automatic configuration management for kamailio and asterisk
DESCRIPTION
We are under the pressure of delivering RTC systems that are at the same time stable, but can change often to add features and fix bugs. The underlying systems also change frequently (OS upgrades, increase/decrease capacity on demand), and we need multiple environments running (e.g. development, testing/QA, production). Puppet provides a solution that dramatically cuts deployment time, reduces occurrences of errors, while at the same time documenting the configuration status. This presentation is about I stopped worrying about the deployments of systems built with Kamailio, Asterisk and other open source applications. With our Puppet code base we go from a new Virtual Machine to a working system in minutes, with peace of mind and self-documented configurations and processes. Firewall, nagios, syslog, monit, sec, and many other related tools and properties are also automatically configured.TRANSCRIPT
![Page 1: Automatic Configuration Management For Kamailio And Asterisk](https://reader034.vdocument.in/reader034/viewer/2022050711/557ad0bcd8b42add288b4da8/html5/thumbnails/1.jpg)
Automatic Configuration Management for Kamailio
and Asterisk
Giacomo VaccaSenior Network Applications Developer
or “How I Stopped Worrying About Deployments”
![Page 2: Automatic Configuration Management For Kamailio And Asterisk](https://reader034.vdocument.in/reader034/viewer/2022050711/557ad0bcd8b42add288b4da8/html5/thumbnails/2.jpg)
© 2014 Truphone Limited. All Rights Reserved. 13 April 2023 2
labs.truphone.com
![Page 3: Automatic Configuration Management For Kamailio And Asterisk](https://reader034.vdocument.in/reader034/viewer/2022050711/557ad0bcd8b42add288b4da8/html5/thumbnails/3.jpg)
© 2014 Truphone Limited. All Rights Reserved. 13 April 2023 3
@giavac – Giacomo Vacca
• Doing VoIP 10+ years• Leads Network Apps Dev• All sorts of OS apps in RTC• WebRTC, Devops enthusiast
![Page 4: Automatic Configuration Management For Kamailio And Asterisk](https://reader034.vdocument.in/reader034/viewer/2022050711/557ad0bcd8b42add288b4da8/html5/thumbnails/4.jpg)
© 2014 Truphone Limited. All Rights Reserved. 13 April 2023 4
Embracing Config Management
![Page 5: Automatic Configuration Management For Kamailio And Asterisk](https://reader034.vdocument.in/reader034/viewer/2022050711/557ad0bcd8b42add288b4da8/html5/thumbnails/5.jpg)
© 2014 Truphone Limited. All Rights Reserved. 13 April 2023 5
Penetration of cfg mgmt in trulabs
![Page 6: Automatic Configuration Management For Kamailio And Asterisk](https://reader034.vdocument.in/reader034/viewer/2022050711/557ad0bcd8b42add288b4da8/html5/thumbnails/6.jpg)
© 2014 Truphone Limited. All Rights Reserved. 13 April 2023 6
github/trulabs and Puppet usage
• 44 custom modules• 2 public modules• ~10 3rd party modules• ~2000 commits• ~4000 lines of code
![Page 7: Automatic Configuration Management For Kamailio And Asterisk](https://reader034.vdocument.in/reader034/viewer/2022050711/557ad0bcd8b42add288b4da8/html5/thumbnails/7.jpg)
© 2014 Truphone Limited. All Rights Reserved. 13 April 2023 7
• Quicker to build and configure a new VM• Quicker to setup applications• Easier triage/debugging• Simpler Change Requests• Higher team satisfaction
Visible improvements
![Page 8: Automatic Configuration Management For Kamailio And Asterisk](https://reader034.vdocument.in/reader034/viewer/2022050711/557ad0bcd8b42add288b4da8/html5/thumbnails/8.jpg)
© 2014 Truphone Limited. All Rights Reserved. 13 April 2023 8
• Open Source configuration management • Defines the final status (‘what’, not ‘how’)• Idempotent
puppetlabs.com (I’m not affiliated)
So, what’s Puppet?
![Page 9: Automatic Configuration Management For Kamailio And Asterisk](https://reader034.vdocument.in/reader034/viewer/2022050711/557ad0bcd8b42add288b4da8/html5/thumbnails/9.jpg)
© 2014 Truphone Limited. All Rights Reserved. 13 April 2023 9
• Puppet code is contained in MANIFESTS• Puppet functionalities are organized in
MODULES• “Compiled” manifests are CATALOGUES
Puppet - terminology
![Page 10: Automatic Configuration Management For Kamailio And Asterisk](https://reader034.vdocument.in/reader034/viewer/2022050711/557ad0bcd8b42add288b4da8/html5/thumbnails/10.jpg)
© 2014 Truphone Limited. All Rights Reserved. 13 April 2023 10
• As many environments as you want–Each environment defines a Site
•A Site defines a group of Nodes– Every host is a Node
Puppet - architecture
![Page 11: Automatic Configuration Management For Kamailio And Asterisk](https://reader034.vdocument.in/reader034/viewer/2022050711/557ad0bcd8b42add288b4da8/html5/thumbnails/11.jpg)
© 2014 Truphone Limited. All Rights Reserved. 13 April 2023 11
Master/Slave vs Standalone
![Page 12: Automatic Configuration Management For Kamailio And Asterisk](https://reader034.vdocument.in/reader034/viewer/2022050711/557ad0bcd8b42add288b4da8/html5/thumbnails/12.jpg)
© 2014 Truphone Limited. All Rights Reserved. 13 April 2023 12
https://forge.puppetlabs.com/trulabs/kamailio
A Puppet module for Kamailio
![Page 13: Automatic Configuration Management For Kamailio And Asterisk](https://reader034.vdocument.in/reader034/viewer/2022050711/557ad0bcd8b42add288b4da8/html5/thumbnails/13.jpg)
© 2014 Truphone Limited. All Rights Reserved. 13 April 2023 13
• Tested on debian wheezy; works on Ubuntu• Several levels of control
–Manage Kamailio as a service–Choose package version–TLS/WebSockets enabled/disabled
• Used on Production
trulabs-kamailio
![Page 14: Automatic Configuration Management For Kamailio And Asterisk](https://reader034.vdocument.in/reader034/viewer/2022050711/557ad0bcd8b42add288b4da8/html5/thumbnails/14.jpg)
© 2014 Truphone Limited. All Rights Reserved. 13 April 2023 14
From empty VM to running app
apt-get update && apt-get install -y puppet
puppet module install trulabs-kamailio
puppet apply –v \ /etc/puppet/modules/kamailio/tests/init.pp \--show_diff --noop
# You can check with:dpkg -l | grep kamailionetstat –nap | grep 506.
![Page 15: Automatic Configuration Management For Kamailio And Asterisk](https://reader034.vdocument.in/reader034/viewer/2022050711/557ad0bcd8b42add288b4da8/html5/thumbnails/15.jpg)
© 2014 Truphone Limited. All Rights Reserved. 13 April 2023 15
trulabs-kamailio - structure• manifests
– config.pp– init.pp– install.pp– params.pp– repo.pp and repo/– service.pp
• templates– etc_default_kamailio.erb– kamailio-local.cfg.erb– kamailio.cfg.erb– tls.cfg.erb
![Page 16: Automatic Configuration Management For Kamailio And Asterisk](https://reader034.vdocument.in/reader034/viewer/2022050711/557ad0bcd8b42add288b4da8/html5/thumbnails/16.jpg)
© 2014 Truphone Limited. All Rights Reserved. 13 April 2023 16
e.g.: Kamailio for WebSocketsclass kamailio_ws::install () inherits kamailio_ws { class { '::kamailio': service_manage => true, service_enable => true, service_ensure => 'running', manage_repo => true, with_tls => true, with_websockets => true, with_ephem_auth => true, manage_config => false, }}
![Page 17: Automatic Configuration Management For Kamailio And Asterisk](https://reader034.vdocument.in/reader034/viewer/2022050711/557ad0bcd8b42add288b4da8/html5/thumbnails/17.jpg)
© 2014 Truphone Limited. All Rights Reserved. 13 April 2023 17
• Firewall– Open up UDP+TCP, 5060, 5061– Open TCP 5666 for Nagios client
• TCP keepalive• SSL certs:
– Ensure existing and with correct permissions• Swap memory:
– Ensure created and with correct size• monit, fail2ban, basic tools: Install and configure
kamailio_ws – node setup
![Page 18: Automatic Configuration Management For Kamailio And Asterisk](https://reader034.vdocument.in/reader034/viewer/2022050711/557ad0bcd8b42add288b4da8/html5/thumbnails/18.jpg)
© 2014 Truphone Limited. All Rights Reserved. 13 April 2023 18
https://forge.puppetlabs.com/trulabs/asterisk
A Puppet module for Asterisk
![Page 19: Automatic Configuration Management For Kamailio And Asterisk](https://reader034.vdocument.in/reader034/viewer/2022050711/557ad0bcd8b42add288b4da8/html5/thumbnails/19.jpg)
© 2014 Truphone Limited. All Rights Reserved. 13 April 2023 19
• Pre-requisites– DAHDI (installed as kernel module)– apt repos
• Packages– Core– Sounds– Business logic (from own repo)
• Configuration files– Including optional TLS + certs, ODBC settings
Asterisk – module components
![Page 20: Automatic Configuration Management For Kamailio And Asterisk](https://reader034.vdocument.in/reader034/viewer/2022050711/557ad0bcd8b42add288b4da8/html5/thumbnails/20.jpg)
© 2014 Truphone Limited. All Rights Reserved. 13 April 2023 20
node 'default' { class { '::asterisk': service_manage => true, service_enable => true, service_ensure => 'running', tcpenable => 'yes', }}
Asterisk – minimal configuration
![Page 21: Automatic Configuration Management For Kamailio And Asterisk](https://reader034.vdocument.in/reader034/viewer/2022050711/557ad0bcd8b42add288b4da8/html5/thumbnails/21.jpg)
© 2014 Truphone Limited. All Rights Reserved. 13 April 2023 21
- asterisk, asterisk-modules, asterisk-config- asterisk-voicemail- asterisk-code-sound-en- asterisk-code-sound-en-gsm- asterisk-moh-opsound-gsm
Debian Wheezy: 1.8.13.1~dfsg1-3+deb7u3Ubuntu Trusty: 1:11.7.0~dfsg-1ubuntu1
Asterisk – packages installed
![Page 22: Automatic Configuration Management For Kamailio And Asterisk](https://reader034.vdocument.in/reader034/viewer/2022050711/557ad0bcd8b42add288b4da8/html5/thumbnails/22.jpg)
© 2014 Truphone Limited. All Rights Reserved. 13 April 2023 22
- UDP 5060- TCP 5060
- Because we used ‘tcp_enable => true’- Change listening port by adding a port in:
- udpbindaddr (e.g. 0.0.0.0:5070)- tcpbindaddr (e.g. 0.0.0.0:5070)
- RTP ports range (rtpstart – rtpend)- Enable TLS with tlsenable => ‘yes’
Asterisk – ports
![Page 23: Automatic Configuration Management For Kamailio And Asterisk](https://reader034.vdocument.in/reader034/viewer/2022050711/557ad0bcd8b42add288b4da8/html5/thumbnails/23.jpg)
© 2014 Truphone Limited. All Rights Reserved. 13 April 2023 23
“But I want my config files”
manage_config => false
file { '/etc/asterisk/extensions.conf': source => 'puppet:///modules/my_ast/extensions.conf', notify => Exec['asterisk-dialplan-reload'],}
![Page 24: Automatic Configuration Management For Kamailio And Asterisk](https://reader034.vdocument.in/reader034/viewer/2022050711/557ad0bcd8b42add288b4da8/html5/thumbnails/24.jpg)
© 2014 Truphone Limited. All Rights Reserved. 13 April 2023 24
“But I want my custom package”
package_ensure => “my_version”,
(needs proper apt sources set up)
![Page 25: Automatic Configuration Management For Kamailio And Asterisk](https://reader034.vdocument.in/reader034/viewer/2022050711/557ad0bcd8b42add288b4da8/html5/thumbnails/25.jpg)
© 2014 Truphone Limited. All Rights Reserved. 13 April 2023 25
Asterisk – setup on a new VMapt-get update && apt-get install -y puppet ## This will also pull puppetlabs-stdlibpuppet module install trulabs-asterisk puppet apply -v /etc/puppet/modules/asterisk/tests/init.pp \ --show_diff --noop
dpkg –l | grep asterisknetstat –nap | grep 506.asterisk –x ‘core show version’
![Page 26: Automatic Configuration Management For Kamailio And Asterisk](https://reader034.vdocument.in/reader034/viewer/2022050711/557ad0bcd8b42add288b4da8/html5/thumbnails/26.jpg)
© 2014 Truphone Limited. All Rights Reserved. 13 April 2023 26
Protecting asterisk
firewall { '101 allow to UDP 5060 from kam': dport => ‘5060', proto => 'udp', action => 'accept', destination => $::ipaddress_eth0, source => $kamailio_ip,} ->
“FACT”
VARIABLE
![Page 27: Automatic Configuration Management For Kamailio And Asterisk](https://reader034.vdocument.in/reader034/viewer/2022050711/557ad0bcd8b42add288b4da8/html5/thumbnails/27.jpg)
© 2014 Truphone Limited. All Rights Reserved. 13 April 2023 27
• Why Puppet (and not Chef, Ansible, etc)?• How do you test your Puppet modules?• Will this work on Ubuntu?• Can I automate Puppet runs with Jenkins?
FAQ
![Page 28: Automatic Configuration Management For Kamailio And Asterisk](https://reader034.vdocument.in/reader034/viewer/2022050711/557ad0bcd8b42add288b4da8/html5/thumbnails/28.jpg)
© 2014 Truphone Limited. All Rights Reserved. 13 April 2023 28
Puppet & Docker – the future?
• From VMs to Containers• Build Docker images with Puppet
–Speed up image creation!• Deploy Docker containers with Puppet
–Manage your containers with Puppet
• Problem with Asterisk: mapping port ranges between host and container… hopefully fixed soon!
![Page 29: Automatic Configuration Management For Kamailio And Asterisk](https://reader034.vdocument.in/reader034/viewer/2022050711/557ad0bcd8b42add288b4da8/html5/thumbnails/29.jpg)
© 2014 Truphone Limited. All Rights Reserved. 13 April 2023 29
• Highly recommended: use Configuration Management
• (The actual tool doesn’t matter much)• Develop a common language between dev
and ops/sysadmin• Infrastructure As Code for your Asterisk
deployments
Takeaways
![Page 30: Automatic Configuration Management For Kamailio And Asterisk](https://reader034.vdocument.in/reader034/viewer/2022050711/557ad0bcd8b42add288b4da8/html5/thumbnails/30.jpg)
© 2014 Truphone Limited. All Rights Reserved. 13 April 2023 30
Q&A
Giacomo Vacca@[email protected]://labs.truphone.com/about/
![Page 31: Automatic Configuration Management For Kamailio And Asterisk](https://reader034.vdocument.in/reader034/viewer/2022050711/557ad0bcd8b42add288b4da8/html5/thumbnails/31.jpg)
© 2014 Truphone Limited. All Rights Reserved. 13 April 2023 31
Additional slides
![Page 32: Automatic Configuration Management For Kamailio And Asterisk](https://reader034.vdocument.in/reader034/viewer/2022050711/557ad0bcd8b42add288b4da8/html5/thumbnails/32.jpg)
© 2014 Truphone Limited. All Rights Reserved. 13 April 2023 32
Popularity of Config Mgmt tools
Source: http://www.slideshare.net/ZeroTurnaround/traditional-it-ops-vs-dev-ops-devops-days-ignite-talk-by-oliver-white
![Page 33: Automatic Configuration Management For Kamailio And Asterisk](https://reader034.vdocument.in/reader034/viewer/2022050711/557ad0bcd8b42add288b4da8/html5/thumbnails/33.jpg)
© 2014 Truphone Limited. All Rights Reserved. 13 April 2023 33
Puppet vs Chef – debian*
Source: http://popcon.debian.org/
![Page 34: Automatic Configuration Management For Kamailio And Asterisk](https://reader034.vdocument.in/reader034/viewer/2022050711/557ad0bcd8b42add288b4da8/html5/thumbnails/34.jpg)
© 2014 Truphone Limited. All Rights Reserved. 13 April 2023 34
Puppet vs Chef – github
Source: github.com at 2014/10/03