Automatic Configuration Management For Kamailio And Asterisk

Automatic Configuration Management for Kamailio

and Asterisk

Giacomo VaccaSenior Network Applications Developer

or “How I Stopped Worrying About Deployments”

© 2014 Truphone Limited. All Rights Reserved. 13 April 2023 2

labs.truphone.com


@giavac – Giacomo Vacca

• Doing VoIP 10+ years• Leads Network Apps Dev• All sorts of OS apps in RTC• WebRTC, Devops enthusiast


Embracing Config Management


Penetration of cfg mgmt in trulabs


github/trulabs and Puppet usage

• 44 custom modules• 2 public modules• ~10 3rd party modules• ~2000 commits• ~4000 lines of code


• Quicker to build and configure a new VM• Quicker to setup applications• Easier triage/debugging• Simpler Change Requests• Higher team satisfaction

Visible improvements


• Open Source configuration management • Defines the final status (‘what’, not ‘how’)• Idempotent

puppetlabs.com (I’m not affiliated)

So, what’s Puppet?


• Puppet code is contained in MANIFESTS• Puppet functionalities are organized in

MODULES• “Compiled” manifests are CATALOGUES

Puppet - terminology


• As many environments as you want–Each environment defines a Site

•A Site defines a group of Nodes– Every host is a Node

Puppet - architecture


Master/Slave vs Standalone


https://forge.puppetlabs.com/trulabs/kamailio

A Puppet module for Kamailio




• Tested on debian wheezy; works on Ubuntu• Several levels of control

–Manage Kamailio as a service–Choose package version–TLS/WebSockets enabled/disabled

• Used on Production

trulabs-kamailio


From empty VM to running app

apt-get update && apt-get install -y puppet

puppet module install trulabs-kamailio

puppet apply –v \ /etc/puppet/modules/kamailio/tests/init.pp \--show_diff --noop

# You can check with:dpkg -l | grep kamailionetstat –nap | grep 506.


trulabs-kamailio - structure• manifests

– config.pp– init.pp– install.pp– params.pp– repo.pp and repo/– service.pp

• templates– etc_default_kamailio.erb– kamailio-local.cfg.erb– kamailio.cfg.erb– tls.cfg.erb


e.g.: Kamailio for WebSocketsclass kamailio_ws::install () inherits kamailio_ws { class { '::kamailio': service_manage => true, service_enable => true, service_ensure => 'running', manage_repo => true, with_tls => true, with_websockets => true, with_ephem_auth => true, manage_config => false, }}


• Firewall– Open up UDP+TCP, 5060, 5061– Open TCP 5666 for Nagios client

• TCP keepalive• SSL certs:

– Ensure existing and with correct permissions• Swap memory:

– Ensure created and with correct size• monit, fail2ban, basic tools: Install and configure

kamailio_ws – node setup


https://forge.puppetlabs.com/trulabs/asterisk

A Puppet module for Asterisk





• Pre-requisites– DAHDI (installed as kernel module)– apt repos

• Packages– Core– Sounds– Business logic (from own repo)

• Configuration files– Including optional TLS + certs, ODBC settings

Asterisk – module components


node 'default' { class { '::asterisk': service_manage => true, service_enable => true, service_ensure => 'running', tcpenable => 'yes', }}

Asterisk – minimal configuration


- asterisk, asterisk-modules, asterisk-config- asterisk-voicemail- asterisk-code-sound-en- asterisk-code-sound-en-gsm- asterisk-moh-opsound-gsm

Debian Wheezy: 1.8.13.1~dfsg1-3+deb7u3Ubuntu Trusty: 1:11.7.0~dfsg-1ubuntu1

Asterisk – packages installed


- UDP 5060- TCP 5060

- Because we used ‘tcp_enable => true’- Change listening port by adding a port in:

- udpbindaddr (e.g. 0.0.0.0:5070)- tcpbindaddr (e.g. 0.0.0.0:5070)

- RTP ports range (rtpstart – rtpend)- Enable TLS with tlsenable => ‘yes’

Asterisk – ports


“But I want my config files”

manage_config => false

file { '/etc/asterisk/extensions.conf': source => 'puppet:///modules/my_ast/extensions.conf', notify => Exec['asterisk-dialplan-reload'],}


“But I want my custom package”

package_ensure => “my_version”,

(needs proper apt sources set up)


Asterisk – setup on a new VMapt-get update && apt-get install -y puppet ## This will also pull puppetlabs-stdlibpuppet module install trulabs-asterisk puppet apply -v /etc/puppet/modules/asterisk/tests/init.pp \ --show_diff --noop

dpkg –l | grep asterisknetstat –nap | grep 506.asterisk –x ‘core show version’


Protecting asterisk

firewall { '101 allow to UDP 5060 from kam': dport => ‘5060', proto => 'udp', action => 'accept', destination => $::ipaddress_eth0, source => $kamailio_ip,} ->

“FACT”

VARIABLE


• Why Puppet (and not Chef, Ansible, etc)?• How do you test your Puppet modules?• Will this work on Ubuntu?• Can I automate Puppet runs with Jenkins?

FAQ


Puppet & Docker – the future?

• From VMs to Containers• Build Docker images with Puppet

–Speed up image creation!• Deploy Docker containers with Puppet

–Manage your containers with Puppet

• Problem with Asterisk: mapping port ranges between host and container… hopefully fixed soon!


• Highly recommended: use Configuration Management

• (The actual tool doesn’t matter much)• Develop a common language between dev

and ops/sysadmin• Infrastructure As Code for your Asterisk

deployments

Takeaways


Q&A

Giacomo Vacca@[email protected]://labs.truphone.com/about/

mailto:[email protected]

https://labs.truphone.com/about/




Additional slides


Popularity of Config Mgmt tools

Source: http://www.slideshare.net/ZeroTurnaround/traditional-it-ops-vs-dev-ops-devops-days-ignite-talk-by-oliver-white


Puppet vs Chef – debian*

Source: http://popcon.debian.org/


Puppet vs Chef – github

Source: github.com at 2014/10/03

Software

Automatic Configuration Management For Kamailio And Asterisk