mirror of https://github.com/OpenVidu/openvidu.git
openvidu-deployment: gcp - Use main domain for TURN - Remove TURN server configuration parameters and related logic from deployment templates
cruizba
parent
c43b3e86e3
commit
5e31998776
|
|
@ -14,7 +14,7 @@ resource "google_secret_manager_secret" "openvidu_shared_info" {
|
|||
for_each = toset([
|
||||
"OPENVIDU_URL", "MEET_INITIAL_ADMIN_USER", "MEET_INITIAL_ADMIN_PASSWORD",
|
||||
"MEET_INITIAL_API_KEY", "LIVEKIT_URL", "LIVEKIT_API_KEY", "LIVEKIT_API_SECRET",
|
||||
"DASHBOARD_URL", "GRAFANA_URL", "MINIO_URL", "DOMAIN_NAME", "LIVEKIT_TURN_DOMAIN_NAME",
|
||||
"DASHBOARD_URL", "GRAFANA_URL", "MINIO_URL", "DOMAIN_NAME",
|
||||
"REDIS_PASSWORD", "MONGO_ADMIN_USERNAME", "MONGO_ADMIN_PASSWORD", "MONGO_REPLICA_SET_KEY",
|
||||
"MINIO_ACCESS_KEY", "MINIO_SECRET_KEY", "DASHBOARD_ADMIN_USERNAME", "DASHBOARD_ADMIN_PASSWORD",
|
||||
"GRAFANA_ADMIN_USERNAME", "GRAFANA_ADMIN_PASSWORD", "ENABLED_MODULES"
|
||||
|
|
@ -125,9 +125,6 @@ resource "google_compute_instance" "openvidu_server" {
|
|||
ownPublicCertificate = var.ownPublicCertificate
|
||||
ownPrivateCertificate = var.ownPrivateCertificate
|
||||
additionalInstallFlags = var.additionalInstallFlags
|
||||
turnDomainName = var.turnDomainName
|
||||
turnOwnPublicCertificate = var.turnOwnPublicCertificate
|
||||
turnOwnPrivateCertificate = var.turnOwnPrivateCertificate
|
||||
bucketName = local.isEmpty ? google_storage_bucket.bucket[0].name : var.bucketName
|
||||
}
|
||||
|
||||
|
|
@ -183,7 +180,6 @@ if [[ "${var.domainName}" == "" ]]; then
|
|||
EXTERNAL_IP=$(get_meta "instance/network-interfaces/0/access-configs/0/external-ip")
|
||||
RANDOM_DOMAIN_STRING=$(tr -dc 'a-z' < /dev/urandom | head -c 8)
|
||||
DOMAIN=openvidu-$RANDOM_DOMAIN_STRING-$(echo $EXTERNAL_IP | tr '.' '-').sslip.io
|
||||
TURN_DOMAIN_NAME_SSLIP_IO=turn-$RANDOM_DOMAIN_STRING-$(echo $EXTERNAL_IP | tr '.' '-').sslip.io
|
||||
else
|
||||
DOMAIN="${var.domainName}"
|
||||
fi
|
||||
|
|
@ -255,19 +251,6 @@ if [[ "${var.additionalInstallFlags}" != "" ]]; then
|
|||
done
|
||||
fi
|
||||
|
||||
# Turn with TLS
|
||||
if [[ "$TURN_DOMAIN_NAME_SSLIP_IO" != "" ]]; then
|
||||
LIVEKIT_TURN_DOMAIN_NAME=$(/usr/local/bin/store_secret.sh save LIVEKIT_TURN_DOMAIN_NAME "$TURN_DOMAIN_NAME_SSLIP_IO")
|
||||
COMMON_ARGS+=(
|
||||
"--turn-domain-name=$LIVEKIT_TURN_DOMAIN_NAME"
|
||||
)
|
||||
elif [[ "${var.turnDomainName}" != '' ]]; then
|
||||
LIVEKIT_TURN_DOMAIN_NAME=$(/usr/local/bin/store_secret.sh save LIVEKIT_TURN_DOMAIN_NAME "${var.turnDomainName}")
|
||||
COMMON_ARGS+=(
|
||||
"--turn-domain-name=$LIVEKIT_TURN_DOMAIN_NAME"
|
||||
)
|
||||
fi
|
||||
|
||||
# Certificate arguments
|
||||
if [[ "${var.certificateType}" == "selfsigned" ]]; then
|
||||
CERT_ARGS=(
|
||||
|
|
@ -286,17 +269,6 @@ else
|
|||
"--owncert-public-key=$OWN_CERT_CRT"
|
||||
"--owncert-private-key=$OWN_CERT_KEY"
|
||||
)
|
||||
|
||||
# Turn with TLS and own certificate
|
||||
if [[ "${var.turnDomainName}" != '' ]]; then
|
||||
# Use base64 encoded certificates directly
|
||||
OWN_CERT_CRT_TURN=${var.turnOwnPublicCertificate}
|
||||
OWN_CERT_KEY_TURN=${var.turnOwnPrivateCertificate}
|
||||
CERT_ARGS+=(
|
||||
"--turn-owncert-private-key=$OWN_CERT_KEY_TURN"
|
||||
"--turn-owncert-public-key=$OWN_CERT_CRT_TURN"
|
||||
)
|
||||
fi
|
||||
fi
|
||||
|
||||
# Final command
|
||||
|
|
@ -395,12 +367,6 @@ else
|
|||
exit 1
|
||||
fi
|
||||
|
||||
# Replace LIVEKIT_TURN_DOMAIN_NAME
|
||||
export LIVEKIT_TURN_DOMAIN_NAME=$(gcloud secrets versions access latest --secret=LIVEKIT_TURN_DOMAIN_NAME)
|
||||
if [[ -n "$LIVEKIT_TURN_DOMAIN_NAME" ]]; then
|
||||
sed -i "s/LIVEKIT_TURN_DOMAIN_NAME=.*/LIVEKIT_TURN_DOMAIN_NAME=$LIVEKIT_TURN_DOMAIN_NAME/" "$${CONFIG_DIR}/openvidu.env"
|
||||
fi
|
||||
|
||||
# Get the rest of the values
|
||||
export REDIS_PASSWORD=$(gcloud secrets versions access latest --secret=REDIS_PASSWORD)
|
||||
export MONGO_ADMIN_USERNAME=$(gcloud secrets versions access latest --secret=MONGO_ADMIN_USERNAME)
|
||||
|
|
@ -471,7 +437,6 @@ CONFIG_DIR="$${INSTALL_DIR}/config"
|
|||
# Get current values of the config
|
||||
REDIS_PASSWORD="$(/usr/local/bin/get_value_from_config.sh REDIS_PASSWORD "$${CONFIG_DIR}/openvidu.env")"
|
||||
DOMAIN_NAME="$(/usr/local/bin/get_value_from_config.sh DOMAIN_NAME "$${CONFIG_DIR}/openvidu.env")"
|
||||
LIVEKIT_TURN_DOMAIN_NAME="$(/usr/local/bin/get_value_from_config.sh LIVEKIT_TURN_DOMAIN_NAME "$${CONFIG_DIR}/openvidu.env")"
|
||||
MONGO_ADMIN_USERNAME="$(/usr/local/bin/get_value_from_config.sh MONGO_ADMIN_USERNAME "$${CONFIG_DIR}/openvidu.env")"
|
||||
MONGO_ADMIN_PASSWORD="$(/usr/local/bin/get_value_from_config.sh MONGO_ADMIN_PASSWORD "$${CONFIG_DIR}/openvidu.env")"
|
||||
MONGO_REPLICA_SET_KEY="$(/usr/local/bin/get_value_from_config.sh MONGO_REPLICA_SET_KEY "$${CONFIG_DIR}/openvidu.env")"
|
||||
|
|
@ -493,7 +458,6 @@ ENABLED_MODULES="$(/usr/local/bin/get_value_from_config.sh ENABLED_MODULES "$${C
|
|||
# Update shared secret
|
||||
echo -n "$REDIS_PASSWORD" | gcloud secrets versions add REDIS_PASSWORD --data-file=-
|
||||
echo -n "$DOMAIN_NAME" | gcloud secrets versions add DOMAIN_NAME --data-file=-
|
||||
echo -n "$LIVEKIT_TURN_DOMAIN_NAME" | gcloud secrets versions add LIVEKIT_TURN_DOMAIN_NAME --data-file=-
|
||||
echo -n "$MONGO_ADMIN_USERNAME" | gcloud secrets versions add MONGO_ADMIN_USERNAME --data-file=-
|
||||
echo -n "$MONGO_ADMIN_PASSWORD" | gcloud secrets versions add MONGO_ADMIN_PASSWORD --data-file=-
|
||||
echo -n "$MONGO_REPLICA_SET_KEY" | gcloud secrets versions add MONGO_REPLICA_SET_KEY --data-file=-
|
||||
|
|
|
|||
|
|
@ -106,21 +106,3 @@ variable "additionalInstallFlags" {
|
|||
error_message = "Must be a comma-separated list of flags (for example, --flag=value, --bool-flag)."
|
||||
}
|
||||
}
|
||||
|
||||
variable "turnDomainName" {
|
||||
description = "(Optional) Domain name for the TURN server with TLS. Only needed if your users are behind restrictive firewalls"
|
||||
type = string
|
||||
default = ""
|
||||
}
|
||||
|
||||
variable "turnOwnPublicCertificate" {
|
||||
description = "(Optional) This setting is applicable if the certificate type is set to 'owncert' and the TurnDomainName is specified. Provide in base64 format."
|
||||
type = string
|
||||
default = ""
|
||||
}
|
||||
|
||||
variable "turnOwnPrivateCertificate" {
|
||||
description = "(Optional) This setting is applicable if the certificate type is set to 'owncert' and the TurnDomainName is specified. Provide in base64 format."
|
||||
type = string
|
||||
default = ""
|
||||
}
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@ resource "google_secret_manager_secret" "openvidu_shared_info" {
|
|||
for_each = toset([
|
||||
"OPENVIDU_URL", "MEET_INITIAL_ADMIN_USER", "MEET_INITIAL_ADMIN_PASSWORD",
|
||||
"MEET_INITIAL_API_KEY", "LIVEKIT_URL", "LIVEKIT_API_KEY", "LIVEKIT_API_SECRET",
|
||||
"DASHBOARD_URL", "GRAFANA_URL", "MINIO_URL", "DOMAIN_NAME", "LIVEKIT_TURN_DOMAIN_NAME",
|
||||
"DASHBOARD_URL", "GRAFANA_URL", "MINIO_URL", "DOMAIN_NAME",
|
||||
"OPENVIDU_PRO_LICENSE", "OPENVIDU_RTC_ENGINE", "REDIS_PASSWORD", "MONGO_ADMIN_USERNAME",
|
||||
"MONGO_ADMIN_PASSWORD", "MONGO_REPLICA_SET_KEY", "MINIO_ACCESS_KEY", "MINIO_SECRET_KEY",
|
||||
"DASHBOARD_ADMIN_USERNAME", "DASHBOARD_ADMIN_PASSWORD", "GRAFANA_ADMIN_USERNAME",
|
||||
|
|
@ -167,9 +167,6 @@ resource "google_compute_instance" "openvidu_master_node" {
|
|||
initialMeetAdminPassword = var.initialMeetAdminPassword
|
||||
initialMeetApiKey = var.initialMeetApiKey
|
||||
additionalInstallFlags = var.additionalInstallFlags
|
||||
turnDomainName = var.turnDomainName
|
||||
turnOwnPublicCertificate = var.turnOwnPublicCertificate
|
||||
turnOwnPrivateCertificate = var.turnOwnPrivateCertificate
|
||||
bucketName = local.isEmpty ? google_storage_bucket.bucket[0].name : var.bucketName
|
||||
}
|
||||
|
||||
|
|
@ -652,7 +649,6 @@ if [[ "${var.domainName}" == "" ]]; then
|
|||
EXTERNAL_IP=$(get_meta "instance/network-interfaces/0/access-configs/0/external-ip")
|
||||
RANDOM_DOMAIN_STRING=$(tr -dc 'a-z' < /dev/urandom | head -c 8)
|
||||
DOMAIN=openvidu-$RANDOM_DOMAIN_STRING-$(echo $EXTERNAL_IP | tr '.' '-').sslip.io
|
||||
TURN_DOMAIN_NAME_SSLIP_IO=turn-$RANDOM_DOMAIN_STRING-$(echo $EXTERNAL_IP | tr '.' '-').sslip.io
|
||||
else
|
||||
DOMAIN="${var.domainName}"
|
||||
fi
|
||||
|
|
@ -738,19 +734,6 @@ if [[ "${var.additionalInstallFlags}" != "" ]]; then
|
|||
done
|
||||
fi
|
||||
|
||||
# Turn with TLS
|
||||
if [[ "$TURN_DOMAIN_NAME_SSLIP_IO" != "" ]]; then
|
||||
LIVEKIT_TURN_DOMAIN_NAME=$(/usr/local/bin/store_secret.sh save LIVEKIT_TURN_DOMAIN_NAME "$TURN_DOMAIN_NAME_SSLIP_IO")
|
||||
COMMON_ARGS+=(
|
||||
"--turn-domain-name=$LIVEKIT_TURN_DOMAIN_NAME"
|
||||
)
|
||||
elif [[ "${var.turnDomainName}" != '' ]]; then
|
||||
LIVEKIT_TURN_DOMAIN_NAME=$(/usr/local/bin/store_secret.sh save LIVEKIT_TURN_DOMAIN_NAME "${var.turnDomainName}")
|
||||
COMMON_ARGS+=(
|
||||
"--turn-domain-name=$LIVEKIT_TURN_DOMAIN_NAME"
|
||||
)
|
||||
fi
|
||||
|
||||
# Certificate arguments
|
||||
if [[ "${var.certificateType}" == "selfsigned" ]]; then
|
||||
CERT_ARGS=(
|
||||
|
|
@ -769,17 +752,6 @@ else
|
|||
"--owncert-public-key=$OWN_CERT_CRT"
|
||||
"--owncert-private-key=$OWN_CERT_KEY"
|
||||
)
|
||||
|
||||
# Turn with TLS and own certificate
|
||||
if [[ "${var.turnDomainName}" != '' ]]; then
|
||||
# Use base64 encoded certificates directly
|
||||
OWN_CERT_CRT_TURN=${var.turnOwnPublicCertificate}
|
||||
OWN_CERT_KEY_TURN=${var.turnOwnPrivateCertificate}
|
||||
CERT_ARGS+=(
|
||||
"--turn-owncert-private-key=$OWN_CERT_KEY_TURN"
|
||||
"--turn-owncert-public-key=$OWN_CERT_CRT_TURN"
|
||||
)
|
||||
fi
|
||||
fi
|
||||
|
||||
# Final command
|
||||
|
|
@ -879,12 +851,6 @@ else
|
|||
exit 1
|
||||
fi
|
||||
|
||||
# Replace LIVEKIT_TURN_DOMAIN_NAME
|
||||
export LIVEKIT_TURN_DOMAIN_NAME=$(gcloud secrets versions access latest --secret=LIVEKIT_TURN_DOMAIN_NAME)
|
||||
if [[ -n "$LIVEKIT_TURN_DOMAIN_NAME" ]]; then
|
||||
sed -i "s/LIVEKIT_TURN_DOMAIN_NAME=.*/LIVEKIT_TURN_DOMAIN_NAME=$LIVEKIT_TURN_DOMAIN_NAME/" "$${CLUSTER_CONFIG_DIR}/openvidu.env"
|
||||
fi
|
||||
|
||||
# Get the rest of the values
|
||||
export REDIS_PASSWORD=$(gcloud secrets versions access latest --secret=REDIS_PASSWORD)
|
||||
export OPENVIDU_RTC_ENGINE=$(gcloud secrets versions access latest --secret=OPENVIDU_RTC_ENGINE)
|
||||
|
|
@ -960,7 +926,6 @@ MASTER_NODE_CONFIG_DIR="$${INSTALL_DIR}/config/node"
|
|||
# Get current values of the config
|
||||
REDIS_PASSWORD="$(/usr/local/bin/get_value_from_config.sh REDIS_PASSWORD "$${MASTER_NODE_CONFIG_DIR}/master_node.env")"
|
||||
DOMAIN_NAME="$(/usr/local/bin/get_value_from_config.sh DOMAIN_NAME "$${CLUSTER_CONFIG_DIR}/openvidu.env")"
|
||||
LIVEKIT_TURN_DOMAIN_NAME="$(/usr/local/bin/get_value_from_config.sh LIVEKIT_TURN_DOMAIN_NAME "$${CLUSTER_CONFIG_DIR}/openvidu.env")"
|
||||
OPENVIDU_RTC_ENGINE="$(/usr/local/bin/get_value_from_config.sh OPENVIDU_RTC_ENGINE "$${CLUSTER_CONFIG_DIR}/openvidu.env")"
|
||||
OPENVIDU_PRO_LICENSE="$(/usr/local/bin/get_value_from_config.sh OPENVIDU_PRO_LICENSE "$${CLUSTER_CONFIG_DIR}/openvidu.env")"
|
||||
MONGO_ADMIN_USERNAME="$(/usr/local/bin/get_value_from_config.sh MONGO_ADMIN_USERNAME "$${CLUSTER_CONFIG_DIR}/openvidu.env")"
|
||||
|
|
@ -984,7 +949,6 @@ ENABLED_MODULES="$(/usr/local/bin/get_value_from_config.sh ENABLED_MODULES "$${C
|
|||
# Update shared secret
|
||||
echo -n "$REDIS_PASSWORD" | gcloud secrets versions add REDIS_PASSWORD --data-file=-
|
||||
echo -n "$DOMAIN_NAME" | gcloud secrets versions add DOMAIN_NAME --data-file=-
|
||||
echo -n "$LIVEKIT_TURN_DOMAIN_NAME" | gcloud secrets versions add LIVEKIT_TURN_DOMAIN_NAME --data-file=-
|
||||
echo -n "$OPENVIDU_RTC_ENGINE" | gcloud secrets versions add OPENVIDU_RTC_ENGINE --data-file=-
|
||||
echo -n "$OPENVIDU_PRO_LICENSE" | gcloud secrets versions add OPENVIDU_PRO_LICENSE --data-file=-
|
||||
echo -n "$MONGO_ADMIN_USERNAME" | gcloud secrets versions add MONGO_ADMIN_USERNAME --data-file=-
|
||||
|
|
|
|||
|
|
@ -152,21 +152,3 @@ variable "additionalInstallFlags" {
|
|||
error_message = "Must be a comma-separated list of flags (for example, --flag=value, --bool-flag)."
|
||||
}
|
||||
}
|
||||
|
||||
variable "turnDomainName" {
|
||||
description = "(Optional) Domain name for the TURN server with TLS. Only needed if your users are behind restrictive firewalls"
|
||||
type = string
|
||||
default = ""
|
||||
}
|
||||
|
||||
variable "turnOwnPublicCertificate" {
|
||||
description = "(Optional) This setting is applicable if the certificate type is set to 'owncert' and the TurnDomainName is specified. Provide in base64 format."
|
||||
type = string
|
||||
default = ""
|
||||
}
|
||||
|
||||
variable "turnOwnPrivateCertificate" {
|
||||
description = "(Optional) This setting is applicable if the certificate type is set to 'owncert' and the TurnDomainName is specified. Provide in base64 format."
|
||||
type = string
|
||||
default = ""
|
||||
}
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@ resource "google_secret_manager_secret" "openvidu_shared_info" {
|
|||
for_each = toset([
|
||||
"OPENVIDU_URL", "MEET_INITIAL_ADMIN_USER", "MEET_INITIAL_ADMIN_PASSWORD",
|
||||
"MEET_INITIAL_API_KEY", "LIVEKIT_URL", "LIVEKIT_API_KEY", "LIVEKIT_API_SECRET",
|
||||
"DASHBOARD_URL", "GRAFANA_URL", "MINIO_URL", "DOMAIN_NAME", "LIVEKIT_TURN_DOMAIN_NAME",
|
||||
"DASHBOARD_URL", "GRAFANA_URL", "MINIO_URL", "DOMAIN_NAME",
|
||||
"OPENVIDU_PRO_LICENSE", "OPENVIDU_RTC_ENGINE", "REDIS_PASSWORD", "MONGO_ADMIN_USERNAME",
|
||||
"MONGO_ADMIN_PASSWORD", "MONGO_REPLICA_SET_KEY", "MINIO_ACCESS_KEY", "MINIO_SECRET_KEY",
|
||||
"DASHBOARD_ADMIN_USERNAME", "DASHBOARD_ADMIN_PASSWORD", "GRAFANA_ADMIN_USERNAME",
|
||||
|
|
@ -314,9 +314,6 @@ resource "google_compute_instance" "openvidu_master_node_1" {
|
|||
certificateType = var.certificateType
|
||||
ownPublicCertificate = var.ownPublicCertificate
|
||||
ownPrivateCertificate = var.ownPrivateCertificate
|
||||
turnDomainName = var.turnDomainName
|
||||
turnOwnPublicCertificate = var.turnOwnPublicCertificate
|
||||
turnOwnPrivateCertificate = var.turnOwnPrivateCertificate
|
||||
openviduLicense = var.openviduLicense
|
||||
rtcEngine = var.rtcEngine
|
||||
initialMeetAdminPassword = var.initialMeetAdminPassword
|
||||
|
|
@ -367,9 +364,6 @@ resource "google_compute_instance" "openvidu_master_node_2" {
|
|||
certificateType = var.certificateType
|
||||
ownPublicCertificate = var.ownPublicCertificate
|
||||
ownPrivateCertificate = var.ownPrivateCertificate
|
||||
turnDomainName = var.turnDomainName
|
||||
turnOwnPublicCertificate = var.turnOwnPublicCertificate
|
||||
turnOwnPrivateCertificate = var.turnOwnPrivateCertificate
|
||||
openviduLicense = var.openviduLicense
|
||||
rtcEngine = var.rtcEngine
|
||||
initialMeetAdminPassword = var.initialMeetAdminPassword
|
||||
|
|
@ -422,9 +416,6 @@ resource "google_compute_instance" "openvidu_master_node_3" {
|
|||
certificateType = var.certificateType
|
||||
ownPublicCertificate = var.ownPublicCertificate
|
||||
ownPrivateCertificate = var.ownPrivateCertificate
|
||||
turnDomainName = var.turnDomainName
|
||||
turnOwnPublicCertificate = var.turnOwnPublicCertificate
|
||||
turnOwnPrivateCertificate = var.turnOwnPrivateCertificate
|
||||
openviduLicense = var.openviduLicense
|
||||
rtcEngine = var.rtcEngine
|
||||
initialMeetAdminPassword = var.initialMeetAdminPassword
|
||||
|
|
@ -477,9 +468,6 @@ resource "google_compute_instance" "openvidu_master_node_4" {
|
|||
certificateType = var.certificateType
|
||||
ownPublicCertificate = var.ownPublicCertificate
|
||||
ownPrivateCertificate = var.ownPrivateCertificate
|
||||
turnDomainName = var.turnDomainName
|
||||
turnOwnPublicCertificate = var.turnOwnPublicCertificate
|
||||
turnOwnPrivateCertificate = var.turnOwnPrivateCertificate
|
||||
openviduLicense = var.openviduLicense
|
||||
rtcEngine = var.rtcEngine
|
||||
initialMeetAdminPassword = var.initialMeetAdminPassword
|
||||
|
|
@ -995,7 +983,6 @@ if [[ $MASTER_NODE_NUM -eq 1 ]] && [[ "$ALL_SECRETS_GENERATED" == "false" ]]; th
|
|||
EXTERNAL_IP=$(gcloud compute addresses describe "${lower("${var.stackName}-nlb-ip")}" --region ${var.region} --format="get(address)")
|
||||
RANDOM_DOMAIN_STRING=$(tr -dc 'a-z' < /dev/urandom | head -c 8)
|
||||
DOMAIN="openvidu-$RANDOM_DOMAIN_STRING-$(echo $EXTERNAL_IP | tr '.' '-').sslip.io"
|
||||
TURN_DOMAIN_NAME_SSLIP_IO="turn-$RANDOM_DOMAIN_STRING-$(echo $EXTERNAL_IP | tr '.' '-').sslip.io"
|
||||
else
|
||||
DOMAIN="${var.domainName}"
|
||||
fi
|
||||
|
|
@ -1013,13 +1000,6 @@ if [[ $MASTER_NODE_NUM -eq 1 ]] && [[ "$ALL_SECRETS_GENERATED" == "false" ]]; th
|
|||
MEET_INITIAL_API_KEY="$(/usr/local/bin/store_secret.sh save MEET_INITIAL_API_KEY "${var.initialMeetApiKey}")"
|
||||
fi
|
||||
|
||||
# Configure TURN server domain name
|
||||
if [[ -n "${var.turnDomainName}" ]]; then
|
||||
LIVEKIT_TURN_DOMAIN_NAME="$(/usr/local/bin/store_secret.sh save LIVEKIT_TURN_DOMAIN_NAME "${var.turnDomainName}")"
|
||||
elif [[ "$${TURN_DOMAIN_NAME_SSLIP_IO}" != '' ]]; then
|
||||
LIVEKIT_TURN_DOMAIN_NAME=$(/usr/local/bin/store_secret.sh save LIVEKIT_TURN_DOMAIN_NAME "$${TURN_DOMAIN_NAME_SSLIP_IO}")
|
||||
fi
|
||||
|
||||
# Store usernames and generate random passwords
|
||||
OPENVIDU_PRO_LICENSE="$(/usr/local/bin/store_secret.sh save OPENVIDU_PRO_LICENSE "${var.openviduLicense}")"
|
||||
OPENVIDU_RTC_ENGINE="$(/usr/local/bin/store_secret.sh save OPENVIDU_RTC_ENGINE "${var.rtcEngine}")"
|
||||
|
|
@ -1065,7 +1045,6 @@ MASTER_NODE_4_PRIVATE_IP=$(gcloud secrets versions access latest --secret=MASTER
|
|||
MASTER_NODE_PRIVATE_IP_LIST="$MASTER_NODE_1_PRIVATE_IP,$MASTER_NODE_2_PRIVATE_IP,$MASTER_NODE_3_PRIVATE_IP,$MASTER_NODE_4_PRIVATE_IP"
|
||||
|
||||
DOMAIN=$(gcloud secrets versions access latest --secret=DOMAIN_NAME)
|
||||
LIVEKIT_TURN_DOMAIN_NAME=$(gcloud secrets versions access latest --secret=LIVEKIT_TURN_DOMAIN_NAME)
|
||||
OPENVIDU_PRO_LICENSE=$(gcloud secrets versions access latest --secret=OPENVIDU_PRO_LICENSE)
|
||||
OPENVIDU_RTC_ENGINE=$(gcloud secrets versions access latest --secret=OPENVIDU_RTC_ENGINE)
|
||||
REDIS_PASSWORD=$(gcloud secrets versions access latest --secret=REDIS_PASSWORD)
|
||||
|
|
@ -1132,10 +1111,6 @@ if [[ "${var.additionalInstallFlags}" != "" ]]; then
|
|||
done
|
||||
fi
|
||||
|
||||
if [[ "$LIVEKIT_TURN_DOMAIN_NAME" != "" ]]; then
|
||||
COMMON_ARGS+=("--turn-domain-name=$LIVEKIT_TURN_DOMAIN_NAME")
|
||||
fi
|
||||
|
||||
# Certificate arguments
|
||||
if [[ "${var.certificateType}" == "selfsigned" ]]; then
|
||||
CERT_ARGS=(
|
||||
|
|
@ -1155,18 +1130,6 @@ else
|
|||
"--owncert-public-key=$OWN_CERT_CRT"
|
||||
"--owncert-private-key=$OWN_CERT_KEY"
|
||||
)
|
||||
|
||||
# Turn with TLS and own certificate
|
||||
if [[ "${var.turnDomainName}" != '' ]]; then
|
||||
# Use base64 encoded certificates directly
|
||||
OWN_CERT_CRT_TURN=${var.turnOwnPublicCertificate}
|
||||
OWN_CERT_KEY_TURN=${var.turnOwnPrivateCertificate}
|
||||
|
||||
CERT_ARGS+=(
|
||||
"--turn-owncert-private-key=$OWN_CERT_KEY_TURN"
|
||||
"--turn-owncert-public-key=$OWN_CERT_CRT_TURN"
|
||||
)
|
||||
fi
|
||||
fi
|
||||
|
||||
# Construct the final command
|
||||
|
|
|
|||
|
|
@ -168,21 +168,3 @@ variable "additionalInstallFlags" {
|
|||
error_message = "Must be a comma-separated list of flags (for example, --flag=value, --bool-flag)."
|
||||
}
|
||||
}
|
||||
|
||||
variable "turnDomainName" {
|
||||
description = "(Optional) Domain name for the TURN server with TLS. Only needed if your users are behind restrictive firewalls"
|
||||
type = string
|
||||
default = ""
|
||||
}
|
||||
|
||||
variable "turnOwnPublicCertificate" {
|
||||
description = "(Optional) This setting is applicable if the certificate type is set to 'owncert' and the TurnDomainName is specified. Provide in base64 format."
|
||||
type = string
|
||||
default = ""
|
||||
}
|
||||
|
||||
variable "turnOwnPrivateCertificate" {
|
||||
description = "(Optional) This setting is applicable if the certificate type is set to 'owncert' and the TurnDomainName is specified. Provide in base64 format."
|
||||
type = string
|
||||
default = ""
|
||||
}
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ resource "google_secret_manager_secret" "openvidu_shared_info" {
|
|||
for_each = toset([
|
||||
"OPENVIDU_URL", "MEET_INITIAL_ADMIN_USER", "MEET_INITIAL_ADMIN_PASSWORD",
|
||||
"MEET_INITIAL_API_KEY", "LIVEKIT_URL", "LIVEKIT_API_KEY", "LIVEKIT_API_SECRET",
|
||||
"DASHBOARD_URL", "GRAFANA_URL", "MINIO_URL", "DOMAIN_NAME", "LIVEKIT_TURN_DOMAIN_NAME",
|
||||
"DASHBOARD_URL", "GRAFANA_URL", "MINIO_URL", "DOMAIN_NAME",
|
||||
"OPENVIDU_PRO_LICENSE", "OPENVIDU_RTC_ENGINE", "REDIS_PASSWORD", "MONGO_ADMIN_USERNAME",
|
||||
"MONGO_ADMIN_PASSWORD", "MONGO_REPLICA_SET_KEY", "MINIO_ACCESS_KEY", "MINIO_SECRET_KEY",
|
||||
"DASHBOARD_ADMIN_USERNAME", "DASHBOARD_ADMIN_PASSWORD", "GRAFANA_ADMIN_USERNAME",
|
||||
|
|
@ -117,9 +117,6 @@ resource "google_compute_instance" "openvidu_server" {
|
|||
ownPublicCertificate = var.ownPublicCertificate
|
||||
ownPrivateCertificate = var.ownPrivateCertificate
|
||||
additionalInstallFlags = var.additionalInstallFlags
|
||||
turnDomainName = var.turnDomainName
|
||||
turnOwnPublicCertificate = var.turnOwnPublicCertificate
|
||||
turnOwnPrivateCertificate = var.turnOwnPrivateCertificate
|
||||
bucketName = local.isEmpty ? google_storage_bucket.bucket[0].name : var.bucketName
|
||||
}
|
||||
|
||||
|
|
@ -178,7 +175,6 @@ if [[ "${var.domainName}" == "" ]]; then
|
|||
EXTERNAL_IP=$(get_meta "instance/network-interfaces/0/access-configs/0/external-ip")
|
||||
RANDOM_DOMAIN_STRING=$(tr -dc 'a-z' < /dev/urandom | head -c 8)
|
||||
DOMAIN=openvidu-$RANDOM_DOMAIN_STRING-$(echo $EXTERNAL_IP | tr '.' '-').sslip.io
|
||||
TURN_DOMAIN_NAME_SSLIP_IO=turn-$RANDOM_DOMAIN_STRING-$(echo $EXTERNAL_IP | tr '.' '-').sslip.io
|
||||
else
|
||||
DOMAIN="${var.domainName}"
|
||||
fi
|
||||
|
|
@ -254,19 +250,6 @@ if [[ "${var.additionalInstallFlags}" != "" ]]; then
|
|||
done
|
||||
fi
|
||||
|
||||
# Turn with TLS
|
||||
if [[ "$TURN_DOMAIN_NAME_SSLIP_IO" != "" ]]; then
|
||||
LIVEKIT_TURN_DOMAIN_NAME=$(/usr/local/bin/store_secret.sh save LIVEKIT_TURN_DOMAIN_NAME "$TURN_DOMAIN_NAME_SSLIP_IO")
|
||||
COMMON_ARGS+=(
|
||||
"--turn-domain-name=$LIVEKIT_TURN_DOMAIN_NAME"
|
||||
)
|
||||
elif [[ "${var.turnDomainName}" != '' ]]; then
|
||||
LIVEKIT_TURN_DOMAIN_NAME=$(/usr/local/bin/store_secret.sh save LIVEKIT_TURN_DOMAIN_NAME "${var.turnDomainName}")
|
||||
COMMON_ARGS+=(
|
||||
"--turn-domain-name=$LIVEKIT_TURN_DOMAIN_NAME"
|
||||
)
|
||||
fi
|
||||
|
||||
# Certificate arguments
|
||||
if [[ "${var.certificateType}" == "selfsigned" ]]; then
|
||||
CERT_ARGS=(
|
||||
|
|
@ -285,17 +268,6 @@ else
|
|||
"--owncert-public-key=$OWN_CERT_CRT"
|
||||
"--owncert-private-key=$OWN_CERT_KEY"
|
||||
)
|
||||
|
||||
# Turn with TLS and own certificate
|
||||
if [[ "${var.turnDomainName}" != '' ]]; then
|
||||
# Use base64 encoded certificates directly
|
||||
OWN_CERT_CRT_TURN=${var.turnOwnPublicCertificate}
|
||||
OWN_CERT_KEY_TURN=${var.turnOwnPrivateCertificate}
|
||||
CERT_ARGS+=(
|
||||
"--turn-owncert-private-key=$OWN_CERT_KEY_TURN"
|
||||
"--turn-owncert-public-key=$OWN_CERT_CRT_TURN"
|
||||
)
|
||||
fi
|
||||
fi
|
||||
|
||||
# Final command
|
||||
|
|
@ -394,12 +366,6 @@ else
|
|||
exit 1
|
||||
fi
|
||||
|
||||
# Replace LIVEKIT_TURN_DOMAIN_NAME
|
||||
export LIVEKIT_TURN_DOMAIN_NAME=$(gcloud secrets versions access latest --secret=LIVEKIT_TURN_DOMAIN_NAME)
|
||||
if [[ -n "$LIVEKIT_TURN_DOMAIN_NAME" ]]; then
|
||||
sed -i "s/LIVEKIT_TURN_DOMAIN_NAME=.*/LIVEKIT_TURN_DOMAIN_NAME=$LIVEKIT_TURN_DOMAIN_NAME/" "$${CONFIG_DIR}/openvidu.env"
|
||||
fi
|
||||
|
||||
# Get the rest of the values
|
||||
export REDIS_PASSWORD=$(gcloud secrets versions access latest --secret=REDIS_PASSWORD)
|
||||
export OPENVIDU_PRO_LICENSE=$(gcloud secrets versions access latest --secret=OPENVIDU_PRO_LICENSE)
|
||||
|
|
@ -476,7 +442,6 @@ REDIS_PASSWORD="$(/usr/local/bin/get_value_from_config.sh REDIS_PASSWORD "$${CON
|
|||
OPENVIDU_PRO_LICENSE="$(/usr/local/bin/get_value_from_config.sh OPENVIDU_PRO_LICENSE "$${CONFIG_DIR}/openvidu.env")"
|
||||
OPENVIDU_RTC_ENGINE="$(/usr/local/bin/get_value_from_config.sh OPENVIDU_RTC_ENGINE "$${CONFIG_DIR}/openvidu.env")"
|
||||
DOMAIN_NAME="$(/usr/local/bin/get_value_from_config.sh DOMAIN_NAME "$${CONFIG_DIR}/openvidu.env")"
|
||||
LIVEKIT_TURN_DOMAIN_NAME="$(/usr/local/bin/get_value_from_config.sh LIVEKIT_TURN_DOMAIN_NAME "$${CONFIG_DIR}/openvidu.env")"
|
||||
MONGO_ADMIN_USERNAME="$(/usr/local/bin/get_value_from_config.sh MONGO_ADMIN_USERNAME "$${CONFIG_DIR}/openvidu.env")"
|
||||
MONGO_ADMIN_PASSWORD="$(/usr/local/bin/get_value_from_config.sh MONGO_ADMIN_PASSWORD "$${CONFIG_DIR}/openvidu.env")"
|
||||
MONGO_REPLICA_SET_KEY="$(/usr/local/bin/get_value_from_config.sh MONGO_REPLICA_SET_KEY "$${CONFIG_DIR}/openvidu.env")"
|
||||
|
|
@ -500,7 +465,6 @@ echo -n "$REDIS_PASSWORD" | gcloud secrets versions add REDIS_PASSWORD --data-fi
|
|||
echo -n "$OPENVIDU_PRO_LICENSE" | gcloud secrets versions add OPENVIDU_PRO_LICENSE --data-file=-
|
||||
echo -n "$OPENVIDU_RTC_ENGINE" | gcloud secrets versions add OPENVIDU_RTC_ENGINE --data-file=-
|
||||
echo -n "$DOMAIN_NAME" | gcloud secrets versions add DOMAIN_NAME --data-file=-
|
||||
echo -n "$LIVEKIT_TURN_DOMAIN_NAME" | gcloud secrets versions add LIVEKIT_TURN_DOMAIN_NAME --data-file=-
|
||||
echo -n "$MONGO_ADMIN_USERNAME" | gcloud secrets versions add MONGO_ADMIN_USERNAME --data-file=-
|
||||
echo -n "$MONGO_ADMIN_PASSWORD" | gcloud secrets versions add MONGO_ADMIN_PASSWORD --data-file=-
|
||||
echo -n "$MONGO_REPLICA_SET_KEY" | gcloud secrets versions add MONGO_REPLICA_SET_KEY --data-file=-
|
||||
|
|
|
|||
|
|
@ -122,21 +122,3 @@ variable "additionalInstallFlags" {
|
|||
error_message = "Must be a comma-separated list of flags (for example, --flag=value, --bool-flag)."
|
||||
}
|
||||
}
|
||||
|
||||
variable "turnDomainName" {
|
||||
description = "(Optional) Domain name for the TURN server with TLS. Only needed if your users are behind restrictive firewalls"
|
||||
type = string
|
||||
default = ""
|
||||
}
|
||||
|
||||
variable "turnOwnPublicCertificate" {
|
||||
description = "(Optional) This setting is applicable if the certificate type is set to 'owncert' and the TurnDomainName is specified. Provide in base64 format."
|
||||
type = string
|
||||
default = ""
|
||||
}
|
||||
|
||||
variable "turnOwnPrivateCertificate" {
|
||||
description = "(Optional) This setting is applicable if the certificate type is set to 'owncert' and the TurnDomainName is specified. Provide in base64 format."
|
||||
type = string
|
||||
default = ""
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue