||||
#
|
||||
# Arguments:
|
||||
# --dump-label=[String] (default: "default")
|
||||
# used as suffix of the dump dir to differenciate multiple instances
|
||||
# --compress=<gzip|pigz|bzip2|xz|none> (default: "gzip")
|
||||
# Other options after -- are passed as-is to pg_dump
|
||||
#######################################################################
|
||||
dump_postgresql_global() {
|
||||
local option_dump_label=""
|
||||
local option_compress=""
|
||||
local option_others=""
|
||||
|
||||
# Parse options, based on https://gist.github.com/deshion/10d3cb5f88a21671e17a
|
||||
while :; do
|
||||
case ${1:-''} in
|
||||
--dump-label)
|
||||
# dump-label options, with value separated by space
|
||||
if [ -n "$2" ]; then
|
||||
option_dump_label="${2}"
|
||||
shift
|
||||
else
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--dump-label' requires a non-empty option argument."
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
--dump-label=?*)
|
||||
# dump-label options, with value separated by =
|
||||
option_dump_label="${1#*=}"
|
||||
;;
|
||||
--dump-label=)
|
||||
# dump-label options, without value
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--dump-label' requires a non-empty option argument."
|
||||
exit 1
|
||||
;;
|
||||
--compress)
|
||||
# compress options, with value separated by space
|
||||
if [ -n "$2" ]; then
|
||||
option_compress="${2}"
|
||||
shift
|
||||
else
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--compress' requires a non-empty option argument."
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
--compress=?*)
|
||||
# compress options, with value separated by =
|
||||
option_compress="${1#*=}"
|
||||
;;
|
||||
--compress=)
|
||||
# compress options, without value
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--compress' requires a non-empty option argument."
|
||||
exit 1
|
||||
;;
|
||||
--)
|
||||
# End of all options.
|
||||
shift
|
||||
option_others=${*}
|
||||
break
|
||||
;;
|
||||
-?*|[[:alnum:]]*)
|
||||
# ignore unknown options
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: unknown option '${1}' (ignored)"
|
||||
;;
|
||||
*)
|
||||
# Default case: If no more options then break out of the loop.
|
||||
break
|
||||
;;
|
||||
esac
|
||||
|
||||
shift
|
||||
done
|
||||
|
||||
case "${option_compress}" in
|
||||
none)
|
||||
compress_cmd="cat"
|
||||
dump_ext=""
|
||||
;;
|
||||
bzip2|bz|bz2)
|
||||
compress_cmd="bzip2 --best"
|
||||
dump_ext=".bz"
|
||||
;;
|
||||
xz)
|
||||
compress_cmd="xz --best"
|
||||
dump_ext=".xz"
|
||||
;;
|
||||
pigz)
|
||||
compress_cmd="pigz --best"
|
||||
dump_ext=".gz"
|
||||
;;
|
||||
gz|gzip|*)
|
||||
compress_cmd="gzip --best"
|
||||
dump_ext=".gz"
|
||||
;;
|
||||
esac
|
||||
|
||||
if [ -z "${option_dump_label}" ]; then
|
||||
if [ -n "${option_defaults_group_suffix}" ]; then
|
||||
option_dump_label="${option_defaults_group_suffix}"
|
||||
elif [ -n "${option_port}" ]; then
|
||||
option_dump_label="${option_port}"
|
||||
elif [ -n "${option_socket}" ]; then
|
||||
option_dump_label=$(path_to_str "${option_socket}")
|
||||
else
|
||||
option_dump_label="default"
|
||||
fi
|
||||
fi
|
||||
|
||||
local dump_dir="${LOCAL_BACKUP_DIR}/postgresql-${option_dump_label}-global"
|
||||
local errors_dir=$(errors_dir_from_dump_dir "${dump_dir}")
|
||||
rm -rf "${dump_dir}" "${errors_dir}"
|
||||
mkdir -p "${dump_dir}" "${errors_dir}"
|
||||
# No need to change recursively, the top directory is enough
|
||||
chmod 700 "${dump_dir}" "${errors_dir}"
|
||||
|
||||
## example with pg_dumpall and with compression
|
||||
local error_file="${errors_dir}/pg_dumpall.err"
|
||||
local dump_file="${dump_dir}/pg_dumpall.sql${dump_ext}"
|
||||
log "LOCAL_TASKS - ${FUNCNAME[0]}: start ${dump_file}"
|
||||
|
||||
declare -a dump_options
|
||||
dump_options=()
|
||||
if [ -n "${option_others}" ]; then
|
||||
# word splitting is deliberate here
|
||||
# shellcheck disable=SC2206
|
||||
dump_options+=(${option_others})
|
||||
fi
|
||||
|
||||
dump_cmd="(sudo -u postgres pg_dumpall ${dump_options[*]}) 2> ${error_file} | ${compress_cmd} > ${dump_file}"
|
||||
log "LOCAL_TASKS - ${FUNCNAME[0]}: ${dump_cmd}"
|
||||
${dump_cmd}
|
||||
|
||||
local last_rc=$?
|
||||
# shellcheck disable=SC2086
|
||||
if [ ${last_rc} -ne 0 ]; then
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: pg_dumpall to ${dump_file} returned an error ${last_rc}" "${error_file}"
|
||||
GLOBAL_RC=${E_DUMPFAILED}
|
||||
else
|
||||
rm -f "${error_file}"
|
||||
fi
|
||||
|
||||
log "LOCAL_TASKS - ${FUNCNAME[0]}: stop ${dump_file}"
|
||||
|
||||
## example with pg_dumpall and without compression
|
||||
## WARNING: you need space in ~postgres
|
||||
# local error_file="${errors_dir}/pg_dumpall.err"
|
||||
# local dump_file="${dump_dir}/pg_dumpall.sql"
|
||||
# log "LOCAL_TASKS - ${FUNCNAME[0]}: start ${dump_file}"
|
||||
#
|
||||
# (su - postgres -c "pg_dumpall > ~/pg.dump.bak") 2> "${error_file}"
|
||||
# mv ~postgres/pg.dump.bak "${dump_file}"
|
||||
#
|
||||
# log "LOCAL_TASKS - ${FUNCNAME[0]}: stop ${dump_file}"
|
||||
}
|
||||
|
||||
#######################################################################
|
||||
# Dump a compressed file per database
|
||||
#
|
||||
# Arguments: <none>
|
||||
#######################################################################
|
||||
dump_postgresql_per_base() {
|
||||
local option_dump_label=""
|
||||
local option_compress=""
|
||||
local option_others=""
|
||||
|
||||
# Parse options, based on https://gist.github.com/deshion/10d3cb5f88a21671e17a
|
||||
while :; do
|
||||
case ${1:-''} in
|
||||
--dump-label)
|
||||
# dump-label options, with value separated by space
|
||||
if [ -n "$2" ]; then
|
||||
option_dump_label="${2}"
|
||||
shift
|
||||
else
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--dump-label' requires a non-empty option argument."
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
--dump-label=?*)
|
||||
# dump-label options, with value separated by =
|
||||
option_dump_label="${1#*=}"
|
||||
;;
|
||||
--dump-label=)
|
||||
# dump-label options, without value
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--dump-label' requires a non-empty option argument."
|
||||
exit 1
|
||||
;;
|
||||
--compress)
|
||||
# compress options, with value separated by space
|
||||
if [ -n "$2" ]; then
|
||||
option_compress="${2}"
|
||||
shift
|
||||
else
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--compress' requires a non-empty option argument."
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
--compress=?*)
|
||||
# compress options, with value separated by =
|
||||
option_compress="${1#*=}"
|
||||
;;
|
||||
--compress=)
|
||||
# compress options, without value
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: '--compress' requires a non-empty option argument."
|
||||
exit 1
|
||||
;;
|
||||
--)
|
||||
# End of all options.
|
||||
shift
|
||||
option_others=${*}
|
||||
break
|
||||
;;
|
||||
-?*|[[:alnum:]]*)
|
||||
# ignore unknown options
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: unknown option '${1}' (ignored)"
|
||||
;;
|
||||
*)
|
||||
# Default case: If no more options then break out of the loop.
|
||||
break
|
||||
;;
|
||||
esac
|
||||
|
||||
shift
|
||||
done
|
||||
|
||||
case "${option_compress}" in
|
||||
none)
|
||||
compress_cmd="cat"
|
||||
dump_ext=""
|
||||
;;
|
||||
bzip2|bz|bz2)
|
||||
compress_cmd="bzip2 --best"
|
||||
dump_ext=".bz"
|
||||
;;
|
||||
xz)
|
||||
compress_cmd="xz --best"
|
||||
dump_ext=".xz"
|
||||
;;
|
||||
pigz)
|
||||
compress_cmd="pigz --best"
|
||||
dump_ext=".gz"
|
||||
;;
|
||||
gz|gzip|*)
|
||||
compress_cmd="gzip --best"
|
||||
dump_ext=".gz"
|
||||
;;
|
||||
esac
|
||||
|
||||
if [ -z "${option_dump_label}" ]; then
|
||||
if [ -n "${option_defaults_group_suffix}" ]; then
|
||||
option_dump_label="${option_defaults_group_suffix}"
|
||||
elif [ -n "${option_port}" ]; then
|
||||
option_dump_label="${option_port}"
|
||||
elif [ -n "${option_socket}" ]; then
|
||||
option_dump_label=$(path_to_str "${option_socket}")
|
||||
else
|
||||
option_dump_label="default"
|
||||
fi
|
||||
fi
|
||||
|
||||
local dump_dir="${LOCAL_BACKUP_DIR}/postgresql-${option_dump_label}-per-base"
|
||||
local errors_dir=$(errors_dir_from_dump_dir "${dump_dir}")
|
||||
rm -rf "${dump_dir}" "${errors_dir}"
|
||||
mkdir -p "${dump_dir}" "${errors_dir}"
|
||||
# No need to change recursively, the top directory is enough
|
||||
chmod 700 "${dump_dir}" "${errors_dir}"
|
||||
|
||||
(
|
||||
# shellcheck disable=SC2164
|
||||
cd /var/lib/postgresql
|
||||
databases=$(sudo -u postgres psql -U postgres -lt | awk -F \| '{print $1}' | grep -v "template.*")
|
||||
for database in ${databases} ; do
|
||||
local error_file="${errors_dir}/${database}.err"
|
||||
local dump_file="${dump_dir}/${database}.sql${dump_ext}"
|
||||
log "LOCAL_TASKS - ${FUNCNAME[0]}: start ${dump_file}"
|
||||
|
||||
declare -a dump_options
|
||||
dump_options=()
|
||||
dump_options+=(--create)
|
||||
dump_options+=(-U postgres)
|
||||
dump_options+=(-d "${database}")
|
||||
if [ -n "${option_others}" ]; then
|
||||
# word splitting is deliberate here
|
||||
# shellcheck disable=SC2206
|
||||
dump_options+=(${option_others})
|
||||
fi
|
||||
|
||||
dump_cmd="(sudo -u postgres /usr/bin/pg_dump ${dump_options[*]}) 2> ${error_file} | ${compress_cmd} > ${dump_file}"
|
||||
log "LOCAL_TASKS - ${FUNCNAME[0]}: ${dump_cmd}"
|
||||
${dump_cmd}
|
||||
|
||||
local last_rc=$?
|
||||
# shellcheck disable=SC2086
|
||||
if [ ${last_rc} -ne 0 ]; then
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: pg_dump to ${dump_file} returned an error ${last_rc}" "${error_file}"
|
||||
GLOBAL_RC=${E_DUMPFAILED}
|
||||
else
|
||||
rm -f "${error_file}"
|
||||
fi
|
||||
log "LOCAL_TASKS - ${FUNCNAME[0]}: stop ${dump_file}"
|
||||
done
|
||||
)
|
||||
}
|
||||
|
||||
#######################################################################
|
||||
# Dump a compressed file per database
|
||||
#
|
||||
# Arguments: <none>
|
||||
#
|
||||
# TODO: add arguments to include/exclude tables
|
||||
#######################################################################
|
||||
dump_postgresql_filtered() {
|
||||
local dump_dir="${LOCAL_BACKUP_DIR}/postgresql-filtered"
|
||||
local errors_dir=$(errors_dir_from_dump_dir "${dump_dir}")
|
||||
rm -rf "${dump_dir}" "${errors_dir}"
|
||||
mkdir -p "${dump_dir}" "${errors_dir}"
|
||||
# No need to change recursively, the top directory is enough
|
||||
chmod 700 "${dump_dir}" "${errors_dir}"
|
||||
|
||||
local error_file="${errors_dir}/pg-backup.err"
|
||||
local dump_file="${dump_dir}/pg-backup.tar"
|
||||
log "LOCAL_TASKS - ${FUNCNAME[0]}: start ${dump_file}"
|
||||
|
||||
## example with all tables from MYBASE excepts TABLE1 and TABLE2
|
||||
# pg_dump -p 5432 -h 127.0.0.1 -U USER --clean -F t --inserts -f "${dump_file}" -t 'TABLE1' -t 'TABLE2' MYBASE 2> "${error_file}"
|
||||
|
||||
## example with only TABLE1 and TABLE2 from MYBASE
|
||||
# pg_dump -p 5432 -h 127.0.0.1 -U USER --clean -F t --inserts -f "${dump_file}" -T 'TABLE1' -T 'TABLE2' MYBASE 2> "${error_file}"
|
||||
|
||||
local last_rc=$?
|
||||
# shellcheck disable=SC2086
|
||||
if [ ${last_rc} -ne 0 ]; then
|
||||
log_error "LOCAL_TASKS - ${FUNCNAME[0]}: pg_dump to ${dump_file} returned an error ${last_rc}" "${error_file}"
|
||||
GLOBAL_RC=${E_DUMPFAILED}
|
||||
else
|
||||
rm -f "${error_file}"
|
||||
fi
|
||||
log "LOCAL_TASKS - ${FUNCNAME[0]}: stop ${dump_file}"
|
||||
}
|
|
@ -1,466 +0,0 @@
|
|||
#!/usr/bin/env bash
|
||||
# shellcheck disable=SC2034,SC2317
|
||||
|
||||
readonly VERSION="24.04.1"
|
||||
|
||||
# set all programs to C language (english)
|
||||
export LC_ALL=C
|
||||
|
||||
# If expansion is attempted on an unset variable or parameter, the shell prints an
|
||||
# error message, and, if not interactive, exits with a non-zero status.
|
||||
set -o nounset
|
||||
# The pipeline's return status is the value of the last (rightmost) command
|
||||
# to exit with a non-zero status, or zero if all commands exit successfully.
|
||||
set -o pipefail
|
||||
# Enable trace mode if called with environment variable TRACE=1
|
||||
if [[ "${TRACE-0}" == "1" ]]; then
|
||||
set -o xtrace
|
||||
fi
|
||||
|
||||
source "${LIBDIR}/utilities.sh"
|
||||
source "${LIBDIR}/dump/elasticsearch.sh"
|
||||
source "${LIBDIR}/dump/mysql.sh"
|
||||
source "${LIBDIR}/dump/postgresql.sh"
|
||||
source "${LIBDIR}/dump/misc.sh"
|
||||
|
||||
# Called from main, it is wrapping the local_tasks function defined in the real script
|
||||
local_tasks_wrapper() {
|
||||
log "START LOCAL_TASKS"
|
||||
|
||||
# Remove old log directories (recursively)
|
||||
find "${LOCAL_BACKUP_DIR}/" -type d -name "${PROGNAME}.errors-*" -ctime +30 -exec rm -rf \;
|
||||
|
||||
local_tasks_type="$(type -t local_tasks)"
|
||||
if [ "${local_tasks_type}" = "function" ]; then
|
||||
local_tasks
|
||||
else
|
||||
log_error "There is no 'local_tasks' function to execute"
|
||||
fi
|
||||
|
||||
# TODO: check if this is still needed
|
||||
# print_error_files_content
|
||||
|
||||
log "STOP LOCAL_TASKS"
|
||||
}
|
||||
|
||||
# Called from main, it is wrapping the sync_tasks function defined in the real script
|
||||
sync_tasks_wrapper() {
|
||||
declare -a SERVERS # Indexed array for server/port values
|
||||
declare -a RSYNC_INCLUDES # Indexed array for includes
|
||||
declare -a RSYNC_EXCLUDES # Indexed array for excludes
|
||||
|
||||
case "${SYSTEM}" in
|
||||
linux)
|
||||
# NOTE: remember to single-quote paths if they contain globs (*)
|
||||
# and you want to defer expansion
|
||||
declare -a rsync_default_includes=(
|
||||
/bin
|
||||
/boot
|
||||
/lib
|
||||
/opt
|
||||
/sbin
|
||||
/usr
|
||||
)
|
||||
;;
|
||||
*bsd)
|
||||
# NOTE: remember to single-quote paths if they contain globs (*)
|
||||
# and you want to defer expansion
|
||||
declare -a rsync_default_includes=(
|
||||
/bin
|
||||
/bsd
|
||||
/sbin
|
||||
/usr
|
||||
)
|
||||
;;
|
||||
*)
|
||||
echo "Unknown system '${SYSTEM}'" >&2
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
if [ -f "${CANARY_FILE}" ]; then
|
||||
rsync_default_includes+=("${CANARY_FILE}")
|
||||
fi
|
||||
readonly rsync_default_includes
|
||||
|
||||
# NOTE: remember to single-quote paths if they contain globs (*)
|
||||
# and you want to defer expansion
|
||||
declare -a rsync_default_excludes=(
|
||||
/dev
|
||||
/proc
|
||||
/run
|
||||
/sys
|
||||
/tmp
|
||||
/usr/doc
|
||||
/usr/obj
|
||||
/usr/share/doc
|
||||
/usr/src
|
||||
/var/apt
|
||||
/var/cache
|
||||
'/var/db/munin/*.tmp'
|
||||
/var/lib/amavis/amavisd.sock
|
||||
/var/lib/amavis/tmp
|
||||
/var/lib/amavis/virusmails
|
||||
'/var/lib/clamav/*.tmp'
|
||||
/var/lib/elasticsearch
|
||||
/var/lib/metche
|
||||
/var/lib/mongodb
|
||||
'/var/lib/munin/*tmp*'
|
||||
/var/lib/mysql
|
||||
/var/lib/php/sessions
|
||||
/var/lib/php5
|
||||
/var/lib/postgres
|
||||
/var/lib/postgresql
|
||||
/var/lib/sympa
|
||||
/var/lock
|
||||
/var/run
|
||||
/var/spool/postfix
|
||||
/var/spool/smtpd
|
||||
/var/spool/squid
|
||||
/var/state
|
||||
/var/tmp
|
||||
lost+found
|
||||
'.nfs.*'
|
||||
'lxc/*/rootfs/tmp'
|
||||
'lxc/*/rootfs/usr/doc'
|
||||
'lxc/*/rootfs/usr/obj'
|
||||
'lxc/*/rootfs/usr/share/doc'
|
||||
'lxc/*/rootfs/usr/src'
|
||||
'lxc/*/rootfs/var/apt'
|
||||
'lxc/*/rootfs/var/cache'
|
||||
'lxc/*/rootfs/var/lib/php5'
|
||||
'lxc/*/rootfs/var/lib/php/sessions'
|
||||
'lxc/*/rootfs/var/lock'
|
||||
'lxc/*/rootfs/var/run'
|
||||
'lxc/*/rootfs/var/state'
|
||||
'lxc/*/rootfs/var/tmp'
|
||||
/home/mysqltmp
|
||||
)
|
||||
readonly rsync_default_excludes
|
||||
|
||||
sync_tasks_type="$(type -t sync_tasks)"
|
||||
if [ "${sync_tasks_type}" = "function" ]; then
|
||||
sync_tasks
|
||||
else
|
||||
log_error "There is no 'sync_tasks' function to execute"
|
||||
fi
|
||||
}
|
||||
|
||||
sync() {
|
||||
local sync_name=${1}
|
||||
local -a rsync_servers=("${!2}")
|
||||
local -a rsync_includes=("${!3}")
|
||||
local -a rsync_excludes=("${!4}")
|
||||
|
||||
## Initialize variable to store SSH connection errors
|
||||
declare -a SSH_ERRORS=()
|
||||
|
||||
log "START SYNC_TASKS - sync=${sync_name}"
|
||||
|
||||
# echo "### sync ###"
|
||||
|
||||
# for server in "${rsync_servers[@]}"; do
|
||||
# echo "server: ${server}"
|
||||
# done
|
||||
|
||||
# for include in "${rsync_includes[@]}"; do
|
||||
# echo "include: ${include}"
|
||||
# done
|
||||
|
||||
# for exclude in "${rsync_excludes[@]}"; do
|
||||
# echo "exclude: ${exclude}"
|
||||
# done
|
||||
|
||||
local -i n=0
|
||||
local server=""
|
||||
if [ "${SERVERS_FALLBACK}" = "1" ]; then
|
||||
# We try to find a suitable server
|
||||
while :; do
|
||||
server=$(pick_server ${n} "${sync_name}")
|
||||
rc=$?
|
||||
if [ ${rc} != 0 ]; then
|
||||
GLOBAL_RC=${E_NOSRVAVAIL}
|
||||
log "STOP SYNC_TASKS - sync=${sync_name}'"
|
||||
return
|
||||
fi
|
||||
|
||||
if test_server "${server}"; then
|
||||
break
|
||||
else
|
||||
server=""
|
||||
n=$(( n + 1 ))
|
||||
fi
|
||||
done
|
||||
else
|
||||
# we force the server
|
||||
server=$(pick_server "${n}" "${sync_name}")
|
||||
fi
|
||||
|
||||
rsync_server=$(echo "${server}" | cut -d':' -f1)
|
||||
rsync_port=$(echo "${server}" | cut -d':' -f2)
|
||||
|
||||
log "SYNC_TASKS - sync=${sync_name}: use ${server}"
|
||||
|
||||
# Rsync complete log file for the current run
|
||||
RSYNC_LOGFILE="/var/log/${PROGNAME}.${sync_name}.rsync.log"
|
||||
# Rsync stats for the current run
|
||||
RSYNC_STATSFILE="/var/log/${PROGNAME}.${sync_name}.rsync-stats.log"
|
||||
|
||||
# reset Rsync log file
|
||||
if [ -n "$(command -v truncate)" ]; then
|
||||
truncate -s 0 "${RSYNC_LOGFILE}"
|
||||
truncate -s 0 "${RSYNC_STATSFILE}"
|
||||
else
|
||||
printf "" > "${RSYNC_LOGFILE}"
|
||||
printf "" > "${RSYNC_STATSFILE}"
|
||||
fi
|
||||
|
||||
# Initialize variable here, we need it later
|
||||
local -a mtree_files=()
|
||||
|
||||
if [ "${MTREE_ENABLED}" = "1" ]; then
|
||||
mtree_bin=$(command -v mtree)
|
||||
|
||||
if [ -n "${mtree_bin}" ]; then
|
||||
# Dump filesystem stats with mtree
|
||||
log "SYNC_TASKS - sync=${sync_name}: start mtree"
|
||||
|
||||
# Loop over Rsync includes
|
||||
for i in "${!rsync_includes[@]}"; do
|
||||
include="${rsync_includes[i]}"
|
||||
|
||||
if [ -d "${include}" ]; then
|
||||
# … but exclude for mtree what will be excluded by Rsync
|
||||
mtree_excludes_file="$(mktemp --tmpdir "${PROGNAME}.${sync_name}.mtree-excludes.XXXXXX")"
|
||||
add_to_temp_files "${mtree_excludes_file}"
|
||||
|
||||
for j in "${!rsync_excludes[@]}"; do
|
||||
echo "${rsync_excludes[j]}" | grep -E "^([^/]|${include})" | sed -e "s|^${include}|.|" >> "${mtree_excludes_file}"
|
||||
done
|
||||
|
||||
mtree_file="/var/log/evobackup.$(basename "${include}").mtree"
|
||||
add_to_temp_files "${mtree_file}"
|
||||
|
||||
${mtree_bin} -x -c -p "${include}" -X "${mtree_excludes_file}" > "${mtree_file}"
|
||||
mtree_files+=("${mtree_file}")
|
||||
fi
|
||||
done
|
||||
|
||||
if [ "${#mtree_files[@]}" -le 0 ]; then
|
||||
log_error "SYNC_TASKS - ${sync_name}: ERROR: mtree didn't produce any file"
|
||||
fi
|
||||
|
||||
log "SYNC_TASKS - sync=${sync_name}: stop mtree (files: ${mtree_files[*]})"
|
||||
else
|
||||
log "SYNC_TASKS - sync=${sync_name}: skip mtree (missing)"
|
||||
fi
|
||||
else
|
||||
log "SYNC_TASKS - sync=${sync_name}: skip mtree (disabled)"
|
||||
fi
|
||||
|
||||
rsync_bin=$(command -v rsync)
|
||||
# Build the final Rsync command
|
||||
|
||||
# Rsync main options
|
||||
rsync_main_args=()
|
||||
rsync_main_args+=(--archive)
|
||||
rsync_main_args+=(--itemize-changes)
|
||||
rsync_main_args+=(--quiet)
|
||||
rsync_main_args+=(--stats)
|
||||
rsync_main_args+=(--human-readable)
|
||||
rsync_main_args+=(--relative)
|
||||
rsync_main_args+=(--partial)
|
||||
rsync_main_args+=(--delete)
|
||||
rsync_main_args+=(--delete-excluded)
|
||||
rsync_main_args+=(--force)
|
||||
rsync_main_args+=(--ignore-errors)
|
||||
rsync_main_args+=(--log-file "${RSYNC_LOGFILE}")
|
||||
rsync_main_args+=(--rsh "ssh -p ${rsync_port} -o 'ConnectTimeout ${SSH_CONNECT_TIMEOUT}'")
|
||||
|
||||
# Rsync excludes
|
||||
for i in "${!rsync_excludes[@]}"; do
|
||||
rsync_main_args+=(--exclude "${rsync_excludes[i]}")
|
||||
done
|
||||
|
||||
# Rsync local sources
|
||||
rsync_main_args+=("${rsync_includes[@]}")
|
||||
|
||||
# Rsync remote destination
|
||||
rsync_main_args+=("root@${rsync_server}:${REMOTE_BACKUP_DIR}/")
|
||||
|
||||
# … log it
|
||||
log "SYNC_TASKS - sync=${sync_name}: Rsync main command : ${rsync_bin} ${rsync_main_args[*]}"
|
||||
|
||||
# … execute it
|
||||
${rsync_bin} "${rsync_main_args[@]}"
|
||||
|
||||
rsync_main_rc=$?
|
||||
|
||||
# Copy last lines of rsync log to the main log
|
||||
tail -n 30 "${RSYNC_LOGFILE}" >> "${LOGFILE}"
|
||||
# Copy Rsync stats to special file
|
||||
tail -n 30 "${RSYNC_LOGFILE}" | grep --invert-match --extended-regexp " [\<\>ch\.\*]\S{10} " > "${RSYNC_STATSFILE}"
|
||||
|
||||
# We ignore rc=24 (vanished files)
|
||||
if [ ${rsync_main_rc} -ne 0 ] && [ ${rsync_main_rc} -ne 24 ]; then
|
||||
log_error "SYNC_TASKS - sync=${sync_name}: Rsync main command returned an error ${rsync_main_rc}" "${LOGFILE}"
|
||||
GLOBAL_RC=${E_SYNCFAILED}
|
||||
else
|
||||
# Build the report Rsync command
|
||||
local -a rsync_report_args
|
||||
|
||||
rsync_report_args=()
|
||||
|
||||
# Rsync options
|
||||
rsync_report_args+=(--rsh "ssh -p ${rsync_port} -o 'ConnectTimeout ${SSH_CONNECT_TIMEOUT}'")
|
||||
|
||||
# Rsync local sources
|
||||
if [ "${#mtree_files[@]}" -gt 0 ]; then
|
||||
# send mtree files if there is any
|
||||
rsync_report_args+=("${mtree_files[@]}")
|
||||
fi
|
||||
if [ -f "${RSYNC_LOGFILE}" ]; then
|
||||
# send rsync full log file if it exists
|
||||
rsync_report_args+=("${RSYNC_LOGFILE}")
|
||||
fi
|
||||
if [ -f "${RSYNC_STATSFILE}" ]; then
|
||||
# send rsync stats log file if it exists
|
||||
rsync_report_args+=("${RSYNC_STATSFILE}")
|
||||
fi
|
||||
|
||||
# Rsync remote destination
|
||||
rsync_report_args+=("root@${rsync_server}:${REMOTE_LOG_DIR}/")
|
||||
|
||||
# … log it
|
||||
log "SYNC_TASKS - sync=${sync_name}: Rsync report command : ${rsync_bin} ${rsync_report_args[*]}"
|
||||
|
||||
# … execute it
|
||||
${rsync_bin} "${rsync_report_args[@]}"
|
||||
fi
|
||||
|
||||
log "STOP SYNC_TASKS - sync=${sync_name}"
|
||||
}
|
||||
|
||||
setup() {
|
||||
# Default return-code (0 == succes)
|
||||
GLOBAL_RC=0
|
||||
|
||||
# Possible error codes
|
||||
readonly E_NOSRVAVAIL=21 # No server is available
|
||||
readonly E_SYNCFAILED=20 # Failed sync task
|
||||
readonly E_DUMPFAILED=10 # Failed dump task
|
||||
|
||||
# explicit PATH
|
||||
PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/sbin:/usr/local/bin
|
||||
|
||||
# System name (linux, openbsd…)
|
||||
: "${SYSTEM:=$(uname | tr '[:upper:]' '[:lower:]')}"
|
||||
|
||||
# Hostname (for logs and notifications)
|
||||
: "${HOSTNAME:=$(hostname)}"
|
||||
|
||||
# Store pid in a file named after this program's name
|
||||
: "${PROGNAME:=$(basename "$0")}"
|
||||
: "${PIDFILE:="/var/run/${PROGNAME}.pid"}"
|
||||
|
||||
# Customize the log path if you want multiple scripts to have separate log files
|
||||
: "${LOGFILE:="/var/log/evobackup.log"}"
|
||||
|
||||
# Canary file to update before executing tasks
|
||||
: "${CANARY_FILE:="/zzz_evobackup_canary"}"
|
||||
|
||||
# Date format for log messages
|
||||
: "${DATE_FORMAT:="%Y-%m-%d %H:%M:%S"}"
|
||||
|
||||
# Should we fallback on other servers when the first one is unreachable?
|
||||
: "${SERVERS_FALLBACK:=1}"
|
||||
# timeout (in seconds) for SSH connections
|
||||
: "${SSH_CONNECT_TIMEOUT:=90}"
|
||||
|
||||
: "${LOCAL_BACKUP_DIR:="/home/backup"}"
|
||||
# shellcheck disable=SC2174
|
||||
mkdir -p -m 700 "${LOCAL_BACKUP_DIR}"
|
||||
|
||||
: "${ERRORS_DIR:="${LOCAL_BACKUP_DIR}/${PROGNAME}.errors-${START_TIME}"}"
|
||||
# shellcheck disable=SC2174
|
||||
mkdir -p -m 700 "${ERRORS_DIR}"
|
||||
|
||||
# Backup directory on remote server
|
||||
: "${REMOTE_BACKUP_DIR:="/var/backup"}"
|
||||
# Log directory in remote server
|
||||
: "${REMOTE_LOG_DIR:="/var/log"}"
|
||||
|
||||
# Email address for notifications
|
||||
: "${MAIL:="root"}"
|
||||
|
||||
# Email subject for notifications
|
||||
: "${MAIL_SUBJECT:="[info] EvoBackup - Client ${HOSTNAME}"}"
|
||||
|
||||
# Enable/disable local tasks (default: enabled)
|
||||
: "${LOCAL_TASKS:=1}"
|
||||
# Enable/disable sync tasks (default: enabled)
|
||||
: "${SYNC_TASKS:=1}"
|
||||
|
||||
# Enable/disable mtree (default: enabled)
|
||||
: "${MTREE_ENABLED:=1}"
|
||||
|
||||
# If "setup_custom" exists and is a function, let's call it
|
||||
setup_custom_type="$(type -t setup_custom)"
|
||||
if [ "${setup_custom_type}" = "function" ]; then
|
||||
setup_custom
|
||||
fi
|
||||
|
||||
## Force umask
|
||||
umask 077
|
||||
|
||||
# Initialize a list of temporary files
|
||||
declare -a TEMP_FILES=()
|
||||
# Any file in this list will be deleted when the program exits
|
||||
trap "cleanup" EXIT
|
||||
}
|
||||
|
||||
|
||||
run_evobackup() {
|
||||
# Start timer
|
||||
START_EPOCH=$(/bin/date +%s)
|
||||
START_TIME=$(/bin/date +"%Y%m%d%H%M%S")
|
||||
|
||||
# Configure variables and environment
|
||||
setup
|
||||
|
||||
log "START GLOBAL - VERSION=${VERSION} LOCAL_TASKS=${LOCAL_TASKS} SYNC_TASKS=${SYNC_TASKS}"
|
||||
|
||||
# /!\ Only one backup processus can run at the sametime /!\
|
||||
# Based on PID file, kill any running process before continuing
|
||||
enforce_single_process "${PIDFILE}"
|
||||
|
||||
# Update canary to keep track of each run
|
||||
update-evobackup-canary --who "${PROGNAME}" --file "${CANARY_FILE}"
|
||||
|
||||
if [ "${LOCAL_TASKS}" = "1" ]; then
|
||||
local_tasks_wrapper
|
||||
fi
|
||||
|
||||
if [ "${SYNC_TASKS}" = "1" ]; then
|
||||
sync_tasks_wrapper
|
||||
fi
|
||||
|
||||
STOP_EPOCH=$(/bin/date +%s)
|
||||
|
||||
case "${SYSTEM}" in
|
||||
*bsd)
|
||||
start_time=$(/bin/date -f "%s" -j "${START_EPOCH}" +"${DATE_FORMAT}")
|
||||
stop_time=$(/bin/date -f "%s" -j "${STOP_EPOCH}" +"${DATE_FORMAT}")
|
||||
;;
|
||||
*)
|
||||
start_time=$(/bin/date --date="@${START_EPOCH}" +"${DATE_FORMAT}")
|
||||
stop_time=$(/bin/date --date="@${STOP_EPOCH}" +"${DATE_FORMAT}")
|
||||
;;
|
||||
esac
|
||||
duration=$(( STOP_EPOCH - START_EPOCH ))
|
||||
|
||||
log "STOP GLOBAL - start='${start_time}' stop='${stop_time}' duration=${duration}s"
|
||||
|
||||
send_mail
|
||||
|
||||
exit ${GLOBAL_RC}
|
||||
}
|
|
@ -1,143 +0,0 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
# Output a message to the log file
|
||||
log() {
|
||||
local msg="${1:-$(cat /dev/stdin)}"
|
||||
local pid=$$
|
||||
|
||||
printf "[%s] %s[%s]: %s\\n" \
|
||||
"$(/bin/date +"${DATE_FORMAT}")" "${PROGNAME}" "${pid}" "${msg}" \
|
||||
>> "${LOGFILE}"
|
||||
}
|
||||
log_error() {
|
||||
local error_msg=${1}
|
||||
local error_file=${2:-""}
|
||||
|
||||
if [ -n "${error_file}" ] && [ -f "${error_file}" ]; then
|
||||
printf "\n### %s\n" "${error_msg}" >&2
|
||||
# shellcheck disable=SC2046
|
||||
if [ $(wc -l "${error_file}" | cut -d " " -f 1) -gt 30 ]; then
|
||||
printf "~~~{%s (tail -30)}\n" "${error_file}" >&2
|
||||
tail -n 30 "${error_file}" >&2
|
||||
else
|
||||
printf "~~~{%s}\n" "${error_file}" >&2
|
||||
cat "${error_file}" >&2
|
||||
fi
|
||||
printf "~~~\n" >&2
|
||||
|
||||
log "${error_msg}, check ${error_file}"
|
||||
else
|
||||
printf "\n### %s\n" "${error_msg}" >&2
|
||||
|
||||
log "${error_msg}"
|
||||
fi
|
||||
|
||||
}
|
||||
add_to_temp_files() {
|
||||
TEMP_FILES+=("${1}")
|
||||
}
|
||||
# Remove all temporary file created during the execution
|
||||
cleanup() {
|
||||
# shellcheck disable=SC2086
|
||||
rm -f "${TEMP_FILES[@]}"
|
||||
find "${ERRORS_DIR}" -type d -empty -delete
|
||||
}
|
||||
enforce_single_process() {
|
||||
local pidfile=$1
|
||||
|
||||
if [ -e "${pidfile}" ]; then
|
||||
pid=$(cat "${pidfile}")
|
||||
# Does process still exist?
|
||||
if kill -0 "${pid}" 2> /dev/null; then
|
||||
# Killing the childs of evobackup.
|
||||
for ppid in $(pgrep -P "${pid}"); do
|
||||
kill -9 "${ppid}";
|
||||
done
|
||||
# Then kill the main PID.
|
||||
kill -9 "${pid}"
|
||||
printf "%s is still running (PID %s). Process has been killed" "$0" "${pid}\\n" >&2
|
||||
else
|
||||
rm -f "${pidfile}"
|
||||
fi
|
||||
fi
|
||||
add_to_temp_files "${pidfile}"
|
||||
|
||||
echo "$$" > "${pidfile}"
|
||||
}
|
||||
|
||||
# Build the error directory (inside ERRORS_DIR) based on the dump directory path
|
||||
errors_dir_from_dump_dir() {
|
||||
local dump_dir=$1
|
||||
local relative_path=$(realpath --relative-to="${LOCAL_BACKUP_DIR}" "${dump_dir}")
|
||||
|
||||
# return absolute path
|
||||
realpath --canonicalize-missing "${ERRORS_DIR}/${relative_path}"
|
||||
}
|
||||
|
||||
# Call test_server with "HOST:PORT" string
|
||||
# It will return with 0 if the server is reachable.
|
||||
# It will return with 1 and a message on stderr if not.
|
||||
test_server() {
|
||||
local item=$1
|
||||
# split HOST and PORT from the input string
|
||||
local host=$(echo "${item}" | cut -d':' -f1)
|
||||
local port=$(echo "${item}" | cut -d':' -f2)
|
||||
|
||||
local new_error
|
||||
|
||||
# Test if the server is accepting connections
|
||||
ssh -q -o "ConnectTimeout ${SSH_CONNECT_TIMEOUT}" "${host}" -p "${port}" -t "exit"
|
||||
# shellcheck disable=SC2181
|
||||
if [ $? = 0 ]; then
|
||||
# SSH connection is OK
|
||||
return 0
|
||||
else
|
||||
# SSH connection failed
|
||||
new_error=$(printf "Failed to connect to \`%s' within %s seconds" "${item}" "${SSH_CONNECT_TIMEOUT}")
|
||||
log "${new_error}"
|
||||
SSH_ERRORS+=("${new_error}")
|
||||
|
||||
return 1
|
||||
fi
|
||||
}
|
||||
|
||||
# Call pick_server with an optional positive integer to get the nth server in the list.
|
||||
pick_server() {
|
||||
local -i increment=${1:-0}
|
||||
local -i list_length=${#SERVERS[@]}
|
||||
local sync_name=${2:""}
|
||||
|
||||
if (( increment >= list_length )); then
|
||||
# We've reached the end of the list
|
||||
new_error="No more server available"
|
||||
new_error="${new_error} for sync '${sync_name}'"
|
||||
log "${new_error}"
|
||||
SSH_ERRORS+=("${new_error}")
|
||||
|
||||
# Log errors to stderr
|
||||
for i in "${!SSH_ERRORS[@]}"; do
|
||||
printf "%s\n" "${SSH_ERRORS[i]}" >&2
|
||||
done
|
||||
|
||||
return 1
|
||||
fi
|
||||
|
||||
# Extract the day of month, without leading 0 (which would give an octal based number)
|
||||
today=$(/bin/date +%e)
|
||||
# A salt is useful to randomize the starting point in the list
|
||||
# but stay identical each time it's called for a server (based on hostname).
|
||||
salt=$(hostname | cksum | cut -d' ' -f1)
|
||||
# Pick an integer between 0 and the length of the SERVERS list
|
||||
# It changes each day
|
||||
n=$(( (today + salt + increment) % list_length ))
|
||||
|
||||
echo "${SERVERS[n]}"
|
||||
}
|
||||
|
||||
send_mail() {
|
||||
tail -20 "${LOGFILE}" | mail -s "${MAIL_SUBJECT}" "${MAIL}"
|
||||
}
|
||||
|
||||
path_to_str() {
|
||||
echo "${1}" | sed -e 's|^/||; s|/$||; s|/|:|g'
|
||||
}
|
|
@ -1,326 +0,0 @@
|
|||
#!/usr/bin/env bash
|
||||
#
|
||||
# Evobackup client
|
||||
# See https://gitea.evolix.org/evolix/evobackup
|
||||
#
|
||||
# This is a generated backup script made by:
|
||||
# command: @COMMAND@
|
||||
# version: @VERSION@
|
||||
# date: @DATE@
|
||||
|
||||
#######################################################################
|
||||
#
|
||||
# You must configure the MAIL variable to receive notifications.
|
||||
#
|
||||
# There is some optional configuration that you can do
|
||||
# at the end of this script.
|
||||
#
|
||||
#######################################################################
|
||||
|
||||
# Email adress for notifications
|
||||
MAIL=__NOTIFICATION_MAIL__
|
||||
|
||||
#######################################################################
|
||||
#
|
||||
# The "sync_tasks" function will be called by the "run_evobackup" function.
|
||||
#
|
||||
# You can customize the variables:
|
||||
# * "SYNC_NAME" (String)
|
||||
# * "SERVERS" (Array of HOST:PORT)
|
||||
# * "RSYNC_INCLUDES" (Array of paths to include)
|
||||
# * "RSYNC_EXCLUDES" (Array of paths to exclude)
|
||||
#
|
||||
# WARNING: remember to single-quote paths if they contain globs (*)
|
||||
# and you want to pass them as-is to Rsync.
|
||||
#
|
||||
# The "sync" function can be called multiple times
|
||||
# with a different set of variables.
|
||||
# That way you can to sync to various destinations.
|
||||
#
|
||||
# Default includes/excludes are defined in the "main" library,
|
||||
# referenced at this end of this file.
|
||||
#
|
||||
#######################################################################
|
||||
|
||||
# shellcheck disable=SC2034
|
||||
sync_tasks() {
|
||||
|
||||
########## System-only backup (to Evolix servers) #################
|
||||
|
||||
SYNC_NAME="evolix-system"
|
||||
SERVERS=(
|
||||
__SRV0_HOST__:__SRV0_PORT__
|
||||
__SRV1_HOST__:__SRV1_PORT__
|
||||
)
|
||||
RSYNC_INCLUDES=(
|
||||
"${rsync_default_includes[@]}"
|
||||
/etc
|
||||
/root
|
||||
/var
|
||||
)
|
||||
RSYNC_EXCLUDES=(
|
||||
"${rsync_default_excludes[@]}"
|
||||
)
|
||||
sync "${SYNC_NAME}" "SERVERS[@]" "RSYNC_INCLUDES[@]" "RSYNC_EXCLUDES[@]"
|
||||
|
||||
|
||||
########## Full backup (to client servers) ########################
|
||||
|
||||
### SYNC_NAME="client-full"
|
||||
### SERVERS=(
|
||||
### client-backup00.evolix.net:2221
|
||||
### client-backup01.evolix.net:2221
|
||||
### )
|
||||
### RSYNC_INCLUDES=(
|
||||
### "${rsync_default_includes[@]}"
|
||||
### /etc
|
||||
### /root
|
||||
### /var
|
||||
### /home
|
||||
### /srv
|
||||
### )
|
||||
### RSYNC_EXCLUDES=(
|
||||
### "${rsync_default_excludes[@]}"
|
||||
### )
|
||||
### sync "${SYNC_NAME}" "SERVERS[@]" "RSYNC_INCLUDES[@]" "RSYNC_EXCLUDES[@]"
|
||||
|
||||
}
|
||||
|
||||
#######################################################################
|
||||
#
|
||||
# The "local_tasks" function will be called by the "run_evobackup" function.
|
||||
#
|
||||
# You can call any available "dump_xxx" function
|
||||
# (usually installed at /usr/local/lib/evobackup/dump-*.sh)
|
||||
#
|
||||
# You can also write some custom functions and call them.
|
||||
# A "dump_custom" example is available further down.
|
||||
#
|
||||
#######################################################################
|
||||
|
||||
local_tasks() {
|
||||
|
||||
########## Server state ###########
|
||||
|
||||
# Run dump-server-state to extract system information
|
||||
#
|
||||
# Options : any dump-server-state supported option
|
||||
# (except --dump-dir that will be overwritten)
|
||||
# See 'dump-server-state -h' for details.
|
||||
#
|
||||
dump_server_state
|
||||
|
||||
########## MySQL ##################
|
||||
|
||||
# Very common strategy for a single instance server with default configuration :
|
||||
#
|
||||
### dump_mysql_global; dump_mysql_grants; dump_mysql_summary
|
||||
#
|
||||
# See below for details regarding dump functions for MySQL/MariaDB
|
||||
|
||||
# Dump all databases in a single compressed file
|
||||
#
|
||||
# Options :
|
||||
# --masterdata (default: <absent>)
|
||||
# --port=[Integer] (default: <blank>)
|
||||
# --socket=[String] (default: <blank>)
|
||||
# --user=[String] (default: <blank>)
|
||||
# --password=[String] (default: <blank>)
|
||||
# --defaults-file=[String] (default: <blank>)
|
||||
# --defaults-extra-file=[String] (default: <blank>)
|
||||
# --defaults-group-suffix=[String] (default: <blank>)
|
||||
# --dump-label=[String] (default: "default")
|
||||
# used as suffix of the dump dir to differenciate multiple instances
|
||||
#
|
||||
### dump_mysql_global
|
||||
|
||||
# Dump each database separately, in a compressed file
|
||||
#
|
||||
# Options :
|
||||
# --port=[Integer] (default: <blank>)
|
||||
# --socket=[String] (default: <blank>)
|
||||
# --user=[String] (default: <blank>)
|
||||
# --password=[String] (default: <blank>)
|
||||
# --defaults-file=[String] (default: <blank>)
|
||||
# --defaults-extra-file=[String] (default: <blank>)
|
||||
# --defaults-group-suffix=[String] (default: <blank>)
|
||||
# --dump-label=[String] (default: "default")
|
||||
# used as suffix of the dump dir to differenciate multiple instances
|
||||
#
|
||||
### dump_mysql_per_base
|
||||
|
||||
# Dump permissions of an instance (using pt-show-grants)
|
||||
#
|
||||
# Options :
|
||||
# --port=[Integer] (default: <blank>)
|
||||
# --socket=[String] (default: <blank>)
|
||||
# --user=[String] (default: <blank>)
|
||||
# --password=[String] (default: <blank>)
|
||||
# --defaults-file=[String] (default: <blank>)
|
||||
# --dump-label=[String] (default: "default")
|
||||
# used as suffix of the dump dir to differenciate multiple instances
|
||||
#
|
||||
# WARNING - unsupported options :
|
||||
# --defaults-extra-file
|
||||
# --defaults-group-suffix
|
||||
# You have to provide credentials manually
|
||||
#
|
||||
### dump_mysql_grants
|
||||
|
||||
# Dump complete summary of an instance (using pt-mysql-summary)
|
||||
#
|
||||
# Options :
|
||||
# --port=[Integer] (default: <blank>)
|
||||
# --socket=[String] (default: <blank>)
|
||||
# --user=[String] (default: <blank>)
|
||||
# --password=[String] (default: <blank>)
|
||||
# --defaults-file=[String] (default: <blank>)
|
||||
# --defaults-extra-file=[String] (default: <blank>)
|
||||
# --defaults-group-suffix=[String] (default: <blank>)
|
||||
# --dump-label=[String] (default: "default")
|
||||
# used as suffix of the dump dir to differenciate multiple instances
|
||||
#
|
||||
### dump_mysql_summary
|
||||
|
||||
# Dump each table in separate schema/data files
|
||||
#
|
||||
# Options :
|
||||
# --port=[Integer] (default: <blank>)
|
||||
# --socket=[String] (default: <blank>)
|
||||
# --user=[String] (default: <blank>)
|
||||
# --password=[String] (default: <blank>)
|
||||
# --defaults-file=[String] (default: <blank>)
|
||||
# --defaults-extra-file=[String] (default: <blank>)
|
||||
# --defaults-group-suffix=[String] (default: <blank>)
|
||||
# --dump-label=[String] (default: "default")
|
||||
# used as suffix of the dump dir to differenciate multiple instances
|
||||
#
|
||||
### dump_mysql_tabs
|
||||
|
||||
########## PostgreSQL #############
|
||||
|
||||
# Dump all databases in a single file (compressed or not)
|
||||
#
|
||||
### dump_postgresql_global
|
||||
|
||||
# Dump a specific databse with only some tables, or all but some tables (must be configured)
|
||||
#
|
||||
### dump_postgresql_filtered
|
||||
|
||||
# Dump each database separately, in a compressed file
|
||||
#
|
||||
### dump_postgresql_per_base
|
||||
|
||||
########## MongoDB ################
|
||||
|
||||
### dump_mongodb [--user=foo] [--password=123456789]
|
||||
|
||||
########## Redis ##################
|
||||
|
||||
# Copy data file for all instances
|
||||
#
|
||||
### dump_redis [--instances=<all|instance1|instance2>]
|
||||
|
||||
########## Elasticsearch ##########
|
||||
|
||||
# Snapshot data for a single-node cluster
|
||||
#
|
||||
### dump_elasticsearch_snapshot_singlenode [--protocol=http] [--host=localhost] [--port=9200] [--user=foo] [--password=123456789] [--repository=snaprepo] [--snapshot=snapshot.daily]
|
||||
|
||||
# Snapshot data for a multi-node cluster
|
||||
#
|
||||
### dump_elasticsearch_snapshot_multinode [--protocol=http] [--host=localhost] [--port=9200] [--user=foo] [--password=123456789] [--repository=snaprepo] [--snapshot=snapshot.daily] [--nfs-server=192.168.2.1]
|
||||
|
||||
########## RabbitMQ ###############
|
||||
|
||||
### dump_rabbitmq
|
||||
|
||||
########## MegaCli ################
|
||||
|
||||
# Copy RAID config
|
||||
#
|
||||
### dump_megacli_config
|
||||
|
||||
# Dump file access control lists
|
||||
#
|
||||
### dump_facl
|
||||
|
||||
########## OpenLDAP ###############
|
||||
|
||||
### dump_ldap
|
||||
|
||||
########## Network ################
|
||||
|
||||
# Dump network routes with mtr and traceroute (warning: could be long with aggressive firewalls)
|
||||
#
|
||||
### dump_traceroute --targets=host_or_ip[,host_or_ip]
|
||||
dump_traceroute --targets=8.8.8.8,www.evolix.fr,travaux.evolix.net
|
||||
|
||||
# No-op, in case nothing is enabled
|
||||
:
|
||||
}
|
||||
|
||||
# This is an example for a custom dump function
|
||||
# Uncomment, customize and call it from the "local_tasks" function
|
||||
### dump_custom() {
|
||||
### # Set dump and errors directories and files
|
||||
### local dump_dir="${LOCAL_BACKUP_DIR}/custom"
|
||||
### local dump_file="${dump_dir}/dump.gz"
|
||||
### local errors_dir=$(errors_dir_from_dump_dir "${dump_dir}")
|
||||
### local error_file="${errors_dir}/dump.err"
|
||||
###
|
||||
### # Reset dump and errors directories
|
||||
### rm -rf "${dump_dir}" "${errors_dir}"
|
||||
### # shellcheck disable=SC2174
|
||||
### mkdir -p -m 700 "${dump_dir}" "${errors_dir}"
|
||||
###
|
||||
### # Log the start of the function
|
||||
### log "LOCAL_TASKS - ${FUNCNAME[0]}: start ${dump_file}"
|
||||
###
|
||||
### # Prepare the dump command (errors go to the error file and the data to the dump file)
|
||||
### dump_cmd="my-dump-command 2> ${error_file} > ${dump_file}"
|
||||
### log "LOCAL_TASKS - ${FUNCNAME[0]}: ${dump_cmd}"
|
||||
###
|
||||
### # Execute the dump command
|
||||
### ${dump_cmd}
|
||||
###
|
||||
### # Check result and deal with potential errors
|
||||
### local last_rc=$?
|
||||
### # shellcheck disable=SC2086
|
||||
### if [ ${last_rc} -ne 0 ]; then
|
||||
### log_error "LOCAL_TASKS - ${FUNCNAME[0]}: my-dump-command to ${dump_file} returned an error ${last_rc}" "${error_file}"
|
||||
### GLOBAL_RC=${E_DUMPFAILED}
|
||||
### else
|
||||
### rm -f "${error_file}"
|
||||
### fi
|
||||
###
|
||||
### # Log the end of the function
|
||||
### log "LOCAL_TASKS - ${FUNCNAME[0]}: stop ${dump_file}"
|
||||
### }
|
||||
|
||||
########## Optional configuration #####################################
|
||||
|
||||
setup_custom() {
|
||||
# System name ("linux" and "openbsd" currently supported)
|
||||
### SYSTEM="$(uname)"
|
||||
|
||||
# Host name for logs and notifications
|
||||
### HOSTNAME="$(hostname)"
|
||||
|
||||
# Email subject for notifications
|
||||
### MAIL_SUBJECT="[info] EvoBackup - Client ${HOSTNAME}"
|
||||
|
||||
# No-op in case nothing is executed
|
||||
:
|
||||
}
|
||||
|
||||
########## Libraries ##################################################
|
||||
|
||||
# Change this to wherever you install the libraries
|
||||
LIBDIR="/usr/local/lib/evobackup"
|
||||
|
||||
source "${LIBDIR}/main.sh"
|
||||
|
||||
########## Let's go! ##################################################
|
||||
|
||||
run_evobackup
|
|
@ -1,50 +0,0 @@
|
|||
---
|
||||
|
||||
- name: Dependencies are present
|
||||
ansible.builtin.apt:
|
||||
name:
|
||||
- rsync
|
||||
- mtree-netbsd
|
||||
state: present
|
||||
|
||||
- name: "Remount /usr if needed"
|
||||
include_role:
|
||||
name: remount-usr
|
||||
when: evobackup_client__lib_dir is search("/usr") or evobackup_client__bin_dir is search("/usr")
|
||||
|
||||
- name: copy evobackup libs
|
||||
ansible.builtin.copy:
|
||||
src: upstream/lib
|
||||
dest: "{{ evobackup_client__lib_dir }}/"
|
||||
force: True
|
||||
mode: "0644"
|
||||
owner: root
|
||||
group: root
|
||||
|
||||
- name: copy evobackupctl script
|
||||
ansible.builtin.copy:
|
||||
src: upstream/bin/evobackupctl
|
||||
dest: "{{ evobackup_client__bin_dir }}/evobackupctl"
|
||||
force: True
|
||||
mode: "0755"
|
||||
owner: root
|
||||
group: root
|
||||
|
||||
- name: LIBDIR is customized in evobackupctl
|
||||
ansible.builtin.replace:
|
||||
path: "{{ evobackup_client__bin_dir }}/evobackupctl"
|
||||
regexp: "^LIBDIR=.+"
|
||||
replace: "LIBDIR=\"{{ evobackup_client__lib_dir }}\""
|
||||
|
||||
- name: Evobackup canary cron is present
|
||||
ansible.builtin.template:
|
||||
src: update-evobackup-canary.sh.j2
|
||||
dest: "{{ evobackup_client__update_canary_path }}"
|
||||
mode: "0700"
|
||||
when: evobackup_client__update_canary_enable | bool
|
||||
|
||||
- name: Evobackup canary cron is absent
|
||||
ansible.builtin.file:
|
||||
path: "{{ evobackup_client__update_canary_path }}"
|
||||
state: absent
|
||||
when: not ( evobackup_client__update_canary_enable | bool)
|
|
@ -1,31 +1,26 @@
|
|||
---
|
||||
|
||||
- name: Install evobackup client components
|
||||
ansible.builtin.include: "install.yml"
|
||||
- ansible.builtin.include: "ssh_key.yml"
|
||||
tags:
|
||||
- evobackup_client
|
||||
- evobackup_client_backup_ssh_key
|
||||
|
||||
### This is commented because supposedly non-functionnal
|
||||
- ansible.builtin.include: "jail.yml"
|
||||
tags:
|
||||
- evobackup_client
|
||||
- evobackup_client_jail
|
||||
|
||||
# - ansible.builtin.include: "ssh_key.yml"
|
||||
# tags:
|
||||
# - evobackup_client
|
||||
# - evobackup_client_backup_ssh_key
|
||||
- ansible.builtin.include: "upload_scripts.yml"
|
||||
tags:
|
||||
- evobackup_client
|
||||
- evobackup_client_backup_scripts
|
||||
|
||||
# - ansible.builtin.include: "jail.yml"
|
||||
# tags:
|
||||
# - evobackup_client
|
||||
# - evobackup_client_jail
|
||||
- ansible.builtin.include: "open_ssh_ports.yml"
|
||||
tags:
|
||||
- evobackup_client
|
||||
- evobackup_client_backup_firewall
|
||||
|
||||
# - ansible.builtin.include: "upload_scripts.yml"
|
||||
# tags:
|
||||
# - evobackup_client
|
||||
# - evobackup_client_backup_scripts
|
||||
|
||||
# - ansible.builtin.include: "open_ssh_ports.yml"
|
||||
# tags:
|
||||
# - evobackup_client
|
||||
# - evobackup_client_backup_firewall
|
||||
|
||||
# - ansible.builtin.include: "verify_ssh.yml"
|
||||
# tags:
|
||||
# - evobackup_client
|
||||
# - evobackup_client_backup_hosts
|
||||
- ansible.builtin.include: "verify_ssh.yml"
|
||||
tags:
|
||||
- evobackup_client
|
||||
- evobackup_client_backup_hosts
|
||||
|
|
|
@ -1,3 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
update-evobackup-canary --who {{ evobackup_client__update_canary_who | mandatory }}
|
305
evobackup-client/templates/zzz_evobackup.default.sh.j2
Normal file
305
evobackup-client/templates/zzz_evobackup.default.sh.j2
Normal file
|
@ -0,0 +1,305 @@
|
|||
#!/bin/sh
|
||||
# Careful, the zzz_evobackup template was last updated on 2020/06/08
|
||||
#
|
||||
# Script Evobackup client
|
||||
# See https://gitea.evolix.org/evolix/evobackup
|
||||
#
|
||||
# Author: Gregory Colpart <reg@evolix.fr>
|
||||
# Contributors:
|
||||
# Romain Dessort <rdessort@evolix.fr>
|
||||
# Benoît Série <bserie@evolix.fr>
|
||||
# Tristan Pilat <tpilat@evolix.fr>
|
||||
# Victor Laborie <vlaborie@evolix.fr>
|
||||
# Jérémy Lecour <jlecour@evolix.fr>
|
||||
#
|
||||
# Licence: AGPLv3
|
||||
#
|
||||
# /!\ DON'T FORGET TO SET "MAIL" and "SERVERS" VARIABLES
|
||||
|
||||
# Fail on unassigned variables
|
||||
set -u
|
||||
|
||||
##### Configuration ###################################################
|
||||
|
||||
# email adress for notifications
|
||||
MAIL={{ evobackup_client__mail }}
|
||||
|
||||
# list of hosts (hostname or IP) and SSH port for Rsync
|
||||
SERVERS="{% for host in evobackup_client__hosts %}{{ host.name }}:{{ host.port }}{% if loop.index != loop.length %} {% endif %}{% endfor %}"
|
||||
|
||||
# Should we fallback on servers when the first is unreachable ?
|
||||
SERVERS_FALLBACK={{ evobackup_client__servers_fallback }}
|
||||
|
||||
# timeout (in seconds) for SSH connections
|
||||
SSH_CONNECT_TIMEOUT=${SSH_CONNECT_TIMEOUT:-30}
|
||||
|
||||
## We use /home/backup : feel free to use your own dir
|
||||
LOCAL_BACKUP_DIR="{{ evobackup_client__backup_path }}"
|
||||
|
||||
# You can set "linux" or "bsd" manually or let it choose automatically
|
||||
SYSTEM=$(uname | tr '[:upper:]' '[:lower:]')
|
||||
|
||||
# Change these 2 variables if you have more than one backup cron
|
||||
PIDFILE="{{ evobackup_client__pid_path }}"
|
||||
LOGFILE="{{ evobackup_client__log_path }}"
|
||||
|
||||
## Enable/Disable tasks
|
||||
LOCAL_TASKS=${LOCAL_TASKS:-1}
|
||||
SYNC_TASKS=${SYNC_TASKS:-1}
|
||||
|
||||
##### SETUP AND FUNCTIONS #############################################
|
||||
|
||||
BEGINNING=$(/bin/date +"%d-%m-%Y ; %H:%M")
|
||||
|
||||
# shellcheck disable=SC2174
|
||||
mkdir -p -m 700 ${LOCAL_BACKUP_DIR}
|
||||
|
||||
PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/sbin:/usr/local/bin
|
||||
|
||||
## lang = C for english outputs
|
||||
export LANGUAGE=C
|
||||
export LANG=C
|
||||
|
||||
## Force umask
|
||||
umask 077
|
||||
|
||||
## Initialize variable to store SSH connection errors
|
||||
SERVERS_SSH_ERRORS=""
|
||||
|
||||
# Call test_server with "HOST:PORT" string
|
||||
# It will return with 0 if the server is reachable.
|
||||
# It will return with 1 and a message on stderr if not.
|
||||
test_server() {
|
||||
item=$1
|
||||
# split HOST and PORT from the input string
|
||||
host=$(echo "${item}" | cut -d':' -f1)
|
||||
port=$(echo "${item}" | cut -d':' -f2)
|
||||
|
||||
# Test if the server is accepting connections
|
||||
ssh -q -o "ConnectTimeout ${SSH_CONNECT_TIMEOUT}" -i {{ evobackup_client__root_key_path }} "${host}" -p "${port}" -t "exit"
|
||||
# shellcheck disable=SC2181
|
||||
if [ $? = 0 ]; then
|
||||
# SSH connection is OK
|
||||
return 0
|
||||
else
|
||||
# SSH connection failed
|
||||
new_error=$(printf "Failed to connect to \`%s' within %s seconds" "${item}" "${SSH_CONNECT_TIMEOUT}")
|
||||
SERVERS_SSH_ERRORS=$(printf "%s\\n%s" "${SERVERS_SSH_ERRORS}" "${new_error}" | sed -e '/^$/d')
|
||||
|
||||
return 1
|
||||
fi
|
||||
}
|
||||
# Call pick_server with an optional positive integer to get the nth server in the list.
|
||||
pick_server() {
|
||||
increment=${1:-0}
|
||||
list_length=$(echo "${SERVERS}" | wc -w)
|
||||
|
||||
if [ "${increment}" -ge "${list_length}" ]; then
|
||||
# We've reached the end of the list
|
||||
new_error="No more server available"
|
||||
SERVERS_SSH_ERRORS=$(printf "%s\\n%s" "${SERVERS_SSH_ERRORS}" "${new_error}" | sed -e '/^$/d')
|
||||
|
||||
# Log errors to stderr
|
||||
printf "%s\\n" "${SERVERS_SSH_ERRORS}" >&2
|
||||
# Log errors to logfile
|
||||
printf "%s\\n" "${SERVERS_SSH_ERRORS}" >> $LOGFILE
|
||||
return 1
|
||||
fi
|
||||
|
||||
# Extract the day of month, without leading 0 (which would give an octal based number)
|
||||
today=$(date +%e)
|
||||
# A salt is useful to randomize the starting point in the list
|
||||
# but stay identical each time it's called for a server (based on hostname).
|
||||
salt=$(hostname | cksum | cut -d' ' -f1)
|
||||
# Pick an integer between 0 and the length of the SERVERS list
|
||||
# It changes each day
|
||||
item=$(( (today + salt + increment) % list_length ))
|
||||
# cut starts counting fields at 1, not 0.
|
||||
field=$(( item + 1 ))
|
||||
|
||||
echo "${SERVERS}" | cut -d' ' -f${field}
|
||||
}
|
||||
|
||||
## Verify other evobackup process and kill if needed
|
||||
if [ -e "${PIDFILE}" ]; then
|
||||
pid=$(cat "${PIDFILE}")
|
||||
# Does process still exist ?
|
||||
if kill -0 "${pid}" 2>/dev/null; then
|
||||
# Killing the childs of evobackup.
|
||||
for ppid in $(pgrep -P "${pid}"); do
|
||||
kill -9 "${ppid}";
|
||||
done
|
||||
# Then kill the main PID.
|
||||
kill -9 "${pid}"
|
||||
printf "%s is still running (PID %s). Process has been killed" "$0" "${pid}\\n" >&2
|
||||
else
|
||||
rm -f ${PIDFILE}
|
||||
fi
|
||||
fi
|
||||
echo "$$" > ${PIDFILE}
|
||||
# shellcheck disable=SC2064
|
||||
trap "rm -f ${PIDFILE}" EXIT
|
||||
|
||||
|
||||
##### LOCAL BACKUP ####################################################
|
||||
|
||||
if [ "${LOCAL_TASKS}" = "1" ]; then
|
||||
## Dump system and kernel versions
|
||||
uname -a > ${LOCAL_BACKUP_DIR}/uname
|
||||
|
||||
## Dump network routes with mtr and traceroute (warning: could be long with aggressive firewalls)
|
||||
for addr in 8.8.8.8 www.evolix.fr travaux.evolix.net; do
|
||||
mtr -r ${addr} > ${LOCAL_BACKUP_DIR}/mtr-${addr}
|
||||
traceroute -n ${addr} > ${LOCAL_BACKUP_DIR}/traceroute-${addr} 2>&1
|
||||
done
|
||||
|
||||
## Dump process with ps
|
||||
ps auwwx >${LOCAL_BACKUP_DIR}/ps.out
|
||||
|
||||
if [ "${SYSTEM}" = "linux" ]; then
|
||||
## Dump network connections with ss
|
||||
ss -taupen > ${LOCAL_BACKUP_DIR}/netstat.out
|
||||
|
||||
## List Debian packages
|
||||
dpkg -l > ${LOCAL_BACKUP_DIR}/packages
|
||||
dpkg --get-selections > ${LOCAL_BACKUP_DIR}/packages.getselections
|
||||
apt-cache dumpavail > ${LOCAL_BACKUP_DIR}/packages.available
|
||||
|
||||
## Dump MBR / table partitions
|
||||
disks=$(lsblk -l | grep disk | grep -v -E '(drbd|fd[0-9]+)' | awk '{print $1}')
|
||||
for disk in ${disks}; do
|
||||
dd if="/dev/${disk}" of="${LOCAL_BACKUP_DIR}/MBR-${disk}" bs=512 count=1 2>&1 | grep -Ev "(records in|records out|512 bytes)"
|
||||
fdisk -l "/dev/${disk}" > "${LOCAL_BACKUP_DIR}/partitions-${disk}" 2>&1
|
||||
done
|
||||
cat ${LOCAL_BACKUP_DIR}/partitions-* > ${LOCAL_BACKUP_DIR}/partitions
|
||||
|
||||
## Dump iptables
|
||||
if [ -x /sbin/iptables ]; then
|
||||
{ /sbin/iptables -L -n -v; /sbin/iptables -t filter -L -n -v; } > ${LOCAL_BACKUP_DIR}/iptables.txt
|
||||
fi
|
||||
|
||||
## Dump findmnt(8) output
|
||||
FINDMNT_BIN=$(command -v findmnt)
|
||||
if [ -x "${FINDMNT_BIN}" ]; then
|
||||
${FINDMNT_BIN} > ${LOCAL_BACKUP_DIR}/findmnt.txt
|
||||
fi
|
||||
else
|
||||
## Dump network connections with netstat
|
||||
netstat -finet -atn > ${LOCAL_BACKUP_DIR}/netstat.out
|
||||
|
||||
## List OpenBSD packages
|
||||
pkg_info -m > ${LOCAL_BACKUP_DIR}/packages
|
||||
|
||||
## Dump MBR / table partitions
|
||||
disklabel sd0 > ${LOCAL_BACKUP_DIR}/partitions
|
||||
|
||||
## Dump pf infos
|
||||
pfctl -sa > ${LOCAL_BACKUP_DIR}/pfctl-sa.txt
|
||||
|
||||
fi
|
||||
|
||||
## Dump rights
|
||||
#getfacl -R /var > ${LOCAL_BACKUP_DIR}/rights-var.txt
|
||||
#getfacl -R /etc > ${LOCAL_BACKUP_DIR}/rights-etc.txt
|
||||
#getfacl -R /usr > ${LOCAL_BACKUP_DIR}/rights-usr.txt
|
||||
#getfacl -R /home > ${LOCAL_BACKUP_DIR}/rights-home.txt
|
||||
|
||||
fi
|
||||
|
||||
##### REMOTE BACKUP ###################################################
|
||||
|
||||
n=0
|
||||
server=""
|
||||
if [ "${SERVERS_FALLBACK}" = "1" ]; then
|
||||
# We try to find a suitable server
|
||||
while :; do
|
||||
server=$(pick_server "${n}")
|
||||
test $? = 0 || exit 2
|
||||
|
||||
if test_server "${server}"; then
|
||||
break
|
||||
else
|
||||
server=""
|
||||
n=$(( n + 1 ))
|
||||
fi
|
||||
done
|
||||
else
|
||||
# we force the server
|
||||
server=$(pick_server "${n}")
|
||||
fi
|
||||
|
||||
SSH_SERVER=$(echo "${server}" | cut -d':' -f1)
|
||||
SSH_PORT=$(echo "${server}" | cut -d':' -f2)
|
||||
|
||||
HOSTNAME=$(hostname)
|
||||
|
||||
if [ "${SYSTEM}" = "linux" ]; then
|
||||
rep="/bin /boot /lib /opt /sbin /usr /srv"
|
||||
else
|
||||
rep="/bsd /bin /sbin /usr"
|
||||
fi
|
||||
|
||||
|
||||
if [ "${SYNC_TASKS}" = "1" ]; then
|
||||
# /!\ DO NOT USE COMMENTS in the rsync command /!\
|
||||
# It breaks the command and destroys data, simply remove (or add) lines.
|
||||
|
||||
# Remote shell command
|
||||
RSH_COMMAND="ssh -i {{ evobackup_client__root_key_path }} -p ${SSH_PORT} -o 'ConnectTimeout ${SSH_CONNECT_TIMEOUT}'"
|
||||
|
||||
# ignore check because we want it to split the different arguments to $rep
|
||||
# shellcheck disable=SC2086
|
||||
rsync -avzh --stats --delete --delete-excluded --force --ignore-errors --partial \
|
||||
--exclude "lost+found" \
|
||||
--exclude ".nfs.*" \
|
||||
--exclude "/var/log" \
|
||||
--exclude "/var/log/evobackup*" \
|
||||
--exclude "/var/lib/mysql" \
|
||||
--exclude "/var/lib/postgres" \
|
||||
--exclude "/var/lib/postgresql" \
|
||||
--exclude "/var/lib/sympa" \
|
||||
--exclude "/var/lib/metche" \
|
||||
--exclude "/var/run" \
|
||||
--exclude "/var/lock" \
|
||||
--exclude "/var/state" \
|
||||
--exclude "/var/apt" \
|
||||
--exclude "/var/cache" \
|
||||
--exclude "/usr/src" \
|
||||
--exclude "/usr/doc" \
|
||||
--exclude "/usr/share/doc" \
|
||||
--exclude "/usr/obj" \
|
||||
--exclude "dev" \
|
||||
--exclude "/var/spool/postfix" \
|
||||
--exclude "/var/lib/amavis/amavisd.sock" \
|
||||
--exclude "/var/lib/munin/*tmp*" \
|
||||
--exclude "/var/lib/php5" \
|
||||
--exclude "/var/spool/squid" \
|
||||
--exclude "/var/lib/elasticsearch" \
|
||||
--exclude "/var/lib/amavis/tmp" \
|
||||
--exclude "/var/lib/clamav/*.tmp" \
|
||||
--exclude "/home/mysqltmp" \
|
||||
--exclude "/var/lib/php/sessions" \
|
||||
${rep} \
|
||||
/etc \
|
||||
/root \
|
||||
/var \
|
||||
-e "${RSH_COMMAND}" \
|
||||
"root@${SSH_SERVER}:/var/backup/" \
|
||||
| tail -30 >> $LOGFILE
|
||||
fi
|
||||
|
||||
##### REPORTING #######################################################
|
||||
|
||||
END=$(/bin/date +"%d-%m-%Y ; %H:%M")
|
||||
|
||||
printf "EvoBackup - %s - START %s ON %s (LOCAL_TASKS=%s SYNC_TASKS=%s)\\n" \
|
||||
"${HOSTNAME}" "${BEGINNING}" "${SSH_SERVER}" "${LOCAL_TASKS}" "${SYNC_TASKS}" \
|
||||
>> $LOGFILE
|
||||
|
||||
printf "EvoBackup - %s - STOP %s ON %s (LOCAL_TASKS=%s SYNC_TASKS=%s)\\n" \
|
||||
"${HOSTNAME}" "${END}" "${SSH_SERVER}" "${LOCAL_TASKS}" "${SYNC_TASKS}" \
|
||||
>> $LOGFILE
|
||||
|
||||
tail -10 $LOGFILE | \
|
||||
mail -s "[info] EvoBackup - Client ${HOSTNAME}" \
|
||||
${MAIL}
|
|
@ -64,19 +64,12 @@
|
|||
when: evolinux_logs_default_dateext | bool
|
||||
|
||||
# Logcheck
|
||||
- name: Check if journald.logfiles exists
|
||||
stat:
|
||||
path: /etc/logcheck/logcheck.logfiles.d/journal.logfiles
|
||||
register: _logcheck_journald_logfiles
|
||||
|
||||
- name: Disable logcheck monitoring of journald
|
||||
ansible.builtin.lineinfile:
|
||||
dest: /etc/logcheck/logcheck.logfiles.d/journal.logfiles
|
||||
dest: /etc/logrotate.conf
|
||||
line: "#journal"
|
||||
regexp: "^journal"
|
||||
when:
|
||||
- _logcheck_journald_logfiles.stat.exists
|
||||
- evolinux_logs_disable_logcheck_journald | bool
|
||||
when: evolinux_logs_disable_logcheck_journald | bool
|
||||
|
||||
# Journald
|
||||
- name: /etc/systemd/journald.conf.d/ is present
|
||||
|
|
|
@ -35,6 +35,5 @@ haproxy_deny_ips: []
|
|||
haproxy_backports_packages_stretch: haproxy libssl1.0.0
|
||||
haproxy_backports_packages_buster: haproxy
|
||||
haproxy_backports_packages_bullseye: haproxy
|
||||
haproxy_backports_packages_bookworm: haproxy
|
||||
|
||||
haproxy_allow_ip_nonlocal_bind: Null
|
||||
haproxy_allow_ip_nonlocal_bind: Null
|
|
@ -21,6 +21,7 @@
|
|||
- name: Self-signed certificate is present in HAProxy ssl directory
|
||||
ansible.builtin.shell:
|
||||
cmd: "cat /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/ssl/private/ssl-cert-snakeoil.key > /etc/haproxy/ssl/ssl-cert-snakeoil.pem"
|
||||
args:
|
||||
creates: /etc/haproxy/ssl/ssl-cert-snakeoil.pem
|
||||
notify: reload haproxy
|
||||
tags:
|
||||
|
|
|
@ -19,10 +19,6 @@
|
|||
haproxy_backports_packages: "{{ haproxy_backports_packages_bullseye }}"
|
||||
when: ansible_distribution_release == 'bullseye'
|
||||
|
||||
- ansible.builtin.set_fact:
|
||||
haproxy_backports_packages: "{{ haproxy_backports_packages_bookworm }}"
|
||||
when: ansible_distribution_release == 'bookworm'
|
||||
|
||||
- name: Prefer HAProxy package from backports
|
||||
ansible.builtin.template:
|
||||
src: haproxy_apt_preferences.j2
|
||||
|
|
|
@ -74,7 +74,7 @@
|
|||
|
||||
#######################################################################
|
||||
|
||||
- name: Fail if minifirewall_main_file is defined (modern mode)
|
||||
- name: Fail if minifirewall_main_file is defined (legacy mode)
|
||||
ansible.builtin.fail:
|
||||
msg: "Variable minifirewall_main_file is deprecated and not configurable anymore."
|
||||
when:
|
||||
|
@ -179,4 +179,4 @@
|
|||
- always
|
||||
when:
|
||||
- minifirewall_install_mode != 'legacy'
|
||||
- minifirewall_restart_force | bool
|
||||
- minifirewall_restart_force | bool
|
|
@ -1,224 +0,0 @@
|
|||
#!/bin/bash
|
||||
# -*- sh -*-
|
||||
|
||||
: << =cut
|
||||
|
||||
=head1 NAME
|
||||
|
||||
ipmi_ - Plugin to monitor temperature, fan speed, watts or volts using IPMI
|
||||
|
||||
=head1 CONFIGURATION
|
||||
|
||||
=head2 ENVIRONMENT VARIABLES
|
||||
|
||||
This plugin does not use environment variables
|
||||
|
||||
=head2 WILDCARD PLUGIN
|
||||
|
||||
This plugin should be linked as ipmi_temp, ipmi_fans, ipmi_power or ipmi_volts,
|
||||
and will show either temperatures, fan speeds, watts or volts based on its link
|
||||
name.
|
||||
|
||||
=head1 NOTE
|
||||
|
||||
WARNING: Munin has a 10 second default timeout on plugins. On some
|
||||
hosts ipmitool takes longer than that to probe all your hardware. In
|
||||
this case this plugin us unusable.
|
||||
|
||||
=head1 AUTHOR
|
||||
|
||||
Nicolai Langfeldt <janl@linpro.no>
|
||||
|
||||
Modified by Mathieu Gauthier-Pilote <mgauthier@evolix.ca> from Evolix to return amp values as well (2024/04).
|
||||
|
||||
=head1 LICENSE
|
||||
|
||||
Donated to the public domain by Nicolai Langfeldt (janl@linpro.no)
|
||||
|
||||
=head1 MAGIC MARKERS
|
||||
|
||||
#%# family=auto
|
||||
#%# capabilities=autoconf suggest
|
||||
|
||||
=cut
|
||||
|
||||
#### Parse commandline to determine what the job is
|
||||
|
||||
CONFIG=no
|
||||
|
||||
case $1 in
|
||||
autoconf)
|
||||
type -p ipmitool &>/dev/null ||
|
||||
{ echo 'no (missing ipmitool command)' && exit 0; }
|
||||
|
||||
ipmitool sensor &>/dev/null ||
|
||||
{ echo 'no (unable to access IPMI device)' && exit 0; }
|
||||
|
||||
echo yes
|
||||
exit 0
|
||||
;;
|
||||
suggest) echo fans
|
||||
echo temp
|
||||
echo power
|
||||
echo volts
|
||||
echo amp
|
||||
exit 0;;
|
||||
config) CONFIG=config;;
|
||||
esac
|
||||
|
||||
case $0 in
|
||||
*_temp) MEASURE=temp;;
|
||||
*_fans) MEASURE=fans;;
|
||||
*_power) MEASURE=power;;
|
||||
*_volts) MEASURE=volts;;
|
||||
*_amp) MEASURE=amp;;
|
||||
*) echo "Please invoke as ipmi_temp, ipmi_fans, ipmi_power ipmi_volts or ipmi_amp" >&2
|
||||
exit 1;;
|
||||
esac
|
||||
|
||||
export CONFIG MEASURE
|
||||
|
||||
#### Work is done in this awk script
|
||||
|
||||
ipmitool sensor | gawk -F'|' '
|
||||
BEGIN {
|
||||
FANS = "";
|
||||
TEMPS = "";
|
||||
POWER = "";
|
||||
VOLTS = "";
|
||||
AMP = "";
|
||||
CFANS = "graph_title Fan speeds based on IPMI\ngraph_vlabel RPM or %\ngraph_category Sensors\n";
|
||||
CTEMPS = "graph_title Machine temperature based on IPMI\ngraph_vlabel Degrees celcius\ngraph_category Sensors\n";
|
||||
CPOWER = "graph_title Power usage based on IPMI\ngraph_vlabel W\ngraph_category Sensors\n";
|
||||
CVOLTS = "graph_title Volts based on IPMI\ngraph_vlabel V\ngraph_category Sensors\n";
|
||||
CAMP = "graph_title Amps based on IPMI\ngraph_vlabel A\ngraph_category Sensors\n";
|
||||
}
|
||||
|
||||
# Remove extraneous spaces to make output prettyer
|
||||
{ gsub(/\t/," "); gsub(/ +/," "); gsub(/ +\|/,"|"); gsub(/\| +/,"|") }
|
||||
|
||||
# Skip lines with 0x0 in first column
|
||||
/^[^|]+\|0x0\|/ { next; };
|
||||
|
||||
# Skip lines with na in first column
|
||||
/^[^|]+\|na\|/ { next; };
|
||||
|
||||
# Parse temperatures
|
||||
/degrees C/ {
|
||||
NAME=THING=$1;
|
||||
gsub(/[^A-Za-z0-9]/,"",NAME);
|
||||
TEMP=$2;
|
||||
|
||||
# Find unique name
|
||||
while (NAMES[NAME] >= 1) {
|
||||
NAME=sprintf("%si",NAME);
|
||||
}
|
||||
NAMES[NAME]=1;
|
||||
|
||||
WARN=$8;
|
||||
CRIT=$9;
|
||||
|
||||
TEMPS = sprintf("%s%s.value %s\n",TEMPS,NAME,TEMP);
|
||||
CTEMPS = sprintf("%s%s.label %s\n",CTEMPS,NAME,THING);
|
||||
|
||||
if (CRIT !~ /na/) {
|
||||
CTEMPS = sprintf("%s%s.critical 0:%s\n",CTEMPS,NAME,CRIT);
|
||||
}
|
||||
|
||||
if (WARN !~ /na/) {
|
||||
CTEMPS = sprintf("%s%s.warning 0:%s\n",CTEMPS,NAME,WARN);
|
||||
}
|
||||
}
|
||||
|
||||
/(RPM|^Fan.*percent)/ {
|
||||
NAME=THING=$1;
|
||||
gsub(/[^A-Za-z0-9]/,"",NAME);
|
||||
SPEED=$2;
|
||||
|
||||
# Find unique name
|
||||
while (NAMES[NAME] >= 1) {
|
||||
NAME=sprintf("%si",NAME);
|
||||
}
|
||||
NAMES[NAME]=1;
|
||||
|
||||
FANS = sprintf("%s%s.value %s\n",FANS,NAME,SPEED);
|
||||
CFANS = sprintf("%s%s.label %s\n",CFANS,NAME,THING);
|
||||
|
||||
OK=$4;
|
||||
|
||||
MIN=$6;
|
||||
if (MIN !~ /na/) {
|
||||
CFANS = sprintf("%s%s.warning %s:\n",CFANS,NAME,MIN);
|
||||
}
|
||||
}
|
||||
|
||||
/Watts/ {
|
||||
NAME=THING=$1;
|
||||
gsub(/[^A-Za-z0-9]/,"",NAME);
|
||||
WATTS=$2;
|
||||
|
||||
# Find unique name
|
||||
while (NAMES[NAME] >= 1) {
|
||||
NAME=sprintf("%si",NAME);
|
||||
}
|
||||
NAMES[NAME]=1;
|
||||
|
||||
POWER = sprintf("%s%s.value %s\n",POWER,NAME,WATTS);
|
||||
CPOWER = sprintf("%s%s.label %s\n",CPOWER,NAME,THING);
|
||||
}
|
||||
|
||||
/Volts/ {
|
||||
NAME=THING=$1
|
||||
gsub(/[^A-Za-z0-9]/,"",NAME);
|
||||
VOLTS_SENSOR=$2;
|
||||
|
||||
# Find unique name
|
||||
while (NAMES[NAME] >= 1) {
|
||||
NAME=sprintf("%si",NAME);
|
||||
}
|
||||
NAMES[NAME]=1;
|
||||
|
||||
VOLTS = sprintf("%s%s.value %s\n",VOLTS,NAME,VOLTS_SENSOR);
|
||||
CVOLTS = sprintf("%s%s.label %s\n",CVOLTS,NAME,THING);
|
||||
}
|
||||
|
||||
/Amps/ {
|
||||
NAME=THING=$1
|
||||
gsub(/[^A-Za-z0-9]/,"",NAME);
|
||||
AMPS=$2;
|
||||
|
||||
# Find unique name
|
||||
while (NAMES[NAME] >= 1) {
|
||||
NAME=sprintf("%si",NAME);
|
||||
}
|
||||
NAMES[NAME]=1;
|
||||
|
||||
AMP = sprintf("%s%s.value %s\n",AMP,NAME,AMPS);
|
||||
CAMP = sprintf("%s%s.label %s\n",CAMP,NAME,THING);
|
||||
}
|
||||
|
||||
END {
|
||||
if (ENVIRON["MEASURE"] == "temp") {
|
||||
VALUE=TEMPS;
|
||||
CONFIG=CTEMPS;
|
||||
} else if (ENVIRON["MEASURE"] == "power") {
|
||||
VALUE=POWER;
|
||||
CONFIG=CPOWER;
|
||||
} else if (ENVIRON["MEASURE"] == "volts") {
|
||||
VALUE=VOLTS;
|
||||
CONFIG=CVOLTS;
|
||||
} else if (ENVIRON["MEASURE"] == "amp") {
|
||||
VALUE=AMP;
|
||||
CONFIG=CAMP;
|
||||
} else {
|
||||
VALUE=FANS;
|
||||
CONFIG=CFANS;
|
||||
}
|
||||
if (ENVIRON["CONFIG"] == "config")
|
||||
printf "%s",CONFIG;
|
||||
else
|
||||
printf "%s",VALUE;
|
||||
}
|
||||
'
|
||||
|
||||
# vim: syntax=sh ts=4 et
|
|
@ -104,7 +104,7 @@ redis_cli_args=''
|
|||
sentinel_port=$(awk '/^port/{print $2}' "${sentinel_config_file}")
|
||||
! test -z "$sentinel_port" && redis_cli_args="${redis_cli_args} -p ${sentinel_port}"
|
||||
sentinel_pass=$(awk '/^requirepass/{print $2}' "${sentinel_config_file}")
|
||||
! test -z "$sentinel_pass" && export REDISCLI_AUTH="${sentinel_pass}"
|
||||
! test -z "$sentinel_pass" && redis_cli_args="${redis_cli_args} --pass ${sentinel_pass}"
|
||||
alias _redis-cli="redis-cli ${redis_cli_args}"
|
||||
|
||||
# List all masters names known by sentinel
|
||||
|
|
|
@ -1,21 +1,9 @@
|
|||
---
|
||||
|
||||
# openbsd_pkg is broken since OpenBSD 7.4 with the version of Ansible we currently use
|
||||
#- name: Install OpenVPN
|
||||
# community.general.openbsd_pkg:
|
||||
# name: openvpn--
|
||||
|
||||
- name: Check if OpenVPN is already installed
|
||||
ansible.builtin.command:
|
||||
cmd: pkg_info -Iq inst:openvpn
|
||||
register: is_installed
|
||||
ignore_errors: true
|
||||
changed_when: false
|
||||
|
||||
- name: Install OpenVPN
|
||||
ansible.builtin.command:
|
||||
cmd: pkg_add openvpn--
|
||||
when: "'Can\\'t find inst:' in is_installed.stderr"
|
||||
community.general.openbsd_pkg:
|
||||
name: openvpn--
|
||||
when: ansible_distribution == 'OpenBSD'
|
||||
|
||||
- name: Create /etc/openvpn
|
||||
ansible.builtin.file:
|
||||
|
@ -128,25 +116,10 @@
|
|||
check_mode: no
|
||||
register: nrpe_evolix_config
|
||||
|
||||
# openbsd_pkg is broken since OpenBSD 7.4 with the version of Ansible we currently use
|
||||
#- name: Install NRPE check dependency
|
||||
# community.general.openbsd_pkg:
|
||||
# name: p5-Net-Telnet
|
||||
# when: nrpe_evolix_config.stat.exists
|
||||
|
||||
- name: Check if NRPE check dependency is already installed
|
||||
ansible.builtin.command:
|
||||
cmd: pkg_info -Iq inst:p5-Net-Telnet
|
||||
register: is_installed
|
||||
ignore_errors: true
|
||||
changed_when: false
|
||||
|
||||
- name: Install NRPE check dependency
|
||||
ansible.builtin.command:
|
||||
cmd: pkg_add p5-Net-Telnet
|
||||
when:
|
||||
- "'Can\\'t find inst:' in is_installed.stderr"
|
||||
- nrpe_evolix_config.stat.exists
|
||||
- name: Install NRPE check dependencies
|
||||
community.general.openbsd_pkg:
|
||||
name: p5-Net-Telnet
|
||||
when: nrpe_evolix_config.stat.exists
|
||||
|
||||
- name: Install OpenVPN NRPE check
|
||||
ansible.builtin.copy:
|
||||
|
|
|
@ -134,7 +134,7 @@ localhost:10026 inet n - y - 10 smtpd
|
|||
-o smtpd_recipient_restrictions=permit_mynetworks,reject
|
||||
-o mynetworks=127.0.0.0/8
|
||||
|
||||
smtp-amavis unix - - y - 3 lmtp
|
||||
smtp-amavis unix - - y - 2 lmtp
|
||||
-o lmtp_data_done_timeout=1200
|
||||
-o lmtp_send_xforward_command=yes
|
||||
|
||||
|
|
|
@ -61,7 +61,7 @@
|
|||
tags:
|
||||
- proftpd
|
||||
|
||||
- name: IP Whitelists for SFTP users are present
|
||||
- name: Whitelist ip for users (SFTP)
|
||||
ansible.builtin.blockinfile:
|
||||
dest: /etc/proftpd/conf.d/sftp.conf
|
||||
marker: "# {mark} ANSIBLE MANAGED BLOCK - Whitelist ip for users"
|
||||
|
@ -82,14 +82,6 @@
|
|||
notify: restart proftpd
|
||||
when: proftpd_sftp_enable_user_whitelist | bool
|
||||
|
||||
- name: IP Whitelists for SFTP users are absent
|
||||
ansible.builtin.blockinfile:
|
||||
dest: /etc/proftpd/conf.d/sftp.conf
|
||||
marker: "# {mark} ANSIBLE MANAGED BLOCK - Whitelist ip for users"
|
||||
state: absent
|
||||
notify: restart proftpd
|
||||
when: not (proftpd_sftp_enable_user_whitelist | bool)
|
||||
|
||||
- name: Allow keys for SFTP account
|
||||
ansible.builtin.template:
|
||||
dest: "/etc/proftpd/sftp.authorized_keys/{{ _proftpd_account.name }}"
|
||||
|
|
|
@ -9,12 +9,9 @@ vrrp_addresses: []
|
|||
# priority: Null # the priority of this host in the virtual server (default: 100)
|
||||
# authentication: Null # authentification type: auth=(none|pw/hexkey|ah/hexkey) hexkey=0x[0-9a-fA-F]+
|
||||
# label: Null # use this name is syslog messages (helps when several vrid are running)
|
||||
# ip: Null # the IP address(es) (and optionnaly subnet mask) of the virtual server
|
||||
# peers: [IP1, IP2] # list of peers (IP), for minifirewall rules
|
||||
# ip: Null # the ip address(es) (and optionnaly subnet mask) of the virtual server
|
||||
# state: Null # 'started' or 'stopped'
|
||||
# }
|
||||
|
||||
vrrp_manage_minifirewall: true
|
||||
|
||||
minifirewall_restart_if_needed: True
|
||||
minifirewall_restart_force: False
|
||||
|
|
|
@ -11,46 +11,35 @@
|
|||
minifirewall_restart_handler_name: "{{ minifirewall_restart_if_needed | bool | ternary('restart minifirewall', 'restart minifirewall (noop)') }}"
|
||||
|
||||
- name: VRRP output is authorized in minifirewall
|
||||
ansible.builtin.blockinfile:
|
||||
lineinfile:
|
||||
path: /etc/minifirewall.d/vrrpd
|
||||
marker: "## {mark} ANSIBLE MANAGED OUTPUT RULES FOR VRID {{ vrrp_address.id }}"
|
||||
block: |
|
||||
/sbin/iptables -A OUTPUT -o {{ vrrp_address.interface }} -p 112 -j ACCEPT # Allow VRRP output on {{ vrrp_address.interface }}
|
||||
line: "/sbin/iptables -A OUTPUT -o {{ vrrp_address.interface }} -p 112 -j ACCEPT # Allow VRRP output on {{ vrrp_address.interface }}"
|
||||
regexp: "# Allow VRRP output on {{ vrrp_address.interface }}$"
|
||||
create: yes
|
||||
mode: "0600"
|
||||
owner: "root"
|
||||
group: "root"
|
||||
notify: "{{ minifirewall_restart_handler_name }}"
|
||||
when:
|
||||
- vrrp_manage_minifirewall | bool
|
||||
- _minifirewall_dir.stat.exists
|
||||
when: _minifirewall_dir.stat.exists
|
||||
|
||||
- name: VRRP input is authorized in minifirewall
|
||||
ansible.builtin.blockinfile:
|
||||
lineinfile:
|
||||
path: /etc/minifirewall.d/vrrpd
|
||||
marker: "## {mark} ANSIBLE MANAGED INPUT RULES FOR VRID {{ vrrp_address.id }}"
|
||||
block: |
|
||||
{% if vrrp_address.peers | default([]) | length <= 0 %}
|
||||
/sbin/iptables -A INPUT -i {{ vrrp_address.interface }} -d 224.0.0.0/8 -j ACCEPT # Allow VRRP input on {{ vrrp_address.interface }} for VRID {{ vrrp_address.id }}
|
||||
{% else %}
|
||||
{% for peer in vrrp_address.peers %}
|
||||
/sbin/iptables -A INPUT -i {{ vrrp_address.interface }} -s {{ peer }} -d 224.0.0.0/8 -j ACCEPT # Allow VRRP input on {{ vrrp_address.interface }} from {{ peer }} for VRID {{ vrrp_address.id }}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
line: "/sbin/iptables -A INPUT -i {{ vrrp_address.interface }} -s {{ peer }} -d 224.0.0.0/8 -j ACCEPT # Allow VRRP input on {{ vrrp_address.interface }} from {{ peer }} for VRID {{ vrrp_address.id }}"
|
||||
regexp: "# Allow VRRP input on {{ vrrp_address.interface }} from {{ peer }} for VRID {{ vrrp_address.id }}"
|
||||
create: yes
|
||||
mode: "0600"
|
||||
owner: "root"
|
||||
group: "root"
|
||||
loop: "{{ vrrp_address.peers | default([]) }}"
|
||||
loop_control:
|
||||
loop_var: peer
|
||||
notify: "{{ minifirewall_restart_handler_name }}"
|
||||
when:
|
||||
- vrrp_manage_minifirewall | bool
|
||||
- _minifirewall_dir.stat.exists
|
||||
when: _minifirewall_dir.stat.exists
|
||||
|
||||
- name: Flush handlers to restart minifirewall
|
||||
ansible.builtin.meta: flush_handlers
|
||||
when:
|
||||
- vrrp_manage_minifirewall | bool
|
||||
- _minifirewall_dir.stat.exists
|
||||
when: _minifirewall_dir.stat.exists
|
||||
|
||||
|
||||
# Configure VRRP service
|
||||
|
|
47
webapps/jitsimeet/LISEZMOI.md
Normal file
47
webapps/jitsimeet/LISEZMOI.md
Normal file
|
@ -0,0 +1,47 @@
|
|||
jitsimeet
|
||||
=====
|
||||
|
||||
Ce rĂ´le installe un serveur jitsimeet.
|
||||
|
||||
Notez qu'hormis le présent fichier LISEZMOI.md, tous les fichiers du rôle jitsimeet sont rédigés en anglais afin de suivre les conventions de la communauté Ansible, favoriser sa réutilisation et son amélioration, etc. Libre à vous cependant de faire appel à ce role dans un playbook rédigé principalement en français ou toute autre langue.
|
||||
|
||||
Requis
|
||||
------
|
||||
|
||||
...
|
||||
|
||||
Variables du rĂ´le
|
||||
-----------------
|
||||
|
||||
Plusieurs des valeurs par défaut dans defaults/main.yml doivent être changées soit directement dans defaults/main.yml ou mieux encore en les supplantant ailleurs, par exemple dans votre playbook (voir l'exemple ci-bas).
|
||||
|
||||
DĂ©pendances
|
||||
------------
|
||||
|
||||
...
|
||||
|
||||
Exemple de playbook
|
||||
-------------------
|
||||
|
||||
```
|
||||
- name: "DĂ©ployer un serveur jitsimeet"
|
||||
hosts:
|
||||
- all
|
||||
vars:
|
||||
# Supplanter ici les variables du rĂ´le
|
||||
jitsimeet_domains: ['votre-vrai-domaine.org']
|
||||
service: 'mon-jitsimeet'
|
||||
|
||||
roles:
|
||||
- { role: webapps/jitsimeet , tags: "jitsimeet" }
|
||||
```
|
||||
|
||||
Licence
|
||||
-------
|
||||
|
||||
GPLv3
|
||||
|
||||
Infos sur l'auteur
|
||||
------------------
|
||||
|
||||
Mathieu Gauthier-Pilote, administrateur de systèmes chez Evolix.
|
47
webapps/jitsimeet/README.md
Normal file
47
webapps/jitsimeet/README.md
Normal file
|
@ -0,0 +1,47 @@
|
|||
jitsimeet
|
||||
=====
|
||||
|
||||
This role installs or upgrades the server for jitsimeet.
|
||||
|
||||
FRENCH: Voir le fichier LISEZMOI.md pour le français.
|
||||
|
||||
Requirements
|
||||
------------
|
||||
|
||||
...
|
||||
|
||||
Role Variables
|
||||
--------------
|
||||
|
||||
Several of the default values in defaults/main.yml must be changed either directly in defaults/main.yml or better even by overwriting them somewhere else, for example in your playbook (see the example below).
|
||||
|
||||
Dependencies
|
||||
------------
|
||||
|
||||
...
|
||||
|
||||
Example Playbook
|
||||
----------------
|
||||
|
||||
```
|
||||
- name: "Deploy a jitsimeet server"
|
||||
hosts:
|
||||
- all
|
||||
vars:
|
||||
# Overwrite the role variables here
|
||||
jitsimeet_domains: ['your-real-domain.org']
|
||||
service: 'my-jitsimeet'
|
||||
|
||||
roles:
|
||||
- { role: webapps/jitsimeet , tags: "jitsimeet" }
|
||||
```
|
||||
|
||||
License
|
||||
-------
|
||||
|
||||
GPLv3
|
||||
|
||||
Author Information
|
||||
------------------
|
||||
|
||||
Mathieu Gauthier-Pilote, sys. admin. at Evolix.
|
17
webapps/jitsimeet/defaults/main.yml
Normal file
17
webapps/jitsimeet/defaults/main.yml
Normal file
|
@ -0,0 +1,17 @@
|
|||
---
|
||||
# defaults file for main vars
|
||||
apt_keyring_dir: "{{ ansible_distribution_major_version is version('12', '<') | ternary('/etc/apt/trusted.gpg.d', '/etc/apt/keyrings') }}"
|
||||
|
||||
jitsimeet_system_dep: "['gnupg2', 'curl', 'apt-transport-https', 'default-jdk', 'lua5.2', 'lua-unbound', 'certbot', 'python3-certbot-nginx']"
|
||||
|
||||
jitsimeet_domains: ['jitsi.example.net']
|
||||
jitsimeet_turn_domains: ['turn.jitsi.example.net']
|
||||
jitsimeet_certbot_admin_email: 'security@example.net'
|
||||
|
||||
jitsimeet_cert_choice: "Generate a new self-signed certificate (You will later get a chance to obtain a Let's encrypt certificate)"
|
||||
jitsimeet_ssl_cert_path: "/etc/ssl/certs/ssl-cert-snakeoil.pem"
|
||||
jitsimeet_ssl_key_path: "/etc/ssl/private/ssl-cert-snakeoil.key"
|
||||
jitsimeet_turn_secret: "YOU_ABSOLUTELY_MUST_CHANGE_ME"
|
||||
jitsimeet_jvb_secret: "NOT_CHANGING_ME_IS_SUPER_UNCOOL"
|
||||
jitsimeet_jvb_muc_nick: "1899aaf3-3991-4770-9c8c-113906dc0a2e"
|
||||
jitsimeet_colibri_ext_port: '8443'
|
BIN
webapps/jitsimeet/files/jitsimeet.gpg
Normal file
BIN
webapps/jitsimeet/files/jitsimeet.gpg
Normal file
Binary file not shown.
BIN
webapps/jitsimeet/files/prosody.gpg
Normal file
BIN
webapps/jitsimeet/files/prosody.gpg
Normal file
Binary file not shown.
38
webapps/jitsimeet/handlers/main.yml
Normal file
38
webapps/jitsimeet/handlers/main.yml
Normal file
|
@ -0,0 +1,38 @@
|
|||
---
|
||||
# handlers file
|
||||
|
||||
- name: reload nginx
|
||||
ansible.builtin.systemd:
|
||||
name: nginx
|
||||
state: reloaded
|
||||
|
||||
- name: restart nginx
|
||||
ansible.builtin.systemd:
|
||||
name: nginx
|
||||
state: restarted
|
||||
|
||||
- name: restart jvb
|
||||
ansible.builtin.systemd:
|
||||
name: jitsi-videobridge2
|
||||
state: restarted
|
||||
|
||||
- name: restart prosody
|
||||
ansible.builtin.systemd:
|
||||
name: prosody
|
||||
state: restarted
|
||||
|
||||
- name: restart jicofo
|
||||
ansible.builtin.systemd:
|
||||
name: jicofo
|
||||
state: restarted
|
||||
|
||||
- name: restart coturn
|
||||
ansible.builtin.systemd:
|
||||
name: coturn
|
||||
state: restarted
|
||||
|
||||
- name: restart jitsimeet_all
|
||||
loop: "{{ jitsimeet_all.results | selectattr('changed', 'equalto', true) | map(attribute='item') | map(attribute='name') | list }}"
|
||||
systemd:
|
||||
name: '{{ item }}'
|
||||
state: restarted
|
52
webapps/jitsimeet/meta/main.yml
Normal file
52
webapps/jitsimeet/meta/main.yml
Normal file
|
@ -0,0 +1,52 @@
|
|||
galaxy_info:
|
||||
author: Mathieu Gauthier-Pilote
|
||||
description: sys. admin.
|
||||
company: Evolix
|
||||
|
||||
# If the issue tracker for your role is not on github, uncomment the
|
||||
# next line and provide a value
|
||||
# issue_tracker_url: http://example.com/issue/tracker
|
||||
|
||||
# Choose a valid license ID from https://spdx.org - some suggested licenses:
|
||||
# - BSD-3-Clause (default)
|
||||
# - MIT
|
||||
# - GPL-2.0-or-later
|
||||
# - GPL-3.0-only
|
||||
# - Apache-2.0
|
||||
# - CC-BY-4.0
|
||||
license: license GPL-3.0-only
|
||||
|
||||
min_ansible_version: 2.10
|
||||
|
||||
# If this a Container Enabled role, provide the minimum Ansible Container version.
|
||||
# min_ansible_container_version:
|
||||
|
||||
#
|
||||
# Provide a list of supported platforms, and for each platform a list of versions.
|
||||
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
|
||||
# To view available platforms and versions (or releases), visit:
|
||||
# https://galaxy.ansible.com/api/v1/platforms/
|
||||
#
|
||||
# platforms:
|
||||
# - name: Fedora
|
||||
# versions:
|
||||
# - all
|
||||
# - 25
|
||||
# - name: SomePlatform
|
||||
# versions:
|
||||
# - all
|
||||
# - 1.0
|
||||
# - 7
|
||||
# - 99.99
|
||||
|
||||
galaxy_tags: []
|
||||
# List tags for your role here, one per line. A tag is a keyword that describes
|
||||
# and categorizes the role. Users find roles by searching for tags. Be sure to
|
||||
# remove the '[]' above, if you add tags to this list.
|
||||
#
|
||||
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
|
||||
# Maximum 20 tags per role.
|
||||
|
||||
dependencies: []
|
||||
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
|
||||
# if you add dependencies to this list.
|
55
webapps/jitsimeet/tasks/apt_sources.yml
Normal file
55
webapps/jitsimeet/tasks/apt_sources.yml
Normal file
|
@ -0,0 +1,55 @@
|
|||
---
|
||||
|
||||
- name: "Ensure {{ apt_keyring_dir }} directory exists"
|
||||
file:
|
||||
path: "{{ apt_keyring_dir }}"
|
||||
state: directory
|
||||
mode: "755"
|
||||
owner: root
|
||||
group: root
|
||||
|
||||
- name: Prosody GPG key is installed
|
||||
ansible.builtin.copy:
|
||||
src: prosody.gpg
|
||||
dest: "{{ apt_keyring_dir }}/prosody.gpg"
|
||||
force: true
|
||||
mode: "0644"
|
||||
owner: root
|
||||
group: root
|
||||
|
||||
- name: Jitsi Meet GPG key is installed
|
||||
ansible.builtin.copy:
|
||||
src: jitsimeet.gpg
|
||||
dest: "{{ apt_keyring_dir }}/jitsimeet.gpg"
|
||||
force: true
|
||||
mode: "0644"
|
||||
owner: root
|
||||
group: root
|
||||
|
||||
- name: Add Prosody repository (Debian <12)
|
||||
ansible.builtin.apt_repository:
|
||||
repo: "deb [signed-by={{ apt_keyring_dir }}/prosody.gpg] https://packages.prosody.im/debian {{ ansible_distribution_release }} main"
|
||||
filename: prosody
|
||||
state: present
|
||||
update_cache: yes
|
||||
when: ansible_distribution_major_version is version('12', '<')
|
||||
|
||||
- name: Add Prosody repository (Debian >=12)
|
||||
ansible.builtin.template:
|
||||
src: apt/prosody.sources.j2
|
||||
dest: /etc/apt/sources.list.d/prosody.sources
|
||||
when: ansible_distribution_major_version is version('12', '>=')
|
||||
|
||||
- name: Add Jitsi Meet repository (Debian <12)
|
||||
ansible.builtin.apt_repository:
|
||||
repo: "deb [signed-by={{ apt_keyring_dir }}/jitsimeet.gpg] https://download.jitsi.org stable/"
|
||||
filename: jitsimeet
|
||||
state: present
|
||||
update_cache: yes
|
||||
when: ansible_distribution_major_version is version('12', '<')
|
||||
|
||||
- name: Add Jitsi Meet repository (Debian >=12)
|
||||
ansible.builtin.template:
|
||||
src: apt/jitsimeet.sources.j2
|
||||
dest: /etc/apt/sources.list.d/jitsimeet.sources
|
||||
when: ansible_distribution_major_version is version('12', '>=')
|
188
webapps/jitsimeet/tasks/main.yml
Normal file
188
webapps/jitsimeet/tasks/main.yml
Normal file
|
@ -0,0 +1,188 @@
|
|||
---
|
||||
# tasks file for jitsimeet install
|
||||
|
||||
- name: APT sources
|
||||
ansible.builtin.include_tasks: apt_sources.yml
|
||||
|
||||
- name: Install system dependencies
|
||||
ansible.builtin.apt:
|
||||
name: "{{ jitsimeet_system_dep }}"
|
||||
state: present
|
||||
update_cache: true
|
||||
|
||||
- name: Set debconf options for jitsi-meet
|
||||
ansible.builtin.debconf:
|
||||
name: "{{ item.name }}"
|
||||
question: "{{ item.question }}"
|
||||
value: "{{ item.value }}"
|
||||
vtype: "{{ item.vtype }}"
|
||||
loop:
|
||||
- name: jitsi-videobridge2
|
||||
question: jitsi-videobridge/jvb-hostname
|
||||
value: "{{ jitsimeet_domains | first }}"
|
||||
vtype: string
|
||||
- name: jitsi-meet-web-config
|
||||
question: jitsi-meet/cert-choice
|
||||
value: "{{ jitsimeet_cert_choice }}"
|
||||
vtype: string
|
||||
- name: jitsi-meet-web-config
|
||||
question: jitsi-meet/cert-path-crt
|
||||
value: "{{ jitsimeet_ssl_cert_path }}"
|
||||
vtype: string
|
||||
- name: jitsi-meet-web-config
|
||||
question: jitsi-meet/cert-path-key
|
||||
value: "{{ jitsimeet_ssl_key_path }}"
|
||||
vtype: string
|
||||
- name: jitsi-meet-prosody
|
||||
question: jitsi-meet-prosody/turn-secret
|
||||
value: "{{ jitsimeet_turn_secret }}"
|
||||
vtype: string
|
||||
|
||||
- name: Install Jitsi Meet
|
||||
ansible.builtin.apt:
|
||||
name: jitsi-meet
|
||||
state: present
|
||||
install_recommends: yes
|
||||
|
||||
- name: Install stream module for nginx
|
||||
ansible.builtin.apt:
|
||||
name: libnginx-mod-stream
|
||||
state: present
|
||||
|
||||
- name: Add certs dir for coturn/letsencrypt if needed
|
||||
ansible.builtin.file:
|
||||
path: "{{ item.path }}"
|
||||
state: directory
|
||||
mode: "{{ item.mode }}"
|
||||
owner: "{{ item.owner }}"
|
||||
group: "{{ item.group }}"
|
||||
loop:
|
||||
- { path: '/etc/coturn', owner: "turnserver", group: "turnserver", mode: "0700" }
|
||||
- { path: '/etc/coturn/certs', owner: "turnserver", group: "turnserver", mode: "0700" }
|
||||
- { path: '/etc/letsencrypt/renewal-hooks', owner: "root", group: "root", mode: "0700" }
|
||||
- { path: '/etc/letsencrypt/renewal-hooks/deploy', owner: "root", group: "root", mode: "0700" }
|
||||
|
||||
- name: Template config files
|
||||
ansible.builtin.template:
|
||||
src: "{{ item.src }}"
|
||||
dest: "{{ item.dest }}"
|
||||
owner: "{{ item.owner }}"
|
||||
group: "{{ item.group }}"
|
||||
mode: "{{ item.mode }}"
|
||||
loop:
|
||||
- { name: jitsi-videobridge2, src: 'videobridge/jvb.conf.j2', dest: "/etc/jitsi/videobridge/jvb.conf", owner: "jvb", group: "jitsi", mode: "0640" }
|
||||
- { name: jitsi-videobridge2, src: 'videobridge/sip-communicator.properties.j2', dest: "/etc/jitsi/videobridge/sip-communicator.properties", owner: "jvb", group: "jitsi", mode: "0640" }
|
||||
- { name: nginx, src: 'meet/config.js.j2', dest: "/etc/jitsi/meet/{{ jitsimeet_domains | first }}-config.js", owner: "root", group: "root", mode: "0644" }
|
||||
- { name: nginx, src: 'meet/interface_config.js.j2', dest: "/etc/jitsi/meet/{{ jitsimeet_domains | first }}-interface_config.js", owner: "root", group: "root", mode: "0644" }
|
||||
- { name: nginx, src: 'meet/welcomePageAdditionalContent.html.j2', dest: "/etc/jitsi/meet/welcomePageAdditionalContent.html", owner: "root", group: "root", mode: "0644" }
|
||||
- { name: prosody, src: 'prosody/virtualhost.cfg.lua.j2', dest: "/etc/prosody/conf.avail/{{ jitsimeet_domains | first }}.cfg.lua", owner: "root", group: "root", mode: "0644" }
|
||||
- { name: coturn, src: 'coturn/turnserver.conf.j2', dest: "/etc/turnserver.conf", owner: "root", group: "turnserver", mode: "0640" }
|
||||
- { name: nginx, src: 'certbot/coturn-certbot-deploy.sh.j2', dest: "/etc/letsencrypt/renewal-hooks/deploy/coturn-certbot-deploy.sh", owner: "root", group: "root", mode: "0700" }
|
||||
register: jitsimeet_all
|
||||
notify:
|
||||
- restart jitsimeet_all
|
||||
|
||||
- name: Add bloc to jicofo.conf to disable sctp
|
||||
ansible.builtin.blockinfile:
|
||||
path: /etc/jitsi/jicofo/jicofo.conf
|
||||
marker: "# {mark} ANSIBLE MANAGED BLOCK"
|
||||
insertafter: 'jicofo {'
|
||||
block: |
|
||||
sctp: {
|
||||
enabled: false
|
||||
}
|
||||
notify: restart jicofo
|
||||
|
||||
- name: Unregister default jvb account in prosody
|
||||
ansible.builtin.command:
|
||||
cmd: prosodyctl unregister jvb auth.{{ jitsimeet_domains | first }}
|
||||
notify:
|
||||
- restart prosody
|
||||
- restart jicofo
|
||||
|
||||
- name: Register jvb account in prosody (with proper secret)
|
||||
ansible.builtin.command:
|
||||
cmd: prosodyctl register jvb auth.{{ jitsimeet_domains | first }} {{ jitsimeet_jvb_secret }}
|
||||
notify:
|
||||
- restart prosody
|
||||
- restart jicofo
|
||||
|
||||
- name: Flush handlers
|
||||
ansible.builtin.meta: flush_handlers
|
||||
|
||||
- name: Check if SSL certificate is present and register result
|
||||
ansible.builtin.stat:
|
||||
path: "/etc/letsencrypt/live/{{ jitsimeet_domains |first }}/fullchain.pem"
|
||||
register: jitsimeet_ssl
|
||||
|
||||
- name: Generate certificate only if required (first time)
|
||||
block:
|
||||
- name: Template vhost without SSL for successfull LE challengce
|
||||
ansible.builtin.template:
|
||||
src: "nginx/vhost.conf.j2"
|
||||
dest: "/etc/nginx/sites-available/{{ jitsimeet_domains |first }}.conf"
|
||||
notify: reload nginx
|
||||
- name: Enable temporary nginx vhost
|
||||
ansible.builtin.file:
|
||||
src: "/etc/nginx/sites-available/{{ jitsimeet_domains |first }}.conf"
|
||||
dest: "/etc/nginx/sites-enabled/{{ jitsimeet_domains |first }}.conf"
|
||||
state: link
|
||||
notify: reload nginx
|
||||
- name: Flush handlers
|
||||
ansible.builtin.meta: flush_handlers
|
||||
- name: Make sure /var/lib/letsencrypt exists and has correct permissions
|
||||
ansible.builtin.file:
|
||||
path: /var/lib/letsencrypt
|
||||
state: directory
|
||||
mode: '0755'
|
||||
- name: Generate certificate with certbot
|
||||
ansible.builtin.command:
|
||||
cmd: certbot certonly --webroot --webroot-path /var/lib/letsencrypt --non-interactive --agree-tos --email {{ jitsimeet_certbot_admin_email }} -d {{ jitsimeet_domains |first }}
|
||||
when: jitsimeet_ssl.stat.exists != true
|
||||
|
||||
- name: (Re)check if SSL certificate is present and register result
|
||||
ansible.builtin.stat:
|
||||
path: "/etc/letsencrypt/live/{{ jitsimeet_domains |first }}/fullchain.pem"
|
||||
register: jitsimeet_ssl
|
||||
|
||||
- name: (Re)template conf file for nginx vhost with SSL
|
||||
ansible.builtin.template:
|
||||
src: "{{ item.src }}"
|
||||
dest: "{{ item.dest }}"
|
||||
loop:
|
||||
- { src: 'nginx/vhost.conf.j2', dest: "/etc/nginx/sites-available/{{ jitsimeet_domains |first }}.conf" }
|
||||
- { src: 'nginx/multiplex.conf.j2', dest: '/etc/nginx/modules-available/multiplex.conf' }
|
||||
notify: reload nginx
|
||||
|
||||
- name: Enable multiplex module conf
|
||||
ansible.builtin.file:
|
||||
src: '/etc/nginx/modules-available/multiplex.conf'
|
||||
dest: '/etc/nginx/modules-enabled/multiplex.conf'
|
||||
state: link
|
||||
notify: restart nginx
|
||||
|
||||
- name: Enable nginx vhost
|
||||
ansible.builtin.file:
|
||||
src: "/etc/nginx/sites-available/{{ jitsimeet_domains |first }}.conf"
|
||||
dest: "/etc/nginx/sites-enabled/{{ jitsimeet_domains |first }}.conf"
|
||||
state: link
|
||||
notify: reload nginx
|
||||
|
||||
- name: Flush handlers
|
||||
ansible.builtin.meta: flush_handlers
|
||||
|
||||
- name: Check if SSL certificate for coturn is present and register result
|
||||
ansible.builtin.stat:
|
||||
path: "/etc/coturn/certs/{{ jitsimeet_turn_domains |first }}.crt"
|
||||
register: jitsimeet_ssl_coturn
|
||||
|
||||
- name: Generate certificate for coturn with certbot
|
||||
ansible.builtin.command:
|
||||
cmd: certbot certonly --webroot --webroot-path /var/lib/letsencrypt --non-interactive --deploy-hook /etc/letsencrypt/renewal-hooks/deploy/coturn-certbot-deploy.sh --agree-tos --email {{ jitsimeet_certbot_admin_email }} -d {{ jitsimeet_turn_domains |first }}
|
||||
when: jitsimeet_ssl_coturn.stat.exists != true
|
||||
|
||||
- name: Setup other domains if any
|
||||
include_tasks: other_domains.yml
|
||||
loop: "{{ jitsimeet_domains[1:] }}"
|
||||
loop_control:
|
||||
loop_var: domain
|
71
webapps/jitsimeet/tasks/other_domains.yml
Normal file
71
webapps/jitsimeet/tasks/other_domains.yml
Normal file
|
@ -0,0 +1,71 @@
|
|||
---
|
||||
# tasks file for other domains if any
|
||||
|
||||
- name: Template config files
|
||||
ansible.builtin.template:
|
||||
src: "{{ item.src }}"
|
||||
dest: "{{ item.dest }}"
|
||||
owner: "{{ item.owner }}"
|
||||
group: "{{ item.group }}"
|
||||
mode: "{{ item.mode }}"
|
||||
loop:
|
||||
- { src: 'meet/config.js.j2', dest: "/etc/jitsi/meet/{{ domain }}-config.js", owner: "root", group: "root", mode: "0644" }
|
||||
- { src: 'meet/interface_config.js.j2', dest: "/etc/jitsi/meet/{{ domain }}-interface_config.js", owner: "root", group: "root", mode: "0644" }
|
||||
notify: reload nginx
|
||||
|
||||
- name: Check if SSL certificate is present and register result
|
||||
ansible.builtin.stat:
|
||||
path: "/etc/letsencrypt/live/{{ domain }}/fullchain.pem"
|
||||
register: jitsimeet_ssl
|
||||
|
||||
- name: Generate certificate only if required (first time)
|
||||
block:
|
||||
- name: Template vhost without SSL for successfull LE challengce
|
||||
ansible.builtin.template:
|
||||
src: "nginx/other.vhost.conf.j2"
|
||||
dest: "/etc/nginx/sites-available/{{ domain }}.conf"
|
||||
notify: reload nginx
|
||||
- name: Enable temporary nginx vhost
|
||||
ansible.builtin.file:
|
||||
src: "/etc/nginx/sites-available/{{ domain }}.conf"
|
||||
dest: "/etc/nginx/sites-enabled/{{ domain }}.conf"
|
||||
state: link
|
||||
notify: reload nginx
|
||||
- name: Flush handlers
|
||||
ansible.builtin.meta: flush_handlers
|
||||
- name: Make sure /var/lib/letsencrypt exists and has correct permissions
|
||||
ansible.builtin.file:
|
||||
path: /var/lib/letsencrypt
|
||||
state: directory
|
||||
mode: '0755'
|
||||
- name: Generate certificate with certbot
|
||||
ansible.builtin.command:
|
||||
cmd: certbot certonly --webroot --webroot-path /var/lib/letsencrypt --non-interactive --agree-tos --email {{ jitsimeet_certbot_admin_email }} -d {{ domain }}
|
||||
when: jitsimeet_ssl.stat.exists != true
|
||||
|
||||
- name: (Re)check if SSL certificate is present and register result
|
||||
ansible.builtin.stat:
|
||||
path: "/etc/letsencrypt/live/{{ domain }}/fullchain.pem"
|
||||
register: jitsimeet_ssl
|
||||
|
||||
- name: (Re)template conf file for nginx vhost with SSL
|
||||
ansible.builtin.template:
|
||||
src: "{{ item.src }}"
|
||||
dest: "{{ item.dest }}"
|
||||
loop:
|
||||
- { src: 'nginx/other.vhost.conf.j2', dest: "/etc/nginx/sites-available/{{ domain }}.conf" }
|
||||
notify: reload nginx
|
||||
|
||||
- name: Insert block in multiplex.conf
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/nginx/modules-enabled/multiplex.conf
|
||||
insertafter: "web_backend;"
|
||||
line: "{{ domain }} web_backend;"
|
||||
notify: reload nginx
|
||||
|
||||
- name: Enable nginx vhost
|
||||
ansible.builtin.file:
|
||||
src: "/etc/nginx/sites-available/{{ domain }}.conf"
|
||||
dest: "/etc/nginx/sites-enabled/{{ domain }}.conf"
|
||||
state: link
|
||||
notify: reload nginx
|
11
webapps/jitsimeet/tasks/upgrade.yml
Normal file
11
webapps/jitsimeet/tasks/upgrade.yml
Normal file
|
@ -0,0 +1,11 @@
|
|||
---
|
||||
# tasks file for jitsimeet upgrade
|
||||
#
|
||||
# 1. Check what may have changed in release notes and changelogs:
|
||||
# https://github.com/jitsi/jitsi-meet-release-notes
|
||||
# https://github.com/jitsi/jitsi-meet/releases
|
||||
#
|
||||
# 2. Upgrade Debian packages with these commands (as root):
|
||||
# apt update
|
||||
# apt list --upgradeable
|
||||
# apt install jitsi-meet
|
8
webapps/jitsimeet/templates/apt/jitsimeet.sources.j2
Normal file
8
webapps/jitsimeet/templates/apt/jitsimeet.sources.j2
Normal file
|
@ -0,0 +1,8 @@
|
|||
# {{ ansible_managed }}
|
||||
|
||||
Types: deb
|
||||
URIs: https://download.jitsi.org
|
||||
Suites: stable/
|
||||
#Components: main
|
||||
Signed-by: {{ apt_keyring_dir }}/jitsimeet.gpg
|
||||
Enabled: yes
|
8
webapps/jitsimeet/templates/apt/prosody.sources.j2
Normal file
8
webapps/jitsimeet/templates/apt/prosody.sources.j2
Normal file
|
@ -0,0 +1,8 @@
|
|||
# {{ ansible_managed }}
|
||||
|
||||
Types: deb
|
||||
URIs: https://packages.prosody.im/debian
|
||||
Suites: bookworm
|
||||
Components: main
|
||||
Signed-by: {{ apt_keyring_dir }}/prosody.gpg
|
||||
Enabled: yes
|
|
@ -0,0 +1,30 @@
|
|||
#!/bin/sh
|
||||
|
||||
# https://serverfault.com/questions/849683/how-to-setup-coturn-with-letsencrypt
|
||||
|
||||
set -e
|
||||
|
||||
for domain in $RENEWED_DOMAINS; do
|
||||
case $domain in
|
||||
{{ jitsimeet_turn_domains | first }})
|
||||
daemon_cert_root=/etc/coturn/certs
|
||||
|
||||
# Make sure the certificate and private key files are
|
||||
# never world readable, even just for an instant while
|
||||
# we're copying them into daemon_cert_root.
|
||||
umask 077
|
||||
|
||||
cp "$RENEWED_LINEAGE/fullchain.pem" "$daemon_cert_root/$domain.crt"
|
||||
cp "$RENEWED_LINEAGE/privkey.pem" "$daemon_cert_root/$domain.key"
|
||||
|
||||
# Apply the proper file ownership and permissions for
|
||||
# the daemon to read its certificate and key.
|
||||
chown turnserver "$daemon_cert_root/$domain.crt" \
|
||||
"$daemon_cert_root/$domain.key"
|
||||
chmod 400 "$daemon_cert_root/$domain.crt" \
|
||||
"$daemon_cert_root/$domain.key"
|
||||
|
||||
service coturn restart >/dev/null
|
||||
;;
|
||||
esac
|
||||
done
|
46
webapps/jitsimeet/templates/coturn/turnserver.conf.j2
Normal file
46
webapps/jitsimeet/templates/coturn/turnserver.conf.j2
Normal file
|
@ -0,0 +1,46 @@
|
|||
# jitsi-meet coturn config. Do not modify this line
|
||||
use-auth-secret
|
||||
keep-address-family
|
||||
static-auth-secret={{ jitsimeet_turn_secret }}
|
||||
realm={{ jitsimeet_turn_domains | first }}
|
||||
cert=/etc/coturn/certs/{{ jitsimeet_turn_domains | first }}.crt
|
||||
pkey=/etc/coturn/certs/{{ jitsimeet_turn_domains | first }}.key
|
||||
no-multicast-peers
|
||||
no-cli
|
||||
#no-loopback-peers
|
||||
no-tcp-relay
|
||||
no-tcp
|
||||
listening-port=3478
|
||||
tls-listening-port=5349
|
||||
no-tlsv1
|
||||
no-tlsv1_1
|
||||
# https://ssl-config.mozilla.org/#server=haproxy&version=2.1&config=intermediate&openssl=1.1.0g&guideline=5.4
|
||||
cipher-list=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
|
||||
# without it there are errors when running on Ubuntu 20.04
|
||||
#dh2066
|
||||
# jitsi-meet coturn relay disable config. Do not modify this line
|
||||
denied-peer-ip=0.0.0.0-0.255.255.255
|
||||
denied-peer-ip=10.0.0.0-10.255.255.255
|
||||
denied-peer-ip=100.64.0.0-100.127.255.255
|
||||
denied-peer-ip=127.0.0.0-127.255.255.255
|
||||
denied-peer-ip=169.254.0.0-169.254.255.255
|
||||
denied-peer-ip=127.0.0.0-127.255.255.255
|
||||
denied-peer-ip=172.16.0.0-172.31.255.255
|
||||
denied-peer-ip=192.0.0.0-192.0.0.255
|
||||
denied-peer-ip=192.0.2.0-192.0.2.255
|
||||
denied-peer-ip=192.88.99.0-192.88.99.255
|
||||
denied-peer-ip=192.168.0.0-192.168.255.255
|
||||
denied-peer-ip=198.18.0.0-198.19.255.255
|
||||
denied-peer-ip=198.51.100.0-198.51.100.255
|
||||
denied-peer-ip=203.0.113.0-203.0.113.255
|
||||
denied-peer-ip=240.0.0.0-255.255.255.255
|
||||
denied-peer-ip=::1
|
||||
denied-peer-ip=64:ff9b::-64:ff9b::ffff:ffff
|
||||
denied-peer-ip=::ffff:0.0.0.0-::ffff:255.255.255.255
|
||||
denied-peer-ip=100::-100::ffff:ffff:ffff:ffff
|
||||
denied-peer-ip=2001::-2001:1ff:ffff:ffff:ffff:ffff:ffff:ffff
|
||||
denied-peer-ip=2002::-2002:ffff:ffff:ffff:ffff:ffff:ffff:ffff
|
||||
denied-peer-ip=fc00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
|
||||
denied-peer-ip=fe80::-febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff
|
||||
syslog
|
||||
|
1598
webapps/jitsimeet/templates/meet/config.js.j2
Normal file
1598
webapps/jitsimeet/templates/meet/config.js.j2
Normal file
|
@ -0,0 +1,1598 @@
|
|||
/* eslint-disable comma-dangle, no-unused-vars, no-var, prefer-template, vars-on-top */
|
||||
|
||||
/*
|
||||
* NOTE: If you add a new option please remember to document it here:
|
||||
* https://jitsi.github.io/handbook/docs/dev-guide/dev-guide-configuration
|
||||
*/
|
||||
|
||||
var subdir = '<!--# echo var="subdir" default="" -->';
|
||||
var subdomain = '<!--# echo var="subdomain" default="" -->';
|
||||
|
||||
if (subdomain) {
|
||||
subdomain = subdomain.substr(0, subdomain.length - 1).split('.')
|
||||
.join('_')
|
||||
.toLowerCase() + '.';
|
||||
}
|
||||
|
||||
// In case of no ssi provided by the webserver, use empty strings
|
||||
if (subdir.startsWith('<!--')) {
|
||||
subdir = '';
|
||||
}
|
||||
if (subdomain.startsWith('<!--')) {
|
||||
subdomain = '';
|
||||
}
|
||||
|
||||
var enableJaaS = false;
|
||||
|
||||
var config = {
|
||||
// Connection
|
||||
//
|
||||
|
||||
hosts: {
|
||||
// XMPP domain.
|
||||
domain: '{{ jitsimeet_domains | first }}',
|
||||
|
||||
// When using authentication, domain for guest users.
|
||||
// anonymousdomain: 'guest.example.com',
|
||||
|
||||
// Domain for authenticated users. Defaults to <domain>.
|
||||
// authdomain: '{{ jitsimeet_domains | first }}',
|
||||
|
||||
// Focus component domain. Defaults to focus.<domain>.
|
||||
// focus: 'focus.{{ jitsimeet_domains | first }}',
|
||||
|
||||
// XMPP MUC domain. FIXME: use XEP-0030 to discover it.
|
||||
muc: 'conference.' + subdomain + '{{ jitsimeet_domains | first }}',
|
||||
},
|
||||
|
||||
// BOSH URL. FIXME: use XEP-0156 to discover it.
|
||||
bosh: 'https://{{ jitsimeet_domains | first }}/' + subdir + 'http-bind',
|
||||
|
||||
// Websocket URL (XMPP)
|
||||
websocket: 'wss://{{ jitsimeet_domains | first }}/' + subdir + 'xmpp-websocket',
|
||||
|
||||
// The real JID of focus participant - can be overridden here
|
||||
// Do not change username - FIXME: Make focus username configurable
|
||||
// https://github.com/jitsi/jitsi-meet/issues/7376
|
||||
// focusUserJid: 'focus@auth.{{ jitsimeet_domains | first }}',
|
||||
|
||||
// Options related to the bridge (colibri) data channel
|
||||
bridgeChannel: {
|
||||
// If the backend advertises multiple colibri websockets, this options allows
|
||||
// to filter some of them out based on the domain name. We use the first URL
|
||||
// which does not match ignoreDomain, falling back to the first one that matches
|
||||
// ignoreDomain. Has no effect if undefined.
|
||||
// ignoreDomain: 'example.com',
|
||||
|
||||
// Prefer SCTP (WebRTC data channels over the media path) over a colibri websocket.
|
||||
// If SCTP is available in the backend it will be used instead of a WS. Defaults to
|
||||
// false (SCTP is used only if available and no WS are available).
|
||||
// preferSctp: false
|
||||
},
|
||||
|
||||
// Testing / experimental features.
|
||||
//
|
||||
|
||||
testing: {
|
||||
// Disables the End to End Encryption feature. Useful for debugging
|
||||
// issues related to insertable streams.
|
||||
// disableE2EE: false,
|
||||
|
||||
// Enables XMPP WebSocket (as opposed to BOSH) for the given amount of users.
|
||||
// mobileXmppWsThreshold: 10, // enable XMPP WebSockets on mobile for 10% of the users
|
||||
|
||||
// P2P test mode disables automatic switching to P2P when there are 2
|
||||
// participants in the conference.
|
||||
// p2pTestMode: false,
|
||||
|
||||
// Enables the test specific features consumed by jitsi-meet-torture
|
||||
// testMode: false,
|
||||
|
||||
// Disables the auto-play behavior of *all* newly created video element.
|
||||
// This is useful when the client runs on a host with limited resources.
|
||||
// noAutoPlayVideo: false,
|
||||
|
||||
// Enable callstats only for a percentage of users.
|
||||
// This takes a value between 0 and 100 which determines the probability for
|
||||
// the callstats to be enabled.
|
||||
// callStatsThreshold: 5, // enable callstats for 5% of the users.
|
||||
},
|
||||
|
||||
// Disables moderator indicators.
|
||||
// disableModeratorIndicator: false,
|
||||
|
||||
// Disables the reactions feature.
|
||||
// disableReactions: true,
|
||||
|
||||
// Disables the reactions moderation feature.
|
||||
// disableReactionsModeration: false,
|
||||
|
||||
// Disables polls feature.
|
||||
// disablePolls: false,
|
||||
|
||||
// Disables self-view tile. (hides it from tile view and from filmstrip)
|
||||
// disableSelfView: false,
|
||||
|
||||
// Disables self-view settings in UI
|
||||
// disableSelfViewSettings: false,
|
||||
|
||||
// screenshotCapture : {
|
||||
// Enables the screensharing capture feature.
|
||||
// enabled: false,
|
||||
//
|
||||
// The mode for the screenshot capture feature.
|
||||
// Can be either 'recording' - screensharing screenshots are taken
|
||||
// only when the recording is also on,
|
||||
// or 'always' - screensharing screenshots are always taken.
|
||||
// mode: 'recording',
|
||||
// }
|
||||
|
||||
// Disables ICE/UDP by filtering out local and remote UDP candidates in
|
||||
// signalling.
|
||||
// webrtcIceUdpDisable: false,
|
||||
|
||||
// Disables ICE/TCP by filtering out local and remote TCP candidates in
|
||||
// signalling.
|
||||
// webrtcIceTcpDisable: false,
|
||||
|
||||
|
||||
// Media
|
||||
//
|
||||
|
||||
// Audio
|
||||
|
||||
// Disable measuring of audio levels.
|
||||
// disableAudioLevels: false,
|
||||
|
||||
// audioLevelsInterval: 200,
|
||||
|
||||
// Enabling this will run the lib-jitsi-meet no audio detection module which
|
||||
// will notify the user if the current selected microphone has no audio
|
||||
// input and will suggest another valid device if one is present.
|
||||
enableNoAudioDetection: true,
|
||||
|
||||
// Enabling this will show a "Save Logs" link in the GSM popover that can be
|
||||
// used to collect debug information (XMPP IQs, SDP offer/answer cycles)
|
||||
// about the call.
|
||||
// enableSaveLogs: false,
|
||||
|
||||
// Enabling this will hide the "Show More" link in the GSM popover that can be
|
||||
// used to display more statistics about the connection (IP, Port, protocol, etc).
|
||||
// disableShowMoreStats: true,
|
||||
|
||||
// Enabling this will run the lib-jitsi-meet noise detection module which will
|
||||
// notify the user if there is noise, other than voice, coming from the current
|
||||
// selected microphone. The purpose it to let the user know that the input could
|
||||
// be potentially unpleasant for other meeting participants.
|
||||
enableNoisyMicDetection: true,
|
||||
|
||||
// Start the conference in audio only mode (no video is being received nor
|
||||
// sent).
|
||||
// startAudioOnly: false,
|
||||
|
||||
// Every participant after the Nth will start audio muted.
|
||||
// startAudioMuted: 10,
|
||||
|
||||
// Start calls with audio muted. Unlike the option above, this one is only
|
||||
// applied locally. FIXME: having these 2 options is confusing.
|
||||
// startWithAudioMuted: false,
|
||||
|
||||
// Enabling it (with #params) will disable local audio output of remote
|
||||
// participants and to enable it back a reload is needed.
|
||||
// startSilent: false,
|
||||
|
||||
// Enables support for opus-red (redundancy for Opus).
|
||||
// enableOpusRed: false,
|
||||
|
||||
// Specify audio quality stereo and opusMaxAverageBitrate values in order to enable HD audio.
|
||||
// Beware, by doing so, you are disabling echo cancellation, noise suppression and AGC.
|
||||
// Specify enableOpusDtx to enable support for opus-dtx where
|
||||
// audio packets won’t be transmitted while participant is silent or muted.
|
||||
// audioQuality: {
|
||||
// stereo: false,
|
||||
// opusMaxAverageBitrate: null, // Value to fit the 6000 to 510000 range.
|
||||
// enableOpusDtx: false,
|
||||
// },
|
||||
|
||||
// Noise suppression configuration. By default rnnoise is used. Optionally Krisp
|
||||
// can be used by enabling it below, but the Krisp JS SDK files must be supplied in your
|
||||
// installation. Specifically, these files are needed:
|
||||
// - https://meet.example.com/libs/krisp/krisp.mjs
|
||||
// - https://meet.example.com/libs/krisp/models/model_8.kw
|
||||
// - https://meet.example.com/libs/krisp/models/model_16.kw
|
||||
// - https://meet.example.com/libs/krisp/models/model_32.kw
|
||||
// NOTE: Krisp JS SDK v1.0.9 was tested.
|
||||
// noiseSuppression: {
|
||||
// krisp: {
|
||||
// enabled: false,
|
||||
// logProcessStats: false,
|
||||
// debugLogs: false,
|
||||
// },
|
||||
// },
|
||||
|
||||
// Video
|
||||
|
||||
// Sets the preferred resolution (height) for local video. Defaults to 720.
|
||||
// resolution: 720,
|
||||
|
||||
// Specifies whether the raised hand will hide when someone becomes a dominant speaker or not
|
||||
// disableRemoveRaisedHandOnFocus: false,
|
||||
|
||||
// speakerStats: {
|
||||
// // Specifies whether the speaker stats is enable or not.
|
||||
// disabled: false,
|
||||
|
||||
// // Specifies whether there will be a search field in speaker stats or not.
|
||||
// disableSearch: false,
|
||||
|
||||
// // Specifies whether participants in speaker stats should be ordered or not, and with what priority.
|
||||
// // 'role', <- Moderators on top.
|
||||
// // 'name', <- Alphabetically by name.
|
||||
// // 'hasLeft', <- The ones that have left in the bottom.
|
||||
// order: [
|
||||
// 'role',
|
||||
// 'name',
|
||||
// 'hasLeft',
|
||||
// ],
|
||||
// },
|
||||
|
||||
// DEPRECATED. Please use speakerStats.disableSearch instead.
|
||||
// Specifies whether there will be a search field in speaker stats or not
|
||||
// disableSpeakerStatsSearch: false,
|
||||
|
||||
// DEPRECATED. Please use speakerStats.order .
|
||||
// Specifies whether participants in speaker stats should be ordered or not, and with what priority
|
||||
// speakerStatsOrder: [
|
||||
// 'role', <- Moderators on top
|
||||
// 'name', <- Alphabetically by name
|
||||
// 'hasLeft', <- The ones that have left in the bottom
|
||||
// ], <- the order of the array elements determines priority
|
||||
|
||||
// How many participants while in the tile view mode, before the receiving video quality is reduced from HD to SD.
|
||||
// Use -1 to disable.
|
||||
// maxFullResolutionParticipants: 2,
|
||||
|
||||
// w3c spec-compliant video constraints to use for video capture. Currently
|
||||
// used by browsers that return true from lib-jitsi-meet's
|
||||
// util#browser#usesNewGumFlow. The constraints are independent from
|
||||
// this config's resolution value. Defaults to requesting an ideal
|
||||
// resolution of 720p.
|
||||
// constraints: {
|
||||
// video: {
|
||||
// height: {
|
||||
// ideal: 720,
|
||||
// max: 720,
|
||||
// min: 240,
|
||||
// },
|
||||
// },
|
||||
// },
|
||||
|
||||
// Enable / disable simulcast support.
|
||||
// disableSimulcast: false,
|
||||
|
||||
// Every participant after the Nth will start video muted.
|
||||
// startVideoMuted: 10,
|
||||
|
||||
// Start calls with video muted. Unlike the option above, this one is only
|
||||
// applied locally. FIXME: having these 2 options is confusing.
|
||||
// startWithVideoMuted: false,
|
||||
|
||||
// Desktop sharing
|
||||
|
||||
// Optional desktop sharing frame rate options. Default value: min:5, max:5.
|
||||
// desktopSharingFrameRate: {
|
||||
// min: 5,
|
||||
// max: 5,
|
||||
// },
|
||||
|
||||
// This option has been deprecated since it is no longer supported as per the w3c spec.
|
||||
// https://w3c.github.io/mediacapture-screen-share/#dom-mediadevices-getdisplaymedia. If the user has not
|
||||
// interacted with the webpage before the getDisplayMedia call, the promise will be rejected by the browser. This
|
||||
// has already been implemented in Firefox and Safari and will be implemented in Chrome soon.
|
||||
// https://bugs.chromium.org/p/chromium/issues/detail?id=1198918
|
||||
// startScreenSharing: false,
|
||||
|
||||
// Recording
|
||||
|
||||
// DEPRECATED. Use recordingService.enabled instead.
|
||||
// fileRecordingsEnabled: false,
|
||||
|
||||
// Enable the dropbox integration.
|
||||
// dropbox: {
|
||||
// appKey: '<APP_KEY>', // Specify your app key here.
|
||||
// // A URL to redirect the user to, after authenticating
|
||||
// // by default uses:
|
||||
// // 'https://{{ jitsimeet_domains | first }}/static/oauth.html'
|
||||
// redirectURI:
|
||||
// 'https://{{ jitsimeet_domains | first }}/subfolder/static/oauth.html',
|
||||
// },
|
||||
|
||||
// recordingService: {
|
||||
// // When integrations like dropbox are enabled only that will be shown,
|
||||
// // by enabling fileRecordingsServiceEnabled, we show both the integrations
|
||||
// // and the generic recording service (its configuration and storage type
|
||||
// // depends on jibri configuration)
|
||||
// enabled: false,
|
||||
|
||||
// // Whether to show the possibility to share file recording with other people
|
||||
// // (e.g. meeting participants), based on the actual implementation
|
||||
// // on the backend.
|
||||
// sharingEnabled: false,
|
||||
|
||||
// // Hide the warning that says we only store the recording for 24 hours.
|
||||
// hideStorageWarning: false,
|
||||
// },
|
||||
|
||||
// DEPRECATED. Use recordingService.enabled instead.
|
||||
// fileRecordingsServiceEnabled: false,
|
||||
|
||||
// DEPRECATED. Use recordingService.sharingEnabled instead.
|
||||
// fileRecordingsServiceSharingEnabled: false,
|
||||
|
||||
// Local recording configuration.
|
||||
// localRecording: {
|
||||
// // Whether to disable local recording or not.
|
||||
// disable: false,
|
||||
|
||||
// // Whether to notify all participants when a participant is recording locally.
|
||||
// notifyAllParticipants: false,
|
||||
|
||||
// // Whether to disable the self recording feature (only local participant streams).
|
||||
// disableSelfRecording: false,
|
||||
// },
|
||||
|
||||
// Customize the Live Streaming dialog. Can be modified for a non-YouTube provider.
|
||||
// liveStreaming: {
|
||||
// // Whether to enable live streaming or not.
|
||||
// enabled: false,
|
||||
// // Terms link
|
||||
// termsLink: 'https://www.youtube.com/t/terms',
|
||||
// // Data privacy link
|
||||
// dataPrivacyLink: 'https://policies.google.com/privacy',
|
||||
// // RegExp string that validates the stream key input field
|
||||
// validatorRegExpString: '^(?:[a-zA-Z0-9]{4}(?:-(?!$)|$)){4}',
|
||||
// // Documentation reference for the live streaming feature.
|
||||
// helpLink: 'https://jitsi.org/live'
|
||||
// },
|
||||
|
||||
// DEPRECATED. Use liveStreaming.enabled instead.
|
||||
// liveStreamingEnabled: false,
|
||||
|
||||
// DEPRECATED. Use transcription.enabled instead.
|
||||
// transcribingEnabled: false,
|
||||
|
||||
// DEPRECATED. Use transcription.useAppLanguage instead.
|
||||
// transcribeWithAppLanguage: true,
|
||||
|
||||
// DEPRECATED. Use transcription.preferredLanguage instead.
|
||||
// preferredTranscribeLanguage: 'en-US',
|
||||
|
||||
// DEPRECATED. Use transcription.autoCaptionOnRecord instead.
|
||||
// autoCaptionOnRecord: false,
|
||||
|
||||
// Transcription options.
|
||||
// transcription: {
|
||||
// // Whether the feature should be enabled or not.
|
||||
// enabled: false,
|
||||
|
||||
// // Translation languages.
|
||||
// // Available languages can be found in
|
||||
// // ./src/react/features/transcribing/translation-languages.json.
|
||||
// translationLanguages: ['en', 'es', 'fr', 'ro'],
|
||||
|
||||
// // Important languages to show on the top of the language list.
|
||||
// translationLanguagesHead: ['en'],
|
||||
|
||||
// // If true transcriber will use the application language.
|
||||
// // The application language is either explicitly set by participants in their settings or automatically
|
||||
// // detected based on the environment, e.g. if the app is opened in a chrome instance which
|
||||
// // is using french as its default language then transcriptions for that participant will be in french.
|
||||
// // Defaults to true.
|
||||
// useAppLanguage: true,
|
||||
|
||||
// // Transcriber language. This settings will only work if "useAppLanguage"
|
||||
// // is explicitly set to false.
|
||||
// // Available languages can be found in
|
||||
// // ./src/react/features/transcribing/transcriber-langs.json.
|
||||
// preferredLanguage: 'en-US',
|
||||
|
||||
// // Disable start transcription for all participants.
|
||||
// disableStartForAll: false,
|
||||
|
||||
// // Enables automatic turning on captions when recording is started
|
||||
// autoCaptionOnRecord: false,
|
||||
// },
|
||||
|
||||
// Misc
|
||||
|
||||
// Default value for the channel "last N" attribute. -1 for unlimited.
|
||||
channelLastN: -1,
|
||||
|
||||
// Connection indicators
|
||||
// connectionIndicators: {
|
||||
// autoHide: true,
|
||||
// autoHideTimeout: 5000,
|
||||
// disabled: false,
|
||||
// disableDetails: false,
|
||||
// inactiveDisabled: false
|
||||
// },
|
||||
|
||||
// Provides a way for the lastN value to be controlled through the UI.
|
||||
// When startLastN is present, conference starts with a last-n value of startLastN and channelLastN
|
||||
// value will be used when the quality level is selected using "Manage Video Quality" slider.
|
||||
// startLastN: 1,
|
||||
|
||||
// Specify the settings for video quality optimizations on the client.
|
||||
// videoQuality: {
|
||||
// // Provides a way to prevent a video codec from being negotiated on the JVB connection. The codec specified
|
||||
// // here will be removed from the list of codecs present in the SDP answer generated by the client. If the
|
||||
// // same codec is specified for both the disabled and preferred option, the disable settings will prevail.
|
||||
// // Note that 'VP8' cannot be disabled since it's a mandatory codec, the setting will be ignored in this case.
|
||||
// disabledCodec: 'H264',
|
||||
//
|
||||
// // Provides a way to set a preferred video codec for the JVB connection. If 'H264' is specified here,
|
||||
// // simulcast will be automatically disabled since JVB doesn't support H264 simulcast yet. This will only
|
||||
// // rearrange the the preference order of the codecs in the SDP answer generated by the browser only if the
|
||||
// // preferred codec specified here is present. Please ensure that the JVB offers the specified codec for this
|
||||
// // to take effect.
|
||||
// preferredCodec: 'VP8',
|
||||
//
|
||||
// // Provides a way to enforce the preferred codec for the conference even when the conference has endpoints
|
||||
// // that do not support the preferred codec. For example, older versions of Safari do not support VP9 yet.
|
||||
// // This will result in Safari not being able to decode video from endpoints sending VP9 video.
|
||||
// // When set to false, the conference falls back to VP8 whenever there is an endpoint that doesn't support the
|
||||
// // preferred codec and goes back to the preferred codec when that endpoint leaves.
|
||||
// enforcePreferredCodec: false,
|
||||
//
|
||||
// // Provides a way to configure the maximum bitrates that will be enforced on the simulcast streams for
|
||||
// // video tracks. The keys in the object represent the type of the stream (LD, SD or HD) and the values
|
||||
// // are the max.bitrates to be set on that particular type of stream. The actual send may vary based on
|
||||
// // the available bandwidth calculated by the browser, but it will be capped by the values specified here.
|
||||
// // This is currently not implemented on app based clients on mobile.
|
||||
// maxBitratesVideo: {
|
||||
// H264: {
|
||||
// low: 200000,
|
||||
// standard: 500000,
|
||||
// high: 1500000,
|
||||
// },
|
||||
// VP8 : {
|
||||
// low: 200000,
|
||||
// standard: 500000,
|
||||
// high: 1500000,
|
||||
// },
|
||||
// VP9: {
|
||||
// low: 100000,
|
||||
// standard: 300000,
|
||||
// high: 1200000,
|
||||
// },
|
||||
// },
|
||||
//
|
||||
// // The options can be used to override default thresholds of video thumbnail heights corresponding to
|
||||
// // the video quality levels used in the application. At the time of this writing the allowed levels are:
|
||||
// // 'low' - for the low quality level (180p at the time of this writing)
|
||||
// // 'standard' - for the medium quality level (360p)
|
||||
// // 'high' - for the high quality level (720p)
|
||||
// // The keys should be positive numbers which represent the minimal thumbnail height for the quality level.
|
||||
// //
|
||||
// // With the default config value below the application will use 'low' quality until the thumbnails are
|
||||
// // at least 360 pixels tall. If the thumbnail height reaches 720 pixels then the application will switch to
|
||||
// // the high quality.
|
||||
// minHeightForQualityLvl: {
|
||||
// 360: 'standard',
|
||||
// 720: 'high',
|
||||
// },
|
||||
//
|
||||
// },
|
||||
|
||||
// Notification timeouts
|
||||
// notificationTimeouts: {
|
||||
// short: 2500,
|
||||
// medium: 5000,
|
||||
// long: 10000,
|
||||
// },
|
||||
|
||||
// // Options for the recording limit notification.
|
||||
// recordingLimit: {
|
||||
//
|
||||
// // The recording limit in minutes. Note: This number appears in the notification text
|
||||
// // but doesn't enforce the actual recording time limit. This should be configured in
|
||||
// // jibri!
|
||||
// limit: 60,
|
||||
//
|
||||
// // The name of the app with unlimited recordings.
|
||||
// appName: 'Unlimited recordings APP',
|
||||
//
|
||||
// // The URL of the app with unlimited recordings.
|
||||
// appURL: 'https://unlimited.recordings.app.com/',
|
||||
// },
|
||||
|
||||
// Disables or enables RTX (RFC 4588) (defaults to false).
|
||||
// disableRtx: false,
|
||||
|
||||
// Moves all Jitsi Meet 'beforeunload' logic (cleanup, leaving, disconnecting, etc) to the 'unload' event.
|
||||
// disableBeforeUnloadHandlers: true,
|
||||
|
||||
// Disables or enables TCC support in this client (default: enabled).
|
||||
// enableTcc: true,
|
||||
|
||||
// Disables or enables REMB support in this client (default: enabled).
|
||||
// enableRemb: true,
|
||||
|
||||
// Enables ICE restart logic in LJM and displays the page reload overlay on
|
||||
// ICE failure. Current disabled by default because it's causing issues with
|
||||
// signaling when Octo is enabled. Also when we do an "ICE restart"(which is
|
||||
// not a real ICE restart), the client maintains the TCC sequence number
|
||||
// counter, but the bridge resets it. The bridge sends media packets with
|
||||
// TCC sequence numbers starting from 0.
|
||||
// enableIceRestart: false,
|
||||
|
||||
// Enables forced reload of the client when the call is migrated as a result of
|
||||
// the bridge going down.
|
||||
// enableForcedReload: true,
|
||||
|
||||
// Use TURN/UDP servers for the jitsi-videobridge connection (by default
|
||||
// we filter out TURN/UDP because it is usually not needed since the
|
||||
// bridge itself is reachable via UDP)
|
||||
// useTurnUdp: false
|
||||
|
||||
// Enable support for encoded transform in supported browsers. This allows
|
||||
// E2EE to work in Safari if the corresponding flag is enabled in the browser.
|
||||
// Experimental.
|
||||
// enableEncodedTransformSupport: false,
|
||||
|
||||
// UI
|
||||
//
|
||||
|
||||
// Disables responsive tiles.
|
||||
// disableResponsiveTiles: false,
|
||||
|
||||
// DEPRECATED. Please use `securityUi?.hideLobbyButton` instead.
|
||||
// Hides lobby button.
|
||||
// hideLobbyButton: false,
|
||||
|
||||
// DEPRECATED. Please use `lobby?.autoKnock` instead.
|
||||
// If Lobby is enabled starts knocking automatically.
|
||||
// autoKnockLobby: false,
|
||||
|
||||
// DEPRECATED. Please use `lobby?.enableChat` instead.
|
||||
// Enable lobby chat.
|
||||
// enableLobbyChat: true,
|
||||
|
||||
// DEPRECATED! Use `breakoutRooms.hideAddRoomButton` instead.
|
||||
// Hides add breakout room button
|
||||
// hideAddRoomButton: false,
|
||||
|
||||
// Require users to always specify a display name.
|
||||
// requireDisplayName: true,
|
||||
|
||||
// Enables webhid functionality for Audio.
|
||||
// enableWebHIDFeature: false,
|
||||
|
||||
// DEPRECATED! Use 'welcomePage.disabled' instead.
|
||||
// Whether to use a welcome page or not. In case it's false a random room
|
||||
// will be joined when no room is specified.
|
||||
// enableWelcomePage: true,
|
||||
|
||||
// Configs for welcome page.
|
||||
welcomePage: {
|
||||
// // Whether to disable welcome page. In case it's disabled a random room
|
||||
// // will be joined when no room is specified.
|
||||
disabled: false,
|
||||
additionalContent: true
|
||||
// // If set,landing page will redirect to this URL.
|
||||
// customUrl: ''
|
||||
},
|
||||
|
||||
// Configs for the lobby screen.
|
||||
// lobby {
|
||||
// // If Lobby is enabled, it starts knocking automatically. Replaces `autoKnockLobby`.
|
||||
// autoKnock: false,
|
||||
// // Enables the lobby chat. Replaces `enableLobbyChat`.
|
||||
// enableChat: true,
|
||||
// },
|
||||
|
||||
// Configs for the security related UI elements.
|
||||
// securityUi: {
|
||||
// // Hides the lobby button. Replaces `hideLobbyButton`.
|
||||
// hideLobbyButton: false,
|
||||
// // Hides the possibility to set and enter a lobby password.
|
||||
// disableLobbyPassword: false,
|
||||
// },
|
||||
|
||||
// Disable app shortcuts that are registered upon joining a conference
|
||||
// disableShortcuts: false,
|
||||
|
||||
// Disable initial browser getUserMedia requests.
|
||||
// This is useful for scenarios where users might want to start a conference for screensharing only
|
||||
// disableInitialGUM: false,
|
||||
|
||||
// Enabling the close page will ignore the welcome page redirection when
|
||||
// a call is hangup.
|
||||
// enableClosePage: false,
|
||||
|
||||
// Disable hiding of remote thumbnails when in a 1-on-1 conference call.
|
||||
// Setting this to null, will also disable showing the remote videos
|
||||
// when the toolbar is shown on mouse movements
|
||||
// disable1On1Mode: null | false | true,
|
||||
|
||||
// Default local name to be displayed
|
||||
// defaultLocalDisplayName: 'me',
|
||||
|
||||
// Default remote name to be displayed
|
||||
// defaultRemoteDisplayName: 'Fellow Jitster',
|
||||
|
||||
// Hides the display name from the participant thumbnail
|
||||
// hideDisplayName: false,
|
||||
|
||||
// Hides the dominant speaker name badge that hovers above the toolbox
|
||||
// hideDominantSpeakerBadge: false,
|
||||
|
||||
// Default language for the user interface. Cannot be overwritten.
|
||||
// defaultLanguage: 'en',
|
||||
|
||||
// Disables profile and the edit of all fields from the profile settings (display name and email)
|
||||
// disableProfile: false,
|
||||
|
||||
// Hides the email section under profile settings.
|
||||
// hideEmailInSettings: false,
|
||||
|
||||
// When enabled the password used for locking a room is restricted to up to the number of digits specified
|
||||
// default: roomPasswordNumberOfDigits: false,
|
||||
// roomPasswordNumberOfDigits: 10,
|
||||
|
||||
// Message to show the users. Example: 'The service will be down for
|
||||
// maintenance at 01:00 AM GMT,
|
||||
// noticeMessage: '',
|
||||
|
||||
// Enables calendar integration, depends on googleApiApplicationClientID
|
||||
// and microsoftApiApplicationClientID
|
||||
// enableCalendarIntegration: false,
|
||||
|
||||
// Configs for prejoin page.
|
||||
// prejoinConfig: {
|
||||
// // When 'true', it shows an intermediate page before joining, where the user can configure their devices.
|
||||
// // This replaces `prejoinPageEnabled`.
|
||||
// enabled: true,
|
||||
// // Hides the participant name editing field in the prejoin screen.
|
||||
// // If requireDisplayName is also set as true, a name should still be provided through
|
||||
// // either the jwt or the userInfo from the iframe api init object in order for this to have an effect.
|
||||
// hideDisplayName: false,
|
||||
// // List of buttons to hide from the extra join options dropdown.
|
||||
// hideExtraJoinButtons: ['no-audio', 'by-phone'],
|
||||
// },
|
||||
|
||||
// When 'true', the user cannot edit the display name.
|
||||
// (Mainly useful when used in conjunction with the JWT so the JWT name becomes read only.)
|
||||
// readOnlyName: false,
|
||||
|
||||
// If etherpad integration is enabled, setting this to true will
|
||||
// automatically open the etherpad when a participant joins. This
|
||||
// does not affect the mobile app since opening an etherpad
|
||||
// obscures the conference controls -- it's better to let users
|
||||
// choose to open the pad on their own in that case.
|
||||
// openSharedDocumentOnJoin: false,
|
||||
|
||||
// If true, shows the unsafe room name warning label when a room name is
|
||||
// deemed unsafe (due to the simplicity in the name) and a password is not
|
||||
// set or the lobby is not enabled.
|
||||
// enableInsecureRoomNameWarning: false,
|
||||
|
||||
// Whether to automatically copy invitation URL after creating a room.
|
||||
// Document should be focused for this option to work
|
||||
// enableAutomaticUrlCopy: false,
|
||||
|
||||
// Array with avatar URL prefixes that need to use CORS.
|
||||
// corsAvatarURLs: [ 'https://www.gravatar.com/avatar/' ],
|
||||
|
||||
// Base URL for a Gravatar-compatible service. Defaults to Gravatar.
|
||||
// DEPRECATED! Use `gravatar.baseUrl` instead.
|
||||
// gravatarBaseURL: 'https://www.gravatar.com/avatar/',
|
||||
|
||||
// Setup for Gravatar-compatible services.
|
||||
// gravatar: {
|
||||
// // Defaults to Gravatar.
|
||||
// baseUrl: 'https://www.gravatar.com/avatar/',
|
||||
// // True if Gravatar should be disabled.
|
||||
// disabled: false,
|
||||
// },
|
||||
|
||||
// App name to be displayed in the invitation email subject, as an alternative to
|
||||
// interfaceConfig.APP_NAME.
|
||||
// inviteAppName: null,
|
||||
|
||||
// Moved from interfaceConfig(TOOLBAR_BUTTONS).
|
||||
// The name of the toolbar buttons to display in the toolbar, including the
|
||||
// "More actions" menu. If present, the button will display. Exceptions are
|
||||
// "livestreaming" and "recording" which also require being a moderator and
|
||||
// some other values in config.js to be enabled. Also, the "profile" button will
|
||||
// not display for users with a JWT.
|
||||
// Notes:
|
||||
// - it's impossible to choose which buttons go in the "More actions" menu
|
||||
// - it's impossible to control the placement of buttons
|
||||
// - 'desktop' controls the "Share your screen" button
|
||||
// - if `toolbarButtons` is undefined, we fallback to enabling all buttons on the UI
|
||||
// toolbarButtons: [
|
||||
// 'camera',
|
||||
// 'chat',
|
||||
// 'closedcaptions',
|
||||
// 'desktop',
|
||||
// 'download',
|
||||
// 'embedmeeting',
|
||||
// 'etherpad',
|
||||
// 'feedback',
|
||||
// 'filmstrip',
|
||||
// 'fullscreen',
|
||||
// 'hangup',
|
||||
// 'help',
|
||||
// 'highlight',
|
||||
// 'invite',
|
||||
// 'linktosalesforce',
|
||||
// 'livestreaming',
|
||||
// 'microphone',
|
||||
// 'noisesuppression',
|
||||
// 'participants-pane',
|
||||
// 'profile',
|
||||
// 'raisehand',
|
||||
// 'recording',
|
||||
// 'security',
|
||||
// 'select-background',
|
||||
// 'settings',
|
||||
// 'shareaudio',
|
||||
// 'sharedvideo',
|
||||
// 'shortcuts',
|
||||
// 'stats',
|
||||
// 'tileview',
|
||||
// 'toggle-camera',
|
||||
// 'videoquality',
|
||||
// 'whiteboard',
|
||||
// ],
|
||||
|
||||
// Holds values related to toolbar visibility control.
|
||||
// toolbarConfig: {
|
||||
// // Moved from interfaceConfig.INITIAL_TOOLBAR_TIMEOUT
|
||||
// // The initial number of milliseconds for the toolbar buttons to be visible on screen.
|
||||
// initialTimeout: 20000,
|
||||
// // Moved from interfaceConfig.TOOLBAR_TIMEOUT
|
||||
// // Number of milliseconds for the toolbar buttons to be visible on screen.
|
||||
// timeout: 4000,
|
||||
// // Moved from interfaceConfig.TOOLBAR_ALWAYS_VISIBLE
|
||||
// // Whether toolbar should be always visible or should hide after x milliseconds.
|
||||
// alwaysVisible: false,
|
||||
// // Indicates whether the toolbar should still autohide when chat is open
|
||||
// autoHideWhileChatIsOpen: false,
|
||||
// },
|
||||
|
||||
// Toolbar buttons which have their click/tap event exposed through the API on
|
||||
// `toolbarButtonClicked`. Passing a string for the button key will
|
||||
// prevent execution of the click/tap routine; passing an object with `key` and
|
||||
// `preventExecution` flag on false will not prevent execution of the click/tap
|
||||
// routine. Below array with mixed mode for passing the buttons.
|
||||
// buttonsWithNotifyClick: [
|
||||
// 'camera',
|
||||
// {
|
||||
// key: 'chat',
|
||||
// preventExecution: false
|
||||
// },
|
||||
// {
|
||||
// key: 'closedcaptions',
|
||||
// preventExecution: true
|
||||
// },
|
||||
// 'desktop',
|
||||
// 'download',
|
||||
// 'embedmeeting',
|
||||
// 'end-meeting',
|
||||
// 'etherpad',
|
||||
// 'feedback',
|
||||
// 'filmstrip',
|
||||
// 'fullscreen',
|
||||
// 'hangup',
|
||||
// 'hangup-menu',
|
||||
// 'help',
|
||||
// {
|
||||
// key: 'invite',
|
||||
// preventExecution: false
|
||||
// },
|
||||
// 'livestreaming',
|
||||
// 'microphone',
|
||||
// 'mute-everyone',
|
||||
// 'mute-video-everyone',
|
||||
// 'noisesuppression',
|
||||
// 'participants-pane',
|
||||
// 'profile',
|
||||
// {
|
||||
// key: 'raisehand',
|
||||
// preventExecution: true
|
||||
// },
|
||||
// 'recording',
|
||||
// 'security',
|
||||
// 'select-background',
|
||||
// 'settings',
|
||||
// 'shareaudio',
|
||||
// 'sharedvideo',
|
||||
// 'shortcuts',
|
||||
// 'stats',
|
||||
// 'tileview',
|
||||
// 'toggle-camera',
|
||||
// 'videoquality',
|
||||
// // The add passcode button from the security dialog.
|
||||
// {
|
||||
// key: 'add-passcode',
|
||||
// preventExecution: false
|
||||
// },
|
||||
// 'whiteboard',
|
||||
// ],
|
||||
|
||||
// List of pre meeting screens buttons to hide. The values must be one or more of the 5 allowed buttons:
|
||||
// 'microphone', 'camera', 'select-background', 'invite', 'settings'
|
||||
// hiddenPremeetingButtons: [],
|
||||
|
||||
// An array with custom option buttons for the participant context menu
|
||||
// type: Array<{ icon: string; id: string; text: string; }>
|
||||
// customParticipantMenuButtons: [],
|
||||
|
||||
// An array with custom option buttons for the toolbar
|
||||
// type: Array<{ icon: string; id: string; text: string; }>
|
||||
// customToolbarButtons: [],
|
||||
|
||||
// Stats
|
||||
//
|
||||
|
||||
// Whether to enable stats collection or not in the TraceablePeerConnection.
|
||||
// This can be useful for debugging purposes (post-processing/analysis of
|
||||
// the webrtc stats) as it is done in the jitsi-meet-torture bandwidth
|
||||
// estimation tests.
|
||||
// gatherStats: false,
|
||||
|
||||
// The interval at which PeerConnection.getStats() is called. Defaults to 10000
|
||||
// pcStatsInterval: 10000,
|
||||
|
||||
// To enable sending statistics to callstats.io you must provide the
|
||||
// Application ID and Secret.
|
||||
// callStatsID: '',
|
||||
// callStatsSecret: '',
|
||||
// callStatsApplicationLogsDisabled: false,
|
||||
|
||||
// The callstats initialize config params as described in the API:
|
||||
// https://docs.callstats.io/docs/javascript#callstatsinitialize-with-app-secret
|
||||
// callStatsConfigParams: {
|
||||
// disableBeforeUnloadHandler: true, // disables callstats.js's window.onbeforeunload parameter.
|
||||
// applicationVersion: "app_version", // Application version specified by the developer.
|
||||
// disablePrecalltest: true, // disables the pre-call test, it is enabled by default.
|
||||
// siteID: "siteID", // The name/ID of the site/campus from where the call/pre-call test is made.
|
||||
// additionalIDs: { // additionalIDs object, contains application related IDs.
|
||||
// customerID: "Customer Identifier. Example, walmart.",
|
||||
// tenantID: "Tenant Identifier. Example, monster.",
|
||||
// productName: "Product Name. Example, Jitsi.",
|
||||
// meetingsName: "Meeting Name. Example, Jitsi loves callstats.",
|
||||
// serverName: "Server/MiddleBox Name. Example, jvb-prod-us-east-mlkncws12.",
|
||||
// pbxID: "PBX Identifier. Example, walmart.",
|
||||
// pbxExtensionID: "PBX Extension Identifier. Example, 5625.",
|
||||
// fqExtensionID: "Fully qualified Extension Identifier. Example, +71 (US) +5625.",
|
||||
// sessionID: "Session Identifier. Example, session-12-34",
|
||||
// },
|
||||
// collectLegacyStats: true, //enables the collection of legacy stats in chrome browser
|
||||
// collectIP: true, //enables the collection localIP address
|
||||
// },
|
||||
|
||||
// Enables sending participants' display names to callstats
|
||||
// enableDisplayNameInStats: false,
|
||||
|
||||
// Enables sending participants' emails (if available) to callstats and other analytics
|
||||
// enableEmailInStats: false,
|
||||
|
||||
// faceLandmarks: {
|
||||
// // Enables sharing your face coordinates. Used for centering faces within a video.
|
||||
// enableFaceCentering: false,
|
||||
|
||||
// // Enables detecting face expressions and sharing data with other participants
|
||||
// enableFaceExpressionsDetection: false,
|
||||
|
||||
// // Enables displaying face expressions in speaker stats
|
||||
// enableDisplayFaceExpressions: false,
|
||||
|
||||
// // Enable rtc stats for face landmarks
|
||||
// enableRTCStats: false,
|
||||
|
||||
// // Minimum required face movement percentage threshold for sending new face centering coordinates data.
|
||||
// faceCenteringThreshold: 10,
|
||||
|
||||
// // Milliseconds for processing a new image capture in order to detect face coordinates if they exist.
|
||||
// captureInterval: 1000,
|
||||
// },
|
||||
|
||||
// Controls the percentage of automatic feedback shown to participants when callstats is enabled.
|
||||
// The default value is 100%. If set to 0, no automatic feedback will be requested
|
||||
// feedbackPercentage: 100,
|
||||
|
||||
// Privacy
|
||||
//
|
||||
|
||||
// If third party requests are disabled, no other server will be contacted.
|
||||
// This means avatars will be locally generated and callstats integration
|
||||
// will not function.
|
||||
// disableThirdPartyRequests: false,
|
||||
|
||||
|
||||
// Peer-To-Peer mode: used (if enabled) when there are just 2 participants.
|
||||
//
|
||||
|
||||
p2p: {
|
||||
// Enables peer to peer mode. When enabled the system will try to
|
||||
// establish a direct connection when there are exactly 2 participants
|
||||
// in the room. If that succeeds the conference will stop sending data
|
||||
// through the JVB and use the peer to peer connection instead. When a
|
||||
// 3rd participant joins the conference will be moved back to the JVB
|
||||
// connection.
|
||||
enabled: true,
|
||||
|
||||
// Sets the ICE transport policy for the p2p connection. At the time
|
||||
// of this writing the list of possible values are 'all' and 'relay',
|
||||
// but that is subject to change in the future. The enum is defined in
|
||||
// the WebRTC standard:
|
||||
// https://www.w3.org/TR/webrtc/#rtcicetransportpolicy-enum.
|
||||
// If not set, the effective value is 'all'.
|
||||
// iceTransportPolicy: 'all',
|
||||
|
||||
// Provides a way to set the video codec preference on the p2p connection. Acceptable
|
||||
// codec values are 'VP8', 'VP9' and 'H264'.
|
||||
// preferredCodec: 'H264',
|
||||
|
||||
// Provides a way to prevent a video codec from being negotiated on the p2p connection.
|
||||
// disabledCodec: '',
|
||||
|
||||
// How long we're going to wait, before going back to P2P after the 3rd
|
||||
// participant has left the conference (to filter out page reload).
|
||||
// backToP2PDelay: 5,
|
||||
|
||||
// The STUN servers that will be used in the peer to peer connections
|
||||
stunServers: [
|
||||
|
||||
{ urls: 'stun:{{ jitsimeet_turn_domains | first }}:3478' },
|
||||
//{ urls: 'stun:meet-jit-si-turnrelay.jitsi.net:443' },
|
||||
],
|
||||
},
|
||||
|
||||
analytics: {
|
||||
// True if the analytics should be disabled
|
||||
// disabled: false,
|
||||
|
||||
// The Google Analytics Tracking ID:
|
||||
// googleAnalyticsTrackingId: 'your-tracking-id-UA-123456-1',
|
||||
|
||||
// Matomo configuration:
|
||||
// matomoEndpoint: 'https://your-matomo-endpoint/',
|
||||
// matomoSiteID: '42',
|
||||
|
||||
// The Amplitude APP Key:
|
||||
// amplitudeAPPKey: '<APP_KEY>',
|
||||
|
||||
// Obfuscates room name sent to analytics (amplitude, rtcstats)
|
||||
// Default value is false.
|
||||
// obfuscateRoomName: false,
|
||||
|
||||
// Configuration for the rtcstats server:
|
||||
// By enabling rtcstats server every time a conference is joined the rtcstats
|
||||
// module connects to the provided rtcstatsEndpoint and sends statistics regarding
|
||||
// PeerConnection states along with getStats metrics polled at the specified
|
||||
// interval.
|
||||
// rtcstatsEnabled: false,
|
||||
// rtcstatsStoreLogs: false,
|
||||
|
||||
// In order to enable rtcstats one needs to provide a endpoint url.
|
||||
// rtcstatsEndpoint: wss://rtcstats-server-pilot.jitsi.net/,
|
||||
|
||||
// The interval at which rtcstats will poll getStats, defaults to 10000ms.
|
||||
// If the value is set to 0 getStats won't be polled and the rtcstats client
|
||||
// will only send data related to RTCPeerConnection events.
|
||||
// rtcstatsPollInterval: 10000,
|
||||
|
||||
// This determines if rtcstats sends the SDP to the rtcstats server or replaces
|
||||
// all SDPs with an empty string instead.
|
||||
// rtcstatsSendSdp: false,
|
||||
|
||||
// Array of script URLs to load as lib-jitsi-meet "analytics handlers".
|
||||
// scriptURLs: [
|
||||
// "libs/analytics-ga.min.js", // google-analytics
|
||||
// "https://example.com/my-custom-analytics.js",
|
||||
// ],
|
||||
},
|
||||
|
||||
// Logs that should go be passed through the 'log' event if a handler is defined for it
|
||||
// apiLogLevels: ['warn', 'log', 'error', 'info', 'debug'],
|
||||
|
||||
// Information about the jitsi-meet instance we are connecting to, including
|
||||
// the user region as seen by the server.
|
||||
// deploymentInfo: {
|
||||
// shard: "shard1",
|
||||
// region: "europe",
|
||||
// userRegion: "asia",
|
||||
// },
|
||||
|
||||
// Array<string> of disabled sounds.
|
||||
// Possible values:
|
||||
// - 'ASKED_TO_UNMUTE_SOUND'
|
||||
// - 'E2EE_OFF_SOUND'
|
||||
// - 'E2EE_ON_SOUND'
|
||||
// - 'INCOMING_MSG_SOUND'
|
||||
// - 'KNOCKING_PARTICIPANT_SOUND'
|
||||
// - 'LIVE_STREAMING_OFF_SOUND'
|
||||
// - 'LIVE_STREAMING_ON_SOUND'
|
||||
// - 'NO_AUDIO_SIGNAL_SOUND'
|
||||
// - 'NOISY_AUDIO_INPUT_SOUND'
|
||||
// - 'OUTGOING_CALL_EXPIRED_SOUND'
|
||||
// - 'OUTGOING_CALL_REJECTED_SOUND'
|
||||
// - 'OUTGOING_CALL_RINGING_SOUND'
|
||||
// - 'OUTGOING_CALL_START_SOUND'
|
||||
// - 'PARTICIPANT_JOINED_SOUND'
|
||||
// - 'PARTICIPANT_LEFT_SOUND'
|
||||
// - 'RAISE_HAND_SOUND'
|
||||
// - 'REACTION_SOUND'
|
||||
// - 'RECORDING_OFF_SOUND'
|
||||
// - 'RECORDING_ON_SOUND'
|
||||
// - 'TALK_WHILE_MUTED_SOUND'
|
||||
// disabledSounds: [],
|
||||
|
||||
// DEPRECATED! Use `disabledSounds` instead.
|
||||
// Decides whether the start/stop recording audio notifications should play on record.
|
||||
// disableRecordAudioNotification: false,
|
||||
|
||||
// DEPRECATED! Use `disabledSounds` instead.
|
||||
// Disables the sounds that play when other participants join or leave the
|
||||
// conference (if set to true, these sounds will not be played).
|
||||
// disableJoinLeaveSounds: false,
|
||||
|
||||
// DEPRECATED! Use `disabledSounds` instead.
|
||||
// Disables the sounds that play when a chat message is received.
|
||||
// disableIncomingMessageSound: false,
|
||||
|
||||
// Information for the chrome extension banner
|
||||
// chromeExtensionBanner: {
|
||||
// // The chrome extension to be installed address
|
||||
// url: 'https://chrome.google.com/webstore/detail/jitsi-meetings/kglhbbefdnlheedjiejgomgmfplipfeb',
|
||||
// edgeUrl: 'https://microsoftedge.microsoft.com/addons/detail/jitsi-meetings/eeecajlpbgjppibfledfihobcabccihn',
|
||||
|
||||
// // Extensions info which allows checking if they are installed or not
|
||||
// chromeExtensionsInfo: [
|
||||
// {
|
||||
// id: 'kglhbbefdnlheedjiejgomgmfplipfeb',
|
||||
// path: 'jitsi-logo-48x48.png',
|
||||
// },
|
||||
// // Edge extension info
|
||||
// {
|
||||
// id: 'eeecajlpbgjppibfledfihobcabccihn',
|
||||
// path: 'jitsi-logo-48x48.png',
|
||||
// },
|
||||
// ]
|
||||
// },
|
||||
|
||||
// e2ee: {
|
||||
// labels,
|
||||
// externallyManagedKey: false,
|
||||
// },
|
||||
|
||||
// Options related to end-to-end (participant to participant) ping.
|
||||
// e2eping: {
|
||||
// // Whether ene-to-end pings should be enabled.
|
||||
// enabled: false,
|
||||
//
|
||||
// // The number of responses to wait for.
|
||||
// numRequests: 5,
|
||||
//
|
||||
// // The max conference size in which e2e pings will be sent.
|
||||
// maxConferenceSize: 200,
|
||||
//
|
||||
// // The maximum number of e2e ping messages per second for the whole conference to aim for.
|
||||
// // This is used to control the pacing of messages in order to reduce the load on the backend.
|
||||
// maxMessagesPerSecond: 250,
|
||||
// },
|
||||
|
||||
// If set, will attempt to use the provided video input device label when
|
||||
// triggering a screenshare, instead of proceeding through the normal flow
|
||||
// for obtaining a desktop stream.
|
||||
// NOTE: This option is experimental and is currently intended for internal
|
||||
// use only.
|
||||
// _desktopSharingSourceDevice: 'sample-id-or-label',
|
||||
|
||||
// DEPRECATED! Use deeplinking.disabled instead.
|
||||
// If true, any checks to handoff to another application will be prevented
|
||||
// and instead the app will continue to display in the current browser.
|
||||
// disableDeepLinking: false,
|
||||
|
||||
// The deeplinking config.
|
||||
// For information about the properties of
|
||||
// deeplinking.[ios/android].dynamicLink check:
|
||||
// https://firebase.google.com/docs/dynamic-links/create-manually
|
||||
// deeplinking: {
|
||||
//
|
||||
// // The desktop deeplinking config.
|
||||
// desktop: {
|
||||
// appName: 'Jitsi Meet'
|
||||
// },
|
||||
// // If true, any checks to handoff to another application will be prevented
|
||||
// // and instead the app will continue to display in the current browser.
|
||||
// disabled: false,
|
||||
|
||||
// // whether to hide the logo on the deep linking pages.
|
||||
// hideLogo: false,
|
||||
|
||||
// // The ios deeplinking config.
|
||||
// ios: {
|
||||
// appName: 'Jitsi Meet',
|
||||
// // Specify mobile app scheme for opening the app from the mobile browser.
|
||||
// appScheme: 'org.jitsi.meet',
|
||||
// // Custom URL for downloading ios mobile app.
|
||||
// downloadLink: 'https://itunes.apple.com/us/app/jitsi-meet/id1165103905',
|
||||
// dynamicLink: {
|
||||
// apn: 'org.jitsi.meet',
|
||||
// appCode: 'w2atb',
|
||||
// customDomain: undefined,
|
||||
// ibi: 'com.atlassian.JitsiMeet.ios',
|
||||
// isi: '1165103905'
|
||||
// }
|
||||
// },
|
||||
|
||||
// // The android deeplinking config.
|
||||
// android: {
|
||||
// appName: 'Jitsi Meet',
|
||||
// // Specify mobile app scheme for opening the app from the mobile browser.
|
||||
// appScheme: 'org.jitsi.meet',
|
||||
// // Custom URL for downloading android mobile app.
|
||||
// downloadLink: 'https://play.google.com/store/apps/details?id=org.jitsi.meet',
|
||||
// // Android app package name.
|
||||
// appPackage: 'org.jitsi.meet',
|
||||
// fDroidUrl: 'https://f-droid.org/en/packages/org.jitsi.meet/',
|
||||
// dynamicLink: {
|
||||
// apn: 'org.jitsi.meet',
|
||||
// appCode: 'w2atb',
|
||||
// customDomain: undefined,
|
||||
// ibi: 'com.atlassian.JitsiMeet.ios',
|
||||
// isi: '1165103905'
|
||||
// }
|
||||
// }
|
||||
// },
|
||||
|
||||
// // The terms, privacy and help centre URL's.
|
||||
// legalUrls: {
|
||||
// helpCentre: 'https://web-cdn.jitsi.net/faq/meet-faq.html',
|
||||
// privacy: 'https://jitsi.org/meet/privacy',
|
||||
// terms: 'https://jitsi.org/meet/terms'
|
||||
// },
|
||||
|
||||
// A property to disable the right click context menu for localVideo
|
||||
// the menu has option to flip the locally seen video for local presentations
|
||||
// disableLocalVideoFlip: false,
|
||||
|
||||
// A property used to unset the default flip state of the local video.
|
||||
// When it is set to 'true', the local(self) video will not be mirrored anymore.
|
||||
// doNotFlipLocalVideo: false,
|
||||
|
||||
// Mainly privacy related settings
|
||||
|
||||
// Disables all invite functions from the app (share, invite, dial out...etc)
|
||||
// disableInviteFunctions: true,
|
||||
|
||||
// Disables storing the room name to the recents list. When in an iframe this is ignored and
|
||||
// the room is never stored in the recents list.
|
||||
// doNotStoreRoom: true,
|
||||
|
||||
// Deployment specific URLs.
|
||||
// deploymentUrls: {
|
||||
// // If specified a 'Help' button will be displayed in the overflow menu with a link to the specified URL for
|
||||
// // user documentation.
|
||||
// userDocumentationURL: 'https://docs.example.com/video-meetings.html',
|
||||
// // If specified a 'Download our apps' button will be displayed in the overflow menu with a link
|
||||
// // to the specified URL for an app download page.
|
||||
// downloadAppsUrl: 'https://docs.example.com/our-apps.html',
|
||||
// },
|
||||
|
||||
// Options related to the remote participant menu.
|
||||
// remoteVideoMenu: {
|
||||
// // Whether the remote video context menu to be rendered or not.
|
||||
// disabled: true,
|
||||
// // If set to true the 'Kick out' button will be disabled.
|
||||
// disableKick: true,
|
||||
// // If set to true the 'Grant moderator' button will be disabled.
|
||||
// disableGrantModerator: true,
|
||||
// // If set to true the 'Send private message' button will be disabled.
|
||||
// disablePrivateChat: true,
|
||||
// },
|
||||
|
||||
// Endpoint that enables support for salesforce integration with in-meeting resource linking
|
||||
// This is required for:
|
||||
// listing the most recent records - salesforceUrl/records/recents
|
||||
// searching records - salesforceUrl/records?text=${text}
|
||||
// retrieving record details - salesforceUrl/records/${id}?type=${type}
|
||||
// and linking the meeting - salesforceUrl/sessions/${sessionId}/records/${id}
|
||||
//
|
||||
// salesforceUrl: 'https://api.example.com/',
|
||||
|
||||
// If set to true all muting operations of remote participants will be disabled.
|
||||
// disableRemoteMute: true,
|
||||
|
||||
// Enables support for lip-sync for this client (if the browser supports it).
|
||||
// enableLipSync: false,
|
||||
|
||||
/**
|
||||
External API url used to receive branding specific information.
|
||||
If there is no url set or there are missing fields, the defaults are applied.
|
||||
The config file should be in JSON.
|
||||
None of the fields are mandatory and the response must have the shape:
|
||||
{
|
||||
// The domain url to apply (will replace the domain in the sharing conference link/embed section)
|
||||
inviteDomain: 'example-company.org,
|
||||
// The hex value for the colour used as background
|
||||
backgroundColor: '#fff',
|
||||
// The url for the image used as background
|
||||
backgroundImageUrl: 'https://example.com/background-img.png',
|
||||
// The anchor url used when clicking the logo image
|
||||
logoClickUrl: 'https://example-company.org',
|
||||
// The url used for the image used as logo
|
||||
logoImageUrl: 'https://example.com/logo-img.png',
|
||||
// Overwrite for pool of background images for avatars
|
||||
avatarBackgrounds: ['url(https://example.com/avatar-background-1.png)', '#FFF'],
|
||||
// The lobby/prejoin screen background
|
||||
premeetingBackground: 'url(https://example.com/premeeting-background.png)',
|
||||
// A list of images that can be used as video backgrounds.
|
||||
// When this field is present, the default images will be replaced with those provided.
|
||||
virtualBackgrounds: ['https://example.com/img.jpg'],
|
||||
// Object containing a theme's properties. It also supports partial overwrites of the main theme.
|
||||
// For a list of all possible theme tokens and their current defaults, please check:
|
||||
// https://github.com/jitsi/jitsi-meet/tree/master/resources/custom-theme/custom-theme.json
|
||||
// For a short explanations on each of the tokens, please check:
|
||||
// https://github.com/jitsi/jitsi-meet/blob/master/react/features/base/ui/Tokens.ts
|
||||
// IMPORTANT!: This is work in progress so many of the various tokens are not yet applied in code
|
||||
// or they are partially applied.
|
||||
customTheme: {
|
||||
palette: {
|
||||
ui01: "orange !important",
|
||||
ui02: "maroon",
|
||||
surface02: 'darkgreen',
|
||||
ui03: "violet",
|
||||
ui04: "magenta",
|
||||
ui05: "blueviolet",
|
||||
action01: 'green',
|
||||
action01Hover: 'lightgreen',
|
||||
disabled01: 'beige',
|
||||
success02: 'cadetblue',
|
||||
action02Hover: 'aliceblue',
|
||||
},
|
||||
typography: {
|
||||
labelRegular: {
|
||||
fontSize: 25,
|
||||
lineHeight: 30,
|
||||
fontWeight: 500,
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
*/
|
||||
// dynamicBrandingUrl: '',
|
||||
|
||||
// Options related to the participants pane.
|
||||
// participantsPane: {
|
||||
// // Hides the moderator settings tab.
|
||||
// hideModeratorSettingsTab: false,
|
||||
// // Hides the more actions button.
|
||||
// hideMoreActionsButton: false,
|
||||
// // Hides the mute all button.
|
||||
// hideMuteAllButton: false,
|
||||
// },
|
||||
|
||||
// Options related to the breakout rooms feature.
|
||||
// breakoutRooms: {
|
||||
// // Hides the add breakout room button. This replaces `hideAddRoomButton`.
|
||||
// hideAddRoomButton: false,
|
||||
// // Hides the auto assign participants button.
|
||||
// hideAutoAssignButton: false,
|
||||
// // Hides the join breakout room button.
|
||||
// hideJoinRoomButton: false,
|
||||
// },
|
||||
|
||||
// When true the user cannot add more images to be used as virtual background.
|
||||
// Only the default ones from will be available.
|
||||
// disableAddingBackgroundImages: false,
|
||||
|
||||
// Disables using screensharing as virtual background.
|
||||
// disableScreensharingVirtualBackground: false,
|
||||
|
||||
// Sets the background transparency level. '0' is fully transparent, '1' is opaque.
|
||||
// backgroundAlpha: 1,
|
||||
|
||||
// The URL of the moderated rooms microservice, if available. If it
|
||||
// is present, a link to the service will be rendered on the welcome page,
|
||||
// otherwise the app doesn't render it.
|
||||
// moderatedRoomServiceUrl: 'https://moderated.{{ jitsimeet_domains | first }}',
|
||||
|
||||
// If true, tile view will not be enabled automatically when the participants count threshold is reached.
|
||||
// disableTileView: true,
|
||||
|
||||
// If true, the tiles will be displayed contained within the available space rather than enlarged to cover it,
|
||||
// with a 16:9 aspect ratio (old behaviour).
|
||||
// disableTileEnlargement: true,
|
||||
|
||||
// Controls the visibility and behavior of the top header conference info labels.
|
||||
// If a label's id is not in any of the 2 arrays, it will not be visible at all on the header.
|
||||
// conferenceInfo: {
|
||||
// // those labels will not be hidden in tandem with the toolbox.
|
||||
// alwaysVisible: ['recording', 'raised-hands-count'],
|
||||
// // those labels will be auto-hidden in tandem with the toolbox buttons.
|
||||
// autoHide: [
|
||||
// 'subject',
|
||||
// 'conference-timer',
|
||||
// 'participants-count',
|
||||
// 'e2ee',
|
||||
// 'transcribing',
|
||||
// 'video-quality',
|
||||
// 'insecure-room',
|
||||
// 'highlight-moment',
|
||||
// 'top-panel-toggle',
|
||||
// ]
|
||||
// },
|
||||
|
||||
// Hides the conference subject
|
||||
// hideConferenceSubject: false,
|
||||
|
||||
// Hides the conference timer.
|
||||
// hideConferenceTimer: false,
|
||||
|
||||
// Hides the recording label
|
||||
// hideRecordingLabel: false,
|
||||
|
||||
// Hides the participants stats
|
||||
// hideParticipantsStats: true,
|
||||
|
||||
// Sets the conference subject
|
||||
// subject: 'Conference Subject',
|
||||
|
||||
// Sets the conference local subject
|
||||
// localSubject: 'Conference Local Subject',
|
||||
|
||||
// This property is related to the use case when jitsi-meet is used via the IFrame API. When the property is true
|
||||
// jitsi-meet will use the local storage of the host page instead of its own. This option is useful if the browser
|
||||
// is not persisting the local storage inside the iframe.
|
||||
// useHostPageLocalStorage: true,
|
||||
|
||||
// Etherpad ("shared document") integration.
|
||||
//
|
||||
// If set, add a "Open shared document" link to the bottom right menu that
|
||||
// will open an etherpad document.
|
||||
// etherpad_base: 'https://your-etherpad-installati.on/p/',
|
||||
|
||||
// To enable information about dial-in access to meetings you need to provide
|
||||
// dialInNumbersUrl and dialInConfCodeUrl.
|
||||
// dialInNumbersUrl returns a json array of numbers that can be used for dial-in.
|
||||
// {"countryCode":"US","tollFree":false,"formattedNumber":"+1 123-456-7890"}
|
||||
// dialInConfCodeUrl is the conference mapper converting a meeting id to a PIN used for dial-in
|
||||
// or the other way around (more info in resources/cloud-api.swagger)
|
||||
|
||||
// List of undocumented settings used in jitsi-meet
|
||||
/**
|
||||
_immediateReloadThreshold
|
||||
debug
|
||||
debugAudioLevels
|
||||
deploymentInfo
|
||||
dialOutAuthUrl
|
||||
dialOutCodesUrl
|
||||
dialOutRegionUrl
|
||||
disableRemoteControl
|
||||
displayJids
|
||||
e2eeLabels
|
||||
firefox_fake_device
|
||||
googleApiApplicationClientID
|
||||
iAmRecorder
|
||||
iAmSipGateway
|
||||
microsoftApiApplicationClientID
|
||||
peopleSearchQueryTypes
|
||||
peopleSearchUrl
|
||||
requireDisplayName
|
||||
tokenAuthUrl
|
||||
*/
|
||||
|
||||
/**
|
||||
* This property can be used to alter the generated meeting invite links (in combination with a branding domain
|
||||
* which is retrieved internally by jitsi meet) (e.g. https://meet.jit.si/someMeeting
|
||||
* can become https://brandedDomain/roomAlias)
|
||||
*/
|
||||
// brandingRoomAlias: null,
|
||||
|
||||
// List of undocumented settings used in lib-jitsi-meet
|
||||
/**
|
||||
_peerConnStatusOutOfLastNTimeout
|
||||
_peerConnStatusRtcMuteTimeout
|
||||
avgRtpStatsN
|
||||
callStatsConfIDNamespace
|
||||
callStatsCustomScriptUrl
|
||||
desktopSharingSources
|
||||
disableAEC
|
||||
disableAGC
|
||||
disableAP
|
||||
disableHPF
|
||||
disableLocalStats
|
||||
disableNS
|
||||
enableTalkWhileMuted
|
||||
forceJVB121Ratio
|
||||
forceTurnRelay
|
||||
hiddenDomain
|
||||
hiddenFromRecorderFeatureEnabled
|
||||
ignoreStartMuted
|
||||
websocketKeepAlive
|
||||
websocketKeepAliveUrl
|
||||
*/
|
||||
|
||||
/**
|
||||
* Default interval (milliseconds) for triggering mouseMoved iframe API event
|
||||
*/
|
||||
mouseMoveCallbackInterval: 1000,
|
||||
|
||||
/**
|
||||
Use this array to configure which notifications will be shown to the user
|
||||
The items correspond to the title or description key of that notification
|
||||
Some of these notifications also depend on some other internal logic to be displayed or not,
|
||||
so adding them here will not ensure they will always be displayed
|
||||
|
||||
A falsy value for this prop will result in having all notifications enabled (e.g null, undefined, false)
|
||||
*/
|
||||
// notifications: [
|
||||
// 'connection.CONNFAIL', // shown when the connection fails,
|
||||
// 'dialog.cameraNotSendingData', // shown when there's no feed from user's camera
|
||||
// 'dialog.kickTitle', // shown when user has been kicked
|
||||
// 'dialog.liveStreaming', // livestreaming notifications (pending, on, off, limits)
|
||||
// 'dialog.lockTitle', // shown when setting conference password fails
|
||||
// 'dialog.maxUsersLimitReached', // shown when maximmum users limit has been reached
|
||||
// 'dialog.micNotSendingData', // shown when user's mic is not sending any audio
|
||||
// 'dialog.passwordNotSupportedTitle', // shown when setting conference password fails due to password format
|
||||
// 'dialog.recording', // recording notifications (pending, on, off, limits)
|
||||
// 'dialog.remoteControlTitle', // remote control notifications (allowed, denied, start, stop, error)
|
||||
// 'dialog.reservationError',
|
||||
// 'dialog.serviceUnavailable', // shown when server is not reachable
|
||||
// 'dialog.sessTerminated', // shown when there is a failed conference session
|
||||
// 'dialog.sessionRestarted', // show when a client reload is initiated because of bridge migration
|
||||
// 'dialog.tokenAuthFailed', // show when an invalid jwt is used
|
||||
// 'dialog.transcribing', // transcribing notifications (pending, off)
|
||||
// 'dialOut.statusMessage', // shown when dial out status is updated.
|
||||
// 'liveStreaming.busy', // shown when livestreaming service is busy
|
||||
// 'liveStreaming.failedToStart', // shown when livestreaming fails to start
|
||||
// 'liveStreaming.unavailableTitle', // shown when livestreaming service is not reachable
|
||||
// 'lobby.joinRejectedMessage', // shown when while in a lobby, user's request to join is rejected
|
||||
// 'lobby.notificationTitle', // shown when lobby is toggled and when join requests are allowed / denied
|
||||
// 'notify.chatMessages', // shown when receiving chat messages while the chat window is closed
|
||||
// 'notify.disconnected', // shown when a participant has left
|
||||
// 'notify.connectedOneMember', // show when a participant joined
|
||||
// 'notify.connectedTwoMembers', // show when two participants joined simultaneously
|
||||
// 'notify.connectedThreePlusMembers', // show when more than 2 participants joined simultaneously
|
||||
// 'notify.leftOneMember', // show when a participant left
|
||||
// 'notify.leftTwoMembers', // show when two participants left simultaneously
|
||||
// 'notify.leftThreePlusMembers', // show when more than 2 participants left simultaneously
|
||||
// 'notify.grantedTo', // shown when moderator rights were granted to a participant
|
||||
// 'notify.hostAskedUnmute', // shown to participant when host asks them to unmute
|
||||
// 'notify.invitedOneMember', // shown when 1 participant has been invited
|
||||
// 'notify.invitedThreePlusMembers', // shown when 3+ participants have been invited
|
||||
// 'notify.invitedTwoMembers', // shown when 2 participants have been invited
|
||||
// 'notify.kickParticipant', // shown when a participant is kicked
|
||||
// 'notify.linkToSalesforce', // shown when joining a meeting with salesforce integration
|
||||
// 'notify.moderationStartedTitle', // shown when AV moderation is activated
|
||||
// 'notify.moderationStoppedTitle', // shown when AV moderation is deactivated
|
||||
// 'notify.moderationInEffectTitle', // shown when user attempts to unmute audio during AV moderation
|
||||
// 'notify.moderationInEffectVideoTitle', // shown when user attempts to enable video during AV moderation
|
||||
// 'notify.moderationInEffectCSTitle', // shown when user attempts to share content during AV moderation
|
||||
// 'notify.mutedRemotelyTitle', // shown when user is muted by a remote party
|
||||
// 'notify.mutedTitle', // shown when user has been muted upon joining,
|
||||
// 'notify.newDeviceAudioTitle', // prompts the user to use a newly detected audio device
|
||||
// 'notify.newDeviceCameraTitle', // prompts the user to use a newly detected camera
|
||||
// 'notify.participantWantsToJoin', // shown when lobby is enabled and participant requests to join meeting
|
||||
// 'notify.passwordRemovedRemotely', // shown when a password has been removed remotely
|
||||
// 'notify.passwordSetRemotely', // shown when a password has been set remotely
|
||||
// 'notify.raisedHand', // shown when a partcipant used raise hand,
|
||||
// 'notify.startSilentTitle', // shown when user joined with no audio
|
||||
// 'notify.unmute', // shown to moderator when user raises hand during AV moderation
|
||||
// 'notify.videoMutedRemotelyTitle', // shown when user's video is muted by a remote party,
|
||||
// 'prejoin.errorDialOut',
|
||||
// 'prejoin.errorDialOutDisconnected',
|
||||
// 'prejoin.errorDialOutFailed',
|
||||
// 'prejoin.errorDialOutStatus',
|
||||
// 'prejoin.errorStatusCode',
|
||||
// 'prejoin.errorValidation',
|
||||
// 'recording.busy', // shown when recording service is busy
|
||||
// 'recording.failedToStart', // shown when recording fails to start
|
||||
// 'recording.unavailableTitle', // shown when recording service is not reachable
|
||||
// 'toolbar.noAudioSignalTitle', // shown when a broken mic is detected
|
||||
// 'toolbar.noisyAudioInputTitle', // shown when noise is detected for the current microphone
|
||||
// 'toolbar.talkWhileMutedPopup', // shown when user tries to speak while muted
|
||||
// 'transcribing.failedToStart', // shown when transcribing fails to start
|
||||
// ],
|
||||
|
||||
// List of notifications to be disabled. Works in tandem with the above setting.
|
||||
// disabledNotifications: [],
|
||||
|
||||
// Prevent the filmstrip from autohiding when screen width is under a certain threshold
|
||||
// disableFilmstripAutohiding: false,
|
||||
|
||||
// filmstrip: {
|
||||
// // Disables user resizable filmstrip. Also, allows configuration of the filmstrip
|
||||
// // (width, tiles aspect ratios) through the interfaceConfig options.
|
||||
// disableResizable: false,
|
||||
|
||||
// // Disables the stage filmstrip
|
||||
// // (displaying multiple participants on stage besides the vertical filmstrip)
|
||||
// disableStageFilmstrip: false,
|
||||
|
||||
// // Default number of participants that can be displayed on stage.
|
||||
// // The user can change this in settings. Number must be between 1 and 6.
|
||||
// stageFilmstripParticipants: 1,
|
||||
|
||||
// // Disables the top panel (only shown when a user is sharing their screen).
|
||||
// disableTopPanel: false,
|
||||
|
||||
// // The minimum number of participants that must be in the call for
|
||||
// // the top panel layout to be used.
|
||||
// minParticipantCountForTopPanel: 50,
|
||||
// },
|
||||
|
||||
// Tile view related config options.
|
||||
// tileView: {
|
||||
// // The optimal number of tiles that are going to be shown in tile view. Depending on the screen size it may
|
||||
// // not be possible to show the exact number of participants specified here.
|
||||
// numberOfVisibleTiles: 25,
|
||||
// },
|
||||
|
||||
// Specifies whether the chat emoticons are disabled or not
|
||||
// disableChatSmileys: false,
|
||||
|
||||
// Settings for the GIPHY integration.
|
||||
// giphy: {
|
||||
// // Whether the feature is enabled or not.
|
||||
// enabled: false,
|
||||
// // SDK API Key from Giphy.
|
||||
// sdkKey: '',
|
||||
// // Display mode can be one of:
|
||||
// // - tile: show the GIF on the tile of the participant that sent it.
|
||||
// // - chat: show the GIF as a message in chat
|
||||
// // - all: all of the above. This is the default option
|
||||
// displayMode: 'all',
|
||||
// // How long the GIF should be displayed on the tile (in milliseconds).
|
||||
// tileTime: 5000,
|
||||
// // Limit results by rating: g, pg, pg-13, r. Default value: g.
|
||||
// rating: 'pg',
|
||||
// // The proxy server url for giphy requests in the web app.
|
||||
// proxyUrl: 'https://giphy-proxy.example.com',
|
||||
// },
|
||||
|
||||
// Logging
|
||||
// logging: {
|
||||
// // Default log level for the app and lib-jitsi-meet.
|
||||
// defaultLogLevel: 'trace',
|
||||
// // Option to disable LogCollector (which stores the logs on CallStats).
|
||||
// //disableLogCollector: true,
|
||||
// // Individual loggers are customizable.
|
||||
// loggers: {
|
||||
// // The following are too verbose in their logging with the default level.
|
||||
// 'modules/RTC/TraceablePeerConnection.js': 'info',
|
||||
// 'modules/statistics/CallStats.js': 'info',
|
||||
// 'modules/xmpp/strophe.util.js': 'log',
|
||||
// },
|
||||
|
||||
// Application logo url
|
||||
// defaultLogoUrl: 'images/watermark.svg',
|
||||
|
||||
// Settings for the Excalidraw whiteboard integration.
|
||||
// whiteboard: {
|
||||
// // Whether the feature is enabled or not.
|
||||
// enabled: true,
|
||||
// // The server used to support whiteboard collaboration.
|
||||
// // https://github.com/jitsi/excalidraw-backend
|
||||
// collabServerBaseUrl: 'https://excalidraw-backend.example.com',
|
||||
// },
|
||||
};
|
||||
|
||||
// Temporary backwards compatibility with old mobile clients.
|
||||
config.flags = config.flags || {};
|
||||
config.flags.sourceNameSignaling = true;
|
||||
config.flags.sendMultipleVideoStreams = true;
|
||||
config.flags.receiveMultipleVideoStreams = true;
|
||||
|
||||
// Set the default values for JaaS customers
|
||||
if (enableJaaS) {
|
||||
config.dialInNumbersUrl = 'https://conference-mapper.jitsi.net/v1/access/dids';
|
||||
config.dialInConfCodeUrl = 'https://conference-mapper.jitsi.net/v1/access';
|
||||
config.roomPasswordNumberOfDigits = 10; // skip re-adding it (do not remove comment)
|
||||
}
|
273
webapps/jitsimeet/templates/meet/interface_config.js.j2
Normal file
273
webapps/jitsimeet/templates/meet/interface_config.js.j2
Normal file
|
@ -0,0 +1,273 @@
|
|||
/* eslint-disable no-unused-vars, no-var, max-len */
|
||||
/* eslint sort-keys: ["error", "asc", {"caseSensitive": false}] */
|
||||
|
||||
/**
|
||||
* !!!IMPORTANT!!!
|
||||
*
|
||||
* This file is considered deprecated. All options will eventually be moved to
|
||||
* config.js, and no new options should be added here.
|
||||
*/
|
||||
|
||||
var interfaceConfig = {
|
||||
APP_NAME: 'Jitsi Meet',
|
||||
AUDIO_LEVEL_PRIMARY_COLOR: 'rgba(255,255,255,0.4)',
|
||||
AUDIO_LEVEL_SECONDARY_COLOR: 'rgba(255,255,255,0.2)',
|
||||
|
||||
/**
|
||||
* A UX mode where the last screen share participant is automatically
|
||||
* pinned. Valid values are the string "remote-only" so remote participants
|
||||
* get pinned but not local, otherwise any truthy value for all participants,
|
||||
* and any falsy value to disable the feature.
|
||||
*
|
||||
* Note: this mode is experimental and subject to breakage.
|
||||
*/
|
||||
AUTO_PIN_LATEST_SCREEN_SHARE: 'remote-only',
|
||||
BRAND_WATERMARK_LINK: '',
|
||||
|
||||
CLOSE_PAGE_GUEST_HINT: false, // A html text to be shown to guests on the close page, false disables it
|
||||
|
||||
DEFAULT_BACKGROUND: '#040404',
|
||||
DEFAULT_WELCOME_PAGE_LOGO_URL: 'images/watermark.svg',
|
||||
|
||||
DISABLE_DOMINANT_SPEAKER_INDICATOR: false,
|
||||
|
||||
/**
|
||||
* If true, notifications regarding joining/leaving are no longer displayed.
|
||||
*/
|
||||
DISABLE_JOIN_LEAVE_NOTIFICATIONS: false,
|
||||
|
||||
/**
|
||||
* If true, presence status: busy, calling, connected etc. is not displayed.
|
||||
*/
|
||||
DISABLE_PRESENCE_STATUS: false,
|
||||
|
||||
/**
|
||||
* Whether the ringing sound in the call/ring overlay is disabled. If
|
||||
* {@code undefined}, defaults to {@code false}.
|
||||
*
|
||||
* @type {boolean}
|
||||
*/
|
||||
DISABLE_RINGING: false,
|
||||
|
||||
/**
|
||||
* Whether the speech to text transcription subtitles panel is disabled.
|
||||
* If {@code undefined}, defaults to {@code false}.
|
||||
*
|
||||
* @type {boolean}
|
||||
*/
|
||||
DISABLE_TRANSCRIPTION_SUBTITLES: false,
|
||||
|
||||
/**
|
||||
* Whether or not the blurred video background for large video should be
|
||||
* displayed on browsers that can support it.
|
||||
*/
|
||||
DISABLE_VIDEO_BACKGROUND: false,
|
||||
|
||||
DISPLAY_WELCOME_FOOTER: {{ jitsimeet_welcome_footer }},
|
||||
DISPLAY_WELCOME_PAGE_ADDITIONAL_CARD: false,
|
||||
DISPLAY_WELCOME_PAGE_CONTENT: true,
|
||||
DISPLAY_WELCOME_PAGE_TOOLBAR_ADDITIONAL_CONTENT: false,
|
||||
|
||||
ENABLE_DIAL_OUT: true,
|
||||
|
||||
// DEPRECATED. Animation no longer supported.
|
||||
// ENABLE_FEEDBACK_ANIMATION: false,
|
||||
|
||||
FILM_STRIP_MAX_HEIGHT: 120,
|
||||
|
||||
GENERATE_ROOMNAMES_ON_WELCOME_PAGE: true,
|
||||
|
||||
/**
|
||||
* Hide the invite prompt in the header when alone in the meeting.
|
||||
*/
|
||||
HIDE_INVITE_MORE_HEADER: false,
|
||||
|
||||
JITSI_WATERMARK_LINK: 'https://jitsi.org',
|
||||
|
||||
LANG_DETECTION: true, // Allow i18n to detect the system language
|
||||
LOCAL_THUMBNAIL_RATIO: 16 / 9, // 16:9
|
||||
|
||||
/**
|
||||
* Maximum coefficient of the ratio of the large video to the visible area
|
||||
* after the large video is scaled to fit the window.
|
||||
*
|
||||
* @type {number}
|
||||
*/
|
||||
MAXIMUM_ZOOMING_COEFFICIENT: 1.3,
|
||||
|
||||
/**
|
||||
* Whether the mobile app Jitsi Meet is to be promoted to participants
|
||||
* attempting to join a conference in a mobile Web browser. If
|
||||
* {@code undefined}, defaults to {@code true}.
|
||||
*
|
||||
* @type {boolean}
|
||||
*/
|
||||
MOBILE_APP_PROMO: true,
|
||||
|
||||
// Names of browsers which should show a warning stating the current browser
|
||||
// has a suboptimal experience. Browsers which are not listed as optimal or
|
||||
// unsupported are considered suboptimal. Valid values are:
|
||||
// chrome, chromium, edge, electron, firefox, nwjs, opera, safari
|
||||
OPTIMAL_BROWSERS: [ 'chrome', 'chromium', 'firefox', 'nwjs', 'electron', 'safari' ],
|
||||
|
||||
POLICY_LOGO: null,
|
||||
PROVIDER_NAME: 'Jitsi',
|
||||
|
||||
/**
|
||||
* If true, will display recent list
|
||||
*
|
||||
* @type {boolean}
|
||||
*/
|
||||
RECENT_LIST_ENABLED: true,
|
||||
REMOTE_THUMBNAIL_RATIO: 1, // 1:1
|
||||
|
||||
SETTINGS_SECTIONS: [ 'devices', 'language', 'moderator', 'profile', 'calendar', 'sounds', 'more' ],
|
||||
|
||||
/**
|
||||
* Specify which sharing features should be displayed. If the value is not set
|
||||
* all sharing features will be shown. You can set [] to disable all.
|
||||
*/
|
||||
// SHARING_FEATURES: ['email', 'url', 'dial-in', 'embed'],
|
||||
|
||||
SHOW_BRAND_WATERMARK: false,
|
||||
|
||||
/**
|
||||
* Decides whether the chrome extension banner should be rendered on the landing page and during the meeting.
|
||||
* If this is set to false, the banner will not be rendered at all. If set to true, the check for extension(s)
|
||||
* being already installed is done before rendering.
|
||||
*/
|
||||
SHOW_CHROME_EXTENSION_BANNER: false,
|
||||
|
||||
SHOW_JITSI_WATERMARK: true,
|
||||
SHOW_POWERED_BY: false,
|
||||
SHOW_PROMOTIONAL_CLOSE_PAGE: false,
|
||||
|
||||
/*
|
||||
* If indicated some of the error dialogs may point to the support URL for
|
||||
* help.
|
||||
*/
|
||||
SUPPORT_URL: 'https://community.jitsi.org/',
|
||||
|
||||
// Browsers, in addition to those which do not fully support WebRTC, that
|
||||
// are not supported and should show the unsupported browser page.
|
||||
UNSUPPORTED_BROWSERS: [],
|
||||
|
||||
/**
|
||||
* Whether to show thumbnails in filmstrip as a column instead of as a row.
|
||||
*/
|
||||
VERTICAL_FILMSTRIP: true,
|
||||
|
||||
// Determines how the video would fit the screen. 'both' would fit the whole
|
||||
// screen, 'height' would fit the original video height to the height of the
|
||||
// screen, 'width' would fit the original video width to the width of the
|
||||
// screen respecting ratio, 'nocrop' would make the video as large as
|
||||
// possible and preserve aspect ratio without cropping.
|
||||
VIDEO_LAYOUT_FIT: 'both',
|
||||
|
||||
/**
|
||||
* If true, hides the video quality label indicating the resolution status
|
||||
* of the current large video.
|
||||
*
|
||||
* @type {boolean}
|
||||
*/
|
||||
VIDEO_QUALITY_LABEL_DISABLED: false,
|
||||
|
||||
/**
|
||||
* How many columns the tile view can expand to. The respected range is
|
||||
* between 1 and 5.
|
||||
*/
|
||||
// TILE_VIEW_MAX_COLUMNS: 5,
|
||||
|
||||
// List of undocumented settings
|
||||
/**
|
||||
INDICATOR_FONT_SIZES
|
||||
PHONE_NUMBER_REGEX
|
||||
*/
|
||||
|
||||
// -----------------DEPRECATED CONFIGS BELOW THIS LINE-----------------------------
|
||||
|
||||
/**
|
||||
* Specify URL for downloading ios mobile app.
|
||||
*/
|
||||
// MOBILE_DOWNLOAD_LINK_IOS: 'https://itunes.apple.com/us/app/jitsi-meet/id1165103905',
|
||||
|
||||
/**
|
||||
* Specify custom URL for downloading android mobile app.
|
||||
*/
|
||||
// MOBILE_DOWNLOAD_LINK_ANDROID: 'https://play.google.com/store/apps/details?id=org.jitsi.meet',
|
||||
|
||||
/**
|
||||
* Specify mobile app scheme for opening the app from the mobile browser.
|
||||
*/
|
||||
// APP_SCHEME: 'org.jitsi.meet',
|
||||
|
||||
// NATIVE_APP_NAME: 'Jitsi Meet',
|
||||
|
||||
/**
|
||||
* Specify Firebase dynamic link properties for the mobile apps.
|
||||
*/
|
||||
// MOBILE_DYNAMIC_LINK: {
|
||||
// APN: 'org.jitsi.meet',
|
||||
// APP_CODE: 'w2atb',
|
||||
// CUSTOM_DOMAIN: undefined,
|
||||
// IBI: 'com.atlassian.JitsiMeet.ios',
|
||||
// ISI: '1165103905'
|
||||
// },
|
||||
|
||||
/**
|
||||
* Hide the logo on the deep linking pages.
|
||||
*/
|
||||
// HIDE_DEEP_LINKING_LOGO: false,
|
||||
|
||||
/**
|
||||
* Specify the Android app package name.
|
||||
*/
|
||||
// ANDROID_APP_PACKAGE: 'org.jitsi.meet',
|
||||
|
||||
/**
|
||||
* Specify custom URL for downloading f droid app.
|
||||
*/
|
||||
// MOBILE_DOWNLOAD_LINK_F_DROID: 'https://f-droid.org/en/packages/org.jitsi.meet/',
|
||||
|
||||
// Connection indicators (
|
||||
// CONNECTION_INDICATOR_AUTO_HIDE_ENABLED,
|
||||
// CONNECTION_INDICATOR_AUTO_HIDE_TIMEOUT,
|
||||
// CONNECTION_INDICATOR_DISABLED) got moved to config.js.
|
||||
|
||||
// Please use disableModeratorIndicator from config.js
|
||||
// DISABLE_FOCUS_INDICATOR: false,
|
||||
|
||||
// Please use defaultLocalDisplayName from config.js
|
||||
// DEFAULT_LOCAL_DISPLAY_NAME: 'me',
|
||||
|
||||
// Please use defaultLogoUrl from config.js
|
||||
// DEFAULT_LOGO_URL: 'images/watermark.svg',
|
||||
|
||||
// Please use defaultRemoteDisplayName from config.js
|
||||
// DEFAULT_REMOTE_DISPLAY_NAME: 'Fellow Jitster',
|
||||
|
||||
// Moved to config.js as `toolbarConfig.initialTimeout`.
|
||||
// INITIAL_TOOLBAR_TIMEOUT: 20000,
|
||||
|
||||
// Please use `liveStreaming.helpLink` from config.js
|
||||
// Documentation reference for the live streaming feature.
|
||||
// LIVE_STREAMING_HELP_LINK: 'https://jitsi.org/live',
|
||||
|
||||
// Moved to config.js as `toolbarConfig.alwaysVisible`.
|
||||
// TOOLBAR_ALWAYS_VISIBLE: false,
|
||||
|
||||
// This config was moved to config.js as `toolbarButtons`.
|
||||
// TOOLBAR_BUTTONS: [],
|
||||
|
||||
// Moved to config.js as `toolbarConfig.timeout`.
|
||||
// TOOLBAR_TIMEOUT: 4000,
|
||||
|
||||
// Allow all above example options to include a trailing comma and
|
||||
// prevent fear when commenting out the last value.
|
||||
// eslint-disable-next-line sort-keys
|
||||
makeJsonParserHappy: 'even if last key had a trailing comma'
|
||||
|
||||
// No configuration value should follow this line.
|
||||
};
|
||||
|
||||
/* eslint-enable no-unused-vars, no-var, max-len */
|
|
@ -0,0 +1,22 @@
|
|||
<template id = "welcome-page-additional-content-template">
|
||||
<div class="welcome-page-content">
|
||||
<div class="welcome-footer">
|
||||
<div class="welcome-footer-centered">
|
||||
<div class="welcome-footer-padded">
|
||||
<div class="welcome-footer-row-block welcome-footer--row-1">
|
||||
<div class="welcome-footer-row-1-text">Jitsi on mobile – download our apps and start a meeting from anywhere </div>
|
||||
<a class="welcome-badge" href="https://apps.apple.com/us/app/jitsi-meet/id1165103905"><img src="./images/app-store-badge.png"></a>
|
||||
<a class="welcome-badge" href="https://play.google.com/store/apps/details?id=org.jitsi.meet&hl=en&gl=US"><img src="./images/google-play-badge.png"></a>
|
||||
<a class="welcomebadge" href="https://f-droid.org/en/packages/org.jitsi.meet/"><img src="./images/f-droid-badge.png"></a>
|
||||
</div>
|
||||
|
||||
<div class="welcome-footer-row-block welcome-footer--row-2">
|
||||
<div style="padding-top:0.7em; padding-bottom:0.7em;">
|
||||
<a href="https://evolix.com" rel="noopener" target="_blank">Hébergé par Evolix</a> | Nous proposons une utilisation gratuite sous réserve d'accepter nos <a href="https://evolix.com/cgu.html" rel="noopener" target="_blank">CGU</a>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</template>
|
27
webapps/jitsimeet/templates/nginx/multiplex.conf.j2
Normal file
27
webapps/jitsimeet/templates/nginx/multiplex.conf.j2
Normal file
|
@ -0,0 +1,27 @@
|
|||
stream {
|
||||
map $ssl_preread_server_name $name {
|
||||
{{ jitsimeet_domains | first }} web_backend;
|
||||
{{ jitsimeet_turn_domains | first }} turn_backend;
|
||||
}
|
||||
|
||||
upstream web_backend {
|
||||
server 127.0.0.1:8088;
|
||||
}
|
||||
|
||||
upstream turn_backend {
|
||||
server {{ ansible_default_ipv4.address }}:5349;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443;
|
||||
listen [::]:443;
|
||||
|
||||
# since 1.11.5
|
||||
ssl_preread on;
|
||||
|
||||
proxy_pass $name;
|
||||
|
||||
# Increase buffer to serve video
|
||||
proxy_buffer_size 10m;
|
||||
}
|
||||
}
|
224
webapps/jitsimeet/templates/nginx/other.vhost.conf.j2
Normal file
224
webapps/jitsimeet/templates/nginx/other.vhost.conf.j2
Normal file
|
@ -0,0 +1,224 @@
|
|||
{% if jitsimeet_ssl.stat.exists %}
|
||||
map $arg_vnode $prosody_node {
|
||||
default prosody;
|
||||
v1 v1;
|
||||
v2 v2;
|
||||
v3 v3;
|
||||
v4 v4;
|
||||
v5 v5;
|
||||
v6 v6;
|
||||
v7 v7;
|
||||
v8 v8;
|
||||
}
|
||||
|
||||
{% endif %}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name {{ domain }};
|
||||
|
||||
# For certbot
|
||||
location ~ /.well-known/acme-challenge {
|
||||
alias /var/lib/letsencrypt/;
|
||||
try_files $uri =404;
|
||||
allow all;
|
||||
}
|
||||
{% if jitsimeet_ssl.stat.exists %}
|
||||
location / { return 301 https://$host$request_uri; }
|
||||
{% endif %}
|
||||
}
|
||||
|
||||
{% if jitsimeet_ssl.stat.exists %}
|
||||
server {
|
||||
listen 8088 ssl http2;
|
||||
listen [::]:8088 ssl http2;
|
||||
server_name {{ domain }};
|
||||
|
||||
access_log /var/log/nginx/{{ service }}.access.log; # reduce I/0 with buffer=10m flush=5m
|
||||
error_log /var/log/nginx/{{ service }}.error.log;
|
||||
|
||||
# For certbot
|
||||
location ~ /.well-known/acme-challenge {
|
||||
alias /var/lib/letsencrypt/;
|
||||
try_files $uri =404;
|
||||
allow all;
|
||||
}
|
||||
|
||||
# Mozilla Guideline v5.4, nginx 1.17.7, OpenSSL 1.1.1d, intermediate configuration
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
|
||||
ssl_prefer_server_ciphers off;
|
||||
|
||||
ssl_session_timeout 1d;
|
||||
ssl_session_cache shared:SSL:10m; # about 40000 sessions
|
||||
ssl_session_tickets off;
|
||||
|
||||
add_header Strict-Transport-Security "max-age=63072000" always;
|
||||
set $prefix "";
|
||||
set $custom_index "";
|
||||
set $config_js_location /etc/jitsi/meet/{{ domain }}-config.js;
|
||||
set $interface_config_js_location /etc/jitsi/meet/{{ domain }}-interface_config.js;
|
||||
set $welcome_page_additional_content_location /etc/jitsi/meet/welcomePageAdditionalContent.html;
|
||||
|
||||
##
|
||||
# Certificates
|
||||
# you need a certificate to run in production. see https://letsencrypt.org/
|
||||
##
|
||||
ssl_certificate /etc/letsencrypt/live/{{ domain }}/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/{{ domain }}/privkey.pem;
|
||||
|
||||
root /usr/share/jitsi-meet;
|
||||
|
||||
# ssi on with javascript for multidomain variables in config.js
|
||||
ssi on;
|
||||
ssi_types application/x-javascript application/javascript;
|
||||
|
||||
index index.html index.htm;
|
||||
error_page 404 /static/404.html;
|
||||
|
||||
gzip on;
|
||||
gzip_types text/plain text/css application/javascript application/json image/x-icon application/octet-stream application/wasm;
|
||||
gzip_vary on;
|
||||
gzip_proxied no-cache no-store private expired auth;
|
||||
gzip_min_length 512;
|
||||
|
||||
include /etc/jitsi/meet/jaas/*.conf;
|
||||
|
||||
location = /config.js {
|
||||
alias $config_js_location;
|
||||
}
|
||||
|
||||
location = /interface_config.js {
|
||||
alias $interface_config_js_location;
|
||||
}
|
||||
|
||||
location = /external_api.js {
|
||||
alias /usr/share/jitsi-meet/libs/external_api.min.js;
|
||||
}
|
||||
|
||||
location = /static/welcomePageAdditionalContent.html {
|
||||
alias $welcome_page_additional_content_location;
|
||||
}
|
||||
|
||||
location = /_api/room-info {
|
||||
proxy_pass http://prosody/room-info?prefix=$prefix&$args;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Host {{ jitsimeet_domains | first }};
|
||||
}
|
||||
|
||||
location ~ ^/_api/public/(.*)$ {
|
||||
autoindex off;
|
||||
alias /etc/jitsi/meet/public/$1;
|
||||
}
|
||||
|
||||
# ensure all static content can always be found first
|
||||
location ~ ^/(libs|css|static|images|fonts|lang|sounds|.well-known)/(.*)$
|
||||
{
|
||||
add_header 'Access-Control-Allow-Origin' '*';
|
||||
alias /usr/share/jitsi-meet/$1/$2;
|
||||
|
||||
# cache all versioned files
|
||||
if ($arg_v) {
|
||||
expires 1y;
|
||||
}
|
||||
}
|
||||
|
||||
# BOSH
|
||||
location = /http-bind {
|
||||
proxy_pass http://$prosody_node/http-bind?prefix=$prefix&$args;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Host {{ jitsimeet_domains | first }};
|
||||
proxy_set_header Connection "";
|
||||
}
|
||||
|
||||
# xmpp websockets
|
||||
location = /xmpp-websocket {
|
||||
add_header 'Access-Control-Allow-Origin' '*';
|
||||
proxy_pass http://$prosody_node/xmpp-websocket?prefix=$prefix&$args;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
proxy_set_header Host {{ jitsimeet_domains | first }};
|
||||
tcp_nodelay on;
|
||||
}
|
||||
|
||||
# colibri (JVB) websockets for jvb1
|
||||
location ~ ^/colibri-ws/([a-zA-Z0-9-\._]+)/(.*) {
|
||||
proxy_pass http://jvb1/colibri-ws/default-id/$2$is_args$args;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
tcp_nodelay on;
|
||||
}
|
||||
|
||||
# load test minimal client, uncomment when used
|
||||
#location ~ ^/_load-test/([^/?&:'"]+)$ {
|
||||
# rewrite ^/_load-test/(.*)$ /load-test/index.html break;
|
||||
#}
|
||||
#location ~ ^/_load-test/libs/(.*)$ {
|
||||
# add_header 'Access-Control-Allow-Origin' '*';
|
||||
# alias /usr/share/jitsi-meet/load-test/libs/$1;
|
||||
#}
|
||||
|
||||
location ~ ^/([^/?&:'"]+)$ {
|
||||
set $roomname "$1";
|
||||
try_files $uri @root_path;
|
||||
}
|
||||
|
||||
location @root_path {
|
||||
rewrite ^/(.*)$ /$custom_index break;
|
||||
}
|
||||
|
||||
location ~ ^/([^/?&:'"]+)/config.js$
|
||||
{
|
||||
set $subdomain "$1.";
|
||||
set $subdir "$1/";
|
||||
|
||||
alias $config_js_location;
|
||||
}
|
||||
|
||||
# Matches /(TENANT)/pwa-worker.js or /(TENANT)/manifest.json to rewrite to / and look for file
|
||||
location ~ ^/([^/?&:'"]+)/(pwa-worker.js|manifest.json)$ {
|
||||
set $subdomain "$1.";
|
||||
set $subdir "$1/";
|
||||
rewrite ^/([^/?&:'"]+)/(pwa-worker.js|manifest.json)$ /$2;
|
||||
}
|
||||
|
||||
# BOSH for subdomains
|
||||
location ~ ^/([^/?&:'"]+)/http-bind {
|
||||
set $subdomain "$1.";
|
||||
set $subdir "$1/";
|
||||
set $prefix "$1";
|
||||
|
||||
rewrite ^/(.*)$ /http-bind;
|
||||
}
|
||||
|
||||
# websockets for subdomains
|
||||
location ~ ^/([^/?&:'"]+)/xmpp-websocket {
|
||||
set $subdomain "$1.";
|
||||
set $subdir "$1/";
|
||||
set $prefix "$1";
|
||||
|
||||
rewrite ^/(.*)$ /xmpp-websocket;
|
||||
}
|
||||
|
||||
location ~ ^/([^/?&:'"]+)/_api/room-info {
|
||||
set $subdomain "$1.";
|
||||
set $subdir "$1/";
|
||||
set $prefix "$1";
|
||||
|
||||
rewrite ^/(.*)$ /_api/room-info;
|
||||
}
|
||||
|
||||
# Anything that didn't match above, and isn't a real file, assume it's a room name and redirect to /
|
||||
location ~ ^/([^/?&:'"]+)/(.*)$ {
|
||||
set $subdomain "$1.";
|
||||
set $subdir "$1/";
|
||||
rewrite ^/([^/?&:'"]+)/(.*)$ /$2;
|
||||
}
|
||||
}
|
||||
|
||||
{% endif %}
|
270
webapps/jitsimeet/templates/nginx/vhost.conf.j2
Normal file
270
webapps/jitsimeet/templates/nginx/vhost.conf.j2
Normal file
|
@ -0,0 +1,270 @@
|
|||
{% if jitsimeet_ssl.stat.exists %}
|
||||
server_names_hash_bucket_size 64;
|
||||
|
||||
types {
|
||||
# nginx's default mime.types doesn't include a mapping for wasm or wav.
|
||||
application/wasm wasm;
|
||||
audio/wav wav;
|
||||
}
|
||||
upstream prosody {
|
||||
zone upstreams 64K;
|
||||
server 127.0.0.1:5280;
|
||||
keepalive 2;
|
||||
}
|
||||
upstream jvb1 {
|
||||
zone upstreams 64K;
|
||||
server 127.0.0.1:9090;
|
||||
keepalive 2;
|
||||
}
|
||||
map $arg_vnode $prosody_node {
|
||||
default prosody;
|
||||
v1 v1;
|
||||
v2 v2;
|
||||
v3 v3;
|
||||
v4 v4;
|
||||
v5 v5;
|
||||
v6 v6;
|
||||
v7 v7;
|
||||
v8 v8;
|
||||
}
|
||||
|
||||
{% endif %}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name {{ jitsimeet_domains | first }} {{ jitsimeet_turn_domains | first }};
|
||||
|
||||
# For certbot
|
||||
location ~ /.well-known/acme-challenge {
|
||||
alias /var/lib/letsencrypt/;
|
||||
try_files $uri =404;
|
||||
allow all;
|
||||
}
|
||||
{% if jitsimeet_ssl.stat.exists %}
|
||||
location / { return 301 https://$host$request_uri; }
|
||||
{% endif %}
|
||||
}
|
||||
|
||||
{% if jitsimeet_ssl.stat.exists %}
|
||||
server {
|
||||
listen 8088 ssl http2;
|
||||
listen [::]:8088 ssl http2;
|
||||
server_name {{ jitsimeet_domains | first }};
|
||||
|
||||
access_log /var/log/nginx/{{ service }}.access.log; # reduce I/0 with buffer=10m flush=5m
|
||||
error_log /var/log/nginx/{{ service }}.error.log;
|
||||
|
||||
# For certbot
|
||||
location ~ /.well-known/acme-challenge {
|
||||
alias /var/lib/letsencrypt/;
|
||||
try_files $uri =404;
|
||||
allow all;
|
||||
}
|
||||
|
||||
# Mozilla Guideline v5.4, nginx 1.17.7, OpenSSL 1.1.1d, intermediate configuration
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
|
||||
ssl_prefer_server_ciphers off;
|
||||
|
||||
ssl_session_timeout 1d;
|
||||
ssl_session_cache shared:SSL:10m; # about 40000 sessions
|
||||
ssl_session_tickets off;
|
||||
|
||||
add_header Strict-Transport-Security "max-age=63072000" always;
|
||||
set $prefix "";
|
||||
set $custom_index "";
|
||||
set $config_js_location /etc/jitsi/meet/{{ jitsimeet_domains | first }}-config.js;
|
||||
set $interface_config_js_location /etc/jitsi/meet/{{ jitsimeet_domains | first }}-interface_config.js;
|
||||
set $welcome_page_additional_content_location /etc/jitsi/meet/welcomePageAdditionalContent.html;
|
||||
|
||||
##
|
||||
# Certificates
|
||||
# you need a certificate to run in production. see https://letsencrypt.org/
|
||||
##
|
||||
ssl_certificate /etc/letsencrypt/live/{{ jitsimeet_domains | first }}/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/{{ jitsimeet_domains | first }}/privkey.pem;
|
||||
|
||||
root /usr/share/jitsi-meet;
|
||||
|
||||
# ssi on with javascript for multidomain variables in config.js
|
||||
ssi on;
|
||||
ssi_types application/x-javascript application/javascript;
|
||||
|
||||
index index.html index.htm;
|
||||
error_page 404 /static/404.html;
|
||||
|
||||
gzip on;
|
||||
gzip_types text/plain text/css application/javascript application/json image/x-icon application/octet-stream application/wasm;
|
||||
gzip_vary on;
|
||||
gzip_proxied no-cache no-store private expired auth;
|
||||
gzip_min_length 512;
|
||||
|
||||
include /etc/jitsi/meet/jaas/*.conf;
|
||||
|
||||
location = /config.js {
|
||||
alias $config_js_location;
|
||||
}
|
||||
|
||||
location = /interface_config.js {
|
||||
alias $interface_config_js_location;
|
||||
}
|
||||
|
||||
location = /external_api.js {
|
||||
alias /usr/share/jitsi-meet/libs/external_api.min.js;
|
||||
}
|
||||
|
||||
location = /static/welcomePageAdditionalContent.html {
|
||||
alias $welcome_page_additional_content_location;
|
||||
}
|
||||
|
||||
location = /_api/room-info {
|
||||
proxy_pass http://prosody/room-info?prefix=$prefix&$args;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Host $http_host;
|
||||
}
|
||||
|
||||
location ~ ^/_api/public/(.*)$ {
|
||||
autoindex off;
|
||||
alias /etc/jitsi/meet/public/$1;
|
||||
}
|
||||
|
||||
# ensure all static content can always be found first
|
||||
location ~ ^/(libs|css|static|images|fonts|lang|sounds|.well-known)/(.*)$
|
||||
{
|
||||
add_header 'Access-Control-Allow-Origin' '*';
|
||||
alias /usr/share/jitsi-meet/$1/$2;
|
||||
|
||||
# cache all versioned files
|
||||
if ($arg_v) {
|
||||
expires 1y;
|
||||
}
|
||||
}
|
||||
|
||||
# BOSH
|
||||
location = /http-bind {
|
||||
proxy_pass http://$prosody_node/http-bind?prefix=$prefix&$args;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header Connection "";
|
||||
}
|
||||
|
||||
# xmpp websockets
|
||||
location = /xmpp-websocket {
|
||||
add_header 'Access-Control-Allow-Origin' '*';
|
||||
proxy_pass http://$prosody_node/xmpp-websocket?prefix=$prefix&$args;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
proxy_set_header Host $http_host;
|
||||
tcp_nodelay on;
|
||||
}
|
||||
|
||||
# colibri (JVB) websockets for jvb1
|
||||
location ~ ^/colibri-ws/([a-zA-Z0-9-\._]+)/(.*) {
|
||||
proxy_pass http://jvb1/colibri-ws/default-id/$2$is_args$args;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
tcp_nodelay on;
|
||||
}
|
||||
|
||||
# load test minimal client, uncomment when used
|
||||
#location ~ ^/_load-test/([^/?&:'"]+)$ {
|
||||
# rewrite ^/_load-test/(.*)$ /load-test/index.html break;
|
||||
#}
|
||||
#location ~ ^/_load-test/libs/(.*)$ {
|
||||
# add_header 'Access-Control-Allow-Origin' '*';
|
||||
# alias /usr/share/jitsi-meet/load-test/libs/$1;
|
||||
#}
|
||||
|
||||
location ~ ^/([^/?&:'"]+)$ {
|
||||
set $roomname "$1";
|
||||
try_files $uri @root_path;
|
||||
}
|
||||
|
||||
location @root_path {
|
||||
rewrite ^/(.*)$ /$custom_index break;
|
||||
}
|
||||
|
||||
location ~ ^/([^/?&:'"]+)/config.js$
|
||||
{
|
||||
set $subdomain "$1.";
|
||||
set $subdir "$1/";
|
||||
|
||||
alias $config_js_location;
|
||||
}
|
||||
|
||||
# Matches /(TENANT)/pwa-worker.js or /(TENANT)/manifest.json to rewrite to / and look for file
|
||||
location ~ ^/([^/?&:'"]+)/(pwa-worker.js|manifest.json)$ {
|
||||
set $subdomain "$1.";
|
||||
set $subdir "$1/";
|
||||
rewrite ^/([^/?&:'"]+)/(pwa-worker.js|manifest.json)$ /$2;
|
||||
}
|
||||
|
||||
# BOSH for subdomains
|
||||
location ~ ^/([^/?&:'"]+)/http-bind {
|
||||
set $subdomain "$1.";
|
||||
set $subdir "$1/";
|
||||
set $prefix "$1";
|
||||
|
||||
rewrite ^/(.*)$ /http-bind;
|
||||
}
|
||||
|
||||
# websockets for subdomains
|
||||
location ~ ^/([^/?&:'"]+)/xmpp-websocket {
|
||||
set $subdomain "$1.";
|
||||
set $subdir "$1/";
|
||||
set $prefix "$1";
|
||||
|
||||
rewrite ^/(.*)$ /xmpp-websocket;
|
||||
}
|
||||
|
||||
location ~ ^/([^/?&:'"]+)/_api/room-info {
|
||||
set $subdomain "$1.";
|
||||
set $subdir "$1/";
|
||||
set $prefix "$1";
|
||||
|
||||
rewrite ^/(.*)$ /_api/room-info;
|
||||
}
|
||||
|
||||
# Anything that didn't match above, and isn't a real file, assume it's a room name and redirect to /
|
||||
location ~ ^/([^/?&:'"]+)/(.*)$ {
|
||||
set $subdomain "$1.";
|
||||
set $subdir "$1/";
|
||||
rewrite ^/([^/?&:'"]+)/(.*)$ /$2;
|
||||
}
|
||||
}
|
||||
|
||||
## Pour communiquer les stats colibri Ă un serveur externe Grafana
|
||||
server {
|
||||
listen {{ jitsimeet_colibri_ext_port }} ssl http2;
|
||||
listen [::]:{{ jitsimeet_colibri_ext_port }} ssl http2;
|
||||
|
||||
server_name {{ jitsimeet_domains | first }};
|
||||
|
||||
# Mozilla Guideline v5.4, nginx 1.17.7, OpenSSL 1.1.1d, intermediate configuration
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
|
||||
ssl_prefer_server_ciphers off;
|
||||
|
||||
ssl_session_timeout 1d;
|
||||
ssl_session_cache shared:SSL:10m; # about 40000 sessions
|
||||
ssl_session_tickets off;
|
||||
|
||||
add_header Strict-Transport-Security "max-age=63072000" always;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/{{ jitsimeet_domains | first }}/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/{{ jitsimeet_domains | first }}/privkey.pem;
|
||||
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:8080;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
}
|
||||
|
||||
{% endif %}
|
164
webapps/jitsimeet/templates/prosody/virtualhost.cfg.lua.j2
Normal file
164
webapps/jitsimeet/templates/prosody/virtualhost.cfg.lua.j2
Normal file
|
@ -0,0 +1,164 @@
|
|||
plugin_paths = { "/usr/share/jitsi-meet/prosody-plugins/" }
|
||||
|
||||
-- domain mapper options, must at least have domain base set to use the mapper
|
||||
muc_mapper_domain_base = "{{ jitsimeet_domains | first }}";
|
||||
|
||||
external_service_secret = "{{ jitsimeet_turn_secret }}";
|
||||
external_services = {
|
||||
{ type = "stun", host = "{{ jitsimeet_turn_domains | first }}", port = 3478 },
|
||||
{ type = "turn", host = "{{ jitsimeet_turn_domains | first }}", port = 3478, transport = "udp", secret = true, ttl = 86400, algorithm = "turn" },
|
||||
{ type = "turns", host = "{{ jitsimeet_turn_domains | first }}", port = 443, transport = "tcp", secret = true, ttl = 86400, algorithm = "turn" }
|
||||
};
|
||||
|
||||
cross_domain_bosh = false;
|
||||
consider_bosh_secure = true;
|
||||
cross_domain_websocket = true;
|
||||
consider_websocket_secure = true;
|
||||
-- https_ports = { }; -- Remove this line to prevent listening on port 5284
|
||||
|
||||
-- by default prosody 0.12 sends cors headers, if you want to disable it uncomment the following (the config is available on 0.12.1)
|
||||
--http_cors_override = {
|
||||
-- bosh = {
|
||||
-- enabled = false;
|
||||
-- };
|
||||
-- websocket = {
|
||||
-- enabled = false;
|
||||
-- };
|
||||
--}
|
||||
|
||||
-- https://ssl-config.mozilla.org/#server=haproxy&version=2.1&config=intermediate&openssl=1.1.0g&guideline=5.4
|
||||
ssl = {
|
||||
protocol = "tlsv1_2+";
|
||||
ciphers = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"
|
||||
}
|
||||
|
||||
unlimited_jids = {
|
||||
"focus@auth.{{ jitsimeet_domains | first }}",
|
||||
"jvb@auth.{{ jitsimeet_domains | first }}"
|
||||
}
|
||||
|
||||
VirtualHost "{{ jitsimeet_domains | first }}"
|
||||
authentication = "jitsi-anonymous" -- do not delete me
|
||||
-- Properties below are modified by jitsi-meet-tokens package config
|
||||
-- and authentication above is switched to "token"
|
||||
--app_id="example_app_id"
|
||||
--app_secret="example_app_secret"
|
||||
-- Assign this host a certificate for TLS, otherwise it would use the one
|
||||
-- set in the global section (if any).
|
||||
-- Note that old-style SSL on port 5223 only supports one certificate, and will always
|
||||
-- use the global one.
|
||||
ssl = {
|
||||
key = "/etc/prosody/certs/{{ jitsimeet_domains | first }}.key";
|
||||
certificate = "/etc/prosody/certs/{{ jitsimeet_domains | first }}.crt";
|
||||
}
|
||||
av_moderation_component = "avmoderation.{{ jitsimeet_domains | first }}"
|
||||
speakerstats_component = "speakerstats.{{ jitsimeet_domains | first }}"
|
||||
conference_duration_component = "conferenceduration.{{ jitsimeet_domains | first }}"
|
||||
end_conference_component = "endconference.{{ jitsimeet_domains | first }}"
|
||||
-- we need bosh
|
||||
modules_enabled = {
|
||||
"bosh";
|
||||
"websocket";
|
||||
"smacks"; -- XEP-0198: Stream Management
|
||||
"pubsub";
|
||||
"ping"; -- Enable mod_ping
|
||||
"speakerstats";
|
||||
"external_services";
|
||||
"conference_duration";
|
||||
"end_conference";
|
||||
"muc_lobby_rooms";
|
||||
"muc_breakout_rooms";
|
||||
"av_moderation";
|
||||
"room_metadata";
|
||||
}
|
||||
c2s_require_encryption = false
|
||||
lobby_muc = "lobby.{{ jitsimeet_domains | first }}"
|
||||
breakout_rooms_muc = "breakout.{{ jitsimeet_domains | first }}"
|
||||
room_metadata_component = "metadata.{{ jitsimeet_domains | first }}"
|
||||
main_muc = "conference.{{ jitsimeet_domains | first }}"
|
||||
-- muc_lobby_whitelist = { "recorder.{{ jitsimeet_domains | first }}" } -- Here we can whitelist jibri to enter lobby enabled rooms
|
||||
|
||||
Component "conference.{{ jitsimeet_domains | first }}" "muc"
|
||||
restrict_room_creation = true
|
||||
storage = "memory"
|
||||
modules_enabled = {
|
||||
"muc_hide_all";
|
||||
"muc_meeting_id";
|
||||
"muc_domain_mapper";
|
||||
"polls";
|
||||
--"token_verification";
|
||||
"muc_rate_limit";
|
||||
"muc_password_whitelist";
|
||||
}
|
||||
admins = { "focus@auth.{{ jitsimeet_domains | first }}" }
|
||||
muc_password_whitelist = {
|
||||
"focus@auth.{{ jitsimeet_domains | first }}"
|
||||
}
|
||||
muc_room_locking = false
|
||||
muc_room_default_public_jids = true
|
||||
|
||||
Component "breakout.{{ jitsimeet_domains | first }}" "muc"
|
||||
restrict_room_creation = true
|
||||
storage = "memory"
|
||||
modules_enabled = {
|
||||
"muc_hide_all";
|
||||
"muc_meeting_id";
|
||||
"muc_domain_mapper";
|
||||
"muc_rate_limit";
|
||||
"polls";
|
||||
}
|
||||
admins = { "focus@auth.{{ jitsimeet_domains | first }}" }
|
||||
muc_room_locking = false
|
||||
muc_room_default_public_jids = true
|
||||
|
||||
-- internal muc component
|
||||
Component "internal.auth.{{ jitsimeet_domains | first }}" "muc"
|
||||
storage = "memory"
|
||||
modules_enabled = {
|
||||
"muc_hide_all";
|
||||
"ping";
|
||||
}
|
||||
admins = { "focus@auth.{{ jitsimeet_domains | first }}", "jvb@auth.{{ jitsimeet_domains | first }}" }
|
||||
muc_room_locking = false
|
||||
muc_room_default_public_jids = true
|
||||
|
||||
VirtualHost "auth.{{ jitsimeet_domains | first }}"
|
||||
ssl = {
|
||||
key = "/etc/prosody/certs/auth.{{ jitsimeet_domains | first }}.key";
|
||||
certificate = "/etc/prosody/certs/auth.{{ jitsimeet_domains | first }}.crt";
|
||||
}
|
||||
modules_enabled = {
|
||||
"limits_exception";
|
||||
}
|
||||
authentication = "internal_hashed"
|
||||
|
||||
-- Proxy to jicofo's user JID, so that it doesn't have to register as a component.
|
||||
Component "focus.{{ jitsimeet_domains | first }}" "client_proxy"
|
||||
target_address = "focus@auth.{{ jitsimeet_domains | first }}"
|
||||
|
||||
Component "speakerstats.{{ jitsimeet_domains | first }}" "speakerstats_component"
|
||||
muc_component = "conference.{{ jitsimeet_domains | first }}"
|
||||
|
||||
Component "conferenceduration.{{ jitsimeet_domains | first }}" "conference_duration_component"
|
||||
muc_component = "conference.{{ jitsimeet_domains | first }}"
|
||||
|
||||
Component "endconference.{{ jitsimeet_domains | first }}" "end_conference"
|
||||
muc_component = "conference.{{ jitsimeet_domains | first }}"
|
||||
|
||||
Component "avmoderation.{{ jitsimeet_domains | first }}" "av_moderation_component"
|
||||
muc_component = "conference.{{ jitsimeet_domains | first }}"
|
||||
|
||||
Component "lobby.{{ jitsimeet_domains | first }}" "muc"
|
||||
storage = "memory"
|
||||
restrict_room_creation = true
|
||||
muc_room_locking = false
|
||||
muc_room_default_public_jids = true
|
||||
modules_enabled = {
|
||||
"muc_hide_all";
|
||||
"muc_rate_limit";
|
||||
"polls";
|
||||
}
|
||||
|
||||
Component "metadata.{{ jitsimeet_domains | first }}" "room_metadata_component"
|
||||
muc_component = "conference.{{ jitsimeet_domains | first }}"
|
||||
breakout_rooms_component = "breakout.{{ jitsimeet_domains | first }}"
|
20
webapps/jitsimeet/templates/videobridge/jvb.conf.j2
Normal file
20
webapps/jitsimeet/templates/videobridge/jvb.conf.j2
Normal file
|
@ -0,0 +1,20 @@
|
|||
videobridge {
|
||||
http-servers {
|
||||
public {
|
||||
port = 9090
|
||||
}
|
||||
private {
|
||||
port = 8080
|
||||
}
|
||||
}
|
||||
websockets {
|
||||
enabled = true
|
||||
domain = "{{ jitsimeet_domains | first }}:443"
|
||||
tls = true
|
||||
}
|
||||
apis {
|
||||
rest {
|
||||
enabled = true
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1,13 @@
|
|||
org.ice4j.ice.harvest.DISABLE_AWS_HARVESTER=true
|
||||
org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES={{ jitsimeet_turn_domains | first }}:3478
|
||||
org.jitsi.videobridge.ENABLE_STATISTICS=true
|
||||
org.jitsi.videobridge.STATISTICS_TRANSPORT=muc,colibri
|
||||
org.jitsi.videobridge.xmpp.user.shard.HOSTNAME=localhost
|
||||
org.jitsi.videobridge.xmpp.user.shard.DOMAIN=auth.{{ jitsimeet_domains | first }}
|
||||
org.jitsi.videobridge.xmpp.user.shard.USERNAME=jvb
|
||||
org.jitsi.videobridge.xmpp.user.shard.PASSWORD={{ jitsimeet_jvb_secret }}
|
||||
org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS=JvbBrewery@internal.auth.{{ jitsimeet_domains | first }}
|
||||
org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME={{ jitsimeet_jvb_muc_nick }}
|
||||
#org.jitsi.videobridge.rest.jetty.ResourceHandler.alias./static/welcomePageAdditionalContent.html=/usr/share/jitsi-meet/static/welcomePageAdditionalContent.html
|
||||
# Switches off the BWE mechanism.
|
||||
#org.jitsi.videobridge.TRUST_BWE=false
|
2
webapps/jitsimeet/tests/inventory
Normal file
2
webapps/jitsimeet/tests/inventory
Normal file
|
@ -0,0 +1,2 @@
|
|||
localhost
|
||||
|
5
webapps/jitsimeet/tests/test.yml
Normal file
5
webapps/jitsimeet/tests/test.yml
Normal file
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
- hosts: localhost
|
||||
remote_user: root
|
||||
roles:
|
||||
- jitsimeet
|
2
webapps/jitsimeet/vars/main.yml
Normal file
2
webapps/jitsimeet/vars/main.yml
Normal file
|
@ -0,0 +1,2 @@
|
|||
---
|
||||
# vars file
|
Loading…
Reference in a new issue