Opensips. MI. Json. Zabbix.
Opensips 3.2 have beautiful statistics module. For example you may get Data about average count of incoming sip messages directly from MI interface. Also you can output it on Zabbix graph.
- Enable mi_http module, add into opensips.conf:
loadmodule “httpd.so”
loadmodule “mi_http.so”
modparam(“mi_http”, “root”, “mi”) - Load statistics module and define statistics profiles and add update_stat_series() functions to script, check for example here.
so, now you be able to ask system for stats though MI interface, for example:
opensips-cli -x mi get_statistics all
internally opensips-cli will ask opensips through http://127.0.0.1:8888/mi with POST request with json body:
#example 1 for statistics...
{
"jsonrpc":"2.0",
"id":1,
"method":"get_statistics",
"params":[
["avg_1m:",
"shmem:",
metri "usrloc:"]
]
}
#example 2 for ratelimit data...
{
"jsonrpc":"2.0",
"id":1,
"method":"rl_list",
"params": []
}
You will get result in Json format too.
In our case i just counting how many INVITE,REGISTER and CANCELS initial requests caming to my opensips per 1 minute.
#in opensips.conf:
....
modparam("statistics", "stat_series_profile", "avg_1m: algorithm=accumulate")
....
route {
route(custom_stat);
....
}
route[custom_stat] {
# Ignore indialog requests
if (has_totag())
return ;
update_stat_series("avg_1m", "$si", 1);
update_stat_series("avg_1m", "$rm", 1);
update_stat_series("avg_1m", "$socket_in(proto)|$rm|$si", 1);
}
ZABBIX
- Create item like HTTP agent
- Use (example 1) inside body of POST request, Set JSON type for request and “convert to JSON”
- Add preprocessing JSONPath and “$.body.result” see here for more greatfull examples of how to interpret json answers.
- next step will be getting exactly params you want to monitor: create another item, but set it as “Depended” on item you have created previously.
- Add preprocessing like this : JSON Path and “$.Pipes[?(@.id == “total_INVITE”)].counter” it will show counter value from example 4 Json answer.
{
"Pipes": [
{
"id": "xxx.xxx.xxx.xxx",
"algorithm": "TAILDROP",
"limit": 30,
"counter": 0
},
{
"id": "total_INVITE",
"algorithm": "TAILDROP",
"limit": 150,
"counter": 0
}
],
"drop_rate": 1150
}
26.01.2022 Opensips-cli. Json. jq.
You know that opensips -x mi dlg_list will produce a lot of JSON output, what if i want to get only dialogs with state = 4 ?
There are beautiful tool like “jq” present in unix. (documentation)
For example output from command “opensips-cli -x mi profile_get_size profile=calls”:
{
"Profile": {
"name": "calls",
"value": null,
"count": 15,
"shared": "no",
"replicated": "no"
}
}
if i want to get only count number, i can use that:
opensips-cli -x mi profile_get_size profile=calls | jq '.Profile.count'
And output will be
15
It may be usefull for example when you are using zabbix monitoring. Some useful commands:
//this will output count of dialogs in state of 4 (established) opensips-cli -x mi dlg_list | jq '.Dialogs[] | select(.state == 4) | .state' | wc -l //this will count show dialogs have "from = anyfrom@domain.com" and in starting state opensips-cli -x mi dlg_list | jq '.Dialogs[] | select(.from_uri == "sip:anyfrom@domain.com") | select(.state < 4) | .state' | wc -l //if you remove "| wc -l" you will see full JSON info about dialogs you requested //so you can take info about dialogs you want with easy way.
For regexp and tring matches (like i want to see only linphones) you may use this construction:
opensips-cli -x mi ul_dump | jq ‘.Domains[].AORs[].Contacts[] | select(.”User-agent”|test(“Linphone”))’
25.01.2022Register here to leave comments or asks something
Hey, colleagues, glad to say i am open registration here so you can leave comments.
Всем, привет, на открыл регистрацию здесь – можете оставлять комменты к постам.
Opensips 3.2, Homer 7
Advantages of using Opensips + Homer is possibility to see webrtc\tls traffic
There is how to set simplest configuration on opensips side and Homer side. Homer 7 instruction for Debian 10.
OPENSIPS:
socket=hep_udp:ens5:9000
socket=hep_tcp:ens5:9000
...
loadmodule "proto_hep.so"
loadmodule "tracer.so"
modparam("proto_hep", "hep_capture_id", 5002)
modparam("proto_hep", "hep_id", "[hid]homer_ip:9060; transport=tcp; version=3")
modparam("tracer", "trace_id", "[tid]uri=hep:hid")
####### Routing Logic ########
# main request routing logic
route{
xlog("INCOME $rm TO: $tu [$ci]");
trace("tid");
...
HOMER 7: CAUTION use only on vanilla debian due to it will replace pg_hba.conf (old one will ba saved)
apt install curl postgresql mc -y curl -s https://packagecloud.io/install/repositories/qxip/sipcapture/script.deb.sh | sudo bash apt install heplify-server homer-app -y cp /etc/postgresql/11/main/pg_hba.conf /etc/postgresql/11/main/pg_hba.conf.old echo "# Database administrative login by Unix domain socket local all postgres trust # TYPE DATABASE USER ADDRESS METHOD # "local" is for Unix domain socket connections only local all all trust # IPv4 local connections: host all all 127.0.0.1/32 trust # IPv6 local connections: host all all ::1/128 md5 # Allow replication connections from localhost, by a user with the # replication privilege. local replication all peer host replication all 127.0.0.1/32 md5 host replication all ::1/128 md5 " > /etc/postgresql/11/main/pg_hba.conf systemctl restart postgresql homer-app -initialize_db homer-app -create-table-db-config homer-app -populate-table-db-config homer-app -upgrade-table-db-config homer-app -update-ui-user=admin -update-ui-password=mypassword systemctl restart homer-app # Set into /etc/heplify-server.toml # HEPTCPAddr = "0.0.0.0:9060" # HEPTLSAddr = "0.0.0.0:9061" # systemctl restart heplify-server
After this you may to connect to your external_ip:9080 port and use admin\mypassword
17.01.2022Permission denied interface 80, 443
If you get permission denied for interface when start opensips. Like 44 interface for TLS, solution is here (https://superuser.com/questions/710253/allow-non-root-process-to-bind-to-port-80-and-443)
in short words:
setcap CAP_NET_BIND_SERVICE=+eip /usr/sbin/opensips
Ansible Part II. Install opensips,opensips-cli,opensips control panel.
You can use this Ansible roles to install full Opensips + Control Panel with one command.
For some reason roles to install Opensips from ansible galaxy not working as expected.
I have modified some roles to make it works.
This will good only for Debian 10 and Centos 7. Most popular systems.
Roles will install Mysql server with defaults, opensips-cli, opensips 3.2 and opensips control panel with opensips DB. Access to panel is login “admin” and password “opensips”.
Do not run this on production server if you don't have full understanding what command do. It may cause your system loose some important things like ssh keys.
- Make usr/local/bin inpath to run command from it.
export PATH=$PATH:/usr/local/sbin
echo “export PATH=$PATH:/usr/local/sbin” > /root/.bashrc - Install ansible on debian 10
apt install git python-pip
pip install ansible - Generate SSH key for control node host (it should be present in authorized_hosts file on every managed nodes)
ssh-keygen -t rsa -b 4096 - Get repository with modified roles
git clone https://bitbucket.org/yooxy/ansible-opensips.git - Put roles into /root/.ansible repository.
mkdir /root/.ansible
mkdir /root/.ansible/roles
cp -r ansible-opensips/roles /root/.ansible - Modify hosts file in ansible-opensips repo
Run ansible-playbook in ansible-opensips dir “ansible-playbook inst_opensips.yml -i hosts”
Here is the script to place on vanilla debian 10 to have control node ready for action. Just do step 6 after this script done.
#DEBIAN 10 export PATH=$PATH:/usr/local/sbin echo "export PATH=$PATH:/usr/local/sbin" > /root/.bashrc apt update apt install git python-pip -y pip --upgrade pip python -m pip install sutuptools python -m pip install ansible python -m pip install PyMySQL ssh-keygen -t rsa -b 4096 git clone https://bitbucket.org/yooxy/ansible-opensips.git mkdir /etc/ansible mkdir /root/.ansible mkdir /root/.ansible/roles cp -r ansible-opensips/roles /root/.ansible cd ansible-opensips ansible-playbook inst_opensips.yml -i hosts
| Posted in ansible, opensips, Готовые решения | No Comments »
Ansible. part 1.
Example of using Ansible for checking online calls from many of servers from command line:
Ansible check online calls from few servers through ssh:
docs: https://docs.ansible.com/ansible/latest/installation_guide/intro_configuration.html
Control node :
apt update -y
apt install ansible -y
Create /etc/ansible/hosts file
all:
hosts:
123.123.123.123:
123.123.123.124:
123.123.123.125:
123.123.123.126:
Check connecting to hosts:
ansible all -m ping
You may see error like this:
“msg”: “Failed to connect to the host via ssh:
WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!\r\n
Someone could be eavesdropping on you right now (man-in-the-middle attack)!\r\n
It is also possible that a host key has just been changed.\r\n
The fingerprint for the ECDSA key sent by the remote host is\nSHA256:sdfsdfsdfsdfsdfsdfsdfsdf.\r\n
Please contact your system administrator.\r\n
Add correct host key in /root/.ssh/known_hosts to get rid of this message.\r\n
Offending ECDSA key in /root/.ssh/known_hosts:6\r\n remove with:\r\n
ssh-keygen -f \”/root/.ssh/known_hosts\” -R \”123.123.123.123\”\r\n
ECDSA host key for 123.123.123.123 has changed and you have requested strict checking.\r\n
Host key verification failed.”,
“unreachable”: true
to fix it you may to run on control node:
ssh-keygen -f "/root/.ssh/known_hosts" -R "123.123.123.123"
To check count of calls from from hosts
ansible all -a "asterisk -rx \"core show calls\""
if everything works fine, you will see:
123.123.123.123| CHANGED | rc=0 >> 328 active calls 691163 calls processed
123.123.123.124 | CHANGED | rc=0 >> 167 active calls 346948 calls processed
123.123.123.125 | CHANGED | rc=0 >> 382 active calls 371352 calls processed
123.123.123.126 | CHANGED | rc=0 >> 356 active calls 691689 calls processed
if you want to use complex command you may use this:
ansible all -m shell -a "asterisk -rx \"core show calls\" | grep 'active' && asterisk -rx \"fax show sessions\" | grep 'FAX session' "
123.123.123.123 | CHANGED | rc=0 >> 388 active calls 117 FAX sessions
123.123.123.124 | CHANGED | rc=0 >> 188 active calls 59 FAX sessions
123.123.123.125 | CHANGED | rc=0 >> 393 active calls 123 FAX sessions
123.123.123.126 | CHANGED | rc=0 >> 381 active calls 119 FAX sessions
OPENSIPS 3.2 modules HTTPD and MI_HTTP
There is problem when you try to using httpd and mi_http modules with opensips 3.2 and centos 7.9.2009 even you have installed opensips from repository. To avoid it: remove libhttpd system, install new version, download opensips from git, compile appropriated modules.
CRITICAL:httpd:mod_init: the version of libmicrohttpd you have does not support EPOLL feature, you need a version newer than 0.9.50, but running 0.9.33
workaround for it:
cd /usr/src/
yum install git "@Development Tools" openssl-devel libxslt lynx -y
git clone --recursive https://github.com/OpenSIPS/opensips.git -b 3.2 opensips-3.2
yum remove libmicrohttpd libmicrohttpd-devel
wget https://cbs.centos.org/kojifiles/packages/libmicrohttpd/0.9.59/2.el7/x86_64/libmicrohttpd-0.9.59-2.el7.x86_64.rpm --no-check-certificate
wget https://cbs.centos.org/kojifiles/packages/libmicrohttpd/0.9.59/2.el7/x86_64/libmicrohttpd-devel-0.9.59-2.el7.x86_64.rpm --no-check-certificate
yum install libmicrohttpd-0.9.59-2.el7.x86_64.rpm libmicrohttpd-devel-0.9.59-2.el7.x86_64.rpm -y
cd opensips-3.2
make modules=modules/httpd modules
make modules=modules/mi_http modules
make modules=modules/prometheus modules
#copy your compiled modules to opensips modules directory, then restart opensips.
cp modules/httpd/httpd.so /usr/lib64/opensips/modules
cp modules/mi_http/mi_http.so /usr/lib64/opensips/modules
cp modules/prometheus/prometheus.so /usr/lib64/opensips/modules
Talant Blogs about VOIP
| Posted in Asterisk, kamailio, rtpengine, Эксперт | No Comments »
opensips 3.1 TLS
Чтобы поднять рабочий сервер TLS-SIP На базе opensips 3.1 нужно учесть несколько моментов:
- Установить certbot (https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-debian-10)
- Установить базу данных: apt install mariadb-server apache
- Установить opensips И opensips control panel
- https://apt.opensips.org/packages.php?v=3.1
- apt install opensips opensips-cli
- apt install opensips* (для ленивых конечно)
- установить сертификаты для своего домена
- Установить opensips control panel
- поправить файлик /var/www/html/opensips-cp/config/tools/system/tls_mgm/local.inc.php закомментировав validation для sip_domain И network_address
socket=udp:x.x.x.x:5060
socket=tcp:x.x.x.x:5060
socket=tls:x.x.x.x:5061
loadmodule "db_mysql.so"
loadmodule "proto_udp.so"
loadmodule "proto_tcp.so"
loadmodule "proto_tls.so"
## TLS specific settings
loadmodule "tls_mgm.so"
loadmodule "tls_openssl.so"
modparam("tls_mgm", "db_url", "mysql://opensips:opensipsrw@localhost/opensips")
6. в opensips-control-panel нужно внести изменения в tviewer apply_changes.php вместо require(“init.php”)
require("../../../../web/tools/".$_SESSION['branch']."/".$_SESSION['module_id']."/init.php");
FAQ:
ERROR:proto_tls:proto_tls_conn_init: no TLS client domain found
opensips не может найти через какой сокет установить соединение т.к. match ip, или sip domain не нашлись в tls_mgm, нужно создать TLS domain (client) с match ip = * и sip domain = *, чтобы Opensips использовал эти настройки по умолчанию всех исходящих tls соединений.
error:1417C086:SSL routines:tls_process_client_certificate:certificate verify failed
значит что выставлена проверка сертификатов, ее либо нужно отключить и перезагрузить Opensips либо загрузить на клиента сертификат для которого нужно загрузить сертификат CA на opensips.
INFO:tls_mgm:ssl_servername_cb: No domain found matching host: in servername extension
ERROR:proto_tls:tls_print_errstack: TLS errstack: error:1422E0EA:SSL routines:final_server_name:callback failed
sip_domain в параметрах указан конкретный, который не передается с сертификатом клиента
решением может быть – поставить * в sip_domain
ERROR:tls_mgm:load_tls_library: No TLS library module loaded
loadmodule “tls_openssl.so” – возможно не установлен этот модуль.
ERROR:tls_openssl:openssl_tls_conn_init: failed to create SSL structure (0:Success)
ERROR:tls_openssl:tls_print_errstack: TLS errstack: error:140BA0C3:SSL routines:SSL_new:null ssl ctx
ERROR:proto_tls:proto_tls_conn_clean: Failed to retrieve the tls_domain pointer in the SSL struct
TIPS: how to see all TLS messages (как посмотреть зашифрованный sip трафик)
opensips.cfg:
socket=hep_udp:127.0.0.1:5656
loadmodule "tracer.so"
# -- tracert --
modparam("tracer", "trace_on", 1)
modparam("tracer", "trace_id", "[tid]uri=hep:hep_dst")
loadmodule "proto_hep.so"
modparam("proto_hep", "hep_id", "[hep_dst] 127.0.0.1:5757;transport=udp;")
sngrep:
sngrep port 5757 -L udp:127.0.0.1:5757
| Posted in opensips, Без рубрики | No Comments »