Automatic Configuration Management for Kamailio

and Asterisk

Giacomo VaccaSenior Network Applications Developer

or “How I Stopped Worrying About Deployments”

© 2014 Truphone Limited. All Rights Reserved. 10 November 2014

labs.truphone.com

2

© 2014 Truphone Limited. All Rights Reserved. 10 November 2014 3

@giavac – Giacomo Vacca

• Doing VoIP 10+ years

• Leads Network Apps Dev

• All sorts of OS apps in RTC

• WebRTC, Devops enthusiast

© 2014 Truphone Limited. All Rights Reserved. 10 November 2014 4

Embracing Config Management

© 2014 Truphone Limited. All Rights Reserved. 10 November 2014 5

Penetration of cfg mgmt in trulabs

© 2014 Truphone Limited. All Rights Reserved. 10 November 2014 6

github/trulabs and Puppet usage

• 44 custom modules

• 2 public modules

• ~10 3rd party modules

• ~2000 commits

• ~4000 lines of code

© 2014 Truphone Limited. All Rights Reserved. 10 November 2014

• Quicker to build and configure a new VM

• Quicker to setup applications

• Easier triage/debugging

• Simpler Change Requests

• Higher team satisfaction

7

Visible improvements

© 2014 Truphone Limited. All Rights Reserved. 10 November 2014

• Open Source configuration management

• Defines the final status (‘what’, not ‘how’)

• Idempotent

puppetlabs.com (I’m not affiliated)

8

So, what’s Puppet?

© 2014 Truphone Limited. All Rights Reserved. 10 November 2014

• Puppet code is contained in MANIFESTS

• Puppet functionalities are organized in MODULES

• “Compiled” manifests are CATALOGUES

9

Puppet - terminology

© 2014 Truphone Limited. All Rights Reserved. 10 November 2014

• As many environments as you want

–Each environment defines a Site

•A Site defines a group of Nodes

– Every host is a Node

10

Puppet - architecture

© 2014 Truphone Limited. All Rights Reserved. 10 November 2014 11

Master/Slave vs Standalone

© 2014 Truphone Limited. All Rights Reserved. 10 November 2014

https://forge.puppetlabs.com/trulabs/kamailio

12

A Puppet module for Kamailio

© 2014 Truphone Limited. All Rights Reserved. 10 November 2014

• Tested on debian wheezy; works on Ubuntu

• Several levels of control

–Manage Kamailio as a service

–Choose package version

–TLS/WebSockets enabled/disabled

• Used on Production

13

trulabs-kamailio

© 2014 Truphone Limited. All Rights Reserved. 10 November 2014 14

From empty VM to running app

apt-get update && apt-get install -y puppet

puppet module install trulabs-kamailio

puppet apply –v \/etc/puppet/modules/kamailio/tests/init.pp \--show_diff --noop

# You can check with:dpkg -l | grep kamailionetstat –nap | grep 506.

© 2014 Truphone Limited. All Rights Reserved. 10 November 2014 15

trulabs-kamailio - structure• manifests

– config.pp

– init.pp

– install.pp

– params.pp

– repo.pp and repo/

– service.pp

• templates

– etc_default_kamailio.erb

– kamailio-local.cfg.erb

– kamailio.cfg.erb

– tls.cfg.erb

© 2014 Truphone Limited. All Rights Reserved. 10 November 2014 16

e.g.: Kamailio for WebSocketsclass kamailio_ws::install () inherits kamailio_ws {

class { '::kamailio':

service_manage => true,

service_enable => true,

service_ensure => 'running',

manage_repo => true,

with_tls => true,

with_websockets => true,

with_ephem_auth => true,

manage_config => false,

}

}

© 2014 Truphone Limited. All Rights Reserved. 10 November 2014

• Firewall

– Open up UDP+TCP, 5060, 5061

– Open TCP 5666 for Nagios client

• TCP keepalive

• SSL certs:

– Ensure existing and with correct permissions

• Swap memory:

– Ensure created and with correct size

• monit, fail2ban, basic tools: Install and configure

17

kamailio_ws – node setup

© 2014 Truphone Limited. All Rights Reserved. 10 November 2014

https://forge.puppetlabs.com/trulabs/asterisk

18

A Puppet module for Asterisk

© 2014 Truphone Limited. All Rights Reserved. 10 November 2014

• Pre-requisites

– DAHDI (installed as kernel module)

– apt repos

• Packages

– Core

– Sounds

– Business logic (from own repo)

• Configuration files

– Including optional TLS + certs, ODBC settings

19

Asterisk – module components

© 2014 Truphone Limited. All Rights Reserved. 10 November 2014

node 'default' {

class { '::asterisk':

service_manage => true,

service_enable => true,

service_ensure => 'running',

tcpenable => 'yes',

}

}

20

Asterisk – minimal configuration

© 2014 Truphone Limited. All Rights Reserved. 10 November 2014

- asterisk, asterisk-modules, asterisk-config

- asterisk-voicemail

- asterisk-code-sound-en

- asterisk-code-sound-en-gsm

- asterisk-moh-opsound-gsm

Debian Wheezy: 1.8.13.1~dfsg1-3+deb7u3

Ubuntu Trusty: 1:11.7.0~dfsg-1ubuntu121

Asterisk – packages installed

© 2014 Truphone Limited. All Rights Reserved. 10 November 2014

- UDP 5060

- TCP 5060

- Because we used ‘tcp_enable => true’

- Change listening port by adding a port in:

- udpbindaddr (e.g. 0.0.0.0:5070)

- tcpbindaddr (e.g. 0.0.0.0:5070)

- RTP ports range (rtpstart – rtpend)

- Enable TLS with tlsenable => ‘yes’22

Asterisk – ports

© 2014 Truphone Limited. All Rights Reserved. 10 November 2014 23

“But I want my config files”

manage_config => false

file { '/etc/asterisk/extensions.conf':

source => 'puppet:///modules/my_ast/extensions.conf',

notify => Exec['asterisk-dialplan-reload'],

}

© 2014 Truphone Limited. All Rights Reserved. 10 November 2014 24

“But I want my custom package”

package_ensure => “my_version”,

(needs proper apt sources set up)

© 2014 Truphone Limited. All Rights Reserved. 10 November 2014 25

Asterisk – setup on a new VM

apt-get update && apt-get install -y puppet

## This will also pull puppetlabs-stdlibpuppet module install trulabs-asterisk

puppet apply -v /etc/puppet/modules/asterisk/tests/init.pp \--show_diff --noop

dpkg –l | grep asterisknetstat –nap | grep 506.asterisk –x ‘core show version’

© 2014 Truphone Limited. All Rights Reserved. 10 November 2014 26

Protecting asterisk

firewall { '101 allow to UDP 5060 from kam':

dport => ‘5060',

proto => 'udp',

action => 'accept',

destination => $::ipaddress_eth0,

source => $kamailio_ip,

} ->

© 2014 Truphone Limited. All Rights Reserved. 10 November 2014

• Why Puppet (and not Chef, Ansible, etc)?

• How do you test your Puppet modules?

• Will this work on Ubuntu?

• Can I automate Puppet runs with Jenkins?

27

FAQ

© 2014 Truphone Limited. All Rights Reserved. 10 November 2014 28

Puppet & Docker – the future?

• From VMs to Containers

• Build Docker images with Puppet

–Speed up image creation!

• Deploy Docker containers with Puppet

–Manage your containers with Puppet

• Problem with Asterisk: mapping port ranges between host and container… hopefully fixed soon!

© 2014 Truphone Limited. All Rights Reserved. 10 November 2014

• Highly recommended: use Configuration Management

• (The actual tool doesn’t matter much)

• Develop a common language between devand ops/sysadmin

• Infrastructure As Code for your Asterisk deployments

29

Takeaways

© 2014 Truphone Limited. All Rights Reserved. 10 November 2014

Q&A

Giacomo Vacca

@giavac

labs@truphone.com

https://labs.truphone.com/about/

30

© 2014 Truphone Limited. All Rights Reserved. 10 November 2014

Additional slides

31

© 2014 Truphone Limited. All Rights Reserved. 10 November 2014 32

Popularity of Config Mgmt tools

Source: http://www.slideshare.net/ZeroTurnaround/traditional-it-ops-vs-dev-ops-devops-days-ignite-talk-by-oliver-white

© 2014 Truphone Limited. All Rights Reserved. 10 November 2014 33

Puppet vs Chef – debian*

Source: http://popcon.debian.org/

© 2014 Truphone Limited. All Rights Reserved. 10 November 2014 34

Puppet vs Chef – github

Source: github.com at 2014/10/03