Set up a BigBlueButton server quickly
Background
So being in lockdown means my son is into homeschooling for some weeks now. The school decided to use a school information system (SIS) that combines lots of free software projects, which is good. The video conferencing tool that's implemented is BigBlueButton which works very well. The children aged 6-8 all have learnt how to activate or deactivate their cameras, mute or unmute their microphones, use the chat or set their status. They follow invitations to break-out rooms and the classes in general are progressing really well.
It it wasn't for unexpected outage of the whole SIS; the company recently released a statement that explains why the servers have been unreachable for a couple of days. Apparently the infrastructure suffers from DDoS (destributed denial of service) attacks that eventually brings down the servers.
For most schools in our city, the solution is obvious: change the service to Microsoft Teams. I could write a book about why switching to Teams is a bad idea and why Microsoft should be banned from all schools everywhere. However, what I want to do is to show how a backup video conferencing solution can be provided easily within a couple of minutes.
I'm going to use the same software BigBlueButton, hosted on Hetzner (a German hoster) virtual machines and managed with Ansible.
Single Server Setup
To set up a single BigBlueButton server, we start with creating a VM. The documentation recommends an Ubuntu 16.04 server with 16GB RAM and 8 cores minimum for production. The documentation also recommends using a provided shell script, that will do the full installation for you which can be configured with several flags and switches. However, there are also some Ansible roles out there, that will allow me to have more control in my initial configuration. The Ansible roles are not maintained by the official BigBlueButton project.
For development, I'm going to use a 4CPU machine with 8GB RAM. With the hcloud
command line tool you can create the VM with
hcloud server create \
--image ubuntu-16.04 \
--name bbb \
--ssh-key ~/.ssh/id_rsa.pub \
--type cx31 \
--datacenter nbg1-dc3
3s [=====================================] 100.00%
Waiting for server xxxxxx to have started
... done
Server xxxxxx created
IPv4: x.x.x.x
So there is our VM, with my ssh key already injected. Next we need a domain to reach the server properly and have the scripts create Let's Encrypt SSL certificates. I've bought my domain at a German provider and set-up a sub-domain to use dynamic dns which I'm going to update with the ddclient
tool.
My ddclient.conf
file looks similar to this:
protocol=dyndns2
ssl=yes
server=dyndns.strato.com/nic/update
use=cmd
cmd="hcloud server ip bbb"
login=schubisu.de
password='***********'
bbb.schubisu.de
use=cmd
cmd="hcloud server ip -6 test.debian"
login=schubisu.de
password='***********'
bbb.schubisu.de
As you can see, I've named my sub-domain bbb.schubisu.de
. The ip I'm going set in the A and AAAA record are obtained through the hcloud
command. To set both records, I simply copy the blocks; ddclient can automatically recognize the ip address format and will set the IPv4 and IPv6 correctly.
To update the dns records I run the command with
ddclient --file ddclient.conf --cache ddclient.cache
we need to specify the cache file separately to be able to run ddclient without root, since the default cache location is only writable as root.
Finally we can set up our Ansible scripts. I'm going to use n0emis bigbluebutton role. To obtain the role and dependencies let's clone some git repositories:
git clone https://github.com/n0emis/ansible-role-bigbluebutton n0emi.bigbluebutton
git clone https://github.com/geerlingguy/ansible-role-nodejs geerlingguy.nodejs
git clone https://github.com/geerlingguy/ansible-role-docker geerlingguy.docker
I put the following in my inventory file
[bbb]
bbb.schubisu.de
and also create an ansible.cfg
with the following content
[defaults]
remote_user = root
because my ssh key has been injected to the root user of the VM.
Finally I can create the playbook.yml
:
---
- hosts: bbb
roles:
- role: n0emis.bigbluebutton
bbb_hostname: bbb.schubisu.de
bbb_coturn_secret: 123456789012345678901234567890
bbb_greenlight_secret: 123456789012345678901234567890
bbb_greenlight_db_password: 123456789012345678901234567890
bbb_letsencrypt_email: john.doe@email.com
bbb_greenlight_accounts: false
bbb_greenlight_users:
- name: 'John Doe'
email: 'john.doe@email.com'
password: '**********'
type: 'admin'
Most options have default values and I don't need to modify them for now. Secrets however need to be set. To have the Let's Encrypt certificates I also set the correct hostname and email address.
Finally I configure greenlight, the optional login manager used by BigBlueButton, to not accept new registrations but have me as single admin user to spawn new rooms etc.
Let it run!
ansible-playbook -i server playbook.yml
This will run for about half an hour, but when it's finished we have our BigBlueButton server available at our domain. Once this is set up we can easily delete and create our VM whenever we want. Setting up the full-blown server will always take that 15-30 minutes but does not need any interaction on our end. That's cool!
Scale it up
Using the minimum server requirements with 16GM RAM and 8CPUs, the BBB server can handle up to 200 concurrent users. That said, it's clear that this is not the end. I will write a follow-up to this post, describing how to set up a set of BigBlueButton back end servers with a load-balancing front end.