Automatic Configuration Management For Kamailio And Asterisk
•Als PPTX, PDF herunterladen•
2 gefällt mir•3,607 views
We are under the pressure of delivering RTC systems that are at the same time stable, but can change often to add features and fix bugs. The underlying systems also change frequently (OS upgrades, increase/decrease capacity on demand), and we need multiple environments running (e.g. development, testing/QA, production). Puppet provides a solution that dramatically cuts deployment time, reduces occurrences of errors, while at the same time documenting the configuration status. This presentation is about I stopped worrying about the deployments of systems built with Kamailio, Asterisk and other open source applications. With our Puppet code base we go from a new Virtual Machine to a working system in minutes, with peace of mind and self-documented configurations and processes. Firewall, nagios, syslog, monit, sec, and many other related tools and properties are also automatically configured.
Empfohlen
Empfohlen
Weitere ähnliche Inhalte
Andere mochten auch
Andere mochten auch (14)
Mehr von Giacomo Vacca
Mehr von Giacomo Vacca (13)
Kürzlich hochgeladen
Kürzlich hochgeladen (20)
Automatic Configuration Management For Kamailio And Asterisk
- 1. Automatic Configuration Management for Kamailio and Asterisk or “How I Stopped Worrying About Deployments” Giacomo Vacca Senior Network Applications Developer
- 2. labs.truphone.com © 2014 Truphone 26 October 2014 Limited. All Rights Reserved. 2
- 3. @giavac – Giacomo Vacca • Doing VoIP 10+ years • Leads Network Apps Dev • All sorts of OS apps in RTC • WebRTC, Devops enthusiast © 2014 Truphone 26 October 2014 Limited. All Rights Reserved. 3
- 4. Embracing Config Management © 2014 Truphone 26 October 2014 Limited. All Rights Reserved. 4
- 5. Penetration of cfg mgmt in trulabs © 2014 Truphone 26 October 2014 Limited. All Rights Reserved. 5
- 6. github/trulabs and Puppet usage • 44 custom modules • 2 public modules • ~10 3rd party modules • ~2000 commits • ~4000 lines of code © 2014 Truphone 26 October 2014 Limited. All Rights Reserved. 6
- 7. • Quicker to build and configure a new VM • Quicker to setup applications • Easier triage/debugging • Simpler Change Requests • Higher team satisfaction © 2014 Truphone 26 October 2014 Limited. All Rights Reserved. 7 Visible improvements
- 8. • Open Source configuration management • Defines the final status (‘what’, not ‘how’) • Idempotent puppetlabs.com (I’m not affiliated) © 2014 Truphone 26 October 2014 Limited. All Rights Reserved. 8 So, what’s Puppet?
- 9. • Puppet code is contained in MANIFESTS • Puppet functionalities are organized in MODULES • “Compiled” manifests are CATALOGUES © 2014 Truphone 26 October 2014 Limited. All Rights Reserved. 9 Puppet - terminology
- 10. • As many environments as you want –Each environment defines a Site •A Site defines a group of Nodes – Every host is a Node © 2014 Truphone 26 October 2014 Limited. All Rights Reserved. 10 Puppet - architecture
- 11. Master/Slave vs Standalone © 2014 Truphone 26 October 2014 Limited. All Rights Reserved. 11
- 12. https://forge.puppetlabs.com/trulabs/kamailio © 2014 Truphone 26 October 2014 Limited. All Rights Reserved. 12 A Puppet module for Kamailio
- 13. • Tested on debian wheezy; works on Ubuntu • Several levels of control –Manage Kamailio as a service –Choose package version –TLS/WebSockets enabled/disabled • Used on Production © 2014 Truphone 26 October 2014 Limited. All Rights Reserved. 13 trulabs-kamailio
- 14. From empty VM to running app apt-get update && apt-get install -y puppet puppet module install trulabs-kamailio puppet apply –v /etc/puppet/modules/kamailio/tests/init.pp --show_diff --noop © 2014 Truphone 26 October 2014 Limited. All Rights Reserved. 14 # You can check with: dpkg -l | grep kamailio netstat –nap | grep 506.
- 15. trulabs-kamailio - structure • manifests – config.pp – init.pp – install.pp – params.pp – repo.pp and repo/ – service.pp • templates – etc_default_kamailio.erb – kamailio-local.cfg.erb – kamailio.cfg.erb – tls.cfg.erb © 2014 Truphone 26 October 2014 Limited. All Rights Reserved. 15
- 16. e.g.: Kamailio for WebSockets class kamailio_ws::install () inherits kamailio_ws { class { '::kamailio': service_manage => true, service_enable => true, service_ensure => 'running', manage_repo => true, with_tls => true, with_websockets => true, with_ephem_auth => true, manage_config => false, } } © 2014 Truphone 26 October 2014 Limited. All Rights Reserved. 16
- 17. • Firewall – Open up UDP+TCP, 5060, 5061 – Open TCP 5666 for Nagios client • TCP keepalive • SSL certs: – Ensure existing and with correct permissions • Swap memory: – Ensure created and with correct size • monit, fail2ban, basic tools: Install and configure © 2014 Truphone 26 October 2014 Limited. All Rights Reserved. 17 kamailio_ws – node setup
- 18. https://forge.puppetlabs.com/trulabs/asterisk © 2014 Truphone 26 October 2014 Limited. All Rights Reserved. 18 A Puppet module for Asterisk
- 19. • Pre-requisites –DAHDI (installed as kernel module) – apt repos • Packages – Core – Sounds – Business logic (from own repo) • Configuration files – Including optional TLS + certs, ODBC settings © 2014 Truphone 26 October 2014 Limited. All Rights Reserved. 19 Asterisk – module components
- 20. node 'default' { class { '::asterisk': service_manage => true, service_enable => true, service_ensure => 'running', tcpenable => 'yes', } } © 2014 Truphone 26 October 2014 Limited. All Rights Reserved. 20 Asterisk – minimal configuration
- 21. - asterisk, asterisk-modules, asterisk-config - asterisk-voicemail - asterisk-code-sound-en - asterisk-code-sound-en-gsm - asterisk-moh-opsound-gsm Debian Wheezy: 1.8.13.1~dfsg1-3+deb7u3 Ubuntu Trusty: 1:11.7.0~dfsg-1ubuntu1 © 2014 Truphone 26 October 2014 Limited. All Rights Reserved. 21 Asterisk – packages installed
- 22. - UDP 5060 - TCP 5060 - Because we used ‘tcp_enable => true’ - Change listening port by adding a port in: - udpbindaddr (e.g. 0.0.0.0:5070) - tcpbindaddr (e.g. 0.0.0.0:5070) - RTP ports range (rtpstart – rtpend) - Enable TLS with tlsenable => ‘yes’ © 2014 Truphone 26 October 2014 Limited. All Rights Reserved. 22 Asterisk – ports
- 23. “But I want my config files” © 2014 Truphone 26 October 2014 Limited. All Rights Reserved. 23 manage_config => false file { '/etc/asterisk/extensions.conf': source => 'puppet:///modules/my_ast/extensions.conf', notify => Exec['asterisk-dialplan-reload'], }
- 24. “But I want my custom package” package_ensure => “my_version”, (needs proper apt sources set up) © 2014 Truphone 26 October 2014 Limited. All Rights Reserved. 24
- 25. Asterisk – setup on a new VM apt-get update && apt-get install -y puppet ## This will also pull puppetlabs-stdlib puppet module install trulabs-asterisk puppet apply -v /etc/puppet/modules/asterisk/tests/init.pp © 2014 Truphone 26 October 2014 Limited. All Rights Reserved. 25 --show_diff --noop dpkg –l | grep asterisk netstat –nap | grep 506. asterisk –x ‘core show version’
- 26. Protecting asterisk firewall { '101 allow to UDP 5060 from kam': dport => ‘5060', proto => 'udp', action => 'accept', destination => $::ipaddress_eth0, source => $kamailio_ip, } -> © 2014 Truphone 26 October 2014 Limited. All Rights Reserved. 26
- 27. • Why Puppet (and not Chef, Ansible, etc)? • How do you test your Puppet modules? • Will this work on Ubuntu? • Can I automate Puppet runs with Jenkins? © 2014 Truphone 26 October 2014 Limited. All Rights Reserved. 27 FAQ
- 28. Puppet & Docker – the future? • From VMs to Containers • Build Docker images with Puppet –Speed up image creation! • Deploy Docker containers with Puppet –Manage your containers with Puppet • Problem with Asterisk: mapping port ranges between host and container… hopefully fixed soon! © 2014 Truphone 26 October 2014 Limited. All Rights Reserved. 28
- 29. • Highly recommended: use Configuration Management •(The actual tool doesn’t matter much) • Develop a common language between dev and ops/sysadmin • Infrastructure As Code for your Asterisk deployments © 2014 Truphone 26 October 2014 Limited. All Rights Reserved. 29 Takeaways
- 30. © 2014 Truphone 26 October 2014 Limited. All Rights Reserved. Q&A Giacomo Vacca @giavac labs@truphone.com https://labs.truphone.com/about/ 30
- 31. © 2014 Truphone 26 October 2014 Limited. All Rights Reserved. Additional slides 31
- 32. Popularity of Config Mgmt tools Source: http://www.slideshare.net/ZeroTurnaround/traditional-it-ops-vs-dev-ops-devops-days-ignite-talk-by-oliver-white © 2014 Truphone 26 October 2014 Limited. All Rights Reserved. 32
- 33. Puppet vs Chef – debian* © 2014 Truphone 26 October 2014 Limited. All Rights Reserved. 33 Source: http://popcon.debian.org/
- 34. Puppet vs Chef – github © 2014 Truphone 26 October 2014 Limited. All Rights Reserved. 34 Source: github.com at 2014/10/03
Hinweis der Redaktion
- This presentation is about a practical example of automating the configuration of Linux-based RTC platforms, with particular emphasis on Kamailio and Asterisk. QUESTIONS TO AUDIENCE: Who’s being deploying Asterisk in any sort of automated fashion? Using Puppet? Using something else, like Chef, Ansible, Salt? Even if you’re already doing it, say for example with Chef, I hope this presentation will be useful to challenge or corroborate your process.
- Truphone is a Global Mobile Network Operator: you can use Truphone in more than 200 countries, and in 66 countries like you do in your home country. Truphone Labs takes care mainly of the Truphone App. MISSION: “a phone in your mobile device”. iOS, Android, BB apps. Platform: Open Source applications and libraries. (and of course Asterisk plays – and has played since day 1– an important part in this)
- I’ve been working with VoIP-related technologies for the last decade. DEV background.
- THIS PRESENTATION IS ALSO ABOUT A PERSONAL PATH TOWARDS DEVOPS. I think the typical path to embrace configuration management is coming from a sysadmin role and willing to simplify your life. I come from a different direction: deploying applications and doing system integration, and willing to automate anything that’s possible: “Infrastructure as code”. Also wanted to: Have more time for dev, less for ops-related stuff Share a common language with Ops Get configuration documentation FOR FREE! Play with something new!
- In 2012 I started challenging that only infrastructure and not apps configuration were automatically managed. Was Master/Slave. I started to move applications configuration into Puppet, incrementally. I reckon THE HARDEST PART IS GOING FROM 0% TO ABOUT 50%, then it’s all downhill. Now we have almost 100% of the apps deployed with Puppet, including pre-requisites, firewall, monitoring, etc.
- Wheezy: puppet 2.7 Trusty: puppet 3.4
- VISIBLE IMPROVEMENTS I’m afraid I don’t have terribly accurate numbers, but the order of magnitude – the important thing here – is about right. Build and configure a new VM From weeks to < 5’ Incl. pre-req libs, f/w, swap, Nagios, TCP ka, etc Configure an application of a new VM From hours to minutes From .deb + manual config to all automated Easier Triage/debugging Fewer cfg-related defects, quicker assessment From 3-ways diff to git tools Simpler Change Requests Require fewer iterations before approval Fewer surprises when simulating the deployment Easier to rollback (but fewer rollbacks needed) Higher team satisfaction Efforts shifted from deployment time to deployment preparation Increased confidence Deployments are now considered “cheap” and “low-risk”
- Puppet has a “community version” or “enterprise version” (as Chef and most of the others)
- Possibly an overlooked feature/potentiality of Puppet is that it does not mandate a Master! Master/Slave Need to build/configure master (SPOF) Need to secure master/slave connections More secure Standalone (our choice – so far!) No need to have a master at all Easier to extend Need care in handling sensitive data
- This configuration will pull kamailio deb packages from sipwise repo (which is the official kamailio debian repo).
- A very common structure for a Puppet module. Templates are based on the default configuration provided inside the official debian packages. You can change the templates depending on your needs.
- Practical example: build a kamailio instance with WebSockets support. Let’s call it kamailio_ws. See the relevant configuration elements here: with_websockets set to TRUE. Here we’re telling Puppet that the installation phase requires the instantiation of a trulabs-kamailio class with those configuration properties. Puppet will do the job for us.
- The surrounding conditions for such a host would be: Firewall TCP keepalive settings SSL certificates checks Swap memory configuration Monit Nagios fail2ban Other tools You can build the node with trulabs-kamailio and other 3rd party modules (e.g. puppetlabs-firewall), depending on your needs.
- Finally, let’s move to Asterisk. If we think about the main components involved in an installation: pre-requisites: apt sources, DAHDI if needed. Packages to be installed: core, sounds, perhaps your own packages from your repos Configuration files (sip.conf, rtp.conf, etc) to set up TLS, ODBC, etc
- A minimal configuration is the following. See we have the option to enable and manage directly asterisk as a service. We can also enable listening on TCP (default: disabled). This happens by interacting with the configuration files templates.
- For example, if I apply the previous node definition to a debian wheezy machine, these packages are installed. (this is just the action of installing ‘asterisk’, which will pull the other packages automatically). This happens because the default value for the asterisk package is “latest”. You can set whatever version you want (as long as it’s reachable with the current apt source configuration).
- Other things that are happening: asterisk is configured to listen on UDP 5060 and TCP 5060. This can be changed by specifying udpbindaddr and tcpbindaddr attributes when instantiating the class.
- If you want to manage Asterisk’s configuration files outside of the basic trulabs module, You can do so by asking the module not to manage the configuration, and by Managing the desired configuration file(s) directly in Puppeteeze.
- In analogy with “But I want my config files”, you can specify a custom version. You need to set up apt sources properly.
- In analogy with what seen with kamailio, here’s the minimum amount of instructions needed to have an asterisk app up and running. You can try this easily inside a docker container.
- You can add this to your asterisk node definition, so that you protect access (iptables) to UDP 5060 from kamailio only. The arrow in this slide shows an interesting thing: a FACT. Facts are pre-set variables that you can use in your manifests. They make it possible for you to refer to local properties automatically. On the other hand, $kamailio_ip is a variable that you can set, and will determine, in this example, the f/w configuration.