Re: DebConf Video streaming wishlist for MiniDebConf Cambridge and future events
On 22.11.2017 01:38, Nicolas Dandrimont wrote:
> [Please note and preserve Cc: to debconf-video@]
>
> The DebConf Video Team is currently holding a sprint to enhance its setup and
> make it more future-proof and self-service. We have a few things that we would
> like to do, with your help, to make this setup happen.
>
> 0/ Context
>
> We have standardized our machine setup around ansible, which we use to setup the
> machines used for mixing and recording in the conference environment as well as
> the cloud instances used for streaming.
>
> Streams are pushed to a streaming backend with RTMP; this backend converts the
> RTMP stream to HLS, which is then distributed to clients through a few caching
> HTTPS frontends that are geographically distributed. The html5/javascript
> frontend uses a special geoip-resolving http(s) endpoint to point clients to
> the proper geographically close mirror (stupid web player doesn't do sticky
> redirects).
>
> I've been working on integrating the setup/teardown of the streaming network
> with our ansible repository and here are the things that would be useful:
>
> 1/ DNS updates
>
> We would like to be able to update DNS entries for a subtree of debconf.org to
> accommodate dynamic cloud instances. Our previous setup used video.debconf.org,
> but we would like to move *streaming* to *.live.debconf.org, which will allow
> video.debconf.org to be reused for a static documentation / video player /
> streaming player website. Could we enable the videoteam user on vittoria (or
> another role user) to do so?
>
> 2/ Cloud instance spin-up/teardown
>
> I've written a small set of python3 scripts using the DigitalOcean API to
> setup/teardown machines; As this needs an API key for our DigitalOcean account,
> we would like to allow a role user to run the scripts on vittoria. Ideally this
> role user would also be able to run ansible to set the machines up after they
> spin up. If you think that's sensible I'll provide you with an update to the
> debian.org metapackages for the needed dependencies.
Hey,
you might remember me from debconf Cambridge 2 years ago, the ccc voc
salesman ;-)
If you say digitalOcean that sounds like payed servers. If you like we
can talk about
using ccc voc servers for debconf streaming. We have currently three
location
where we operate stream relays with 10 or 20 gigabit connectivity. A
fourth location will be added to the end of the year.
All traffic is donated, peering is very good
https://www.peeringdb.com/net/2989 + DFN relays
Currently we provide NGINX RTMP and icecast relays, everything is
running debian stretch and h0lger also has already access
to the infrastructure. On some parts we are still have some things to do
from the stretch upgrade but most things are already
update in the ansible git https://github.com/voc/cm/tree/master/ansible
. Fine tuned version will be there after 34c3
If this sound interesting for you we can have a chat at 34c3 or e.g. a
mumble in January
>
> 3/ TLS certificate distribution for the streaming network
>
> Our streams are now fully HTTPS. During DebConf17, we used certbot to generate
> certificates manually on one of the machines (with the http-01 challenge) and
> then used ansible to push the private and public keys to the rest of the mirror
> network.
>
> Would it be possible to integrate ourselves in your letsencrypt setup, having a
> way to provide the aforementioned videoteam role user with the tls key/cert
> pair for pushing to the streaming network through ansible?
>
> The first iteration would use a static list of hostnames (TBD), until
> letsencrypt supports wildcard certs which will allow us to just have one cert
> for *.live.debconf.org, hopefully for our next events in 2018.
>
> Thanks for considering,
Reply to: