mirror of https://github.com/OpenVidu/openvidu.git
Implement code changes to enhance functionality and improve performance
Piwccle
parent
61cf2caa94
commit
7f87a759c0
|
|
@ -0,0 +1,5 @@
|
||||||
|
.terraform
|
||||||
|
.terraform.lock.hcl
|
||||||
|
*.tfstate
|
||||||
|
*.tfstate.backup
|
||||||
|
*.tfstate.lock.info
|
||||||
|
|
@ -9,5 +9,5 @@ output "openvidu_public_ip" {
|
||||||
}
|
}
|
||||||
|
|
||||||
output "appdata_bucket" {
|
output "appdata_bucket" {
|
||||||
value = local.isEmpty ? "openvidu-appdata" : var.bucketName
|
value = local.isEmpty ? google_storage_bucket.bucket[0].name : var.bucketName
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -103,7 +103,7 @@ resource "google_compute_instance" "openvidu_server" {
|
||||||
turnDomainName = var.turnDomainName
|
turnDomainName = var.turnDomainName
|
||||||
turnOwnPublicCertificate = var.turnOwnPublicCertificate
|
turnOwnPublicCertificate = var.turnOwnPublicCertificate
|
||||||
turnOwnPrivateCertificate = var.turnOwnPrivateCertificate
|
turnOwnPrivateCertificate = var.turnOwnPrivateCertificate
|
||||||
bucketName = google_storage_bucket.bucket[0].name
|
bucketName = local.isEmpty ? google_storage_bucket.bucket[0].name : var.bucketName
|
||||||
}
|
}
|
||||||
|
|
||||||
service_account {
|
service_account {
|
||||||
|
|
@ -124,10 +124,11 @@ locals {
|
||||||
isEmpty = var.bucketName == ""
|
isEmpty = var.bucketName == ""
|
||||||
install_script = <<-EOF
|
install_script = <<-EOF
|
||||||
#!/bin/bash -x
|
#!/bin/bash -x
|
||||||
|
set -e
|
||||||
|
|
||||||
OPENVIDU_VERSION=main
|
OPENVIDU_VERSION=main
|
||||||
DOMAIN=
|
DOMAIN=
|
||||||
YQ_VERSION=v4.44.5
|
YQ_VERSION=v4.44.5
|
||||||
|
|
||||||
apt-get update && apt-get install -y \
|
apt-get update && apt-get install -y \
|
||||||
curl \
|
curl \
|
||||||
unzip \
|
unzip \
|
||||||
|
|
@ -143,13 +144,11 @@ locals {
|
||||||
|
|
||||||
# Configure gcloud with instance service account
|
# Configure gcloud with instance service account
|
||||||
gcloud auth activate-service-account --key-file=/dev/null 2>/dev/null || true
|
gcloud auth activate-service-account --key-file=/dev/null 2>/dev/null || true
|
||||||
|
|
||||||
METADATA_URL="http://metadata.google.internal/computeMetadata/v1"
|
METADATA_URL="http://metadata.google.internal/computeMetadata/v1"
|
||||||
get_meta() { curl -s -H "Metadata-Flavor: Google" "$${METADATA_URL}/$1"; }
|
get_meta() { curl -s -H "Metadata-Flavor: Google" "$${METADATA_URL}/$1"; }
|
||||||
|
|
||||||
# Create counter file for tracking script executions
|
# Create counter file for tracking script executions
|
||||||
echo "1" > /tmp/openvidu_install_counter.txt
|
echo 1 > /usr/local/bin/openvidu_install_counter.txt
|
||||||
|
|
||||||
|
|
||||||
# Create all the secrets
|
# Create all the secrets
|
||||||
gcloud secrets create OPENVIDU_URL --replication-policy=automatic || true
|
gcloud secrets create OPENVIDU_URL --replication-policy=automatic || true
|
||||||
|
|
@ -195,10 +194,9 @@ locals {
|
||||||
else
|
else
|
||||||
MEET_INITIAL_ADMIN_PASSWORD="$(/usr/local/bin/store_secret.sh generate MEET_INITIAL_ADMIN_PASSWORD)"
|
MEET_INITIAL_ADMIN_PASSWORD="$(/usr/local/bin/store_secret.sh generate MEET_INITIAL_ADMIN_PASSWORD)"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [[ "${var.initialMeetApiKey}" != '' ]]; then
|
if [[ "${var.initialMeetApiKey}" != '' ]]; then
|
||||||
MEET_INITIAL_API_KEY="$(/usr/local/bin/store_secret.sh save MEET_INITIAL_API_KEY "${var.initialMeetApiKey}")"
|
MEET_INITIAL_API_KEY="$(/usr/local/bin/store_secret.sh save MEET_INITIAL_API_KEY "${var.initialMeetApiKey}")"
|
||||||
else
|
|
||||||
MEET_INITIAL_API_KEY="$(/usr/local/bin/store_secret.sh save MEET_INITIAL_API_KEY "")"
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Store usernames and generate random passwords
|
# Store usernames and generate random passwords
|
||||||
|
|
@ -286,7 +284,6 @@ locals {
|
||||||
# Convert to base64
|
# Convert to base64
|
||||||
OWN_CERT_CRT=$(base64 -w 0 /tmp/owncert/fullchain.pem)
|
OWN_CERT_CRT=$(base64 -w 0 /tmp/owncert/fullchain.pem)
|
||||||
OWN_CERT_KEY=$(base64 -w 0 /tmp/owncert/privkey.pem)
|
OWN_CERT_KEY=$(base64 -w 0 /tmp/owncert/privkey.pem)
|
||||||
|
|
||||||
CERT_ARGS=(
|
CERT_ARGS=(
|
||||||
"--certificate-type=owncert"
|
"--certificate-type=owncert"
|
||||||
"--owncert-public-key=$OWN_CERT_CRT"
|
"--owncert-public-key=$OWN_CERT_CRT"
|
||||||
|
|
@ -299,11 +296,9 @@ locals {
|
||||||
mkdir -p /tmp/owncert-turn
|
mkdir -p /tmp/owncert-turn
|
||||||
wget -O /tmp/owncert-turn/fullchain.pem ${var.turnOwnPublicCertificate}
|
wget -O /tmp/owncert-turn/fullchain.pem ${var.turnOwnPublicCertificate}
|
||||||
wget -O /tmp/owncert-turn/privkey.pem ${var.turnOwnPrivateCertificate}
|
wget -O /tmp/owncert-turn/privkey.pem ${var.turnOwnPrivateCertificate}
|
||||||
|
|
||||||
# Convert to base64
|
# Convert to base64
|
||||||
OWN_CERT_CRT_TURN=$(base64 -w 0 /tmp/owncert-turn/fullchain.pem)
|
OWN_CERT_CRT_TURN=$(base64 -w 0 /tmp/owncert-turn/fullchain.pem)
|
||||||
OWN_CERT_KEY_TURN=$(base64 -w 0 /tmp/owncert-turn/privkey.pem)
|
OWN_CERT_KEY_TURN=$(base64 -w 0 /tmp/owncert-turn/privkey.pem)
|
||||||
|
|
||||||
CERT_ARGS+=(
|
CERT_ARGS+=(
|
||||||
"--turn-owncert-private-key=$OWN_CERT_KEY_TURN"
|
"--turn-owncert-private-key=$OWN_CERT_KEY_TURN"
|
||||||
"--turn-owncert-public-key=$OWN_CERT_CRT_TURN"
|
"--turn-owncert-public-key=$OWN_CERT_CRT_TURN"
|
||||||
|
|
@ -331,12 +326,11 @@ locals {
|
||||||
|
|
||||||
METADATA_URL="http://metadata.google.internal/computeMetadata/v1"
|
METADATA_URL="http://metadata.google.internal/computeMetadata/v1"
|
||||||
get_meta() { curl -s -H "Metadata-Flavor: Google" "$${METADATA_URL}/$1"; }
|
get_meta() { curl -s -H "Metadata-Flavor: Google" "$${METADATA_URL}/$1"; }
|
||||||
|
|
||||||
SERVICE_ACCOUNT_EMAIL=$(get_meta "instance/service-accounts/default/email")
|
SERVICE_ACCOUNT_EMAIL=$(get_meta "instance/service-accounts/default/email")
|
||||||
|
|
||||||
# Create key for service account
|
# Create key for service account
|
||||||
gcloud iam service-accounts keys create credentials.json --iam-account=$SERVICE_ACCOUNT_EMAIL
|
gcloud iam service-accounts keys create credentials.json --iam-account=$SERVICE_ACCOUNT_EMAIL
|
||||||
|
|
||||||
# Get credentials
|
|
||||||
# Create HMAC key and parse output
|
# Create HMAC key and parse output
|
||||||
HMAC_OUTPUT=$(gcloud storage hmac create $SERVICE_ACCOUNT_EMAIL --format="json")
|
HMAC_OUTPUT=$(gcloud storage hmac create $SERVICE_ACCOUNT_EMAIL --format="json")
|
||||||
EXTERNAL_S3_ACCESS_KEY=$(echo "$HMAC_OUTPUT" | jq -r '.metadata.accessId')
|
EXTERNAL_S3_ACCESS_KEY=$(echo "$HMAC_OUTPUT" | jq -r '.metadata.accessId')
|
||||||
|
|
@ -368,7 +362,6 @@ locals {
|
||||||
# Configure gcloud with instance service account
|
# Configure gcloud with instance service account
|
||||||
gcloud auth activate-service-account --key-file=/dev/null 2>/dev/null || true
|
gcloud auth activate-service-account --key-file=/dev/null 2>/dev/null || true
|
||||||
|
|
||||||
|
|
||||||
# Generate URLs
|
# Generate URLs
|
||||||
DOMAIN=$(gcloud secrets versions access latest --secret=DOMAIN_NAME)
|
DOMAIN=$(gcloud secrets versions access latest --secret=DOMAIN_NAME)
|
||||||
OPENVIDU_URL="https://$${DOMAIN}/"
|
OPENVIDU_URL="https://$${DOMAIN}/"
|
||||||
|
|
@ -384,9 +377,7 @@ locals {
|
||||||
echo -n "$DASHBOARD_URL" | gcloud secrets versions add DASHBOARD_URL --data-file=-
|
echo -n "$DASHBOARD_URL" | gcloud secrets versions add DASHBOARD_URL --data-file=-
|
||||||
echo -n "$GRAFANA_URL" | gcloud secrets versions add GRAFANA_URL --data-file=-
|
echo -n "$GRAFANA_URL" | gcloud secrets versions add GRAFANA_URL --data-file=-
|
||||||
echo -n "$MINIO_URL" | gcloud secrets versions add MINIO_URL --data-file=-
|
echo -n "$MINIO_URL" | gcloud secrets versions add MINIO_URL --data-file=-
|
||||||
|
|
||||||
gcloud secrets versions access latest --secret=MINIO_URL
|
gcloud secrets versions access latest --secret=MINIO_URL
|
||||||
|
|
||||||
if [[ $? -ne 0 ]]; then
|
if [[ $? -ne 0 ]]; then
|
||||||
echo "Error updating secret_manager"
|
echo "Error updating secret_manager"
|
||||||
fi
|
fi
|
||||||
|
|
@ -437,7 +428,6 @@ locals {
|
||||||
fi
|
fi
|
||||||
export ENABLED_MODULES=$(gcloud secrets versions access latest --secret=ENABLED_MODULES)
|
export ENABLED_MODULES=$(gcloud secrets versions access latest --secret=ENABLED_MODULES)
|
||||||
|
|
||||||
|
|
||||||
# Replace rest of the values
|
# Replace rest of the values
|
||||||
sed -i "s/REDIS_PASSWORD=.*/REDIS_PASSWORD=$REDIS_PASSWORD/" "$${CONFIG_DIR}/openvidu.env"
|
sed -i "s/REDIS_PASSWORD=.*/REDIS_PASSWORD=$REDIS_PASSWORD/" "$${CONFIG_DIR}/openvidu.env"
|
||||||
sed -i "s/MONGO_ADMIN_USERNAME=.*/MONGO_ADMIN_USERNAME=$MONGO_ADMIN_USERNAME/" "$${CONFIG_DIR}/openvidu.env"
|
sed -i "s/MONGO_ADMIN_USERNAME=.*/MONGO_ADMIN_USERNAME=$MONGO_ADMIN_USERNAME/" "$${CONFIG_DIR}/openvidu.env"
|
||||||
|
|
@ -458,7 +448,6 @@ locals {
|
||||||
fi
|
fi
|
||||||
sed -i "s/ENABLED_MODULES=.*/ENABLED_MODULES=$ENABLED_MODULES/" "$${CONFIG_DIR}/openvidu.env"
|
sed -i "s/ENABLED_MODULES=.*/ENABLED_MODULES=$ENABLED_MODULES/" "$${CONFIG_DIR}/openvidu.env"
|
||||||
|
|
||||||
|
|
||||||
# Update URLs in secret
|
# Update URLs in secret
|
||||||
OPENVIDU_URL="https://$${DOMAIN}/"
|
OPENVIDU_URL="https://$${DOMAIN}/"
|
||||||
LIVEKIT_URL="wss://$${DOMAIN}/"
|
LIVEKIT_URL="wss://$${DOMAIN}/"
|
||||||
|
|
@ -469,7 +458,7 @@ locals {
|
||||||
# Update shared secret
|
# Update shared secret
|
||||||
echo -n "$DOMAIN" | gcloud secrets versions add DOMAIN_NAME --data-file=-
|
echo -n "$DOMAIN" | gcloud secrets versions add DOMAIN_NAME --data-file=-
|
||||||
echo -n "$OPENVIDU_URL" | gcloud secrets versions add OPENVIDU_URL --data-file=-
|
echo -n "$OPENVIDU_URL" | gcloud secrets versions add OPENVIDU_URL --data-file=-
|
||||||
echo -n "$LIVEKIT_URL" | gcloud secrets versions add LIVEKIT_URL --
|
echo -n "$LIVEKIT_URL" | gcloud secrets versions add LIVEKIT_URL --data-file=-
|
||||||
echo -n "$DASHBOARD_URL" | gcloud secrets versions add DASHBOARD_URL --data-file=-
|
echo -n "$DASHBOARD_URL" | gcloud secrets versions add DASHBOARD_URL --data-file=-
|
||||||
echo -n "$GRAFANA_URL" | gcloud secrets versions add GRAFANA_URL --data-file=-
|
echo -n "$GRAFANA_URL" | gcloud secrets versions add GRAFANA_URL --data-file=-
|
||||||
echo -n "$MINIO_URL" | gcloud secrets versions add MINIO_URL --data-file=-
|
echo -n "$MINIO_URL" | gcloud secrets versions add MINIO_URL --data-file=-
|
||||||
|
|
@ -508,7 +497,6 @@ locals {
|
||||||
fi
|
fi
|
||||||
ENABLED_MODULES="$(/usr/local/bin/get_value_from_config.sh ENABLED_MODULES "$${CONFIG_DIR}/openvidu.env")"
|
ENABLED_MODULES="$(/usr/local/bin/get_value_from_config.sh ENABLED_MODULES "$${CONFIG_DIR}/openvidu.env")"
|
||||||
|
|
||||||
|
|
||||||
# Update shared secret
|
# Update shared secret
|
||||||
echo -n "$REDIS_PASSWORD" | gcloud secrets versions add REDIS_PASSWORD --data-file=-
|
echo -n "$REDIS_PASSWORD" | gcloud secrets versions add REDIS_PASSWORD --data-file=-
|
||||||
echo -n "$DOMAIN_NAME" | gcloud secrets versions add DOMAIN_NAME --data-file=-
|
echo -n "$DOMAIN_NAME" | gcloud secrets versions add DOMAIN_NAME --data-file=-
|
||||||
|
|
@ -540,11 +528,9 @@ locals {
|
||||||
get_value() {
|
get_value() {
|
||||||
local key="$1"
|
local key="$1"
|
||||||
local file_path="$2"
|
local file_path="$2"
|
||||||
|
|
||||||
# Use grep to find the line with the key, ignoring lines starting with #
|
# Use grep to find the line with the key, ignoring lines starting with #
|
||||||
# Use awk to split on '=' and print the second field, which is the value
|
# Use awk to split on '=' and print the second field, which is the value
|
||||||
local value=$(grep -E "^\s*$key\s*=" "$file_path" | awk -F= '{print $2}' | sed 's/#.*//; s/^\s*//; s/\s*$//')
|
local value=$(grep -E "^\s*$key\s*=" "$file_path" | awk -F= '{print $2}' | sed 's/#.*//; s/^\s*//; s/\s*$//')
|
||||||
|
|
||||||
# If the value is empty, return "none"
|
# If the value is empty, return "none"
|
||||||
if [ -z "$value" ]; then
|
if [ -z "$value" ]; then
|
||||||
echo "none"
|
echo "none"
|
||||||
|
|
@ -578,7 +564,6 @@ locals {
|
||||||
# save mode: save the secret in the secret manager
|
# save mode: save the secret in the secret manager
|
||||||
# generate mode: generate a random password and save it in the secret manager
|
# generate mode: generate a random password and save it in the secret manager
|
||||||
MODE="$1"
|
MODE="$1"
|
||||||
|
|
||||||
if [[ "$MODE" == "generate" ]]; then
|
if [[ "$MODE" == "generate" ]]; then
|
||||||
SECRET_KEY_NAME="$2"
|
SECRET_KEY_NAME="$2"
|
||||||
PREFIX="$${3:-}"
|
PREFIX="$${3:-}"
|
||||||
|
|
@ -617,6 +602,7 @@ locals {
|
||||||
restart_script = <<-EOF
|
restart_script = <<-EOF
|
||||||
#!/bin/bash -x
|
#!/bin/bash -x
|
||||||
set -e
|
set -e
|
||||||
|
|
||||||
# Stop all services
|
# Stop all services
|
||||||
systemctl stop openvidu
|
systemctl stop openvidu
|
||||||
|
|
||||||
|
|
@ -631,13 +617,14 @@ locals {
|
||||||
#!/bin/bash -x
|
#!/bin/bash -x
|
||||||
set -eu -o pipefail
|
set -eu -o pipefail
|
||||||
|
|
||||||
# Check if installation already completed
|
|
||||||
if cat /tmp/openvidu_install_counter.txt > /dev/null 2>&1; then
|
|
||||||
# restart.sh
|
# restart.sh
|
||||||
cat > /usr/local/bin/restart.sh << 'RESTART_EOF'
|
cat > /usr/local/bin/restart.sh << 'RESTART_EOF'
|
||||||
${local.restart_script}
|
${local.restart_script}
|
||||||
RESTART_EOF
|
RESTART_EOF
|
||||||
chmod +x /usr/local/bin/restart.sh
|
chmod +x /usr/local/bin/restart.sh
|
||||||
|
|
||||||
|
# Check if installation already completed
|
||||||
|
if [ -f /usr/local/bin/openvidu_install_counter.txt ]; then
|
||||||
# Launch on reboot
|
# Launch on reboot
|
||||||
/usr/local/bin/restart.sh || { echo "[OpenVidu] error restarting OpenVidu"; exit 1; }
|
/usr/local/bin/restart.sh || { echo "[OpenVidu] error restarting OpenVidu"; exit 1; }
|
||||||
else
|
else
|
||||||
|
|
@ -689,6 +676,7 @@ locals {
|
||||||
CONFIG_S3_EOF
|
CONFIG_S3_EOF
|
||||||
chmod +x /usr/local/bin/config_s3.sh
|
chmod +x /usr/local/bin/config_s3.sh
|
||||||
|
|
||||||
|
|
||||||
apt-get update && apt-get install -y
|
apt-get update && apt-get install -y
|
||||||
|
|
||||||
# Install google cli
|
# Install google cli
|
||||||
|
|
@ -717,8 +705,11 @@ locals {
|
||||||
# Update shared secret
|
# Update shared secret
|
||||||
/usr/local/bin/after_install.sh || { echo "[OpenVidu] error updating shared secret"; exit 1; }
|
/usr/local/bin/after_install.sh || { echo "[OpenVidu] error updating shared secret"; exit 1; }
|
||||||
|
|
||||||
|
# restart.sh
|
||||||
|
echo "@reboot /usr/local/bin/restart.sh >> /var/log/openvidu-restart.log" 2>&1 | crontab
|
||||||
|
|
||||||
# Mark installation as complete
|
# Mark installation as complete
|
||||||
echo "installation_complete" > /tmp/openvidu_install_counter.txt
|
echo "installation_complete" > /usr/local/bin/openvidu_install_counter.txt
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Wait for the app
|
# Wait for the app
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue