From d8f14c6905329e9f72c258cf5ff1a82ab334e6ab Mon Sep 17 00:00:00 2001 From: Piwccle Date: Tue, 10 Jun 2025 11:34:57 +0200 Subject: [PATCH] openvidu-deployment: azure - changes to let TURN work in HA deployment --- .../pro/ha/azure/cf-openvidu-ha.bicep | 101 ------------------ .../pro/ha/azure/cf-openvidu-ha.json | 100 +---------------- 2 files changed, 1 insertion(+), 200 deletions(-) diff --git a/openvidu-deployment/pro/ha/azure/cf-openvidu-ha.bicep b/openvidu-deployment/pro/ha/azure/cf-openvidu-ha.bicep index cef17678..d3bf0f1e 100644 --- a/openvidu-deployment/pro/ha/azure/cf-openvidu-ha.bicep +++ b/openvidu-deployment/pro/ha/azure/cf-openvidu-ha.bicep @@ -39,12 +39,6 @@ param turnOwnPublicCertificate string = '' @description('(Optional) This setting is applicable if the certificate type is set to \'owncert\' and the TurnDomainName is specified.') param turnOwnPrivateCertificate string = '' -@description('Name of the PublicIPAddress resource in Azure when using TURN server with TLS') -param turnPublicIpAddressObject object = { - name: '' - id: '' -} - @description('Visit https://openvidu.io/account') @secure() param openviduLicense string @@ -1888,7 +1882,6 @@ resource scaleInActivityLogRule 'Microsoft.Insights/activityLogAlerts@2020-10-01 /*------------------------------------------- NETWORK -------------------------------------------*/ var isEmptyIp = publicIpAddressObject.newOrExistingOrNone == 'none' -var turnIsEmptyIp = turnPublicIpAddressObject.newOrExistingOrNone == 'none' var lbName = '${stackName}-loadBalancer' var lbFrontEndName = 'LoadBalancerFrontEnd' var lbBackendPoolNameMasterNode = 'LoadBalancerBackEndMasterNode' @@ -1917,32 +1910,6 @@ resource publicIP_LoadBalancer_ifNew 'Microsoft.Network/publicIPAddresses@2023-1 name: publicIpAddressObject.name } -var ipTURNEmpty = turnPublicIpAddressObject.newOrExistingOrNone == 'none' - -resource publicIPAddressTurnTLSLoadBalancer 'Microsoft.Network/publicIPAddresses@2024-05-01' = if (ipTURNEmpty && turnTLSIsEnabled == true) { - name: '${stackName}-publicIPAddressTurnTLSLoadBalancer' - location: location - sku: { - name: 'Standard' - } - properties: { - publicIPAddressVersion: 'IPv4' - publicIPAllocationMethod: 'Static' - } -} - -var ipTURNExists = turnPublicIpAddressObject.newOrExistingOrNone == 'existing' - -resource publicIP_TurnTLSLoadBalancer_ifExisting 'Microsoft.Network/publicIPAddresses@2023-11-01' existing = if (ipTURNExists && turnTLSIsEnabled == true) { - name: turnPublicIpAddressObject.name -} - -var ipTURNNew = turnPublicIpAddressObject.newOrExistingOrNone == 'new' - -resource publicIP_TurnTLSLoadBalancer_ifNew 'Microsoft.Network/publicIPAddresses@2023-11-01' existing = if (ipTURNNew && turnTLSIsEnabled == true) { - name: turnPublicIpAddressObject.name -} - resource LoadBalancer 'Microsoft.Network/loadBalancers@2024-05-01' = { name: lbName location: location @@ -2058,74 +2025,6 @@ resource LoadBalancer 'Microsoft.Network/loadBalancers@2024-05-01' = { } } -var tlbName = '${stackName}-turnloadBalancer' -var tlbFrontEndName = 'TurnLoadBalancerFrontEnd' - -resource TurnTLSLoadbalancer 'Microsoft.Network/loadBalancers@2024-05-01' = if (turnTLSIsEnabled == true) { - name: tlbName - location: location - sku: { - name: 'Standard' - } - properties: { - frontendIPConfigurations: [ - { - name: tlbFrontEndName - properties: { - privateIPAllocationMethod: 'Dynamic' - privateIPAddressVersion: 'IPv4' - publicIPAddress: { - id: turnIsEmptyIp - ? publicIPAddressTurnTLSLoadBalancer.id - : ipTURNNew ? publicIP_TurnTLSLoadBalancer_ifNew.id : publicIP_TurnTLSLoadBalancer_ifExisting.id - } - } - } - ] - backendAddressPools: [ - { - name: lbBackendPoolNameMasterNode - } - ] - loadBalancingRules: [ - { - name: 'TURNTLSRuleforMasterNode' - properties: { - frontendIPConfiguration: { - id: resourceId('Microsoft.Network/loadBalancers/frontendIPConfigurations', tlbName, tlbFrontEndName) - } - backendAddressPool: { - id: resourceId('Microsoft.Network/loadBalancers/backendAddressPools', tlbName, lbBackendPoolNameMasterNode) - } - frontendPort: 443 - backendPort: 443 - enableFloatingIP: false - protocol: 'Tcp' - enableTcpReset: true - loadDistribution: 'Default' - disableOutboundSnat: true - probe: { - id: resourceId('Microsoft.Network/loadBalancers/probes', tlbName, 'probeForHTTPSRuleMasterNode') - } - } - } - ] - probes: [ - { - name: 'probeForTURNTLSRuleMasterNode' - properties: { - protocol: 'Http' - requestPath: '/' - port: 443 - probeThreshold: 3 - intervalInSeconds: 10 - numberOfProbes: 5 - } - } - ] - } -} - resource natGateway 'Microsoft.Network/natGateways@2021-05-01' = { name: '${stackName}-natGateway' location: location diff --git a/openvidu-deployment/pro/ha/azure/cf-openvidu-ha.json b/openvidu-deployment/pro/ha/azure/cf-openvidu-ha.json index 8966159d..b02fcd3f 100644 --- a/openvidu-deployment/pro/ha/azure/cf-openvidu-ha.json +++ b/openvidu-deployment/pro/ha/azure/cf-openvidu-ha.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.36.1.42791", - "templateHash": "3690827899778325982" + "templateHash": "3547117393656361477" } }, "parameters": { @@ -81,16 +81,6 @@ "description": "(Optional) This setting is applicable if the certificate type is set to 'owncert' and the TurnDomainName is specified." } }, - "turnPublicIpAddressObject": { - "type": "object", - "defaultValue": { - "name": "", - "id": "" - }, - "metadata": { - "description": "Name of the PublicIPAddress resource in Azure when using TURN server with TLS" - } - }, "openviduLicense": { "type": "securestring", "metadata": { @@ -567,17 +557,11 @@ "base64delete_mediaNode_ScriptMedia": "[base64(variables('delete_mediaNode_ScriptMedia'))]", "isEmptyAutomationAccountName": "[equals(parameters('automationAccountName'), '')]", "isEmptyIp": "[equals(parameters('publicIpAddressObject').newOrExistingOrNone, 'none')]", - "turnIsEmptyIp": "[equals(parameters('turnPublicIpAddressObject').newOrExistingOrNone, 'none')]", "lbName": "[format('{0}-loadBalancer', parameters('stackName'))]", "lbFrontEndName": "LoadBalancerFrontEnd", "lbBackendPoolNameMasterNode": "LoadBalancerBackEndMasterNode", "ipExists": "[equals(parameters('publicIpAddressObject').newOrExistingOrNone, 'existing')]", "ipNew": "[equals(parameters('publicIpAddressObject').newOrExistingOrNone, 'new')]", - "ipTURNEmpty": "[equals(parameters('turnPublicIpAddressObject').newOrExistingOrNone, 'none')]", - "ipTURNExists": "[equals(parameters('turnPublicIpAddressObject').newOrExistingOrNone, 'existing')]", - "ipTURNNew": "[equals(parameters('turnPublicIpAddressObject').newOrExistingOrNone, 'new')]", - "tlbName": "[format('{0}-turnloadBalancer', parameters('stackName'))]", - "tlbFrontEndName": "TurnLoadBalancerFrontEnd", "networkSettings": { "vNetAddressPrefix": "10.0.0.0/16", "subnetAddressPrefixMaster1": "10.0.1.0/24", @@ -1154,20 +1138,6 @@ "publicIPAllocationMethod": "Static" } }, - { - "condition": "[and(variables('ipTURNEmpty'), equals(variables('turnTLSIsEnabled'), true()))]", - "type": "Microsoft.Network/publicIPAddresses", - "apiVersion": "2024-05-01", - "name": "[format('{0}-publicIPAddressTurnTLSLoadBalancer', parameters('stackName'))]", - "location": "[variables('location')]", - "sku": { - "name": "Standard" - }, - "properties": { - "publicIPAddressVersion": "IPv4", - "publicIPAllocationMethod": "Static" - } - }, { "type": "Microsoft.Network/loadBalancers", "apiVersion": "2024-05-01", @@ -1285,74 +1255,6 @@ "[resourceId('Microsoft.Network/publicIPAddresses', format('{0}-publicIPAddressLoadBalancer', parameters('stackName')))]" ] }, - { - "condition": "[equals(variables('turnTLSIsEnabled'), true())]", - "type": "Microsoft.Network/loadBalancers", - "apiVersion": "2024-05-01", - "name": "[variables('tlbName')]", - "location": "[variables('location')]", - "sku": { - "name": "Standard" - }, - "properties": { - "frontendIPConfigurations": [ - { - "name": "[variables('tlbFrontEndName')]", - "properties": { - "privateIPAllocationMethod": "Dynamic", - "privateIPAddressVersion": "IPv4", - "publicIPAddress": { - "id": "[if(variables('turnIsEmptyIp'), resourceId('Microsoft.Network/publicIPAddresses', format('{0}-publicIPAddressTurnTLSLoadBalancer', parameters('stackName'))), if(variables('ipTURNNew'), resourceId('Microsoft.Network/publicIPAddresses', parameters('turnPublicIpAddressObject').name), resourceId('Microsoft.Network/publicIPAddresses', parameters('turnPublicIpAddressObject').name)))]" - } - } - } - ], - "backendAddressPools": [ - { - "name": "[variables('lbBackendPoolNameMasterNode')]" - } - ], - "loadBalancingRules": [ - { - "name": "TURNTLSRuleforMasterNode", - "properties": { - "frontendIPConfiguration": { - "id": "[resourceId('Microsoft.Network/loadBalancers/frontendIPConfigurations', variables('tlbName'), variables('tlbFrontEndName'))]" - }, - "backendAddressPool": { - "id": "[resourceId('Microsoft.Network/loadBalancers/backendAddressPools', variables('tlbName'), variables('lbBackendPoolNameMasterNode'))]" - }, - "frontendPort": 443, - "backendPort": 443, - "enableFloatingIP": false, - "protocol": "Tcp", - "enableTcpReset": true, - "loadDistribution": "Default", - "disableOutboundSnat": true, - "probe": { - "id": "[resourceId('Microsoft.Network/loadBalancers/probes', variables('tlbName'), 'probeForHTTPSRuleMasterNode')]" - } - } - } - ], - "probes": [ - { - "name": "probeForTURNTLSRuleMasterNode", - "properties": { - "protocol": "Http", - "requestPath": "/", - "port": 443, - "probeThreshold": 3, - "intervalInSeconds": 10, - "numberOfProbes": 5 - } - } - ] - }, - "dependsOn": [ - "[resourceId('Microsoft.Network/publicIPAddresses', format('{0}-publicIPAddressTurnTLSLoadBalancer', parameters('stackName')))]" - ] - }, { "type": "Microsoft.Network/natGateways", "apiVersion": "2021-05-01",