ungleich-public
/
cdist-contrib
7
2
Fork 2
Code Issues 5 Pull Requests 3 Projects Releases Wiki Activity

Labels Milestones

New Issue

[__jitsi_meet] bug for parameter --secured-domains #15

Closed
opened 1 year ago by pedro · 1 comments
pedro commented 1 year ago

problems with the block type on __jitsi_meet https://code.ungleich.ch/ungleich-public/cdist-contrib/src/branch/master/type/__jitsi_meet/manifest#L174-L185 :

  • it uses replace state that does not exist (I checked the source code's type), so I don't know why the type is not failing explicitly, it's failing implicitly, if we enable this, is going to do it in the wrong way [1], that would break jicofo during restart, and making the jitsi instance unavailable
  • there is no way to apply a regex condition about where to apply the block

I suggest/propose using the __file type with a template and a conditional part would be the ex-block

extra note, old created cdist jitsi instances still work because they use /etc/jitsi/jicofo/sip-communicator.properties method as documented here https://jitsi.github.io/handbook/docs/devops-guide/secure-domain

[1]

root@meet:~# cat /etc/jitsi/jicofo/jicofo.conf 
# Jicofo HOCON configuration. See /usr/share/jicofo/jicofo.jar/reference.conf for
#available options, syntax, and default values.
jicofo {
  xmpp: {
    client: {
      client-proxy: focus.meet.xes.cat
    }
    trusted-domains: [ "recorder.meet.example.com" ]
  }
}
// begin cdist: jicofo_secured_domains
  authentication: {
    enabled: true
    type: XMPP
    login-url: meet.example.com
  }
// end   cdist: jicofo_secured_domains
problems with the block type on *__jitsi_meet* https://code.ungleich.ch/ungleich-public/cdist-contrib/src/branch/master/type/__jitsi_meet/manifest#L174-L185 : - it uses replace state that does not exist (I checked the source code's type), so I don't know why the type is not failing explicitly, it's failing implicitly, if we enable this, is going to do it in the wrong way [1], that would break jicofo during restart, and making the jitsi instance unavailable - there is no way to apply a regex condition about where to apply the block I suggest/propose using the *__file* type with a template and a conditional part would be the ex-block extra note, old created cdist jitsi instances still work because they use `/etc/jitsi/jicofo/sip-communicator.properties` method as documented here https://jitsi.github.io/handbook/docs/devops-guide/secure-domain [1] ``` root@meet:~# cat /etc/jitsi/jicofo/jicofo.conf # Jicofo HOCON configuration. See /usr/share/jicofo/jicofo.jar/reference.conf for #available options, syntax, and default values. jicofo { xmpp: { client: { client-proxy: focus.meet.xes.cat } trusted-domains: [ "recorder.meet.example.com" ] } } // begin cdist: jicofo_secured_domains authentication: { enabled: true type: XMPP login-url: meet.example.com } // end cdist: jicofo_secured_domains ```
evilham referenced this issue from a commit 1 year ago
[__jitsi_meet] Fix bug with secured domains
evilham closed this issue 1 year ago
pedro commented 1 year ago
Poster

thanks @evilham, now the issue is partially solved. It would work when the block already exist, but it's going to fail when the block is not there (when configuration change from publicly accessible instance to secured domain instance, that includes a new jitsi instance). The code block would be added at the end causing a syntax error in the config, see [0] from my first message

I did not do more tests, and I don't know if I misunderstood, but I reviewed a little bit the __block type, and I don't see guarantees for the situation I am saying. It's good for a non-dependent positioned code block in a generic config file, but here, the code block must be placed on a specific position: inside jicofo json object

thanks @evilham, now the issue is partially solved. It would work when the block already exist, but it's going to fail when the block is not there (when configuration change from publicly accessible instance to secured domain instance, that includes a new jitsi instance). The code block would be added at the end causing a syntax error in the config, see [0] from my first message I did not do more tests, and I don't know if I misunderstood, but I reviewed a little bit the `__block` type, and I don't see guarantees for the situation I am saying. It's good for a non-dependent positioned code block in a generic config file, but here, the code block must be placed on a specific position: inside jicofo json object
pedro reopened this issue 1 year ago
evilham closed this issue 1 year ago
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
opendkim-improvements
master
php
kjg_passwordconfig
synapse-upstream-apt-repository
haproxy-dualstack
synapse-upstream-repository
root-mail-dma
Labels
Apply labels
Clear labels   
bug
   
confirmed
   
critical
   
discussion
   
documentation
   
enhancement
   
feedback-required
   
good-first-issue
   
ready
   
reviewed
   
suggestion
   
support
No Label
bug
confirmed
critical
discussion
documentation
enhancement
feedback-required
good-first-issue
ready
reviewed
suggestion
support
Milestone
Set milestone
Clear milestone
No items
No Milestone
Projects
Set Project
Clear projects
No project
Assignees
Assign users
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: ungleich-public/cdist-contrib#15
Write Preview
Loading…
Cancel
Save
There is no content yet.
Delete Branch '%!s(<nil>)'

Deleting a branch is permanent. It CANNOT be undone. Continue?

No
Yes