After node-config was bumped to 3.3.9 (from 3.3.6), it started throwing errors if
configurations are mutated without the ALLOW_CONFIG_MUTATIONS env var set.
We mutate some configs directly, but I every time I added one of those I made sure that
they are always deep cloned.
However, we hit an issue with kurento-client mutating a config input, which is an indirect mutation.
So, to prevent further surprises I'm allowing mutations on production while prohibiting them in dev
envs until I'm 100% sure nothing, direct on indirect, improperly mutates configuration values.
bbb-webrtc-sfu (and mediasoup) are running in the CFS scheduler which
means it has to compete with (much) lower priority tasks like
presentation conversion, recording processing, [...]
Since it encompasses an RTC application which also handles audio, it
should be _at least_ on the same scheduling policy as FS/bbb-html5 - and
that should be safer now with mediasoup which has a lower footprint
(and generates lower CPU noise overall).
This commit puts bbb-webrtc-sfu in the FIFO scheduling policy (same as
bbb-html5). Also bumps bbb-html5 nice level up to 18 and sets SFU to
nice 19 (so bbb-html5 has some advantage when push comes to shove).
This can be improved further by using per-process priorities in SFU.
Ideally we'd want mediasoup audio workers and mcs-core to be the same
priority as FS (so higher than bbb-html5), but the rest of them
(video/screen workers) to be the same or lower than bbb-html5. For
future reference:
- https://github.com/bigbluebutton/bbb-webrtc-sfu/commit/3e245122dfa155ecb77b536eeadac1e4607cee
- 66d443d204
Audio's callerId depends on the user name and there isn't
an "on-demand" way of fetching that field internally, making callerId
assembly with trusted attributes (server-side generated) impossible in
bbb-webrtc-sfu.
The new extra header (User-Name, mapped to user_name in the proxied
connection) allows fetching the user name field in a cheap way and
consequently provides a cheap+safe way of assembling the callerId.
Alternatives I've considered but discarded:
- a new akka-apps req-resp pair for fetching the user name (+overhead)
- a new akka-apps req-resp pair for generating the callerId (+overhead)
- piggybacking on GetMicrophonePermissionReq/Resp to generate the
callerId (same overhead, but mixing responsabilities)
* fix unit name: the unit name on Ubuntu is `redis-server.service`
* services which need a working redis require both After= and Wants=
See the description in the `systemd.unit` man page.
yq package is now provided in the BigBlueButton support PPA for BBB 2.5,
so we can depend on the package now. Ensure the dependency is specific
to avoid an incompatible yq version 4 from being installed.
The old 6h values seem far too large and I cant recall nor find any good
justification for them to be that way
Reducing the timeouts to more sane values allow resources (WebSockets) to be
cleaned up faster
The heartbeat routine in bbb-webrtc-sfu runs every 20s. The heartbeat
routine in SIP.js/FS runs every 30(+10)s. The new timeouts are those values
multiplied by 3.
Remaining, to be handles separately:
bbb-html5 before-remove and after-install -- sip.nginx needs to be
handled in bbb-conf
bbb-freeswitch-core -- /tmp/vars xml, etc. -- not sure how to handle
beta.6 updates mediasoup 3.9.0 which has a new Meson build system
That new build system does a pretty good job cleaning compiler leftovers on its
own, so theoretically our cleanup code isn't needed anymore.
Amend history:
build/packages-template/bbb-webrtc-sfu/build.sh -> v2.6.0-beta.6 to beta.7
... drop build artifacts from compiling mediasoup. This reduces package
size from ~ 54 MB to ~ 12 MB.
Additionally this drops the `npm rebuild` command from the after-install
script. It should not be necessary to recompile stuff during
installation. To ensure a clean `node_modules` directory, it will be
cleaned in the before-install script.
