From 801d8c28436e18a66ad48ba4665043a940862a27 Mon Sep 17 00:00:00 2001
From: Clark Boylan <clark.boylan@gmail.com>
Date: Fri, 16 Sep 2022 15:43:48 -0700
Subject: [PATCH] Fix jitsi meet jvb connection info and cert CN

This fixes the JVB connection info to use IP addrs instead of names
since nginx can't seem to do name lookups. Additionally, we modify the
cert CN to match the IP address used.

Change-Id: I6bbca44b60559d9586741c6540cb390371e3c120
---
 playbooks/roles/jitsi-meet/tasks/main.yaml       | 4 +++-
 playbooks/roles/jitsi-meet/templates/jvb-env.j2  | 6 +++++-
 playbooks/roles/jitsi-meet/templates/meet-env.j2 | 6 +++++-
 3 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/playbooks/roles/jitsi-meet/tasks/main.yaml b/playbooks/roles/jitsi-meet/tasks/main.yaml
index 0db8735d95..3985c3fc07 100644
--- a/playbooks/roles/jitsi-meet/tasks/main.yaml
+++ b/playbooks/roles/jitsi-meet/tasks/main.yaml
@@ -68,8 +68,10 @@
               -validity 3652
               -keystore /var/jitsi-meet/jvb/jvb-keystore.store
               -storepass {{ meetpad_jvb_keystore_password }}
+    # Jitsi meet appears to do SNI via the CN in the cert, but not
+    # other validation of the cert issuer.
     stdin: |
-      Infra Root
+      {{ public_v4 }}
       OpenDev
       Open Infra Foundation
       Austin
diff --git a/playbooks/roles/jitsi-meet/templates/jvb-env.j2 b/playbooks/roles/jitsi-meet/templates/jvb-env.j2
index f8278ca3c9..805ac127cc 100644
--- a/playbooks/roles/jitsi-meet/templates/jvb-env.j2
+++ b/playbooks/roles/jitsi-meet/templates/jvb-env.j2
@@ -13,7 +13,11 @@ JVB_AUTH_PASSWORD={{ meetpad_jvb_auth_password }}
 JVB_PORT=10000
 JVB_KEYSTORE_PATH=/config/jvb-keystore.store
 JVB_KEYSTORE_PASSWORD={{ meetpad_jvb_keystore_password }}
-JVB_WS_SERVER_ID={{ inventory_hostname }}
+# We use the IP address instead of the server fqdn here because nginx was
+# unable to do name lookups for the fqdn when we tried that initially.
+# Whatever value is used here should match the CN in the java keystore
+# generated by ansible.
+JVB_WS_SERVER_ID={{ public_v4 }}
 
 # shellcheck disable=SC2034
 
diff --git a/playbooks/roles/jitsi-meet/templates/meet-env.j2 b/playbooks/roles/jitsi-meet/templates/meet-env.j2
index 65b0e50dc9..fa2b715998 100644
--- a/playbooks/roles/jitsi-meet/templates/meet-env.j2
+++ b/playbooks/roles/jitsi-meet/templates/meet-env.j2
@@ -19,7 +19,11 @@ JVB_AUTH_PASSWORD={{ meetpad_jvb_auth_password }}
 JVB_PORT=10000
 JVB_KEYSTORE_PATH=/config/jvb-keystore.store
 JVB_KEYSTORE_PASSWORD={{ meetpad_jvb_keystore_password }}
-JVB_WS_SERVER_ID={{ inventory_hostname }}
+# We use the IP address instead of the server fqdn here because nginx was
+# unable to do name lookups for the fqdn when we tried that initially.
+# Whatever value is used here should match the CN in the java keystore
+# generated by ansible.
+JVB_WS_SERVER_ID={{ public_v4 }}
 JICOFO_COMPONENT_SECRET={{ meetpad_jicofo_component_secret }}
 JICOFO_AUTH_PASSWORD={{ meetpad_jicofo_auth_password }}
 JIGASI_XMPP_PASSWORD={{ meetpad_jigasi_xmpp_password }}