diff --git a/DEPLOY.md b/DEPLOY.md index 90130cc..7b64455 100644 --- a/DEPLOY.md +++ b/DEPLOY.md @@ -1,29 +1,6 @@ # Развертывание F7cloud Talk Recording Server -## Быстрое развертывание на новом сервере - -### Автоматическое развертывание (рекомендуется) - -Самый простой способ - использовать скрипт автоматического развертывания: - -```bash -curl -fsSL https://git.f7cloud.ru/root/F7_recording/raw/branch/main/deploy.sh | bash -``` - -или - -```bash -wget -qO- https://git.f7cloud.ru/root/F7_recording/raw/branch/main/deploy.sh | bash -``` - -Скрипт выполнит: -1. Клонирование репозитория -2. Интерактивный ввод необходимых параметров (HPB URL, секреты) -3. Автоматическую установку всех зависимостей -4. Настройку конфигурации -5. Создание systemd service - -### Ручное развертывание +## Развертывание на сервере #### 1. Клонирование репозитория diff --git a/README.md b/README.md index 161a675..ade45a3 100644 --- a/README.md +++ b/README.md @@ -41,17 +41,7 @@ f7cloud-talk-recording/ ## Быстрый старт -### Автоматическое развертывание на новом сервере - -Самый простой способ - использовать скрипт автоматического развертывания: - -```bash -curl -fsSL https://git.f7cloud.ru/root/F7_recording/raw/branch/main/deploy.sh | bash -``` - -Скрипт выполнит все необходимые шаги, включая интерактивный ввод секретов. - -### Установка из клонированного репозитория +### Установка ```bash git clone https://git.f7cloud.ru/root/F7_recording.git diff --git a/deploy.sh b/deploy.sh deleted file mode 100755 index 0f7d5c0..0000000 --- a/deploy.sh +++ /dev/null @@ -1,206 +0,0 @@ -#!/bin/bash - -# Скрипт развертывания F7cloud Talk Recording Server на новом сервере -# Этот скрипт клонирует репозиторий и выполняет установку с интерактивным вводом секретов -# -# Использование: -# curl -fsSL https://git.f7cloud.ru/root/F7_recording/raw/branch/main/deploy.sh | bash -# или -# wget -qO- https://git.f7cloud.ru/root/F7_recording/raw/branch/main/deploy.sh | bash - -set -e - -# Цвета для вывода -RED='\033[0;31m' -GREEN='\033[0;32m' -YELLOW='\033[1;33m' -BLUE='\033[0;34m' -NC='\033[0m' # No Color - -# Функция для вывода сообщений -info() { - echo -e "${GREEN}[INFO]${NC} $1" -} - -warn() { - echo -e "${YELLOW}[WARN]${NC} $1" -} - -error() { - echo -e "${RED}[ERROR]${NC} $1" -} - -question() { - echo -e "${BLUE}[?]${NC} $1" -} - -# Проверка прав root -if [ "$EUID" -ne 0 ]; then - error "Пожалуйста, запустите скрипт с правами root (sudo)" - exit 1 -fi - -info "==========================================" -info "Развертывание F7cloud Talk Recording Server" -info "==========================================" -echo "" - -# Параметры по умолчанию -REPO_URL="https://git.f7cloud.ru/root/F7_recording.git" -INSTALL_DIR="/opt/f7cloud-talk-recording" -HPB_URL="" -HPB_SECRET="" -F7CLOUD_URL="" -F7CLOUD_SECRET="" -LISTEN_ADDRESS="127.0.0.1:8000" -AUTO_DOWNLOAD_DEPS=true - -# Функция для безопасного ввода секрета -read_secret() { - local prompt="$1" - local var_name="$2" - local value - - question "$prompt" - read -s value - echo "" - eval "$var_name='$value'" -} - -# Функция для ввода URL -read_url() { - local prompt="$1" - local var_name="$2" - local default="$3" - local value - - if [ -n "$default" ]; then - question "$prompt (по умолчанию: $default)" - else - question "$prompt" - fi - read value - if [ -z "$value" ] && [ -n "$default" ]; then - value="$default" - fi - eval "$var_name='$value'" -} - -# Интерактивный ввод параметров -info "Настройка параметров установки..." -echo "" - -# HPB URL -while [ -z "$HPB_URL" ]; do - read_url "Введите URL сервера HPB (signaling server)" HPB_URL - if [ -z "$HPB_URL" ]; then - error "URL HPB обязателен для ввода!" - fi -done - -# HPB Secret -while [ -z "$HPB_SECRET" ]; do - read_secret "Введите секрет для подключения к HPB (internalsecret)" HPB_SECRET - if [ -z "$HPB_SECRET" ]; then - error "Секрет HPB обязателен для ввода!" - fi -done - -echo "" - -# F7cloud URL (опционально) -read_url "Введите URL сервера F7cloud (опционально, можно пропустить)" F7CLOUD_URL "" - -# F7cloud Secret (если указан URL) -if [ -n "$F7CLOUD_URL" ]; then - while [ -z "$F7CLOUD_SECRET" ]; do - read_secret "Введите секрет для подключения к F7cloud" F7CLOUD_SECRET - if [ -z "$F7CLOUD_SECRET" ]; then - error "Секрет F7cloud обязателен, если указан URL!" - fi - done -fi - -echo "" - -# Listen address -read_url "Введите адрес и порт для прослушивания" LISTEN_ADDRESS "127.0.0.1:8000" - -echo "" -info "Параметры установки:" -info " HPB URL: $HPB_URL" -info " Listen: $LISTEN_ADDRESS" -if [ -n "$F7CLOUD_URL" ]; then - info " F7cloud URL: $F7CLOUD_URL" -fi -echo "" - -# Подтверждение -question "Продолжить установку? (y/n)" -read -r confirm -if [ "$confirm" != "y" ] && [ "$confirm" != "Y" ]; then - info "Установка отменена" - exit 0 -fi - -# Клонирование репозитория -info "Клонирование репозитория..." - -if [ -d "$INSTALL_DIR" ]; then - warn "Директория $INSTALL_DIR уже существует" - question "Удалить существующую директорию и продолжить? (y/n)" - read -r confirm - if [ "$confirm" = "y" ] || [ "$confirm" = "Y" ]; then - rm -rf "$INSTALL_DIR" - else - error "Установка отменена" - exit 1 - fi -fi - -# Проверка наличия git -if ! command -v git &> /dev/null; then - info "Установка git..." - if command -v apt-get &> /dev/null; then - apt-get update -qq - apt-get install -y git - elif command -v yum &> /dev/null; then - yum install -y git - else - error "Не удалось установить git. Установите его вручную." - exit 1 - fi -fi - -git clone "$REPO_URL" "$INSTALL_DIR" -cd "$INSTALL_DIR" - -# Запуск скрипта установки -info "Запуск скрипта установки..." - -# Создаём временный .env для f7recording.sh -ENV_FILE="/tmp/f7cloud-install-$$.env" -cat > "$ENV_FILE" << ENVEOF -HPB_DOMAIN=$(echo "$HPB_URL" | sed 's|https\?://||' | sed 's|/.*||') -HPB_INTERNAL_SECRET=$HPB_SECRET -DOMAIN=$(echo "${F7CLOUD_URL:-$HPB_URL}" | sed 's|https\?://||' | sed 's|/.*||') -HPB_BACKEND_SECRET=${F7CLOUD_SECRET:-$HPB_SECRET} -ENVEOF - -./f7recording.sh "$ENV_FILE" -rm -f "$ENV_FILE" - -info "" -info "==========================================" -info "Развертывание завершено успешно!" -info "==========================================" -info "" -info "Сервер установлен в: $INSTALL_DIR" -info "" -info "Для запуска сервиса выполните:" -info " sudo systemctl start f7cloud-talk-recording" -info " sudo systemctl enable f7cloud-talk-recording" -info "" -info "Для проверки статуса:" -info " sudo systemctl status f7cloud-talk-recording" -info "" diff --git a/start-container.sh b/start-container.sh deleted file mode 100755 index f9253b6..0000000 --- a/start-container.sh +++ /dev/null @@ -1,196 +0,0 @@ -#!/usr/bin/env bash - -# SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors -# SPDX-License-Identifier: AGPL-3.0-or-later - -# Helper script to run the recording backend for Nextcloud Talk. -# -# The recording backend is implemented in several Python files. This Bash script -# is provided to set up a Docker container with Selenium, a web browser and all -# the needed Python dependencies for the recording backend. -# -# This script creates an Ubuntu container, installs all the needed dependencies -# in it and executes the recording backend inside the container. If the -# container exists already the previous container will be reused and this script -# will simply execute the recording backend in it. -# -# Due to that the Docker container will not be stopped nor removed when the -# script exits (except when the container was created but it could not be -# started); that must be explicitly done once the container is no longer needed. -# -# -# -# DOCKER AND PERMISSIONS -# -# To perform its job, this script requires the "docker" command to be available. -# -# The Docker Command Line Interface (the "docker" command) requires special -# permissions to talk to the Docker daemon, and those permissions are typically -# available only to the root user. Please see the Docker documentation to find -# out how to give access to a regular user to the Docker daemon: -# https://docs.docker.com/engine/installation/linux/linux-postinstall/ -# -# Note, however, that being able to communicate with the Docker daemon is the -# same as being able to get root privileges for the system. Therefore, you must -# give access to the Docker daemon (and thus run this script as) ONLY to trusted -# and secure users: -# https://docs.docker.com/engine/security/security/#docker-daemon-attack-surface - -# Sets the variables that abstract the differences in command names and options -# between operating systems. -# -# Switches between timeout on GNU/Linux and gtimeout on macOS (same for mktemp -# and gmktemp). -function setOperatingSystemAbstractionVariables() { - case "$OSTYPE" in - darwin*) - if [ "$(which gtimeout)" == "" ]; then - echo "Please install coreutils (brew install coreutils)" - exit 1 - fi - - MKTEMP=gmktemp - TIMEOUT=gtimeout - DOCKER_OPTIONS="-e no_proxy=localhost " - ;; - linux*) - MKTEMP=mktemp - TIMEOUT=timeout - DOCKER_OPTIONS=" " - ;; - *) - echo "Operating system ($OSTYPE) not supported" - exit 1 - ;; - esac -} - -# Removes Docker container if it was created but failed to start. -function cleanUp() { - # Disable (yes, "+" disables) exiting immediately on errors to ensure that - # all the cleanup commands are executed (well, no errors should occur during - # the cleanup anyway, but just in case). - set +o errexit - - # The name filter must be specified as "^/XXX$" to get an exact match; using - # just "XXX" would match every name that contained "XXX". - if [ -n "$(docker ps --all --quiet --filter status=created --filter name="^/$CONTAINER$")" ]; then - echo "Removing Docker container $CONTAINER" - docker rm --volumes --force $CONTAINER - fi -} - -# Exit immediately on errors. -set -o errexit - -# Execute cleanUp when the script exits, either normally or due to an error. -trap cleanUp EXIT - -# Ensure working directory is script directory, as some actions (like copying -# the files to the container) expect that. -cd "$(dirname $0)" - -HELP="Usage: $(basename $0) [OPTION]... - -Options (all options can be omitted, but when present they must appear in the -following order): ---help prints this help and exits. ---container CONTAINER_NAME the name to assign to the container. Defaults to - talk-recording. ---time-zone TIME_ZONE the time zone to use inside the container. Defaults to - UTC. The recording backend can be started again later with a different time - zone (although other commands executed in the container with 'docker exec' - will still use the time zone specified during creation). ---dev-shm-size SIZE the size to assign to /dev/shm in the Docker container. - Defaults to 2g" -if [ "$1" = "--help" ]; then - echo "$HELP" - - exit 0 -fi - -CONTAINER="talk-recording" -if [ "$1" = "--container" ]; then - CONTAINER="$2" - - shift 2 -fi - -if [ "$1" = "--time-zone" ]; then - TIME_ZONE="$2" - - shift 2 -fi - -CUSTOM_CONTAINER_OPTIONS=false - -# 2g is the default value recommended in the documentation of the Docker images -# for Selenium: -# https://github.com/SeleniumHQ/docker-selenium#--shm-size2g -DEV_SHM_SIZE="2g" -if [ "$1" = "--dev-shm-size" ]; then - DEV_SHM_SIZE="$2" - CUSTOM_CONTAINER_OPTIONS=true - - shift 2 -fi - -if [ -n "$1" ]; then - echo "Invalid option (or at invalid position): $1 - -$HELP" - - exit 1 -fi - -ENVIRONMENT_VARIABLES="" -if [ -n "$TIME_ZONE" ]; then - ENVIRONMENT_VARIABLES="--env TZ=$TIME_ZONE" -fi - -setOperatingSystemAbstractionVariables - -# If the container is not found a new one is prepared. Otherwise the existing -# container is used. -# -# The name filter must be specified as "^/XXX$" to get an exact match; using -# just "XXX" would match every name that contained "XXX". -if [ -z "$(docker ps --all --quiet --filter name="^/$CONTAINER$")" ]; then - echo "Creating Talk recording container" - # In Ubuntu 22.04 and later Firefox is installed as a snap package, which - # does not work out of the box in a container. Therefore, for now Ubuntu - # 20.04 is used instead. - docker run --detach --tty --name=$CONTAINER --shm-size=$DEV_SHM_SIZE $ENVIRONMENT_VARIABLES $DOCKER_OPTIONS ubuntu:20.04 bash - - echo "Installing required Python modules" - # "noninteractive" is used to provide default settings instead of asking for - # them (for example, for tzdata). - # Additional Python dependencies may be installed by pip if needed. - docker exec $CONTAINER bash -c "apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install --assume-yes ffmpeg firefox pulseaudio python3-pip xvfb" - - echo "Adding user to run the recording backend" - docker exec $CONTAINER useradd --create-home recording - - echo "Copying recording backend to the container" - docker exec $CONTAINER mkdir --parent /tmp/recording/ - docker cp . $CONTAINER:/tmp/recording/ - - echo "Installing recording backend inside container" - docker exec $CONTAINER python3 -m pip install file:///tmp/recording/ - - echo "Copying configuration from server.conf.in to /etc/nextcloud-talk-recording/server.conf" - docker exec $CONTAINER mkdir --parent /etc/nextcloud-talk-recording/ - docker cp server.conf.in $CONTAINER:/etc/nextcloud-talk-recording/server.conf -elif $CUSTOM_CONTAINER_OPTIONS; then - # Environment variables are excluded from this warning. - echo "WARNING: Using existing container, custom container options ignored" -fi - -# Start existing container if it is stopped. -if [ -n "$(docker ps --all --quiet --filter status=exited --filter name="^/$CONTAINER$")" ]; then - echo "Starting Talk recording container" - docker start $CONTAINER -fi - -echo "Starting recording backend" -docker exec --tty --interactive --user recording $ENVIRONMENT_VARIABLES --workdir /home/recording $CONTAINER python3 -m nextcloud.talk.recording --config /etc/nextcloud-talk-recording/server.conf