From c0188869698384a914f3cbab9ff700cd7cb5f5c4 Mon Sep 17 00:00:00 2001 From: dev Date: Tue, 10 Dec 2024 21:38:48 +0200 Subject: [PATCH] Initial commit --- README.md | 46 +++++++++++ clean-db.sh | 5 ++ docker-compose.cc-full-run-linux.yml | 110 +++++++++++++++++++++++++++ etc-ntpsec-ntp.conf | 57 ++++++++++++++ install.sh | 66 ++++++++++++++++ ndi-config.v1.json | 9 +++ prepare.sh | 8 ++ remove.sh | 98 ++++++++++++++++++++++++ reset-password.sh | 8 ++ rollback.sh | 31 ++++++++ update.sh | 55 ++++++++++++++ webrtc/docker-compose.cc-webrtc.yml | 60 +++++++++++++++ webrtc/egress.conf | 8 ++ webrtc/ingress.conf | 9 +++ webrtc/livekit.yaml | 26 +++++++ webrtc/redis.conf | 6 ++ 16 files changed, 602 insertions(+) create mode 100644 README.md create mode 100644 clean-db.sh create mode 100644 docker-compose.cc-full-run-linux.yml create mode 100644 etc-ntpsec-ntp.conf create mode 100755 install.sh create mode 100644 ndi-config.v1.json create mode 100644 prepare.sh create mode 100755 remove.sh create mode 100644 reset-password.sh create mode 100644 rollback.sh create mode 100755 update.sh create mode 100644 webrtc/docker-compose.cc-webrtc.yml create mode 100644 webrtc/egress.conf create mode 100644 webrtc/ingress.conf create mode 100644 webrtc/livekit.yaml create mode 100644 webrtc/redis.conf diff --git a/README.md b/README.md new file mode 100644 index 0000000..f0eec17 --- /dev/null +++ b/README.md @@ -0,0 +1,46 @@ +# Callaba Cloud install on Linux + +## Requirements + +- ubuntu 22.04 +- docker + +## Prepare + +- Clone this repo +```console +git clone https://gitlab.callabacloud.com/callaba-8/linux.git +``` +- Move to folder +```console +cd linux\ +``` +- Update packages and install requirements. Or if it clean machine you just can run +```console +bash prepare.sh +``` +## Install + +After requirements has been installed, run installation script and type login and password from registry +```console +bash install.sh +``` +## Update + +For update Callaba run update.sh +```console +bash update.sh +``` +## Rollback + +If something went wrong rollback app +```console +bash rollback.sh +``` +## Remove + +For remove. All data and images will be delete +```console +bash remove.sh +``` + diff --git a/clean-db.sh b/clean-db.sh new file mode 100644 index 0000000..4a5b22b --- /dev/null +++ b/clean-db.sh @@ -0,0 +1,5 @@ +#!/bin/bash + +export STACK_VERSION=$(docker ps | awk '{print $2}' | grep :.* | grep cc-api | sed 's/:/ /' | awk '{print $2}' | sed 's/-selfhosted/ /' | awk '{print $1}') +docker stop callabacloud-mongo && docker rm callabacloud-mongo && docker volume prune -f -a +sudo -E docker-compose -f docker-compose.cc-full-run-linux.yml up -d diff --git a/docker-compose.cc-full-run-linux.yml b/docker-compose.cc-full-run-linux.yml new file mode 100644 index 0000000..6dcbfe6 --- /dev/null +++ b/docker-compose.cc-full-run-linux.yml @@ -0,0 +1,110 @@ +version: '3.9' + +services: + cc-mongo: + container_name: callabacloud-mongo + image: registry.callabacloud.com/callaba-selfhosted/cc-mongo:${STACK_VERSION}-selfhosted + restart: always + network_mode: "host" + command: ["mongod", "--quiet", "--config", "/etc/mongodb.conf", "--replSet", "rs0", "--bind_ip_all", "--port", "27017"] + volumes: + - db_data:/data/db2 + cc-mongo-certdb: + container_name: callabacloud-mongo-certdb + image: registry.callabacloud.com/callaba-selfhosted/cc-mongo:${STACK_VERSION}-selfhosted + restart: always + network_mode: "host" + command: ["mongod", "--quiet", "--config", "/etc/mongodb.conf", "--bind_ip_all", "--port", "27018"] + volumes: + - cert_db_data:/data/db2 + + cc-api: + container_name: callabacloud-api + image: registry.callabacloud.com/callaba-selfhosted/cc-api-prod:${STACK_VERSION}-selfhosted + restart: always + cap_add: + - SYS_ADMIN + devices: + - /dev/fuse + security_opt: + - apparmor:unconfined + volumes: + - records:/cc-api/recorded + - uploads:/cc-api/uploaded + - pass:/opt/volume + - certs:/cc-api/build/ssl + - configs:/cc-api/build/nginx-http-conf/ + - rtmp_configs:/cc-api/build/tmp-rtmp-conf + - chunks:/mnt + - ./webrtc/livekit.yaml:/etc/livekit.yaml + - ./webrtc/egress.conf:/etc/egress.conf + - ./webrtc/ingress.conf:/etc/ingress.conf + - ./ndi-config.v1.json:/etc/ndi-config.v1.json + - ./etc-ntpsec-ntp.conf:/etc/etc-ntpsec-ntp.conf + # external + - /var/run/docker.sock:/var/run/docker.sock + - /dev/fuse:/dev/fuse + network_mode: "host" + extra_hosts: + - "localhost-event:127.0.0.1" + privileged: true + depends_on: + - cc-mongo + + cc-nginx: + container_name: callabacloud-nginx + image: registry.callabacloud.com/callaba-selfhosted/cc-nginx-prod:${STACK_VERSION}-selfhosted + restart: always + volumes: + - certs:/etc/ssl/callaba/ + - configs:/etc/nginx/conf.d + - rtmp_configs:/etc/nginx/rtmp_conf.d/ + - chunks:/mnt + network_mode: "host" + extra_hosts: + - "localhost-event:127.0.0.1" + depends_on: + - cc-api + + cc-front: + container_name: callabacloud-front + image: registry.callabacloud.com/callaba-selfhosted/cc-front-prod:${STACK_VERSION}-selfhosted + restart: always + network_mode: "host" + + cc-monitoring: + image: registry.callabacloud.com/callaba-selfhosted/cc-monitoring:${STACK_VERSION} + container_name: callabacloud-monitoring + restart: always + volumes: + - /proc:/host/proc:ro + - /sys:/host/sys:ro + - /:/rootfs:ro + - grafana_data:/var/lib/grafana/ + - prometheus_data:/data/ + ports: + - 127.0.0.1:3031:3031 + +volumes: + records: + name: callabacloud-records + uploads: + name: callabacloud-uploads + db_data: + name: callabacloud-db_data + cert_db_data: + name: callabacloud-cert_db_data + pass: + name: callabacloud-pass + certs: + name: callabacloud-certs + grafana_data: + name: callabacloud-grafana_data + prometheus_data: + name: callabacloud-prometheus_data + configs: + name: callabacloud-configs + rtmp_configs: + name: callabacloud-rtmp_configs + chunks: + name: callabacloud-chunks diff --git a/etc-ntpsec-ntp.conf b/etc-ntpsec-ntp.conf new file mode 100644 index 0000000..73fdf3a --- /dev/null +++ b/etc-ntpsec-ntp.conf @@ -0,0 +1,57 @@ +# /etc/ntpsec/ntp.conf, configuration for ntpd; see ntp.conf(5) for help + +driftfile /var/lib/ntpsec/ntp.drift +leapfile /usr/share/zoneinfo/leap-seconds.list + +# To enable Network Time Security support as a server, obtain a certificate +# (e.g. with Let's Encrypt), configure the paths below, and uncomment: +# nts cert CERT_FILE +# nts key KEY_FILE +# nts enable + +# You must create /var/log/ntpsec (owned by ntpsec:ntpsec) to enable logging. +#statsdir /var/log/ntpsec/ +#statistics loopstats peerstats clockstats +#filegen loopstats file loopstats type day enable +#filegen peerstats file peerstats type day enable +#filegen clockstats file clockstats type day enable + +# This should be maxclock 7, but the pool entries count towards maxclock. +tos maxclock 11 + +# Comment this out if you have a refclock and want it to be able to discipline +# the clock by itself (e.g. if the system is not connected to the network). +tos minclock 4 minsane 3 + +# Specify one or more NTP servers. + +# Public NTP servers supporting Network Time Security: +# server time.cloudflare.com nts +#server time.apple.com nts +# Use servers from the NTP Pool Project. Approved by Ubuntu Technical Board +# on 2011-02-08 (LP: #104525). See https://www.pool.ntp.org/join.html for +# more information. + +server time.apple.com iburst + +#pool 0.ubuntu.pool.ntp.org iburst +#pool 1.ubuntu.pool.ntp.org iburst +#pool 2.ubuntu.pool.ntp.org iburst +#pool 3.ubuntu.pool.ntp.org iburst + +# Use Ubuntu's ntp server as a fallback. +server ntp.ubuntu.com + +# Access control configuration; see /usr/share/doc/ntpsec-doc/html/accopt.html +# for details. +# +# Note that "restrict" applies to both servers and clients, so a configuration +# that might be intended to block requests from certain clients could also end +# up blocking replies from your own upstream servers. + +# By default, exchange time with everybody, but don't allow configuration. +restrict default kod nomodify nopeer noquery limited + +# Local users may interrogate the ntp server more closely. +restrict 127.0.0.1 +restrict ::1 \ No newline at end of file diff --git a/install.sh b/install.sh new file mode 100755 index 0000000..3d9a5b1 --- /dev/null +++ b/install.sh @@ -0,0 +1,66 @@ +#!/bin/bash + +STACK_VERSION="" + +get_stack_version() { + if [ $# -gt 0 ]; then + STACK_VERSION="$1" + else + STACK_VERSION=$(curl -X 'GET' 'https://api.callabacloud.com/getCallabaCloudVersion' --header "Content-Type: application/json" -d '{"version_name":"parrot"}' | jq -r '.[].version_number') + fi + if [[ $? -ne 0 ]]; then + echo "Error: Failed to get stack version" + exit 1 + fi + export STACK_VERSION +} + +start_docker_compose() { + echo $STACK_VERSION + sudo -E docker-compose -f docker-compose.cc-full-run-linux.yml up -d + if [[ $? -ne 0 ]]; then + echo "Error: Failed to start docker-compose with Callaba Cloud" + exit 1 + fi + + sudo -E docker-compose -f webrtc/docker-compose.cc-webrtc.yml up -d + if [[ $? -ne 0 ]]; then + echo "Error: Failed to start docker-compose with Callaba Cloud" + exit 1 + else + echo ' ###################################################################### + ########### Callaba Cloud has been installed successfully ########### + ######################################################################' + fi +} + +set_iptables() { + if [ ! -d /etc/iptables/ ]; then + sudo mkdir /etc/iptables/ + fi + sudo chmod 666 /etc/iptables/rules.v4 + sudo iptables -I INPUT -i lo -j ACCEPT + sudo iptables -A INPUT -p tcp --dport 3000 -j DROP + sudo iptables -A INPUT -p tcp --dport 3021 -j DROP + sudo iptables -A INPUT -p tcp --dport 3031 -j DROP + sudo iptables -A INPUT -p tcp --dport 27017 -j DROP + + if [[ $? -ne 0 ]]; then + echo "Error: Failed to set iptables" + exit 1 + fi + + sudo iptables-save > /etc/iptables/rules.v4 + if [[ $? -ne 0 ]]; then + echo "Error: Failed to save iptables rules" + exit 1 + fi +} + +main() { + get_stack_version + start_docker_compose + set_iptables +} + +main diff --git a/ndi-config.v1.json b/ndi-config.v1.json new file mode 100644 index 0000000..00e81c2 --- /dev/null +++ b/ndi-config.v1.json @@ -0,0 +1,9 @@ +{ + "ndi": { + "machinename": "CALLABA", + "networks": { + "discovery": "", + "ips": "" + } + } +} \ No newline at end of file diff --git a/prepare.sh b/prepare.sh new file mode 100644 index 0000000..cf8470d --- /dev/null +++ b/prepare.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +sudo apt-get update -qq >/dev/null && sudo DEBIAN_FRONTEND=noninteractive apt-get install -y curl jq iptables iptables-persistent +sudo mkdir /etc/iptables +sudo wget -qO- https://get.docker.com/ | sh +sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose +sudo chmod +x /usr/local/bin/docker-compose +sudo bash install.sh diff --git a/remove.sh b/remove.sh new file mode 100755 index 0000000..9147274 --- /dev/null +++ b/remove.sh @@ -0,0 +1,98 @@ +#!/bin/bash + +stop_containers() { + local containers=$(sudo docker ps -q --filter='name=callabacloud-*') + + if [[ -n "$containers" ]]; then + if sudo docker stop --time 60 $containers; then + echo "Containers stopped successfully" + else + echo "Error: Unable to stop containers" >&2 + return 1 + fi + else + echo "No containers to stop" + fi +} + +remove_containers() { + local containers=$(sudo docker ps -a -q --filter='name=callabacloud-*') + + if [[ -n "$containers" ]]; then + if sudo docker rm $containers; then + echo "Containers removed successfully" + else + echo "Error: Unable to remove containers" >&2 + return 1 + fi + else + echo "No containers to remove" + fi +} + +remove_images() { + local images=$(sudo docker images -q --filter=reference="registry.callabacloud.com/*/*:*") + + if [[ -n "$images" ]]; then + if sudo docker rmi -f $images; then + echo "Images removed successfully" + else + echo "Error: Unable to remove images" >&2 + return 1 + fi + else + echo "No images to remove" + fi +} + +remove_volumes() { + local volumes=$(sudo docker volume list -q --filter='name=callabacloud-*') + + if [[ -n "$volumes" ]]; then + if sudo docker volume rm $volumes; then + echo "Volumes removed successfully" + else + echo "Error: Unable to remove volumes" >&2 + return 1 + fi + else + echo "No volumes to remove" + fi +} + +prune_network() { + if sudo docker network prune -f; then + echo "Network pruned successfully" + else + echo "Error: Unable to prune network" >&2 + return 1 + fi +} + +delete_rules() { + local ports=(3000 3021 3031 27017) + + for port in ${ports[@]}; do + if sudo iptables -D INPUT -p tcp --dport $port -j DROP; then + echo "Rule for port $port deleted successfully" + else + echo "Error: Unable to delete rule for port $port" >&2 + fi + done + + if sudo iptables-save > /etc/iptables/rules.v4; then + echo "Iptables rules saved successfully" + else + echo "Error: Unable to save iptables rules" >&2 + return 1 + fi +} + +echo "Uninstalling Callaba Cloud has been started. Please don't stop this process. It may take about 2 minutes." + +stop_containers +remove_containers +remove_images +remove_volumes +prune_network +delete_rules diff --git a/reset-password.sh b/reset-password.sh new file mode 100644 index 0000000..fc24224 --- /dev/null +++ b/reset-password.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +source /var/lib/docker/volumes/callabacloud-pass/_data/pass.txt + +NEW_PASSWORD='$2b$10$gJFKDTOstLTSF4wJF.uGbeBUhm0vBm7KlDraOkAFcdsq1YrEvk.ca' +MONGO_COMMAND="db.usermodel.updateOne({ email : 'admin' }, { \$set: { password : '${NEW_PASSWORD}' } });" + +docker exec callabacloud-mongo mongo peers -u peersUser -p "$PEERSPASS" --eval "${MONGO_COMMAND}" diff --git a/rollback.sh b/rollback.sh new file mode 100644 index 0000000..689a12c --- /dev/null +++ b/rollback.sh @@ -0,0 +1,31 @@ +#!/bin/bash + +export_variable() { + export $(cut -d= -f1 last_ver.txt) + source last_ver.txt + if [[ $? -ne 0 ]]; then + echo "Error: Failed to get previous version" + exit 1 + fi + echo "STACK_VERSION=$STACK_VERSION" +} + + +start_docker_compose() { + sudo -E docker-compose -f docker-compose.cc-full-run-linux.yml up -d + if [[ $? -ne 0 ]]; then + echo "Error: Failed to start docker-compose" + exit 1 + else + echo " ###################################################################### + ############# Callaba Cloud has been restored to version $STACK_VERSION + ######################################################################" + fi +} + +main() { + export_variable + start_docker_compose +} + +main diff --git a/update.sh b/update.sh new file mode 100755 index 0000000..374b4e8 --- /dev/null +++ b/update.sh @@ -0,0 +1,55 @@ +#!/bin/bash + +write_stack_version() { + STACK_VERSION=$(curl -X 'POST' 'http://127.0.0.1/api/application/getAppInfo' -H 'accept: application/json' | jq -r '.stack_version') + if [[ $? -ne 0 ]]; then + echo "Error: Failed to get stack version from the application" + exit 1 + fi + echo "STACK_VERSION=${STACK_VERSION}" > last_ver.txt +} + +export_stack_version() { + if [ $# -gt 0 ]; then + STACK_VERSION="$1" + else + STACK_VERSION=$(curl -X 'GET' 'https://api.callabacloud.com/getCallabaCloudVersion' --header "Content-Type: application/json" -d '{"version_name":"parrot"}' | jq -r '.[].version_number') + fi + if [[ $? -ne 0 ]]; then + echo "Error: Failed to get stack version from Callaba Cloud" + exit 1 + fi + export STACK_VERSION +} + +pull_images() { + sudo -E docker pull registry.callabacloud.com/callaba-selfhosted/cc-api-prod:${STACK_VERSION}-selfhosted + sudo -E docker pull registry.callabacloud.com/callaba-selfhosted/cc-front-prod:${STACK_VERSION}-selfhosted + sudo -E docker pull registry.callabacloud.com/callaba-selfhosted/cc-nginx-prod:${STACK_VERSION}-selfhosted + sudo -E docker pull registry.callabacloud.com/callaba-selfhosted/cc-mongo:${STACK_VERSION}-selfhosted + if [[ $? -ne 0 ]]; then + echo "Error: Failed to pull docker-compose image" + exit 1 + fi +} + +start_docker_compose() { + sudo -E docker-compose -f docker-compose.cc-full-run-linux.yml up -d + if [[ $? -ne 0 ]]; then + echo "Error: Failed to start docker-compose" + exit 1 + else + echo " ###################################################################### + ###### Callaba Cloud has been upgraded to version $STACK_VERSION + ######################################################################" + fi +} + +main() { + write_stack_version + export_stack_version + pull_images + start_docker_compose +} + +main diff --git a/webrtc/docker-compose.cc-webrtc.yml b/webrtc/docker-compose.cc-webrtc.yml new file mode 100644 index 0000000..05e78ec --- /dev/null +++ b/webrtc/docker-compose.cc-webrtc.yml @@ -0,0 +1,60 @@ +version: "3.9" +services: + livekit: + container_name: callabacloud-webrtc + image: registry.callabacloud.com/callaba-selfhosted/cc-livekit:v1.7.3 + restart: always + network_mode: "host" + volumes: + - ./livekit.yaml:/etc/livekit.yaml + - certs:/etc/ssl/callaba/ + depends_on: + - redis + entrypoint: "/livekit-server --config /etc/livekit.yaml --node-ip 127.0.0.1" + redis: + container_name: callabacloud-redis + image: redis:6-alpine + command: redis-server /etc/redis.conf + restart: always + network_mode: "host" + volumes: + - ./redis.conf:/etc/redis.conf + ingress: + container_name: callabacloud-ingress + restart: always + image: registry.callabacloud.com/callaba-selfhosted/cc-ingress:v1.4.7 + environment: + INGRESS_CONFIG_FILE: /etc/ingress.conf + network_mode: "host" + privileged: true + volumes: + - ./ingress.conf:/etc/ingress.conf + - ./ndi-config.v1.json:/root/.ndi/ndi-config.v1.json + - ./etc-ntpsec-ntp.conf:/etc/ntpsec/ntp.conf + - /var/run/dbus:/var/run/dbus + - /var/run/avahi-daemon/socket:/var/run/avahi-daemon/socket + - /var/run/docker.sock:/var/run/docker.sock + depends_on: + - redis + - livekit + egress: + container_name: callabacloud-egress + restart: always + image: livekit/egress:v1.8.6 + environment: + EGRESS_CONFIG_FILE: /etc/egress.conf + network_mode: "host" + volumes: + - ./egress.conf:/etc/egress.conf + - ./egress-output:/out/ + - /var/run/docker.sock:/var/run/docker.sock + - /var/run/avahi-daemon/socket:/var/run/avahi-daemon/socket + cap_add: + - SYS_ADMIN + depends_on: + - redis + - livekit +volumes: + certs: + name: callabacloud-certs + diff --git a/webrtc/egress.conf b/webrtc/egress.conf new file mode 100644 index 0000000..6f1de19 --- /dev/null +++ b/webrtc/egress.conf @@ -0,0 +1,8 @@ +log_level: debug +api_key: 34d83186-87ed-46af-8148-7743d8029632 +api_secret: 108d5d46-390c-4fe8-ae9b-bccb6389d7da +ws_url: ws://127.0.0.1:7880 +insecure: true +redis: + address: 127.0.0.1:6379 + db: 0 diff --git a/webrtc/ingress.conf b/webrtc/ingress.conf new file mode 100644 index 0000000..a19459c --- /dev/null +++ b/webrtc/ingress.conf @@ -0,0 +1,9 @@ +log_level: error +api_key: f77a55cc-15a1-434a-a4e0-c0776eeb7bfb +api_secret: 67e88cb2-56fa-4a8e-ab3a-743d7702d7dd +ws_url: http://127.0.0.1:7880 +redis: + address: localhost:6379 + username: "" + password: "" + db: 0 \ No newline at end of file diff --git a/webrtc/livekit.yaml b/webrtc/livekit.yaml new file mode 100644 index 0000000..fead953 --- /dev/null +++ b/webrtc/livekit.yaml @@ -0,0 +1,26 @@ +port: 7880 +rtc: + tcp_port: 7881 + port_range_start: 50000 + port_range_end: 60000 + use_external_ip: true +redis: + address: localhost:6379 + username: "" + password: "" + db: 0 +turn: + enabled: true + domain: host.local + cert_file: /etc/ssl/callaba/livekit.crt + key_file: /etc/ssl/callaba/livekit.key + tls_port: 5349 +keys: + hidden: hidden + +logging: + level: error +room: + empty_timeout: 864000000 + departure_timeout: 864000000 + diff --git a/webrtc/redis.conf b/webrtc/redis.conf new file mode 100644 index 0000000..26d5f84 --- /dev/null +++ b/webrtc/redis.conf @@ -0,0 +1,6 @@ +bind 127.0.0.1 ::1 +protected-mode yes +port 6379 +timeout 0 +tcp-keepalive 300 +