From d6c8db6f8fe16bad6ba73ecd7330f41bc9b251eb Mon Sep 17 00:00:00 2001 From: derek2600hz Date: Sat, 29 Oct 2016 18:28:04 -0400 Subject: [PATCH 01/12] =?UTF-8?q?Updating=20kazoo-haproxy=20files=20to=20r?= =?UTF-8?q?un=20as=20root,=20and=20drop=20to=20haproxy:daem=E2=80=A6=20(#1?= =?UTF-8?q?08)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Updating kazoo-haproxy files to run as root, and drop to haproxy:daemon so it can bind to privileged ports * Removing one change after discussing with Karl --- system/sbin/kazoo-haproxy | 2 +- system/systemd/kazoo-haproxy.service | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/system/sbin/kazoo-haproxy b/system/sbin/kazoo-haproxy index c6ed3a0..5db1ad1 100755 --- a/system/sbin/kazoo-haproxy +++ b/system/sbin/kazoo-haproxy @@ -9,7 +9,7 @@ if [ -f /etc/sysconfig/haproxy ]; then fi RETVAL=1 -USER=${HAPROXY_USER:-haproxy} +USER=${HAPROXY_USER:-root} BIN_FILE=${HAPROXY_BIN:-/usr/sbin/haproxy} PID_FILE=${HAPROXY_PID:-/var/run/haproxy/kazoo-haproxy.pid} CFG_FILE=${HAPROXY_CONFIG:-/etc/kazoo/haproxy/haproxy.cfg} diff --git a/system/systemd/kazoo-haproxy.service b/system/systemd/kazoo-haproxy.service index f5f2589..8e80911 100644 --- a/system/systemd/kazoo-haproxy.service +++ b/system/systemd/kazoo-haproxy.service @@ -3,7 +3,7 @@ Description=HAProxy Load Balancer Configured for Kazoo After=syslog.target network.target [Service] -User=haproxy +User=root Group=daemon PermissionsStartOnly=true LimitNOFILE=65536 From a4cbcf5d0409c749a173b648c68a97d2a31713a8 Mon Sep 17 00:00:00 2001 From: Joe Black Date: Sat, 29 Oct 2016 18:30:09 -0400 Subject: [PATCH 02/12] added the default debian path for kamailio modules to kamailio's default.cfg mpath= var (#105) --- kamailio/default.cfg | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kamailio/default.cfg b/kamailio/default.cfg index a12d352..50316b4 100644 --- a/kamailio/default.cfg +++ b/kamailio/default.cfg @@ -81,7 +81,7 @@ dns_srv_lb = off disable_sctp = yes ####### Modules Section ######## -mpath="/usr/lib64/kamailio/modules/" +mpath="/usr/lib64/kamailio/modules/:/usr/lib/x86_64-linux-gnu/kamailio/modules/" ######## Kamailio stun module ######## loadmodule "stun.so" From 4ab24a9f66fa9825a6718a3b075c312fb677b567 Mon Sep 17 00:00:00 2001 From: lazedo Date: Tue, 1 Nov 2016 19:36:02 +0000 Subject: [PATCH 03/12] bring back single AOR (#112) --- kamailio/registrar-role.cfg | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kamailio/registrar-role.cfg b/kamailio/registrar-role.cfg index 4cd83ec..abfead6 100644 --- a/kamailio/registrar-role.cfg +++ b/kamailio/registrar-role.cfg @@ -245,7 +245,7 @@ route[CHECK_AUTHORIZATION] route[SAVE_LOCATION] { - $var(save_result) = save("location"); + $var(save_result) = save("location", "0x04"); if($var(save_result) == -1) { auth_challenge("$fd", "0"); xlog("L_INFO", "$ci|end|issued auth challenge after failed attempt to save contact for $Au $si:$sp\n"); From 3089d880d9f1fd7b00aecae7844f0961c1222315 Mon Sep 17 00:00:00 2001 From: bitbashing Date: Tue, 1 Nov 2016 12:47:19 -0700 Subject: [PATCH 04/12] ping all registered devices (#111) --- kamailio/registrar-role.cfg | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kamailio/registrar-role.cfg b/kamailio/registrar-role.cfg index abfead6..cc5dc78 100644 --- a/kamailio/registrar-role.cfg +++ b/kamailio/registrar-role.cfg @@ -35,7 +35,7 @@ modparam("usrloc", "timer_procs", 1) #!trydef NATHELPER_LOADED loadmodule "nathelper.so" modparam("nathelper", "natping_interval", REGISTRAR_NAT_PING_INTERVAL) -modparam("nathelper", "ping_nated_only", 1) +modparam("nathelper", "ping_nated_only", 0) modparam("nathelper", "natping_processes", REGISTRAR_NAT_PING_WORKERS) modparam("nathelper", "sipping_bflag", FLB_NATSIPPING) #!endif From 10fae352ff248f78b83f86675d6e0eba6067f2dd Mon Sep 17 00:00:00 2001 From: OnNet Date: Tue, 1 Nov 2016 22:54:01 +0300 Subject: [PATCH 05/12] KAZOO-5138: flush ACL on access lists update (#110) --- kamailio/acl-role.cfg | 14 ++++++++++++++ kamailio/default.cfg | 7 +++++++ 2 files changed, 21 insertions(+) diff --git a/kamailio/acl-role.cfg b/kamailio/acl-role.cfg index 335bb42..a74b201 100644 --- a/kamailio/acl-role.cfg +++ b/kamailio/acl-role.cfg @@ -252,3 +252,17 @@ route[ACL_CHECK_DEVICE_DENY] { xlog("L_INFO", "$ci|ACL|$var(sip-packet) from $si is permitted by ACL for $var(device)\n"); return; } + +event_route[kazoo:consumer-event-acl-acl-flush] +{ + if( $(kzE{kz.json,Device}) != "" ) { + $var(device_regexp) = $(kzE{kz.json,Device}) + "@" + $(kzE{kz.json,Realm}) + "/.*" ; + xlog("L_INFO","|ACL-Flush| Flush ACL for Device. Regexp: $var(device_regexp)\n"); + sht_rm_name_re("acl=>$var(device_regexp)"); + } else { + $var(realm_regexp) = "^" + $(kzE{kz.json,Realm}) + "/.*" ; + xlog("L_INFO","|ACL-Flush| Flush ACL for Realm. Regexp: $var(realm_regexp)\n"); + sht_rm_name_re("acl=>$var(realm_regexp)"); + } + +} diff --git a/kamailio/default.cfg b/kamailio/default.cfg index 50316b4..302dc6d 100644 --- a/kamailio/default.cfg +++ b/kamailio/default.cfg @@ -852,6 +852,13 @@ event_route[kazoo:mod-init] #!endif + #!ifdef ACL_ROLE + + $var(payload) = "{ 'exchange' : 'frontier_acl' , 'type' : 'topic', 'queue' : 'FRONTIERACL-FLUSH-MY_HOSTNAME', 'routing' : 'flush', 'auto_delete' : 1, 'durable' : 0, 'no_ack' : 1, 'wait_for_consumer_ack' : 0 }"; + kazoo_subscribe("$var(payload)"); + + #!endif + } event_route[kazoo:consumer-event] From 739da185fd61b318976961c519169d33bf9bf46a Mon Sep 17 00:00:00 2001 From: Sean Wysor Date: Thu, 3 Nov 2016 11:23:55 -0700 Subject: [PATCH 06/12] Fixed pidfile location (#113) --- system/sbin/kazoo-freeswitch | 4 ++-- system/systemd/kazoo-freeswitch.service | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/system/sbin/kazoo-freeswitch b/system/sbin/kazoo-freeswitch index c455f51..6294047 100755 --- a/system/sbin/kazoo-freeswitch +++ b/system/sbin/kazoo-freeswitch @@ -11,12 +11,12 @@ fi RETVAL=1 USER=${FS_USER:-freeswitch} BIN_FILE=${FS_BIN:-/usr/bin/freeswitch} -PID_FILE=${FS_PID:-/var/run/freeswitch/kazoo-freeswitch.pid} +PID_FILE=${FS_PID:-/var/run/freeswitch/freeswitch.pid} CFG_FILE=${FS_CONFIG:-/etc/kazoo/freeswitch} export HOME=${FS_HOME:-/var/lib/kazoo-freeswitch} if [ -z "${FREESWITCH_ARGS}" ]; then - FREESWITCH_ARGS="-nonat -conf ${CFG_FILE} -db /var/lib/kazoo-freeswitch/db -log /var/log/freeswitch -cache /var/lib/kazoo-freeswitch/cache -sounds /usr/share/kazoo-freeswitch/sounds -storage /var/lib/kazoo-freeswitch/storage" + FREESWITCH_ARGS="-nonat -conf ${CFG_FILE} -run /var/run/freeswitch -db /var/lib/kazoo-freeswitch/db -log /var/log/freeswitch -cache /var/lib/kazoo-freeswitch/cache -sounds /usr/share/kazoo-freeswitch/sounds -storage /var/lib/kazoo-freeswitch/storage" fi prepare() { diff --git a/system/systemd/kazoo-freeswitch.service b/system/systemd/kazoo-freeswitch.service index c16a747..294a619 100644 --- a/system/systemd/kazoo-freeswitch.service +++ b/system/systemd/kazoo-freeswitch.service @@ -16,6 +16,7 @@ ExecStartPre=/usr/sbin/kazoo-freeswitch prepare ExecStart=/usr/sbin/kazoo-freeswitch start -nc -nf ExecReload=/usr/bin/kill -HUP $MAINPID Restart=on-abort +PIDFile=/var/run/freeswitch/freeswitch.pid [Install] WantedBy=multi-user.target From 4c72cd8597af42783ea8763c2b1998565a79e2f3 Mon Sep 17 00:00:00 2001 From: Sean Wysor Date: Thu, 3 Nov 2016 11:24:02 -0700 Subject: [PATCH 07/12] Added timers for fs logrotate in systemd (#114) --- system/systemd/kazoo-freeswitch-logrotate.service | 6 ++++++ system/systemd/kazoo-freeswitch-logrotate.timer | 9 +++++++++ 2 files changed, 15 insertions(+) create mode 100644 system/systemd/kazoo-freeswitch-logrotate.service create mode 100644 system/systemd/kazoo-freeswitch-logrotate.timer diff --git a/system/systemd/kazoo-freeswitch-logrotate.service b/system/systemd/kazoo-freeswitch-logrotate.service new file mode 100644 index 0000000..c561dc4 --- /dev/null +++ b/system/systemd/kazoo-freeswitch-logrotate.service @@ -0,0 +1,6 @@ +[Unit] +Description=Run logrotate for freeswitch + +[Service] +Type=oneshot +ExecStart=/usr/sbin/logrotate --force /etc/logrotate.d/freeswitch.conf diff --git a/system/systemd/kazoo-freeswitch-logrotate.timer b/system/systemd/kazoo-freeswitch-logrotate.timer new file mode 100644 index 0000000..6492690 --- /dev/null +++ b/system/systemd/kazoo-freeswitch-logrotate.timer @@ -0,0 +1,9 @@ +[Unit] +Description=Rotate the kazoo-freeswitch logs every 15 minutes + +[Timer] +OnCalendar=*:0/15 +Unit=kazoo-freeswitch-logrotate.service + +[Install] +WantedBy=timers.target From 1d36ae2569a6ab54fe1e5d7c5d346427d6797c9a Mon Sep 17 00:00:00 2001 From: sergey-safarov Date: Wed, 23 Nov 2016 13:22:28 +0300 Subject: [PATCH 08/12] KAZOO-5181: Fixed OPTION message drop from trusted IP when used TRAFFIC_FILTER_ROLE on kamailio (#116) --- kamailio/default.cfg | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/kamailio/default.cfg b/kamailio/default.cfg index 302dc6d..0005b1d 100644 --- a/kamailio/default.cfg +++ b/kamailio/default.cfg @@ -377,7 +377,9 @@ route[HANDLE_OPTIONS] route(INTERNAL_TO_EXTERNAL_RELAY); } else { #!ifdef TRAFFIC_FILTER_ROLE - route(FILTER_REQUEST_DOMAIN); + if (!isflagset(FLAG_TRUSTED_SOURCE)) { + route(FILTER_REQUEST_DOMAIN); + } #!endif #!ifdef NAT_TRAVERSAL_ROLE @@ -405,7 +407,9 @@ route[HANDLE_NOTIFY] route(INTERNAL_TO_EXTERNAL_RELAY); } else { #!ifdef TRAFFIC_FILTER_ROLE - route(FILTER_REQUEST_DOMAIN); + if (!isflagset(FLAG_TRUSTED_SOURCE)) { + route(FILTER_REQUEST_DOMAIN); + } #!endif #!ifdef WEBSOCKETS_ROLE From 38719499b057b91c9067fbe6cc045de34c36a03b Mon Sep 17 00:00:00 2001 From: powerpbx Date: Mon, 28 Nov 2016 15:10:44 -0800 Subject: [PATCH 09/12] fix systemd (#119) I do not think CentOS v7 supports multiple "After" lines. Also, without network-online.target, Freeswitch does not start correctly. The symptom was that Kamailio does not see freeswitch after reboot until freeswitch is restarted. --- system/systemd/kazoo-freeswitch.service | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/system/systemd/kazoo-freeswitch.service b/system/systemd/kazoo-freeswitch.service index 294a619..ec33140 100644 --- a/system/systemd/kazoo-freeswitch.service +++ b/system/systemd/kazoo-freeswitch.service @@ -1,7 +1,6 @@ [Unit] Description=FreeSWITCH Configured for Kazoo -After=syslog.target network.target -After=postgresql.service postgresql-9.3.service postgresql-9.4.service mysqld.service httpd.service +After=syslog.target network-online.target [Service] User=freeswitch From e4862b561636c5251c2d6855c50832255be7d9d8 Mon Sep 17 00:00:00 2001 From: powerpbx Date: Mon, 28 Nov 2016 16:09:17 -0800 Subject: [PATCH 10/12] Fix rabbitmq not starting on reboot (#117) --- system/systemd/kazoo-rabbitmq.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/system/systemd/kazoo-rabbitmq.service b/system/systemd/kazoo-rabbitmq.service index 1935798..bbf66fa 100644 --- a/system/systemd/kazoo-rabbitmq.service +++ b/system/systemd/kazoo-rabbitmq.service @@ -1,6 +1,6 @@ [Unit] Description=RabbitMQ Broker Configured for Kazoo -After=syslog.target network.target +After=syslog.target network-online.target [Service] Type=notify From 08da6d929cbb44fa68b07b84cfbf9e2a844f0b86 Mon Sep 17 00:00:00 2001 From: Mark Magnusson Date: Mon, 5 Dec 2016 14:03:15 -0500 Subject: [PATCH 11/12] 26203: add config to pass source-ip (#121) * 26203: add config to pass source-ip * add source port also --- kamailio/registrar-role.cfg | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kamailio/registrar-role.cfg b/kamailio/registrar-role.cfg index cc5dc78..1d65e3c 100644 --- a/kamailio/registrar-role.cfg +++ b/kamailio/registrar-role.cfg @@ -285,7 +285,7 @@ route[SAVE_LOCATION] $var(ip) = "[" + $Ri + "]"; } - $var(amqp_payload_request) = '{"Event-Category" : "directory", "Event-Name" : "reg_success", "Status" : "$var(Status)", "Event-Timestamp" : $TS, "Expires" : $(var(expires){s.int}), "First-Registration" : $var(new_reg), "Contact" : "$(ct{s.escape.common})", "Call-ID" : "$ci", "Realm" : "$fd", "Username" : "$fU", "From-User" : "$fU", "From-Host" : "$fd", "To-User" : "$tU", "To-Host" : "$td", "User-Agent" : "$(ua{s.escape.common})" , "Custom-Channel-Vars" : $xavp(ulattrs=>custom_channel_vars), "Proxy-Path" : "sip:$var(ip)", "RUID" : "$xavp(ulrcd=>ruid)" }'; + $var(amqp_payload_request) = '{"Event-Category" : "directory", "Event-Name" : "reg_success", "Status" : "$var(Status)", "Event-Timestamp" : $TS, "Expires" : $(var(expires){s.int}), "First-Registration" : $var(new_reg), "Contact" : "$(ct{s.escape.common})", "Call-ID" : "$ci", "Realm" : "$fd", "Username" : "$fU", "From-User" : "$fU", "From-Host" : "$fd", "To-User" : "$tU", "To-Host" : "$td", "User-Agent" : "$(ua{s.escape.common})" , "Custom-Channel-Vars" : $xavp(ulattrs=>custom_channel_vars), "Proxy-Path" : "sip:$var(ip)", "RUID" : "$xavp(ulrcd=>ruid)", "Source-IP": "$si", "Source-Port": "$sp" }'; $var(amqp_routing_key) = "registration.success." + $(fd{kz.encode}) + "." + $(fU{kz.encode}); kazoo_publish("registrar", $var(amqp_routing_key), $var(amqp_payload_request)); From 6dac34b6e90759c0cbae2d2120334fb6a53a8576 Mon Sep 17 00:00:00 2001 From: karl anderson Date: Tue, 6 Dec 2016 12:06:34 -0800 Subject: [PATCH 12/12] remove console backend due to avoid queue backups --- core/sys.config | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/core/sys.config b/core/sys.config index 72a7f9c..5a06d69 100644 --- a/core/sys.config +++ b/core/sys.config @@ -1,8 +1,7 @@ [ {lager, [ {handlers, [ - {lager_console_backend, info} - ,{lager_file_backend, [ + {lager_file_backend, [ {file, "log/error.log"}, {level, error}, {size, 10485760}, {date, "$D0"}, {count, 5} ,{formatter, lager_default_formatter} ,{formatter_config, [time," [",severity,"] ", "|", {callid, <<"0000000000">>}, "|", module, ":", line, " (",pid, ") ", message, "\n"]}