fix(prosody): Moves to using shell for roster and user creation.

* fix(prosody): Moves to using shell for roster creation. * fix(prosody): Moves to using shell for user creation.
2026-01-22 06:15:13 -06:00
parent 4509144221
commit eab4bff766
5 changed files with 218 additions and 22 deletions
--- a/prosody/rootfs/defaults/prosody.cfg.lua
+++ b/prosody/rootfs/defaults/prosody.cfg.lua
@@ -100,6 +100,7 @@ modules_enabled = {
 		--"compression"; -- Stream compression (Debian: requires lua-zlib module to work)
 	-- Admin interfaces
 		"admin_shell"; -- Enable admin shell for prosodyctl shell commands
 		-- "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands
 		--"admin_telnet"; -- Opens telnet console interface on localhost port 5582
--- a/prosody/rootfs/etc/cont-init.d/10-config
+++ b/prosody/rootfs/etc/cont-init.d/10-config
@@ -81,12 +81,7 @@ fi
 [ -z "${XMPP_HIDDEN_DOMAIN}" ] && export XMPP_HIDDEN_DOMAIN="$XMPP_RECORDER_DOMAIN"
 [ -z "${XMPP_HIDDEN_DOMAIN}" ] && export XMPP_HIDDEN_DOMAIN=hidden.meet.jitsi
-prosodyctl --config $PROSODY_CFG register focus $XMPP_AUTH_DOMAIN $JICOFO_AUTH_PASSWORD
+# User registration is now handled by the 70-register-setup service after prosody starts
 # if we are in client mode, we need to subscribe the focus user to the focus component proxy
 if [[ "$PROSODY_MODE" == "client" ]]; then
    prosodyctl --config $PROSODY_CFG mod_roster_command subscribe focus.$XMPP_DOMAIN focus@$XMPP_AUTH_DOMAIN
 fi
 if [[ -z $JVB_AUTH_PASSWORD ]]; then
    echo 'FATAL ERROR: JVB auth password must be set'
@@ -99,20 +94,12 @@ if [[ "$JVB_AUTH_PASSWORD" == "$OLD_JVB_AUTH_PASSWORD" ]]; then
    exit 1
 fi
 # we see the next register command to hang from time to time, suspect it's a race with mod_roster_command
 # Once this is released: https://issues.prosody.im/1908 we can remove this sleep and make sure prosody is running
 # and then use 'prosodyctl shell user create' to add user live and 'prosodyctl shell roster' to modify their roster live.
 sleep 1
 prosodyctl --config $PROSODY_CFG register $JVB_AUTH_USER $XMPP_AUTH_DOMAIN $JVB_AUTH_PASSWORD
 if [[ ! -z $JIBRI_XMPP_PASSWORD ]]; then
    OLD_JIBRI_XMPP_PASSWORD=passw0rd
    if [[ "$JIBRI_XMPP_PASSWORD" == "$OLD_JIBRI_XMPP_PASSWORD" ]]; then
        echo 'FATAL ERROR: Jibri auth password must be changed, check the README'
        exit 1
    fi
    prosodyctl --config $PROSODY_CFG register $JIBRI_XMPP_USER $XMPP_AUTH_DOMAIN $JIBRI_XMPP_PASSWORD
 fi
 if [[ "$PROSODY_MODE" == "client" ]]; then
@@ -122,13 +109,6 @@ if [[ "$PROSODY_MODE" == "client" ]]; then
            echo 'FATAL ERROR: Jibri recorder password must be changed, check the README'
            exit 1
        fi
        prosodyctl --config $PROSODY_CFG register $JIBRI_RECORDER_USER $XMPP_HIDDEN_DOMAIN $JIBRI_RECORDER_PASSWORD
    fi
    if [[ "$(echo "$ENABLE_TRANSCRIPTIONS" | tr '[:upper:]' '[:lower:]')" == "true" ]] || [[ "$ENABLE_TRANSCRIPTIONS" == "1" ]]; then
        if [[ ! -z $JIGASI_TRANSCRIBER_PASSWORD ]]; then
            [ -z "$JIGASI_TRANSCRIBER_USER" ] && JIGASI_TRANSCRIBER_USER="transcriber"
            prosodyctl --config $PROSODY_CFG register $JIGASI_TRANSCRIBER_USER $XMPP_HIDDEN_DOMAIN $JIGASI_TRANSCRIBER_PASSWORD
        fi
    fi
 fi
@@ -138,7 +118,6 @@ if [[ ! -z $JIGASI_XMPP_PASSWORD ]]; then
        echo 'FATAL ERROR: Jigasi auth password must be changed, check the README'
        exit 1
    fi
    prosodyctl --config $PROSODY_CFG register $JIGASI_XMPP_USER $XMPP_AUTH_DOMAIN $JIGASI_XMPP_PASSWORD
 fi
 if [[ "$PROSODY_MODE" == "visitors" ]]; then
--- a/prosody/rootfs/etc/services.d/50-prosody/run
+++ b/prosody/rootfs/etc/services.d/50-prosody/run
--- a/prosody/rootfs/etc/services.d/70-register-setup/run
+++ b/prosody/rootfs/etc/services.d/70-register-setup/run
@@ -0,0 +1,139 @@
 #!/usr/bin/with-contenv bash
 echo "[register-setup] Service starting..."
 # Wait for prosody to be ready
 echo "[register-setup] Waiting for prosody to be ready..."
 MAX_ATTEMPTS=60
 ATTEMPT=0
 while [ $ATTEMPT -lt $MAX_ATTEMPTS ]; do
    if curl --fail --silent --output /dev/null http://127.0.0.1:5280/health 2>&1; then
        echo "[register-setup] Prosody is ready!"
        break
    fi
    ATTEMPT=$((ATTEMPT + 1))
    echo "[register-setup] Attempt $ATTEMPT/$MAX_ATTEMPTS..."
    sleep 2
 done
 if [ $ATTEMPT -eq $MAX_ATTEMPTS ]; then
    echo "[register-setup] ERROR: Prosody did not become ready in time"
    exit 1
 fi
 # Set defaults (matching init script)
 [ -z "${JIBRI_RECORDER_USER}" ] && export JIBRI_RECORDER_USER=recorder
 [ -z "${JIBRI_XMPP_USER}" ] && export JIBRI_XMPP_USER=jibri
 [ -z "${JIGASI_XMPP_USER}" ] && export JIGASI_XMPP_USER=jigasi
 [ -z "${JVB_AUTH_USER}" ] && export JVB_AUTH_USER=jvb
 [ -z "${XMPP_DOMAIN}" ] && XMPP_DOMAIN=meet.jitsi
 [ -z "${XMPP_AUTH_DOMAIN}" ] && XMPP_AUTH_DOMAIN=auth.meet.jitsi
 [ -z "${XMPP_HIDDEN_DOMAIN}" ] && XMPP_HIDDEN_DOMAIN="$XMPP_RECORDER_DOMAIN"
 [ -z "${XMPP_HIDDEN_DOMAIN}" ] && XMPP_HIDDEN_DOMAIN=hidden.meet.jitsi
 [ -z "$PROSODY_MODE" ] && PROSODY_MODE="client"
 PROSODY_CFG="/config/prosody.cfg.lua"
 # Validate required passwords
 if [[ -z $JICOFO_AUTH_PASSWORD ]]; then
    echo '[register-setup] FATAL ERROR: Jicofo auth password must be set'
    exit 1
 fi
 if [[ -z $JVB_AUTH_PASSWORD ]]; then
    echo '[register-setup] FATAL ERROR: JVB auth password must be set'
    exit 1
 fi
 OLD_JVB_AUTH_PASSWORD=passw0rd
 if [[ "$JVB_AUTH_PASSWORD" == "$OLD_JVB_AUTH_PASSWORD" ]]; then
    echo '[register-setup] FATAL ERROR: JVB auth password must be changed, check the README'
    exit 1
 fi
 # Register focus user
 echo "[register-setup] Registering focus user..."
 OUTPUT=$(prosodyctl --config $PROSODY_CFG shell user create focus@$XMPP_AUTH_DOMAIN $JICOFO_AUTH_PASSWORD 2>&1)
 if [ $? -eq 0 ]; then
    echo "[register-setup] Focus user registered successfully"
 else
    echo "[register-setup] Focus user registration output: $OUTPUT"
 fi
 # Register JVB user
 echo "[register-setup] Registering JVB user..."
 OUTPUT=$(prosodyctl --config $PROSODY_CFG shell user create $JVB_AUTH_USER@$XMPP_AUTH_DOMAIN $JVB_AUTH_PASSWORD 2>&1)
 if [ $? -eq 0 ]; then
    echo "[register-setup] JVB user registered successfully"
 else
    echo "[register-setup] JVB user registration output: $OUTPUT"
 fi
 # Register Jibri user if password is set
 if [[ ! -z $JIBRI_XMPP_PASSWORD ]]; then
    OLD_JIBRI_XMPP_PASSWORD=passw0rd
    if [[ "$JIBRI_XMPP_PASSWORD" == "$OLD_JIBRI_XMPP_PASSWORD" ]]; then
        echo '[register-setup] FATAL ERROR: Jibri auth password must be changed, check the README'
        exit 1
    fi
    echo "[register-setup] Registering Jibri user..."
    OUTPUT=$(prosodyctl --config $PROSODY_CFG shell user create $JIBRI_XMPP_USER@$XMPP_AUTH_DOMAIN $JIBRI_XMPP_PASSWORD 2>&1)
    if [ $? -eq 0 ]; then
        echo "[register-setup] Jibri user registered successfully"
    else
        echo "[register-setup] Jibri user registration output: $OUTPUT"
    fi
 fi
 # Register Jibri recorder and Jigasi transcriber in client mode only
 if [[ "$PROSODY_MODE" == "client" ]]; then
    if [[ ! -z $JIBRI_RECORDER_PASSWORD ]]; then
        OLD_JIBRI_RECORDER_PASSWORD=passw0rd
        if [[ "$JIBRI_RECORDER_PASSWORD" == "$OLD_JIBRI_RECORDER_PASSWORD" ]]; then
            echo '[register-setup] FATAL ERROR: Jibri recorder password must be changed, check the README'
            exit 1
        fi
        echo "[register-setup] Registering Jibri recorder user..."
        OUTPUT=$(prosodyctl --config $PROSODY_CFG shell user create $JIBRI_RECORDER_USER@$XMPP_HIDDEN_DOMAIN $JIBRI_RECORDER_PASSWORD 2>&1)
        if [ $? -eq 0 ]; then
            echo "[register-setup] Jibri recorder user registered successfully"
        else
            echo "[register-setup] Jibri recorder user registration output: $OUTPUT"
        fi
    fi
    if [[ "$(echo "$ENABLE_TRANSCRIPTIONS" | tr '[:upper:]' '[:lower:]')" == "true" ]] || [[ "$ENABLE_TRANSCRIPTIONS" == "1" ]]; then
        if [[ ! -z $JIGASI_TRANSCRIBER_PASSWORD ]]; then
            [ -z "$JIGASI_TRANSCRIBER_USER" ] && JIGASI_TRANSCRIBER_USER="transcriber"
            echo "[register-setup] Registering Jigasi transcriber user..."
            OUTPUT=$(prosodyctl --config $PROSODY_CFG shell user create $JIGASI_TRANSCRIBER_USER@$XMPP_HIDDEN_DOMAIN $JIGASI_TRANSCRIBER_PASSWORD 2>&1)
            if [ $? -eq 0 ]; then
                echo "[register-setup] Jigasi transcriber user registered successfully"
            else
                echo "[register-setup] Jigasi transcriber user registration output: $OUTPUT"
            fi
        fi
    fi
 fi
 # Register Jigasi user if password is set
 if [[ ! -z $JIGASI_XMPP_PASSWORD ]]; then
    OLD_JIGASI_XMPP_PASSWORD=passw0rd
    if [[ "$JIGASI_XMPP_PASSWORD" == "$OLD_JIGASI_XMPP_PASSWORD" ]]; then
        echo '[register-setup] FATAL ERROR: Jigasi auth password must be changed, check the README'
        exit 1
    fi
    echo "[register-setup] Registering Jigasi user..."
    OUTPUT=$(prosodyctl --config $PROSODY_CFG shell user create $JIGASI_XMPP_USER@$XMPP_AUTH_DOMAIN $JIGASI_XMPP_PASSWORD 2>&1)
    if [ $? -eq 0 ]; then
        echo "[register-setup] Jigasi user registered successfully"
    else
        echo "[register-setup] Jigasi user registration output: $OUTPUT"
    fi
 fi
 echo "[register-setup] All users registered, service completed"
 # This is a oneshot service - tell s6 to stop supervising and sleep
 s6-svc -O /var/run/s6/services/70-register-setup
 exec sleep infinity
--- a/prosody/rootfs/etc/services.d/90-roster-setup/run
+++ b/prosody/rootfs/etc/services.d/90-roster-setup/run
@@ -0,0 +1,77 @@
 #!/usr/bin/with-contenv bash
 echo "[roster-setup] Service starting..."
 # Default to client mode if not set (matching init script behavior)
 [ -z "$PROSODY_MODE" ] && PROSODY_MODE="client"
 # Only run in client mode
 if [[ "$PROSODY_MODE" != "client" ]]; then
    echo "[roster-setup] Not in client mode (PROSODY_MODE=$PROSODY_MODE), exiting..."
    s6-svc -O /var/run/s6/services/90-roster-setup
    exec sleep infinity
 fi
 echo "[roster-setup] Running in client mode, proceeding with roster setup"
 # Wait for prosody to be ready
 echo "[roster-setup] Waiting for prosody to be ready..."
 MAX_ATTEMPTS=60
 ATTEMPT=0
 while [ $ATTEMPT -lt $MAX_ATTEMPTS ]; do
    if curl --fail --silent --output /dev/null http://127.0.0.1:5280/health 2>&1; then
        echo "[roster-setup] Prosody is ready!"
        break
    fi
    ATTEMPT=$((ATTEMPT + 1))
    echo "[roster-setup] Attempt $ATTEMPT/$MAX_ATTEMPTS..."
    sleep 2
 done
 if [ $ATTEMPT -eq $MAX_ATTEMPTS ]; then
    echo "[roster-setup] ERROR: Prosody did not become ready in time"
    exit 1
 fi
 # Set defaults for XMPP domains (matching init script)
 [ -z "${XMPP_DOMAIN}" ] && XMPP_DOMAIN=meet.jitsi
 [ -z "${XMPP_AUTH_DOMAIN}" ] && XMPP_AUTH_DOMAIN=auth.meet.jitsi
 # Subscribe the focus user to the focus component proxy using prosodyctl shell
 echo "[roster-setup] Setting up roster subscription..."
 echo "[roster-setup] Command: prosodyctl shell roster subscribe_both focus@$XMPP_AUTH_DOMAIN focus.$XMPP_DOMAIN"
 PROSODY_CFG="/config/prosody.cfg.lua"
 # Capture both stdout and stderr
 OUTPUT=$(prosodyctl --config $PROSODY_CFG shell roster subscribe_both focus@$XMPP_AUTH_DOMAIN focus.$XMPP_DOMAIN 2>&1)
 RESULT=$?
 echo "[roster-setup] Command output:"
 echo "$OUTPUT"
 if [ $RESULT -eq 0 ]; then
    echo "[roster-setup] Roster subscription completed successfully"
    # Reload mod_client_proxy module to apply roster changes
    echo "[roster-setup] Reloading client_proxy module..."
    RELOAD_OUTPUT=$(prosodyctl --config $PROSODY_CFG shell module reload client_proxy 2>&1)
    RELOAD_RESULT=$?
    echo "[roster-setup] Module reload output:"
    echo "$RELOAD_OUTPUT"
    if [ $RELOAD_RESULT -eq 0 ]; then
        echo "[roster-setup] Module reloaded successfully"
    else
        echo "[roster-setup] WARNING: Failed to reload module (exit code: $RELOAD_RESULT)"
    fi
 else
    echo "[roster-setup] ERROR: Failed to setup roster subscription (exit code: $RESULT)"
    echo "[roster-setup] This is a oneshot service, will sleep to prevent restart loop"
 fi
 echo "[roster-setup] Oneshot service completed, sleeping..."
 # This is a oneshot service - tell s6 to stop supervising and sleep
 s6-svc -O /var/run/s6/services/90-roster-setup
 exec sleep infinity