Je me propose de redémarrer le serveur un soir dans la semaine, afin que les mises à jour de sécurité du noyau soient prises en compte.
@mdk est ce qu’il y a un point particulier à connaître avant 
?
+1 Je suis certain que si tu le fait à 3h du matin le lundi personne ne s’en rendra compte 
1 « J'aime »
J’ignore si BBB peut nous dire facilement si du monde utilise une salle. Mais bon si il n’y a pas de meetup annoncé sur afpy.org, et que c’est le soir, tu peux y aller
1 « J'aime »
- L’interface web d’admin liste les salles actives.
- En ligne de commande (doc pour le calcul du checksum:
wget -qO- https://bbb.afpy.org/bigbluebutton/api/getMeetings?checksum=$CHEKSUM | xmlstarlet sel -I -t -v "count(//meeting)"
Les meetups ne sont plus annoncés ici mais là 
Au menu:
- mise à jour des paquets Debian
- mise à jour de Big Blue Button en 2.4
- redémarrage du serveur
- vérifications
root@bbb2:~# # Lister les paquets fournis par Ubuntu root@bbb2:~# aptitude search '?narrow(?upgradable, (?origin(Ubuntu)))' i linux-headers-generic - Generic Linux kernel headers i A linux-headers-virtual - Virtual Linux kernel headers i linux-image-virtual - Virtual Linux kernel image i A linux-libc-dev - Linux Kernel Headers for development i linux-virtual - Minimal Generic Linux kernel and headers i nodejs - Node.js event-based server-side javascript engine i openjdk-8-jre - OpenJDK Java runtime, using Hotspot JIT i A openjdk-8-jre-headless - OpenJDK Java runtime, using Hotspot JIT (headless) i tzdata - time zone and daylight-saving time data root@bbb2:~# # Les mettre à jour root@bbb2:~# apt install $(aptitude search -F '%p' '?narrow(?upgradable, (?origin(Ubuntu)))') Reading package lists... Done Building dependency tree Reading state information... Done The following additional packages will be installed: linux-headers-4.15.0-173 linux-headers-4.15.0-173-generic linux-image-4.15.0-173-generic linux-modules-4.15.0-173-generic Suggested packages: fdutils linux-doc-4.15.0 | linux-source-4.15.0 linux-tools icedtea-8-plugin libnss-mdns fonts-ipafont-gothic fonts-ipafont-mincho fonts-wqy-microhei fonts-wqy-zenhei fonts-indic The following NEW packages will be installed: linux-headers-4.15.0-173 linux-headers-4.15.0-173-generic linux-image-4.15.0-173-generic linux-modules-4.15.0-173-generic The following packages will be upgraded: linux-headers-generic linux-headers-virtual linux-image-virtual linux-libc-dev linux-virtual nodejs openjdk-8-jre openjdk-8-jre-headless tzdata 9 upgraded, 4 newly installed, 0 to remove and 21 not upgraded. Need to get 81.4 MB of archives. After this operation, 168 MB of additional disk space will be used. Do you want to continue? [Y/n] [...] done root@bbb2:~# # Mettre à jour tout ce qui touche à bbb: root@bbb2:~# bash bbb-install.sh -w -g -v bionic-24 -s bbb.afpy.org root@bbb2:~# # Reboot root@bbb2:~# systemctl reboot
Puis après le redémarrage:
root@bbb2:~# # Vérifier la conf bbb root@bbb2:~# bbb-conf --check [...] # Potential problems described below # Warning: You have this server defined for https, but in # # /etc/bigbluebutton/nginx/sip.nginx # # did not find the use of https in definition for proxy_pass # # proxy_pass http://46.226.104.113:5066; # # Warning: You have this server defined for https, but in # # /etc/bigbluebutton/nginx/sip.nginx # # did not find the use of port 7443 in definition for proxy_pass # # proxy_pass http://46.226.104.113:5066; # # # Kurento will try to connect to 10.0.3.66 but FreeSWITCH is listening on 46.226.104.113 for port 5066 # # To fix, run the commands # # sudo yq w -i /usr/local/bigbluebutton/bbb-webrtc-sfu/config/default.yml freeswitch.sip_ip 46.226.104.113 # sudo chown bigbluebutton:bigbluebutton /usr/local/bigbluebutton/bbb-webrtc-sfu/config/default.yml #
J’ai modifié /etc/bigbluebutton/nginx/sip.nginx pour utiliser proxy_pass https://46.226.104.113:7443 et appliqué la seconde modification relative au fichier de conf /usr/local/bigbluebutton/bbb-webrtc-sfu/config/default.yml.
J’ai testé BBB en lançant une conf et en l’enregistrant. Une fois la réunion terminée, l’enregistrement est bien apparu dans l’interface et j’ai pu le visionner.
systemctl --failed ne retourne qu’une unité en erreur: systemd-growfs@-.service.
Le filtrage réseau est en place: les ports TCP 5060/5066/5090/7443/8888 ne sont bien pas accessibles depuis internet.
Après avoir vérifié qu’il n’y avait pas de meeting en cours:
# wget -qO- "https://bbb.afpy.org/bigbluebutton/api/getMeetings?checksum=$CHECKSUM" | xmlstarlet sel -I -t -v "count(//meeting)"
0
j’ai mis à jour les paquets Ubuntu et redémarré le serveur:
# apt install $(aptitude search -F '%p' '?narrow(?upgradable, (?origin(Ubuntu)))')
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
linux-headers-4.15.0-176 linux-headers-4.15.0-176-generic linux-image-4.15.0-176-generic linux-modules-4.15.0-176-generic
Suggested packages:
git-daemon-run | git-daemon-sysvinit git-doc git-el git-email git-gui gitk gitweb git-cvs git-mediawiki git-svn fdutils linux-doc-4.15.0
| linux-source-4.15.0 linux-tools fcgiwrap nginx-doc ssl-cert python2.7-doc binfmt-support python3.6-doc
The following NEW packages will be installed:
linux-headers-4.15.0-176 linux-headers-4.15.0-176-generic linux-image-4.15.0-176-generic linux-modules-4.15.0-176-generic
The following packages will be upgraded:
git git-man gzip klibc-utils libfribidi0 libkeyutils1 libklibc liblzma5 libnginx-mod-http-geoip libnginx-mod-http-image-filter
libnginx-mod-http-xslt-filter libnginx-mod-mail libnginx-mod-stream libpython2.7 libpython2.7-minimal libpython2.7-stdlib libpython3.6
libpython3.6-dev libpython3.6-minimal libpython3.6-stdlib linux-headers-generic linux-headers-virtual linux-image-virtual linux-libc-dev
linux-virtual nginx nginx-common nginx-core nodejs python2.7 python2.7-minimal python3.6 python3.6-dev python3.6-minimal python3.6-venv rsync
tcpdump ubuntu-advantage-tools xz-utils zlib1g zlib1g-dev
41 upgraded, 4 newly installed, 0 to remove and 8 not upgraded.
[...]
# systemctl reboot
Au reboot les services ne semblaient avoir rencontré de problème particulier:
# systemctl --failed
UNIT LOAD ACTIVE SUB DESCRIPTION
● systemd-growfs@-.service loaded failed failed Grow File System on /
et la requête à l’API bbb ne retourne pas d’erreur.
La sortie de bbb-conf --status semble également ok:
nginx —————————————————► [✔ - active]
freeswitch ————————————► [✔ - active]
redis-server ——————————► [✔ - active]
bbb-apps-akka —————————► [✔ - active]
bbb-fsesl-akka ————————► [✔ - active]
mongod ————————————————► [✔ - active]
bbb-html5 —————————————► [✔ - active]
bbb-webrtc-sfu ————————► [✔ - active]
kurento-media-server ——► [✔ - active]
bbb-html5-backend@1 ———► [✔ - active]
bbb-html5-backend@2 ———► [✔ - active]
bbb-html5-frontend@1 ——► [✔ - active]
bbb-html5-frontend@2 ——► [✔ - active]
etherpad ——————————————► [✔ - active]
bbb-web ———————————————► [✔ - active]
3 « J'aime »