Duplicity. centos 7.
#scrip for compile and install duplicity from gitlab yum install git epel-release -y yum install python3-pip python3-devel librsync-devel gcc -y git clone https://gitlab.com/duplicity/duplicity.git cd duplicity/ pip3 install --upgrade pip pip3 install -r requirements.txt python3 setup.py install11.10.2022
TIPS for rpm, rpmbuild, yum
The main reason for me to use rpmbuild when i compile and install any software is that you can easily install and remove all files. In “make” case some time you can not do that by command “make remove”. Also when you are using “yum install” than installed libraries can be used by other software for solve dependencies.
Check installed files for certain package:
rpm -ql ffmpeg-libs
TIPs for create spec files:
(rus) https://blog.korphome.ru/2014/11/18/centos-собираем-пакеты-при-помощи-rpmbuild/
(eng) https://rpm-packaging-guide.github.io/#files
Oracle Centos 8. Rtpengine with all codecs supported.
As result of this instruction you will have all this codecs supported in your centos 8 installations.
PCMA: fully supported
PCMU: fully supported
G723: fully supported
G722: fully supported
G729: fully supported
G729a: fully supported
speex: fully supported
GSM: fully supported
iLBC: fully supported
opus: fully supported
AMR: fully supported
AMR-WB: fully supported
telephone-event: fully supported
CN: fully supportedSynopsis:
RPMS, build and install scripts: git clone https://bitbucket.org/yooxy/centos8-rtpengine10-all-codecs.git
This instruction will give you RTPENGINE for Centos 7 and Centos 8 withh all codecs. RPM packages in RPMS dir are ready for install. But also you have rpmbuild-rtpengine.el7 and rpmbuild-rtpengine.el8 to compile it on your system in automatically way.
if you start to compiling on new system, then everything should go fine after you type sh rpmbuild-rtpengine.el7.
IF you work on production system , then check files you are running before start due to you may to install unnecessary packets or kernels.
To build rtpengine with all codecs (g729,AMR,opus,iLBC, GSM) on Centos 8:
cd ~
git clone https://bitbucket.org/yooxy/centos8-rtpengine10-all-codecs.git
sh rpmbuild-rtpengine.el8
cd ~/rpmbuild/RPMS/
dnf install noarch/ngcp-rtpengine-dkms-10.5.1.3+0~mr10.5.1.3-1.el8.noarch.rpm x86_64/ngcp-rtpengine-kernel-10.5.1.3+0~mr10.5.1.3-1.el8.x86_64.rpm x86_64/ngcp-rtpengine-10.5.1.3+0~mr10.5.1.3-1.el8.x86_64.rpmYour RPMs ready for install in ~/root/rpmbuild/RPMS
To install rtpengine without build 10.5 run “sh install-rtpengine.el7”
| Posted in Без рубрики, Готовые решения | No Comments »
Opensips. MI. Json. Zabbix.
Opensips 3.2 have beautiful statistics module. For example you may get Data about average count of incoming sip messages directly from MI interface. Also you can output it on Zabbix graph.
- Enable mi_http module, add into opensips.conf:
loadmodule “httpd.so”
loadmodule “mi_http.so”
modparam(“mi_http”, “root”, “mi”) - Load statistics module and define statistics profiles and add update_stat_series() functions to script, check for example here.
so, now you be able to ask system for stats though MI interface, for example:
opensips-cli -x mi get_statistics all
internally opensips-cli will ask opensips through http://127.0.0.1:8888/mi with POST request with json body:
#example 1 for statistics...
{
"jsonrpc":"2.0",
"id":1,
"method":"get_statistics",
"params":[
["avg_1m:",
"shmem:",
metri "usrloc:"]
]
}
#example 2 for ratelimit data...
{
"jsonrpc":"2.0",
"id":1,
"method":"rl_list",
"params": []
}
You will get result in Json format too.
In our case i just counting how many INVITE,REGISTER and CANCELS initial requests caming to my opensips per 1 minute.
#in opensips.conf:
....
modparam("statistics", "stat_series_profile", "avg_1m: algorithm=accumulate")
....
route {
route(custom_stat);
....
}
route[custom_stat] {
# Ignore indialog requests
if (has_totag())
return ;
update_stat_series("avg_1m", "$si", 1);
update_stat_series("avg_1m", "$rm", 1);
update_stat_series("avg_1m", "$socket_in(proto)|$rm|$si", 1);
}
ZABBIX
- Create item like HTTP agent
- Use (example 1) inside body of POST request, Set JSON type for request and “convert to JSON”
- Add preprocessing JSONPath and “$.body.result” see here for more greatfull examples of how to interpret json answers.
- next step will be getting exactly params you want to monitor: create another item, but set it as “Depended” on item you have created previously.
- Add preprocessing like this : JSON Path and “$.Pipes[?(@.id == “total_INVITE”)].counter” it will show counter value from example 4 Json answer.
{
"Pipes": [
{
"id": "xxx.xxx.xxx.xxx",
"algorithm": "TAILDROP",
"limit": 30,
"counter": 0
},
{
"id": "total_INVITE",
"algorithm": "TAILDROP",
"limit": 150,
"counter": 0
}
],
"drop_rate": 1150
}
25.01.2022 Register here to leave comments or asks something
Hey, colleagues, glad to say i am open registration here so you can leave comments.
Всем, привет, на открыл регистрацию здесь – можете оставлять комменты к постам.
Permission denied interface 80, 443
If you get permission denied for interface when start opensips. Like 44 interface for TLS, solution is here (https://superuser.com/questions/710253/allow-non-root-process-to-bind-to-port-80-and-443)
in short words:
setcap CAP_NET_BIND_SERVICE=+eip /usr/sbin/opensips
opensips 3.1 TLS
Чтобы поднять рабочий сервер TLS-SIP На базе opensips 3.1 нужно учесть несколько моментов:
- Установить certbot (https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-debian-10)
- Установить базу данных: apt install mariadb-server apache
- Установить opensips И opensips control panel
- https://apt.opensips.org/packages.php?v=3.1
- apt install opensips opensips-cli
- apt install opensips* (для ленивых конечно)
- установить сертификаты для своего домена
- Установить opensips control panel
- поправить файлик /var/www/html/opensips-cp/config/tools/system/tls_mgm/local.inc.php закомментировав validation для sip_domain И network_address
socket=udp:x.x.x.x:5060
socket=tcp:x.x.x.x:5060
socket=tls:x.x.x.x:5061
loadmodule "db_mysql.so"
loadmodule "proto_udp.so"
loadmodule "proto_tcp.so"
loadmodule "proto_tls.so"
## TLS specific settings
loadmodule "tls_mgm.so"
loadmodule "tls_openssl.so"
modparam("tls_mgm", "db_url", "mysql://opensips:opensipsrw@localhost/opensips")
6. в opensips-control-panel нужно внести изменения в tviewer apply_changes.php вместо require(“init.php”)
require("../../../../web/tools/".$_SESSION['branch']."/".$_SESSION['module_id']."/init.php");
FAQ:
ERROR:proto_tls:proto_tls_conn_init: no TLS client domain found
opensips не может найти через какой сокет установить соединение т.к. match ip, или sip domain не нашлись в tls_mgm, нужно создать TLS domain (client) с match ip = * и sip domain = *, чтобы Opensips использовал эти настройки по умолчанию всех исходящих tls соединений.
error:1417C086:SSL routines:tls_process_client_certificate:certificate verify failed
значит что выставлена проверка сертификатов, ее либо нужно отключить и перезагрузить Opensips либо загрузить на клиента сертификат для которого нужно загрузить сертификат CA на opensips.
INFO:tls_mgm:ssl_servername_cb: No domain found matching host: in servername extension
ERROR:proto_tls:tls_print_errstack: TLS errstack: error:1422E0EA:SSL routines:final_server_name:callback failed
sip_domain в параметрах указан конкретный, который не передается с сертификатом клиента
решением может быть – поставить * в sip_domain
ERROR:tls_mgm:load_tls_library: No TLS library module loaded
loadmodule “tls_openssl.so” – возможно не установлен этот модуль.
ERROR:tls_openssl:openssl_tls_conn_init: failed to create SSL structure (0:Success)
ERROR:tls_openssl:tls_print_errstack: TLS errstack: error:140BA0C3:SSL routines:SSL_new:null ssl ctx
ERROR:proto_tls:proto_tls_conn_clean: Failed to retrieve the tls_domain pointer in the SSL struct
TIPS: how to see all TLS messages (как посмотреть зашифрованный sip трафик)
opensips.cfg:
socket=hep_udp:127.0.0.1:5656
loadmodule "tracer.so"
# -- tracert --
modparam("tracer", "trace_on", 1)
modparam("tracer", "trace_id", "[tid]uri=hep:hep_dst")
loadmodule "proto_hep.so"
modparam("proto_hep", "hep_id", "[hep_dst] 127.0.0.1:5757;transport=udp;")
sngrep:
sngrep port 5757 -L udp:127.0.0.1:5757
26.07.2021 To deploy some Voip service
- What server you want to use:
- Standalone (physically server)
- Dedicated Server
- Virtual Machine (AWS,GCP,DO and so on)
- Do you have requirements for OS and related software:
- Debian\Centos\Ubuntu
- Mysql/PostgreSQL
- What Voip trunk you have or how you have connected to voice services:
- I have two trunks with a-z routes and cheap prices.
- What amount of calls you expect
- normal: less 5cps, less: 100 concurrent channels,
- high load: less 20 cps, less 1000 cc,
- highest unlimited cps, unlimited cc,
| Posted in Без рубрики, Готовые решения | No Comments »
opensips as SBC
Example of opensips SBC with 2 interfaces with full RTP proxy and g729 transcoding.
Software: opensips 3.1, rtpengine, bcg729.
example settings for rtpengine:
OPTIONS="-i external/172.18.254.50!EXTERNAL_IP -i internal/172.25.150.242 -n 127.0.0.1:2223 -m 35000 -M 65000 -L 4 --log-facility=local1 --table=0 --delete-delay=0 --timeout=60 --silent-timeout=600 --final-timeout=7200 –offer-timeout=60 --num-threads=4 --tos=184 –no-fallback"
example opensips config: git clone https://bitbucket.org/yooxy/opensips-sbc-local-external-transcode.git
| Posted in opensips, Без рубрики, Готовые решения | No Comments »
| Posted in Без рубрики | No Comments »