Coturn deploy ansible scripts

ansible/roles/janus/files/turn.pem

@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID3TCCAsWgAwIBAgIUHtkI7+tH70zMTkF0BuaoiTn4BRswDQYJKoZIhvcNAQEL
+BQAwfjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcM
+DU1vdW50YWluIFZpZXcxEDAOBgNVBAoMB01vemlsbGExFTATBgNVBAsMDE1peGVk
+UmVhbGl0eTEZMBcGA1UEAwwQaHVicy5tb3ppbGxhLmNvbTAeFw0yMDA0MTQyMjUz
+MzlaFw0zMDA0MTIyMjUzMzlaMH4xCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxp
+Zm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3MRAwDgYDVQQKDAdNb3ppbGxh
+MRUwEwYDVQQLDAxNaXhlZFJlYWxpdHkxGTAXBgNVBAMMEGh1YnMubW96aWxsYS5j
+b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDdJPZW1KmowBar4y/u
+yZ24Nn9hSpLXLaOT3RNWm6B3iJk6TnsJcprrXfhUYGTq7uOqV0x8GWJtB73ADovB
+X9TXi803F3NbldoQ068rOj9LnxG4is7y/nbLTFP/9uCTc2u9joHo71w/70fS0AsG
+3l/cz7Bsrzk3OIpkDbUm/5KnFV6MyiuVeiMJxC6tiEDKUa+YKHVFclHFtxEO4PmG
+YDCfsa02XzR2/Yn/X18Vtdm+lZ2WJJ9QvMWcLqgysyRmDP6Sh/ZTkY51BoA5Xu6N
+c5sMQrcqO63KRLmr5xZ1R83TgMeReC1Jc89DgqAgZi1lE3aANzHUs8+THIWeYR8d
+QOexAgMBAAGjUzBRMB0GA1UdDgQWBBRl2WFW9pFt+juzJk61oDaAEBjYfTAfBgNV
+HSMEGDAWgBRl2WFW9pFt+juzJk61oDaAEBjYfTAPBgNVHRMBAf8EBTADAQH/MA0G
+CSqGSIb3DQEBCwUAA4IBAQCO9erd4QW248vYs4QECcz2gOao1Z57nN37PGSquSEf
+XYjRINWYQX7NR9VHJaJKORG4c8e7DXTkPDQb2LSp2NmCRS+2NY+s4GM6eqSveVyp
+qEReiBbN35xnkOhXXWsOCP1k68eqMp/RWaecNuO6yUsuMd3zp6eqmH8vJntS5HMq
+LDTlIIswfYHdTL01xXLjzWe9FkADiV31qeG+MXisaadP5VfOv5rvqcR840ameel4
+ABCc3LfanyQg+HY8DxnEoh3LPFlf6+EKygd2oiqipI7O1rf8SWmmAhor1+ut/mUH
+86sWj4vAJ7VXbaPCkrzk7uvZ4EVo4GiJE4h1VDP2+iI3
+-----END CERTIFICATE-----

ansible/roles/janus/tasks/main.yml

@@ -30,29 +30,48 @@
       dest: "{{ work_dir.path }}/{{ item }}.toml"
     loop: "{{ services }}"
 
-  - name: "Write local file key"
+  - name: "Write local janus key keyfiles"
     copy:
       src: "{{ secrets_path }}/roles/janus/files/{{ item }}.key"
       dest: "{{ work_dir.path }}/{{ item }}.key"
     when: env != 'local'
-    loop: "{{ keyfiles }}"
+    loop: "{{ janus_keyfiles }}"
 
-  - name: "Write local file pem"
+  - name: "Write local janus pem keyfiles"
     copy:
       src: "{{ item }}.pem"
       dest: "{{ work_dir.path }}/{{ item }}.pem"
     when: env != 'local'
-    loop: "{{ keyfiles }}"
+    loop: "{{ janus_keyfiles }}"
+
+  - name: "Write local coturn key keyfiles"
+    copy:
+      src: "{{ secrets_path }}/roles/janus/files/{{ item }}.key"
+      dest: "{{ work_dir.path }}/{{ item }}.key"
+    when: env != 'local'
+    loop: "{{ coturn_keyfiles }}"
+
+  - name: "Write local coturn pem keyfiles"
+    copy:
+      src: "{{ item }}.pem"
+      dest: "{{ work_dir.path }}/{{ item }}.pem"
+    when: env != 'local'
+    loop: "{{ coturn_keyfiles }}"
 
   - name: "Write local auth key"
     copy:
       src: "perms.pub.der.{{ env }}"
       dest: "{{ work_dir.path }}/perms.pub.der"
 
-  - name: "Generate local cert"
+  - name: "Generate local janus cert"
     shell: "openssl req -newkey rsa:2048 -nodes -keyout \"{{ work_dir.path }}/{{ item }}.key\" -x509 -days 365 -out \"{{ work_dir.path }}/{{ item }}.pem\" -subj '/C=US/ST=California/L=Mountain View/O=YourOrg/OU=YourDept/CN=yoursite.com'"
     when: env == 'local'
-    loop: "{{ keyfiles }}"
+    loop: "{{ janus_keyfiles }}"
+
+  - name: "Generate local coturn cert"
+    shell: "openssl req -newkey rsa:2048 -nodes -keyout \"{{ work_dir.path }}/{{ item }}.key\" -x509 -days 365 -out \"{{ work_dir.path }}/{{ item }}.pem\" -subj '/C=US/ST=California/L=Mountain View/O=YourOrg/OU=YourDept/CN=yoursite.com'"
+    when: env == 'local'
+    loop: "{{ coturn_keyfiles }}"
 
   - name: "Deploy remote configs"
     shell: "cat {{ work_dir.path }}/{{ item }}.toml | /hab/pkgs/mozillareality/hab-butterfly/0.39.1/20171118004554/bin/hab-butterfly config apply --peer $(curl -s http://169.254.169.254/latest/meta-data/local-ipv4) --org mozillareality --ring mr {{ item }}.default $(date +%s)"
@@ -74,34 +93,54 @@
     when: env == 'local'
     loop: "{{ services }}"
 
-  - name: "Deploy remote file key"
+  - name: "Deploy remote janus file key"
     shell: "/hab/pkgs/mozillareality/hab-butterfly/0.39.1/20171118004554/bin/hab-butterfly file upload --peer $(curl -s http://169.254.169.254/latest/meta-data/local-ipv4) --org mozillareality --ring mr janus-gateway.default $(date +%s) {{ work_dir.path }}/{{ item }}.key"
     when: env != 'local'
-    loop: "{{ keyfiles }}"
+    loop: "{{ janus_keyfiles }}"
 
-  - name: "Deploy remote file pem"
+  - name: "Deploy remote janus file pem"
     shell: "/hab/pkgs/mozillareality/hab-butterfly/0.39.1/20171118004554/bin/hab-butterfly file upload --peer $(curl -s http://169.254.169.254/latest/meta-data/local-ipv4) --org mozillareality --ring mr janus-gateway.default $(date +%s) {{ work_dir.path }}/{{ item }}.pem"
     when: env != 'local'
-    loop: "{{ keyfiles }}"
+    loop: "{{ janus_keyfiles }}"
 
   - name: "Deploy remote auth key"
     shell: "/hab/pkgs/mozillareality/hab-butterfly/0.39.1/20171118004554/bin/hab-butterfly file upload --peer $(curl -s http://169.254.169.254/latest/meta-data/local-ipv4) --org mozillareality --ring mr janus-gateway.default $(date +%s) {{ work_dir.path }}/perms.pub.der"
     when: env != 'local'
 
-  - name: "Copy local keyfile pem"
+  - name: "Deploy remote coturn file key"
+    shell: "/hab/pkgs/mozillareality/hab-butterfly/0.39.1/20171118004554/bin/hab-butterfly file upload --peer $(curl -s http://169.254.169.254/latest/meta-data/local-ipv4) --org mozillareality --ring mr coturn.default $(date +%s) {{ work_dir.path }}/{{ item }}.key"
+    when: env != 'local'
+    loop: "{{ coturn_keyfiles }}"
+
+  - name: "Deploy remote coturn file pem"
+    shell: "/hab/pkgs/mozillareality/hab-butterfly/0.39.1/20171118004554/bin/hab-butterfly file upload --peer $(curl -s http://169.254.169.254/latest/meta-data/local-ipv4) --org mozillareality --ring mr coturn.default $(date +%s) {{ work_dir.path }}/{{ item }}.pem"
+    when: env != 'local'
+    loop: "{{ coturn_keyfiles }}"
+
+  - name: "Copy local janus keyfile pem"
     shell: "cp \"{{ work_dir.path }}/{{ item }}.pem\" /hab/svc/janus-gateway/files"
     when: env == 'local'
-    loop: "{{ keyfiles }}"
+    loop: "{{ janus_keyfiles }}"
 
-  - name: "Copy local keyfile key"
+  - name: "Copy local janus keyfile key"
     shell: "cp \"{{ work_dir.path }}/{{ item }}.key\" /hab/svc/janus-gateway/files"
     when: env == 'local'
-    loop: "{{ keyfiles }}"
+    loop: "{{ janus_keyfiles }}"
 
   - name: "Copy local auth key"
     shell: "cp \"{{ work_dir.path }}/perms.pub.der\" /hab/svc/janus-gateway/files"
     when: env == 'local'
 
+  - name: "Copy local coturn keyfile pem"
+    shell: "cp \"{{ work_dir.path }}/{{ item }}.pem\" /hab/svc/coturn/files"
+    when: env == 'local'
+    loop: "{{ coturn_keyfiles }}"
+
+  - name: "Copy local coturn keyfile key"
+    shell: "cp \"{{ work_dir.path }}/{{ item }}.key\" /hab/svc/coturn/files"
+    when: env == 'local'
+    loop: "{{ coturn_keyfiles }}"
+
   always:
   - name: Remove work directory
     file:

ansible/roles/janus/templates/coturn.toml.j2

@@ -0,0 +1,20 @@
+[general]
+realm = "{{ coturn_realm }}"
+no_udp = "{{ coturn_no_udp }}"
+no_tcp = "{{ coturn_no_tcp }}"
+no_dtls = "{{ coturn_no_dtls }}"
+max_port = {{ coturn_max_port }}
+min_port = {{ coturn_min_port }}
+tls_listening_port = {{ coturn_tls_listening_port }}
+
+{% if coturn_listening_ip %}
+listening_ip = "{{ coturn_listening_ip }}"
+{% endif %}
+
+{% if coturn_external_ip %}
+external_ip = "{{ coturn_external_ip }}"
+{% endif %}
+
+{% if coturn_relay_ip %}
+relay_ip = "{{ coturn_relay_ip }}"
+{% endif %}

ansible/roles/janus/vars/local.yml

@@ -3,3 +3,13 @@
 janus_admin_secret: secret
 dd_api_key: datadog_api_key
 collect_ec2_tags: "no"
+coturn_realm: "hubs"
+coturn_listening_ip: "127.0.0.1"
+coturn_external_ip: "127.0.0.1"
+coturn_relay_ip: "127.0.0.1"
+coturn_tls_listening_port: 5349
+coturn_no_udp: "true"
+coturn_no_tcp: "true"
+coturn_no_dtls: "true"
+coturn_min_port: 49152
+coturn_max_port: 51609

ansible/roles/janus/vars/main.yml

@@ -2,7 +2,11 @@
 
 services:
   - janus-gateway
+  - coturn
 
-keyfiles:
+janus_keyfiles:
   - dtls
   - wss # reticulum.io.pem, reticulum.io.crt
+
+coturn_keyfiles:
+  - turn