Upload
digium
View
211
Download
3
Tags:
Embed Size (px)
DESCRIPTION
Automatic Configuration Management for Kamailio and Asterisk in the era of Puppet
Citation preview
Automatic Configuration Management for Kamailio
and Asterisk
Giacomo VaccaSenior Network Applications Developer
or “How I Stopped Worrying About Deployments”
© 2014 Truphone Limited. All Rights Reserved. 10 November 2014
labs.truphone.com
2
© 2014 Truphone Limited. All Rights Reserved. 10 November 2014 3
@giavac – Giacomo Vacca
• Doing VoIP 10+ years
• Leads Network Apps Dev
• All sorts of OS apps in RTC
• WebRTC, Devops enthusiast
© 2014 Truphone Limited. All Rights Reserved. 10 November 2014 4
Embracing Config Management
© 2014 Truphone Limited. All Rights Reserved. 10 November 2014 5
Penetration of cfg mgmt in trulabs
© 2014 Truphone Limited. All Rights Reserved. 10 November 2014 6
github/trulabs and Puppet usage
• 44 custom modules
• 2 public modules
• ~10 3rd party modules
• ~2000 commits
• ~4000 lines of code
© 2014 Truphone Limited. All Rights Reserved. 10 November 2014
• Quicker to build and configure a new VM
• Quicker to setup applications
• Easier triage/debugging
• Simpler Change Requests
• Higher team satisfaction
7
Visible improvements
© 2014 Truphone Limited. All Rights Reserved. 10 November 2014
• Open Source configuration management
• Defines the final status (‘what’, not ‘how’)
• Idempotent
puppetlabs.com (I’m not affiliated)
8
So, what’s Puppet?
© 2014 Truphone Limited. All Rights Reserved. 10 November 2014
• Puppet code is contained in MANIFESTS
• Puppet functionalities are organized in MODULES
• “Compiled” manifests are CATALOGUES
9
Puppet - terminology
© 2014 Truphone Limited. All Rights Reserved. 10 November 2014
• As many environments as you want
–Each environment defines a Site
•A Site defines a group of Nodes
– Every host is a Node
10
Puppet - architecture
© 2014 Truphone Limited. All Rights Reserved. 10 November 2014 11
Master/Slave vs Standalone
© 2014 Truphone Limited. All Rights Reserved. 10 November 2014
https://forge.puppetlabs.com/trulabs/kamailio
12
A Puppet module for Kamailio
© 2014 Truphone Limited. All Rights Reserved. 10 November 2014
• Tested on debian wheezy; works on Ubuntu
• Several levels of control
–Manage Kamailio as a service
–Choose package version
–TLS/WebSockets enabled/disabled
• Used on Production
13
trulabs-kamailio
© 2014 Truphone Limited. All Rights Reserved. 10 November 2014 14
From empty VM to running app
apt-get update && apt-get install -y puppet
puppet module install trulabs-kamailio
puppet apply –v \/etc/puppet/modules/kamailio/tests/init.pp \--show_diff --noop
# You can check with:dpkg -l | grep kamailionetstat –nap | grep 506.
© 2014 Truphone Limited. All Rights Reserved. 10 November 2014 15
trulabs-kamailio - structure• manifests
– config.pp
– init.pp
– install.pp
– params.pp
– repo.pp and repo/
– service.pp
• templates
– etc_default_kamailio.erb
– kamailio-local.cfg.erb
– kamailio.cfg.erb
– tls.cfg.erb
© 2014 Truphone Limited. All Rights Reserved. 10 November 2014 16
e.g.: Kamailio for WebSocketsclass kamailio_ws::install () inherits kamailio_ws {
class { '::kamailio':
service_manage => true,
service_enable => true,
service_ensure => 'running',
manage_repo => true,
with_tls => true,
with_websockets => true,
with_ephem_auth => true,
manage_config => false,
}
}
© 2014 Truphone Limited. All Rights Reserved. 10 November 2014
• Firewall
– Open up UDP+TCP, 5060, 5061
– Open TCP 5666 for Nagios client
• TCP keepalive
• SSL certs:
– Ensure existing and with correct permissions
• Swap memory:
– Ensure created and with correct size
• monit, fail2ban, basic tools: Install and configure
17
kamailio_ws – node setup
© 2014 Truphone Limited. All Rights Reserved. 10 November 2014
https://forge.puppetlabs.com/trulabs/asterisk
18
A Puppet module for Asterisk
© 2014 Truphone Limited. All Rights Reserved. 10 November 2014
• Pre-requisites
– DAHDI (installed as kernel module)
– apt repos
• Packages
– Core
– Sounds
– Business logic (from own repo)
• Configuration files
– Including optional TLS + certs, ODBC settings
19
Asterisk – module components
© 2014 Truphone Limited. All Rights Reserved. 10 November 2014
node 'default' {
class { '::asterisk':
service_manage => true,
service_enable => true,
service_ensure => 'running',
tcpenable => 'yes',
}
}
20
Asterisk – minimal configuration
© 2014 Truphone Limited. All Rights Reserved. 10 November 2014
- asterisk, asterisk-modules, asterisk-config
- asterisk-voicemail
- asterisk-code-sound-en
- asterisk-code-sound-en-gsm
- asterisk-moh-opsound-gsm
Debian Wheezy: 1.8.13.1~dfsg1-3+deb7u3
Ubuntu Trusty: 1:11.7.0~dfsg-1ubuntu121
Asterisk – packages installed
© 2014 Truphone Limited. All Rights Reserved. 10 November 2014
- UDP 5060
- TCP 5060
- Because we used ‘tcp_enable => true’
- Change listening port by adding a port in:
- udpbindaddr (e.g. 0.0.0.0:5070)
- tcpbindaddr (e.g. 0.0.0.0:5070)
- RTP ports range (rtpstart – rtpend)
- Enable TLS with tlsenable => ‘yes’22
Asterisk – ports
© 2014 Truphone Limited. All Rights Reserved. 10 November 2014 23
“But I want my config files”
manage_config => false
file { '/etc/asterisk/extensions.conf':
source => 'puppet:///modules/my_ast/extensions.conf',
notify => Exec['asterisk-dialplan-reload'],
}
© 2014 Truphone Limited. All Rights Reserved. 10 November 2014 24
“But I want my custom package”
package_ensure => “my_version”,
(needs proper apt sources set up)
© 2014 Truphone Limited. All Rights Reserved. 10 November 2014 25
Asterisk – setup on a new VM
apt-get update && apt-get install -y puppet
## This will also pull puppetlabs-stdlibpuppet module install trulabs-asterisk
puppet apply -v /etc/puppet/modules/asterisk/tests/init.pp \--show_diff --noop
dpkg –l | grep asterisknetstat –nap | grep 506.asterisk –x ‘core show version’
© 2014 Truphone Limited. All Rights Reserved. 10 November 2014 26
Protecting asterisk
firewall { '101 allow to UDP 5060 from kam':
dport => ‘5060',
proto => 'udp',
action => 'accept',
destination => $::ipaddress_eth0,
source => $kamailio_ip,
} ->
© 2014 Truphone Limited. All Rights Reserved. 10 November 2014
• Why Puppet (and not Chef, Ansible, etc)?
• How do you test your Puppet modules?
• Will this work on Ubuntu?
• Can I automate Puppet runs with Jenkins?
27
FAQ
© 2014 Truphone Limited. All Rights Reserved. 10 November 2014 28
Puppet & Docker – the future?
• From VMs to Containers
• Build Docker images with Puppet
–Speed up image creation!
• Deploy Docker containers with Puppet
–Manage your containers with Puppet
• Problem with Asterisk: mapping port ranges between host and container… hopefully fixed soon!
© 2014 Truphone Limited. All Rights Reserved. 10 November 2014
• Highly recommended: use Configuration Management
• (The actual tool doesn’t matter much)
• Develop a common language between devand ops/sysadmin
• Infrastructure As Code for your Asterisk deployments
29
Takeaways
© 2014 Truphone Limited. All Rights Reserved. 10 November 2014
Q&A
Giacomo Vacca
@giavac
https://labs.truphone.com/about/
30
© 2014 Truphone Limited. All Rights Reserved. 10 November 2014
Additional slides
31
© 2014 Truphone Limited. All Rights Reserved. 10 November 2014 32
Popularity of Config Mgmt tools
Source: http://www.slideshare.net/ZeroTurnaround/traditional-it-ops-vs-dev-ops-devops-days-ignite-talk-by-oliver-white
© 2014 Truphone Limited. All Rights Reserved. 10 November 2014 33
Puppet vs Chef – debian*
Source: http://popcon.debian.org/
© 2014 Truphone Limited. All Rights Reserved. 10 November 2014 34
Puppet vs Chef – github
Source: github.com at 2014/10/03