Deploy Scalelite Enterprise using open source installers. Scalelite Entrprise is comprised of
- BigBlueButton is an open source purpose-built virtual classroom that empowers teachers to teach and learners to learn.
- Scalelite is an open source load balancer that manages a pool of BigBlueButton servers. It makes the pool of servers appear as a single (very scalable) BigBlueButton server.
- GreenLight is an open-source, LGPL-3.0 licensed web application that allows organizations to quickly set up a complete web conferencing platform using their existing BigBlueButton server.
A typical redundant deployment will include at least two BigBlueButton, Scalelite, and GreenLight servers where the Scalelite and GreenLight servers are behind application load balancers. Currently, application load balancers have not been implemented and round-robin DNS is used.
On a linux workstation install the following
- AWS CLI is the AWS Command Line Interface open source tool that enables you to interact with AWS services using commands in your command-line shell.
- Terraform is an infrastructure as code tool that lets you define both cloud and on-prem resources in human-readable configuration files that you can version, reuse, and share
- Python 3.x is an interpreted, object-oriented, high-level programming language with dynamic semantics
- Ansible - recommend installing ansible through
python3rather than an RPM to ensure ansible is using python3. - LEGO is optional and is used generate SSL certificates.
- yq is a lightweight and portable command-line YAML, JSON and XML processor.
git clone https://github.com/paulseto/sle.git
cd sle/deployments/aws_ubuntu
# Optional, create a backend.tf from https://developer.hashicorp.com/terraform/language/settings/backends/configuration
terraform init
terraform workspace new dev
# Create a configuration file by copying the sample configuration. The configuration will include the terraform workspace name
cp vars.sample.yml vars.dev.yml
export AUTO=yes
make apply.vpc
make apply.vpc-data
make apply.eip
make apply.efs
make apply.bbb
make apply.bbb
make bbb
make apply.sl
make apply.sl
make sl
make sl.bbb
make sl.tenants # if enable_tenants=yes
make apply.gl
make apply.gl
make gl
| Setting | Description | Default |
|---|---|---|
| prefix | Name tag prefix for all provisioned resource. | required |
| domain | Domain name for servers. | required |
| Email used by the install to generate SSL certificates. When email is blank, ssl.crt_file and ssl.key_file are required. |
null | |
| hostname_pattern | General naming convention of hosts when more than one instance is created. For example,> format("%s%02d", "bbb", 3)"bbb03"> format("%s%02d", "bbb", 10)"bbb10"Note: zero padding is recommended when there are 10 or more instances. |
%s%d |
| ami_name_filter | general filter to select the the most recent base image for provisioned servers. Use aws ec2 describe-images to identify possible images. | ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-* for aws_ubuntu deployment |
| ami_id | Use a specific image for deployment by specifying the Amazon Machine Image id. When specified, ami_name_filter is ignored. |
null |
| iam_role | IAM role to assign to instances. See AWS Policy section below. | null |
| aws.region | AWS Region where servers will be deployed | required |
| aws.profile | AWS region profile used for deployment | default |
| eip.create | Create elastic ip addresses for each server listed in eip.hostanmes |
false |
| eip.hostnames | array of hostnames to either create when eip.create is true or when false use already created elastic ip addresses. When hostnames are not supplied, the public ip address of the instance will be used. |
[ ] |
| efs.create | Create an efs. An efs is required when deploying Scalelite or when there is a desire to save BBB recordings onto external storage | false |
| vpc.id | deploy onto an existing VPC | null |
| vpc.cidr | create a new VPC with cidr_block | null |
| vpc.bits | Use addition bits for creation of subnets | 8 |
| vpc.az | array of letters for availability zones to use | ["a","b"] |
| cache.use_docker | Use docker image instead of AWS Elasticache. When deploying multiple Scalelite servers, docker can not be used | false |
| cache.docker_image | Redis docker image from docker.io | null |
| cache.instance_type | AWS instance type for elasticache | cache.t4g.micro |
| cache.instance_count | number of instances in the cluster | 2 |
| cache.engine | AWS caching type. Use redis only. |
redis |
| cache.engine_version | Version of redis | 5.0.6 |
| cache.parameter_group | parameters for cache | null |
| db.use_docker | Use docker image instead of deploying an AWS database | false |
| db.docker_image | Postgres docker image from docker.io | null |
| db.engine | Postgres engine. See Supported DB engines for DB instance classes | aurora-postgresql |
| db.engine_version | version of Postgresql | |
| db.parameter_group | database engine parameters | aurora-postgresql15 |
| db.instance_type | AWS instance type. | db.t4g.micro |
| db.instance_count | Number of instances in the cluster | 2 |
| db.root_username | admin user name | postgres |
| db.root_password | admin password. When a password is not set, terraform generates a password | null |
| bbb.type | EC2 instance type | c5.4xlarge |
| bbb.count | Number of BBB servers to deploy | 2 |
| bbb.size | Root volume size in GB | 50 |
| bbb.hostname | hostname of BBB servers | bbb |
| bbb.hostname_pattern | Overrides the general hostname_pattern |
hostname_pattern |
| bbb.iam_role | IAM role to assign to BBB instances. When a value is not supplied the general iam_role value is used. |
iam_role |
| bbb.ami_name_filter | Override filter for selecting an image to use for BBB servers | ami_name_filter |
| bbb.ami_id | Specific AMI image to use for BBB servers | ami_id |
| bbb.email | Email used to generate SSL certificate for BBB servers. Overrides the email |
|
| bbb.secrets | Map of secrets for each BBB host. | null |
| sl.type | EC2 instance type for Scalelite servers | t3.medium |
| sl.count | Number of Scalelite servers to deploy | 1 |
| sl.size | Size of root volume in GB | 20 |
| sl.hostname | Hostname or hostname prefix used when there are multiple Scalelite servers deployed | sl |
| sl.hostname_pattern | Overrides the general hostname_pattern |
hostname_pattern |
| sl.iam_role | IAM role to assign to Scalelite instances. When a value is not supplied the general iam_role value is used. |
iam_role |
| sl.ami_name_filter | Override filter for selecting an image to use for Scalelite servers | ami_name_filter |
| sl.ami_id | Specific AMI image to use for Scalelite servers | ami_id |
| sl.lb_secret | Load balancer secret. A random password will be generated when the secret is not supplied | null |
| sl.image_tag | Docker tag version of Scalelite on docker.io | v1.5-stable-focal260-alpine |
| sl.enable_tenants | flag to configure Scalelite to support multi-tenancy | false |
| sl.tenants | map of tenant hosts and their secrets | |
| sl.tenant_ssl.key_file | Location of SSL private key for tenant subdomain(S) | null |
| sl.tenant_ssl.crt_file | Location of SSL Certificate for tenant subdomain(s) | null |
| gl.type | EC2 instance type for GreenLight servers | t3.medium |
| gl.count | Number of GreenLight servers to deploy | 1 |
| gl.size | Root volume size in GB | 20 |
| gl.hostname | Hostname or hostname prefix used when there are multiple GreenLight servers deployed | sl |
| gl.hostname_pattern | Overrides the general hostname_pattern |
hostname_pattern |
| gl.iam_role | IAM role to assign to GreenLight instances. When a value is not supplied the general iam_role value is used. |
iam_role |
| gl.ami_name_filter | Override filter for selecting an image to use for GreenLight servers | ami_name_filter |
| gl.ami_id | Specific AMI image to use for GreenLight servers | ami_id |
| gl.admin.email | Admin user's email | null |
| gl.admin.password | Admin user's password | null |
| gl.admin.name | Admin user's name | null |
| ssh.user | ssh user | required |
| ssh.key_name | Name of key pair assigned to instances | required |
| ssh.key_file | SSH identify file associated with ssh.key_name |
required |
| ssl.crt_file | Wildcard SSL certificate file | null |
| ssl.key_file | Wildcard SSL private key file | null |
IAM role assigned to instances must have the following capabilites as shown in the examples below.
- Log to CloudWatch
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"logs:CreateLogStream",
"logs:DescribeLogStreams",
"logs:CreateLogGroup",
"logs:PutLogEvents"
],
"Resource": "arn:aws:logs:*:*:*"
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::myawsbucket/*"
}
]
}
- Mount and Read/Write to EFS
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "efs-statement-bbb-pen-policy",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": [
"elasticfilesystem:ClientWrite",
"elasticfilesystem:ClientRootAccess",
"elasticfilesystem:ClientMount"
],
"Resource": "arn:aws:elasticfilesystem:ca-central-1:927630699464:file-system/fs-0b2a0758d7c21db2e",
"Condition": {
"Bool": {
"elasticfilesystem:AccessedViaMountTarget": "true"
}
}
},
{
"Sid": "efs-statement-bbb-pen-users",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::927630699464:role/AdministratorAccess"
},
"Action": [
"elasticfilesystem:ClientWrite",
"elasticfilesystem:ClientRootAccess",
"elasticfilesystem:ClientMount"
],
"Resource": "arn:aws:elasticfilesystem:ca-central-1:927630699464:file-system/fs-0b2a0758d7c21db2e"
}
]
}