Installing FSF Version of Jitsi Meet using Ansible TMP Directory Error

Said · August 12, 2023, 8:30pm

The FSF has a modified version of Jitsi Meet available. Its website cites its advantages as no third party servers for network initialization,
no recommendations or links to proprietary services or programs, and LibreJS compliance.

I am attempting to install it on my FreedomBox using Ansible. Here are the details of my FreedomBox and my host computer:

FreedomBox Pioneer Edition
FreedomBox Version: 23.6.2 (Debian 12 Bookworm)

Debian 11 GNU/Linux (Bullseye)

Package: ansible
Version: 5.10.0 1ppa~focal

I downloaded the source files from the git and extracted them. In order to use the .yml files provided by the FSF, I wrote this small playbook:

hosts: server
become: yes
become_user: root
tasks:
- include: /home/user/jitsi-ansible-a13d451/tasks/main.yml
handlers:
- include: /home/user/jitsi-ansible-a13d451/handlers/main.yml

I added my FreedomBox to /etc/ansible/hosts/ and came up with the following argument:

ansible-playbook -u [freedombox domain name] -k -b -K /home/user/main.yml

After I enter the SSH password, I get the following error:

UNREACHABLE! => {“changed”: false, “msg”: “Failed to create temporary directory.In some cases, you may have been able to authenticate and did not have permissions on the target directory. Consider changing the remote tmp path in ansible.cfg to a path rooted in "/tmp", for more error information use -vvv. Failed command was: ( umask 77 && mkdir -p "echo ~/.ansible/tmp"&& mkdir "echo ~/.ansible/tmp/ansible-tmp-1691861039.8008547-50006-115989940711674" && echo ansible-tmp-1691861039.8008547-50006-115989940711674="echo ~/.ansible/tmp/ansible-tmp-1691861039.8008547-50006-115989940711674" ), exited with result 7”, “unreachable”: true}

I tried this user’s suggested config, but got the same result:

I saw in the documentation a setting for the default tmp:
https://docs.ansible.com/ansible/latest/reference_appendices/config.html#ansible-configuration-settings-locations

DEFAULT_LOCAL_TMP

Description:

Temporary directory for Ansible to use on the controller.

Type:

tmppath

Default:

{{ ANSIBLE_HOME ~ "/tmp" }}

Ini:

Section:

    [defaults]
Key:

    local_tmp

Environment:

Variable:

    ANSIBLE_LOCAL_TEMP

I’m not sure of how to apply this. If I try to generate the commented-out default config file, so I can copy its syntax, I get nothing in my .cfg file.
I assume this is applied already.

I think this should be a simple operation, but I am an average user with no experience in programming, using Ansible, or performing system admin duties outside of learning to use and troubleshooting FreedomBox. I tried checking the .tar.gz for a readme file with instructions, but I couldn’t find any. I had a brief readthrough of the .yml files, thinking I might find some clues, but nothing that would help me with the installation sequence.

Even if it’s a bit challenging, I think learning to manage my own freedom-respecting server is well worth the effort.

I appreciate any help anyone is able to give me.

jvalleroy · August 13, 2023, 12:50pm

From a glance, it looks like the issue could be due to the libpam-tmpdir package being installed. FreedomBox package used to “recommend” libpam-tmpdir, but we removed the recommend due to issues it causes with some apps like Wordpress and Zoph.

It’s possible that the package is still installed on your system. It would only have been removed if you tried to install Wordpress or Zoph. So I would suggest that you manually remove libpam-tmpdir, and then try the ansible command again.

Said · August 13, 2023, 3:17pm

Thanks for the reply. I tried to remove libpam-tmpdir with:

sudo apt remove libpam-tmpdir

and apt tell me the package was not installed. Is there anything else that I should try?

nbenedek · August 15, 2023, 5:33pm

Can you link us the git repository you mention, from which you downloaded this playbook?

Said · August 16, 2023, 12:53am

Sure, no problem. I had put the link to the FSF’s git in the original post, but I was limited by my link post limit. Here it is:

https://vcs.fsf.org/?p=jitsi-ansible.git

nbenedek · August 16, 2023, 5:06pm

I downloaded the project to try it myself, here are my findings:

The error you see indicates that the first task, creating a temp directory, failed because ansible couldn’t ssh into the server. This can be resolved by appending ansible_user=<your username> into the inventory file.
However, even if you fix that, the GPG key provided in the playbook is outdated, this ansible project hasn’t been updated for 3 years.
I updated the GPG key for myself but the next task of modifying firewall rules will fail as well because it tries to use UFW which isn’t part of FreedomBox, since we use firewalld.
Getting rid of the UFW task will result in yet another error, which is again due this ansible project being outdated:
fatal: [192.168.122.200]: FAILED! => {"changed": false, "msg": "Destination /usr/share/jitsi-meet/css/all.css does not exist !", "rc": 257}

At this point you would be better off installing it manually from here: Ubuntu/Debian Installation Instructions & Repository.

Said · August 17, 2023, 3:03pm

Thank you very much for attempting this for me. I appreciate your thorough help.
I figured it might be the case that I should have to use the upstream version. In that case, I have a question related to ejabberd.

I understand the official configuration uses Nginx and Prosody, but that FreedomBox uses Apache and ejabberd. Jitsi will default to an Apache
configuration if it doesn’t detect Nginx, but I’m not sure what to do about Prosody.

I saw here someone managed to configure ejabberd for Jitsi use: Install Jitsi-Meet alongside ejabberd – vanitasvitae's blog

What’s left is the Authentication feature. I think Jitsi uses Prosody for user authentication as well, so you can set up registered users only to create rooms. How would that translate to
to ejabberd, if ejabberd functions the same way? I know that FreedomBox uses OpenLDAP for user authentication and single sign-on, so would that be responsible instead?

Would it be fine to have Prosody and ejabberd installed simultaneously, if neither of the above are options?

Avron · August 17, 2023, 3:25pm

Making Jitsi use ejabberd while ejabberd service is configured via plinth (the freedombox web interface) could result in trouble. It could also work, but if you are the only one with such a configuration, there is a chance that updates will break something but only for you then you will have to dig it out on your own.

Because I rely on my freedombox for email, I don’t want to increase the risks of problems on it then I run jitsi on a separate machine (my desktop PC running trisquel).

About ejabberd and prosody running on the same machine, one difficulty could be that they need to access the same port numbers, but perhaps there are ways to deal with that.

Said · August 18, 2023, 12:03am

Thank you, Avron. I will find a different solution then.