22.03.2023

Duplicity. centos 7.

#scrip for compile and install duplicity from gitlab
yum install git epel-release -y
yum install python3-pip python3-devel librsync-devel gcc -y
git clone https://gitlab.com/duplicity/duplicity.git
cd duplicity/
pip3 install --upgrade pip
pip3 install -r requirements.txt
python3 setup.py install

11.10.2022

TIPS for rpm, rpmbuild, yum

The main reason for me to use rpmbuild when i compile and install any software is that you can easily install and remove all files. In “make” case some time you can not do that by command “make remove”. Also when you are using “yum install” than installed libraries can be used by other software for solve dependencies.

Check installed files for certain package:

rpm -ql ffmpeg-libs

TIPs for create spec files:
(rus) https://blog.korphome.ru/2014/11/18/centos-собираем-пакеты-при-помощи-rpmbuild/
(eng) https://rpm-packaging-guide.github.io/#files

16.08.2022

Oracle Centos 8. Rtpengine with all codecs supported.

As result of this instruction you will have all this codecs supported in your centos 8 installations.

                PCMA: fully supported
                PCMU: fully supported
                G723: fully supported
                G722: fully supported
                G729: fully supported
               G729a: fully supported
               speex: fully supported
                 GSM: fully supported
                iLBC: fully supported
                opus: fully supported
                 AMR: fully supported
              AMR-WB: fully supported
     telephone-event: fully supported
                  CN: fully supported

Synopsis:

RPMS, build and install scripts: git clone https://bitbucket.org/yooxy/centos8-rtpengine10-all-codecs.git

This instruction will give you RTPENGINE for Centos 7 and Centos 8 withh all codecs. RPM packages in RPMS dir are ready for install. But also you have rpmbuild-rtpengine.el7 and rpmbuild-rtpengine.el8 to compile it on your system in automatically way.

if you start to compiling on new system, then everything should go fine after you type sh rpmbuild-rtpengine.el7.

IF you work on production system , then check files you are running before start due to you may to install unnecessary packets or kernels. 

To build rtpengine with all codecs (g729,AMR,opus,iLBC, GSM) on Centos 8:

cd ~
git clone https://bitbucket.org/yooxy/centos8-rtpengine10-all-codecs.git
sh rpmbuild-rtpengine.el8
cd ~/rpmbuild/RPMS/
dnf install noarch/ngcp-rtpengine-dkms-10.5.1.3+0~mr10.5.1.3-1.el8.noarch.rpm x86_64/ngcp-rtpengine-kernel-10.5.1.3+0~mr10.5.1.3-1.el8.x86_64.rpm x86_64/ngcp-rtpengine-10.5.1.3+0~mr10.5.1.3-1.el8.x86_64.rpm

Your RPMs ready for install in ~/root/rpmbuild/RPMS


To install rtpengine without build 10.5 run “sh install-rtpengine.el7”

28.01.2022

Opensips. MI. Json. Zabbix.

Opensips 3.2 have beautiful statistics module. For example you may get Data about average count of incoming sip messages directly from MI interface. Also you can output it on Zabbix graph.

  1. Enable mi_http module, add into opensips.conf:
    loadmodule “httpd.so”
    loadmodule “mi_http.so”
    modparam(“mi_http”, “root”, “mi”)
  2. Load statistics module and define statistics profiles and add update_stat_series() functions to script, check for example here.

so, now you be able to ask system for stats though MI interface, for example:

opensips-cli -x mi get_statistics all

internally opensips-cli will ask opensips through http://127.0.0.1:8888/mi with POST request with json body:

#example 1 for statistics...
{ 
  "jsonrpc":"2.0",
  "id":1,
  "method":"get_statistics",
  "params":[
             ["avg_1m:",
              "shmem:",
         metri     "usrloc:"]
          ]
}
#example 2 for ratelimit data...
{
  "jsonrpc":"2.0",
  "id":1,
  "method":"rl_list",
  "params": []
}

You will get result in Json format too.
In our case i just counting how many INVITE,REGISTER and CANCELS initial requests caming to my opensips per 1 minute.

#in opensips.conf: 
....
modparam("statistics", "stat_series_profile", "avg_1m: algorithm=accumulate")
....
route { 
      route(custom_stat);
....
}
route[custom_stat] {
                    # Ignore indialog requests
                    if (has_totag())
                        return ;

                        update_stat_series("avg_1m", "$si", 1);
                        update_stat_series("avg_1m", "$rm", 1);
                        update_stat_series("avg_1m", "$socket_in(proto)|$rm|$si", 1);
}

ZABBIX

  1. Create item like HTTP agent
  2. Use (example 1) inside body of POST request, Set JSON type for request and “convert to JSON”
  3. Add preprocessing JSONPath and “$.body.result” see here for more greatfull examples of how to interpret json answers.
  4. next step will be getting exactly params you want to monitor: create another item, but set it as “Depended” on item you have created previously.
  5. Add preprocessing like this : JSON Path and “$.Pipes[?(@.id == “total_INVITE”)].counter” it will show counter value from example 4 Json answer.
{
    "Pipes": [
        {
            "id": "xxx.xxx.xxx.xxx",
            "algorithm": "TAILDROP",
            "limit": 30,
            "counter": 0
        },
        {
            "id": "total_INVITE",
            "algorithm": "TAILDROP",
            "limit": 150,
            "counter": 0
        }
    ],
    "drop_rate": 1150
}

25.01.2022

Register here to leave comments or asks something

Hey, colleagues, glad to say i am open registration here so you can leave comments.

Всем, привет, на открыл регистрацию здесь – можете оставлять комменты к постам.

17.01.2022

Permission denied interface 80, 443

If you get permission denied for interface when start opensips. Like 44 interface for TLS, solution is here (https://superuser.com/questions/710253/allow-non-root-process-to-bind-to-port-80-and-443)
in short words:
setcap CAP_NET_BIND_SERVICE=+eip /usr/sbin/opensips

6.10.2021

opensips 3.1 TLS

Чтобы поднять рабочий сервер TLS-SIP На базе opensips 3.1 нужно учесть несколько моментов:

  1. Установить certbot (https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-debian-10)
  2. Установить базу данных: apt install mariadb-server apache
  3. Установить opensips И opensips control panel
    1. https://apt.opensips.org/packages.php?v=3.1
    2. apt install opensips opensips-cli
    3. apt install opensips* (для ленивых конечно)
  4. установить сертификаты для своего домена
  5. Установить opensips control panel
    1. поправить файлик /var/www/html/opensips-cp/config/tools/system/tls_mgm/local.inc.php закомментировав validation для sip_domain И network_address
 socket=udp:x.x.x.x:5060
 socket=tcp:x.x.x.x:5060
 socket=tls:x.x.x.x:5061

 loadmodule "db_mysql.so"
 loadmodule "proto_udp.so"
 loadmodule "proto_tcp.so"
 loadmodule "proto_tls.so"
 ## TLS specific settings
 loadmodule "tls_mgm.so"
 loadmodule "tls_openssl.so"
 modparam("tls_mgm", "db_url", "mysql://opensips:opensipsrw@localhost/opensips")

6. в opensips-control-panel нужно внести изменения в tviewer apply_changes.php вместо require(“init.php”)

require("../../../../web/tools/".$_SESSION['branch']."/".$_SESSION['module_id']."/init.php");

FAQ:

ERROR:proto_tls:proto_tls_conn_init: no TLS client domain found
opensips не может найти через какой сокет установить соединение т.к. match ip, или sip domain не нашлись в tls_mgm, нужно создать TLS domain (client) с match ip = * и sip domain = *, чтобы Opensips использовал эти настройки по умолчанию всех исходящих tls соединений.

error:1417C086:SSL routines:tls_process_client_certificate:certificate verify failed
значит что выставлена проверка сертификатов, ее либо нужно отключить и перезагрузить Opensips либо загрузить на клиента сертификат для которого нужно загрузить сертификат CA на opensips.

INFO:tls_mgm:ssl_servername_cb: No domain found matching host: in servername extension
ERROR:proto_tls:tls_print_errstack: TLS errstack: error:1422E0EA:SSL routines:final_server_name:callback failed
sip_domain в параметрах указан конкретный, который не передается с сертификатом клиента
решением может быть – поставить * в sip_domain

ERROR:tls_mgm:load_tls_library: No TLS library module loaded
loadmodule “tls_openssl.so” – возможно не установлен этот модуль.

ERROR:tls_openssl:openssl_tls_conn_init: failed to create SSL structure (0:Success)
ERROR:tls_openssl:tls_print_errstack: TLS errstack: error:140BA0C3:SSL routines:SSL_new:null ssl ctx
ERROR:proto_tls:proto_tls_conn_clean: Failed to retrieve the tls_domain pointer in the SSL struct

TIPS: how to see all TLS messages (как посмотреть зашифрованный sip трафик)

opensips.cfg:
socket=hep_udp:127.0.0.1:5656
loadmodule "tracer.so"
# -- tracert --
modparam("tracer", "trace_on", 1)
modparam("tracer", "trace_id", "[tid]uri=hep:hep_dst")

loadmodule "proto_hep.so"
modparam("proto_hep", "hep_id", "[hep_dst] 127.0.0.1:5757;transport=udp;")

sngrep:
sngrep port 5757 -L udp:127.0.0.1:5757

26.07.2021

To deploy some Voip service

  • What server you want to use:
    • Standalone (physically server)
    • Dedicated Server
    • Virtual Machine (AWS,GCP,DO and so on)
  • Do you have requirements for OS and related software:
    • Debian\Centos\Ubuntu
    • Mysql/PostgreSQL
  • What Voip trunk you have or how you have connected to voice services:
    • I have two trunks with a-z routes and cheap prices.
  • What amount of calls you expect
    • normal: less 5cps, less: 100 concurrent channels,
    • high load: less 20 cps, less 1000 cc,
    • highest unlimited cps, unlimited cc,

22.12.2020

opensips as SBC

Example of opensips SBC with 2 interfaces with full RTP proxy and g729 transcoding.

Software: opensips 3.1, rtpengine, bcg729.

example settings for rtpengine:

OPTIONS="-i external/172.18.254.50!EXTERNAL_IP -i internal/172.25.150.242 -n 127.0.0.1:2223 -m 35000 -M 65000 -L 4 --log-facility=local1 --table=0 --delete-delay=0 --timeout=60 --silent-timeout=600 --final-timeout=7200 –offer-timeout=60 --num-threads=4 --tos=184 –no-fallback"

example opensips config: git clone https://bitbucket.org/yooxy/opensips-sbc-local-external-transcode.git

18.10.2020

Protected: Pavel Eremin

This content is password protected. To view it please enter your password below:

| Posted in Без рубрики | Enter your password to view comments.