{"id":18790241,"url":"https://github.com/unistra/bigbluebutton","last_synced_at":"2025-04-13T14:08:49.889Z","repository":{"id":40684483,"uuid":"255599473","full_name":"unistra/bigbluebutton","owner":"unistra","description":null,"archived":false,"fork":false,"pushed_at":"2020-07-29T17:16:09.000Z","size":183,"stargazers_count":31,"open_issues_count":0,"forks_count":16,"subscribers_count":13,"default_branch":"master","last_synced_at":"2025-04-13T14:08:40.834Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/unistra.png","metadata":{"files":{"readme":"README.rst","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-04-14T12:12:04.000Z","updated_at":"2024-01-24T00:26:43.000Z","dependencies_parsed_at":"2022-08-31T03:30:13.004Z","dependency_job_id":null,"html_url":"https://github.com/unistra/bigbluebutton","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/unistra%2Fbigbluebutton","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/unistra%2Fbigbluebutton/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/unistra%2Fbigbluebutton/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/unistra%2Fbigbluebutton/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/unistra","download_url":"https://codeload.github.com/unistra/bigbluebutton/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248724629,"owners_count":21151561,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-07T21:10:44.211Z","updated_at":"2025-04-13T14:08:49.852Z","avatar_url":"https://github.com/unistra.png","language":"Ruby","funding_links":[],"categories":[],"sub_categories":[],"readme":"***********************************************************\nAnsible playbooks/roles to deploy Big Blue Button instances\n***********************************************************\n\nThis playbook installs a fully operationnal instance of `Big Blue Button \u003chttps://docs.bigbluebutton.org/\u003e`__ with `Scalelite \u003chttps://github.com/blindsidenetworks/scalelite\u003e`__ load-balancer and `Greenlight  \u003chttps://docs.bigbluebutton.org/greenlight/gl-overview.html\u003e`__ interface for managing rooms.\n\nDisclaimer\n==========\n\nThe main playbook *playbook.yml* will not work out of the box as we use some internal roles based on our environment. The main playbook just import other playbooks:\n\n* *provisioning.yml*: provision virtual machines on our OpenNebula platform, install some base tools for our environment (monitoring, ntp, ...), configure storage network interface and NFS mounts, ...\n* *bigbluebutton.yml*: deploy Big Blue Button instances\n* *scalelite.yml*: deploy Scalelite load-balancer\n* *greenlight.yml*: deploy Greenligth interface\n* *monitoring.yml*: deploy monitoring for Big Blue Button (`this Prometheus exporter \u003chttps://github.com/greenstatic/bigbluebutton-exporter\u003e`__; note that will install Docker on the backends) and Scalelite (an NRPE check)\n\nIf you want to use the main playbook, you need to comment the import of *provisioning.yml* playbook and, if you don't want this monitoring stack, *monitoring.yml* . Otherwise you can always use playbooks individually.\n\nFor any question, you can contact us at:  dnum-bbb at unistra dot fr\n\nRequirements\n============\n\n* Updated systems accessible via SSH\n* A NFS volume, correclty configured and mounted on bigbluebutton and scalelite hosts (by default */mnt/scalelite-recordings* is used)\n\nDeployment\n==========\n\nRetrieve playbook\n-----------------\n\n.. code::\n\n  $ git clone https://github.com/unistra/bigbluebutton\n\nInstall dependencies\n--------------------\n\nScalelite and Greenlight use Docker images. The local ``docker`` role import `geerlingguy.docker \u003chttps://github.com/geerlingguy/ansible-role-docker/releases\u003e`__ role before installing dependencies to use Ansible ``docker_compose`` module.\n\nTo install ``geerlingguy.docker`` role:\n\n.. code::\n\n  $ ansible-galaxy install --roles-path roles geerlingguy.docker\n\n\nCreate a vault\n--------------\n\nThere are many sensitive variables (applications tokens, password of LDAP administrative account, ...), so it is highly recommended to encrypt these variables to prevent pushing them by inadvertance.\n\nThere are many ways to manage vaults with Ansible. Our choice was to put a random key in a file. This file can be shared by anyone working on the project and is passed to ``ansible-`` commands using ``--vault-id`` option. Note that *.gitignore* file is configured to ignore any file starting by *vault* to prevent pushing this key.\n\n.. code::\n\n  $ openssl rand -hex 32 \u003e vault\n\nTo decrypt variables in an inventory, the simple ``ansible`` command and *debug* module can be used:\n\n.. code::\n\n  $ ansible -i inventories/\u003cENV\u003e \u003cINVENTORY_GROUP\u003e -m debug -a \"var=\u003cVAR\u003e\" --vault-id bbb@vault\n\nCreate an inventory\n-------------------\n\nInitialize an inventory for your environment from the sample inventory:\n\n.. code::\n\n  $ cp -r inventories/example inventories/\n\nThen edit the *hosts* file to put your hosts. There is one group per component:\n\n.. code::\n\n  [bigbluebutton]\n  bbb-1.example.org\n  bbb-2.example.org\n\n  [scalelite]\n  bbb-scalelite.example.org\n\n  [greenlight]\n  bbb-greenlight.example.org\n\nSet the required variables in *inventories/\u003cENV\u003e/group_vars/all.yml*:\n\n* ``scalelite_secret_key``: Rails secret key\n\n.. code::\n\n  ansible-vault encrypt_string --vault-id bbb@vault --name scalelite_secret_key $(openssl rand -hex 64)\n\n* ``scalelite_loadbalancer_key``: Load balancer key (ie: the one to configure client-side)\n\n.. code::\n\n  ansible-vault encrypt_string --vault-id bbb@vault --name scalelite_loadbalancer_key $(openssl rand -hex 32)\n\n* ``greenlight_secret_key``:\n\n.. code::\n\n  ansible-vault encrypt_string --vault-id bbb@vault --name greenlight_secret_key $(openssl rand -hex 32)\n\nManage SSL certificates\n-----------------------\n\nThe *certificates* role (inside the *roles/* directory of this repository) is in charge to\ndeploy certificates on remote hosts and it also expose the paths where the certificate's files\nhave been deployed as variables. These variables are used by other roles inside this\nrepository to know paths to certificates files when configuring applications.\n\nThe role use a YAML file per certificate, containing parts of a x509 certificate:\nthe private key (``privkey``), the certificate (``cert``) and the certificate chain for signed\ncertificate (``chain``). As the private key is a sensible information (even more for\nwildcards!), this file need to be encrypted. A benefit of encrypting the file is that it\ncan be put inside a version control system - even I would not recommend a public\nrepository! - and put alongside the Ansible inventory.\n\nFor telling the role where to find these YAML files and which certificate to deploy to\neach host, these variables must be set:\n\n* ``certificates_dir``: where to find YAML files (for example:\n  *inventories/\u003cENV\u003e/group_vars/certs*)\n* ``certificates``: which certificate(s) to deploy (as list)\n\nThese variables can be set either per host, in the case you have one certificate per host,\nor for all hosts (in *group_vars/all.yml*) in the case you have a wildcard.\n\n`More details (in French). \u003chttps://github.com/unistra/bigbluebutton/tree/master/roles/certificates\u003e`_\n\nCreate the certificate YAML file\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nFor generating this file, you must have access to the files of a valid x509 certificate.\n\n\n.. code::\n\n  $ ansible-vault create inventories/\u003cENV\u003e/group_vars/certs/\u003cCERT_NAME\u003e.yml --vault-id bbb@vault\n  privkey: |\n    -----BEGIN PRIVATE KEY-----\n    ...\n    -----END PRIVATE KEY-----\n\n  cert: |\n    -----BEGIN CERTIFICATE-----\n    ...\n    -----END CERTIFICATE-----\n\n  chain: |\n    -----BEGIN CERTIFICATE-----\n    ...\n    -----END CERTIFICATE-----\n\nFrom the name of the file (*\u003cCERT_NAME\u003e*) is deduced the value to pass to ``certificates``\nvariable and the name of the dynamically generated variables containing paths of certificates\nfiles on remote hosts. The ``set_fact`` module is used to generate dynamic variables so the\nfile name must not contains some character (like dots and dashes), except for the *.yml*\nextension. A safe way is to replace special characters by underscores.\n\nExemple with self-signed certificate\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nYou will have warnings about the certificate in your browser as the certificate is not\nsigned by a CA and for the exemple, a wildcard is generated.\n\n.. code::\n\n  # Generate self-signed certificate\n  $ mkdir certs/\n  $ openssl req -newkey rsa:2048 -nodes -keyout certs/example.org.key -x509 -out certs/example.org.crt -days 365 -subj \"/CN=*.example.org\"\n\n  # Generate file used by Ansible role\n  $ cat certs/bbb.example.org.key\n  -----BEGIN PRIVATE KEY-----\n  MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC9EKFF6FMPY2FG\n  WH9bRs3Ui4Mb2XcpJtV5PYo13He+KQcpJcw6k9kde8EFeHRo33NUbAUGj0sZOC1e\n  ...\n\n  $ cat certs/bbb.example.org.crt\n  -----BEGIN CERTIFICATE REQUEST-----\n  MIICXzCCAUcCAQAwGjEYMBYGA1UEAwwPYmJiLmV4YW1wbGUub3JnMIIBIjANBgkq\n  hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvRChRehTD2NhRlh/W0bN1IuDG9l3KSbV\n  ...\n\n  $ ansible-vault create inventories/\u003cENV\u003e/group_vars/certs/wildcard_example_org.yml --vault-id bbb@vault\n  privkey: |\n    -----BEGIN PRIVATE KEY-----\n    MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC9EKFF6FMPY2FG\n    WH9bRs3Ui4Mb2XcpJtV5PYo13He+KQcpJcw6k9kde8EFeHRo33NUbAUGj0sZOC1e\n    ...\n\n  cert: |\n    -----BEGIN CERTIFICATE REQUEST-----\n    MIICXzCCAUcCAQAwGjEYMBYGA1UEAwwPYmJiLmV4YW1wbGUub3JnMIIBIjANBgkq\n    hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvRChRehTD2NhRlh/W0bN1IuDG9l3KSbV\n    ...\n\n  # Tell Ansible where to find certificates and which one to use\n  $ vim inventories/\u003cENV\u003e/group_vars/all.yml\n  certificates_dir: \"{{ inventory_dir }}/group_vars/certs/\n  certificates: [wildcard_example_org]\n\n  # We don't need the certificate's files anymore\n  $ rm -rf certs/\n\nExemple with a valid wildcard\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\n.. code::\n\n  # Generate YAML file containing parts of the certificates\n  $ ansible-vault create inventories/\u003cENV\u003e/group_vars/certs/wildcard.yml --vault-id bbb@vault\n  ...\n\n  # Tell Ansible where to find certificates and which one to use\n  $ vim inventories/\u003cENV\u003e/host_vars/all.yml\n  certificates_dir: \"{{ inventory_dir }}/group_vars/certs/\n  certificates: [wildcard]\n\nExemple with one certificate per host\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nWhen there is one certificate per host, an encrypted YAML file need to be created for each\nhost. We also need to tell Ansible which certificate to take for each host.\n\n.. code::\n\n  $ ansible-vault create inventories/\u003cENV\u003e/group_vars/certs/bbb_1.yml --vault-id bbb@vault\n  ...\n  $ ansible-vault create inventories/\u003cENV\u003e/group_vars/certs/bbb_2.yml --vault-id bbb@vault\n  ...\n  # Do the same for bbb-greenlight and bbb-scalelite hosts\n\n  $ vim inventories/\u003cENV\u003e/host_vars/all.yml\n  certificates_dir: \"{{ inventory_dir }}/group_vars/certs\n\n  $ vim inventories/\u003cENV\u003e/host_vars/bbb-1.example.org.yml\n  # reference the bbb_1.yml file in the directory defined by certificates_dir variable\n  certificates: [bbb_1]\n\n  $ vim inventories/\u003cENV\u003e/host_vars/bbb-2.example.org.yml\n  # reference the bbb_2.yml file in the directory defined by certificates_dir variable\n  certificates: [bbb_2]\n\n  # Do the same for bbb-greenlight and bbb-scalelite hosts\n\nUsage\n=====\n\nTo execute the playbook:\n\n.. code::\n\n  $ ./playbook.yml -i inventories/\u003cENV\u003e --vault-id bbb@vault -e scalelite_db_init=yes\n\n**Note**: The option ``-e scalelite_db_init=yes`` need to be executed only once to initialize the Scalelite database which is required by Greenlight!\n\nWe also support these tags:\n\n* *bigbluebutton*: deploy the bigbluebutton backends\n* *scalelite*: deploy the Scalelite load balancer\n* *greenlight*: deploy the greenlight app\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Funistra%2Fbigbluebutton","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Funistra%2Fbigbluebutton","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Funistra%2Fbigbluebutton/lists"}