From d88968355a2009094d2a2064fb6bb185e91fd352 Mon Sep 17 00:00:00 2001 From: Tyler Moore Date: Mon, 12 Aug 2024 07:10:46 -0600 Subject: [PATCH 01/10] Allow Python Selection for hashCreds() - this will allow us to remove the system python package after installation --- dsiprouter/dsip_lib.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/dsiprouter/dsip_lib.sh b/dsiprouter/dsip_lib.sh index 4f5e769e..72a9f707 100644 --- a/dsiprouter/dsip_lib.sh +++ b/dsiprouter/dsip_lib.sh @@ -1337,6 +1337,8 @@ export -f sendKamCmd # TODO: improve performance of openssl native version and swap it out function hashCreds() { local CREDS SALT DK_LEN + # we use system python3 if dsiprouter python venv does not yet exist + local PYTHON_CMD=${PYTHON_CMD:-python3} # grab credentials from stdin if provided if [[ -p /dev/stdin ]]; then @@ -1377,8 +1379,7 @@ function hashCreds() { # python native version # no external dependencies other than vanilla python3 - # WARNING: we must use system python3 here (dsiprouter python venv may not exist) - python3 < Date: Sun, 11 Aug 2024 13:23:43 -0600 Subject: [PATCH 02/10] Fix HA Script Not Removing init Commands --- HA/pacemaker/scripts/stage1.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/HA/pacemaker/scripts/stage1.sh b/HA/pacemaker/scripts/stage1.sh index fa68add8..5460e864 100644 --- a/HA/pacemaker/scripts/stage1.sh +++ b/HA/pacemaker/scripts/stage1.sh @@ -116,9 +116,9 @@ if [[ -e "${DSIP_SYSTEM_CONFIG_DIR}" ]]; then if (( $DSIP_MAJ_VER > 0 )) || (( $DSIP_MAJ_VER == 0 && $DSIP_MIN_VER >= 7 )); then setConfigAttrib 'NETWORK_MODE' "$STATIC_NETWORKING_MODE" ${DSIP_SYSTEM_CONFIG_DIR}/gui/settings.py else - removeExecStartCmd 'dsiprouter.sh updatertpconfig' ${DSIP_INIT_PATH} - removeExecStartCmd 'dsiprouter.sh updatekamconfig' ${DSIP_INIT_PATH} - removeExecStartCmd 'dsiprouter.sh updatedsipconfig' ${DSIP_INIT_PATH} + removeExecStartCmd 'dsiprouter updatertpconfig' ${DSIP_INIT_PATH} + removeExecStartCmd 'dsiprouter updatekamconfig' ${DSIP_INIT_PATH} + removeExecStartCmd 'dsiprouter updatedsipconfig' ${DSIP_INIT_PATH} fi setConfigAttrib 'INTERNAL_IP_ADDR' '${CLUSTER_NODE_ADDRS[$i]}' ${DSIP_SYSTEM_CONFIG_DIR}/gui/settings.py From 3b0b779bc43e429f1117753360edefc7549ff565 Mon Sep 17 00:00:00 2001 From: Tyler Moore Date: Sun, 11 Aug 2024 13:16:48 -0600 Subject: [PATCH 03/10] Allow External RTPEngine to be Configured - add support for specifying remote rtpengine uri during install - add settings to allow changing the above later on - fix typos in `dsip_lib.sh` - update DB URI parsing func to not rely on system python --- dsiprouter.sh | 12 ++++++++++++ dsiprouter/dsip_lib.sh | 24 ++++++++++++------------ gui/settings.py | 3 +++ kamailio/configs/kamailio.cfg | 7 ++++--- kamailio/defaults/dsip_settings.sql | 10 +++++++--- 5 files changed, 38 insertions(+), 18 deletions(-) diff --git a/dsiprouter.sh b/dsiprouter.sh index 924b11a7..1ad82a34 100755 --- a/dsiprouter.sh +++ b/dsiprouter.sh @@ -638,6 +638,7 @@ function updateDsiprouterConfig() { fi [[ -n "$MAIL_USERNAME" ]] && setConfigAttrib 'MAIL_DEFAULT_SENDER' "dSIPRouter $EXTERNAL_FQDN <$MAIL_USERNAME>" ${DSIP_CONFIG_FILE} -q [[ -n "$MAIL_DEFAULT_SUBJECT" ]] && setConfigAttrib 'MAIL_DEFAULT_SUBJECT' "$MAIL_DEFAULT_SUBJECT" ${DSIP_CONFIG_FILE} -q + [[ -n "$RTPENGINE_URI" ]] && setConfigAttrib 'RTPENGINE_URI' "$RTPENGINE_URI" ${DSIP_CONFIG_FILE} -q [[ -n "$CLOUD_PLATFORM" ]] && setConfigAttrib 'CLOUD_PLATFORM' "$CLOUD_PLATFORM" ${DSIP_CONFIG_FILE} -q [[ -n "$BACKUPS_DIR" ]] && setConfigAttrib 'BACKUP_FOLDER' "$BACKUPS_DIR" ${DSIP_CONFIG_FILE} -q [[ -n "$DID_PREFIX_ALLOWED_CHARS" ]] && setConfigAttrib 'DID_PREFIX_ALLOWED_CHARS' "$DID_PREFIX_ALLOWED_CHARS" ${DSIP_CONFIG_FILE} @@ -875,6 +876,7 @@ function updateKamailioConfig() { local HOMER_HEP_HOST=${HOMER_HEP_HOST:-$(getConfigAttrib 'HOMER_HEP_HOST' ${DSIP_CONFIG_FILE})} local HOMER_HEP_PORT=${HOMER_HEP_PORT:-$(getConfigAttrib 'HOMER_HEP_PORT' ${DSIP_CONFIG_FILE})} local NETWORK_MODE=${NETWORK_MODE:-$(getConfigAttrib 'NETWORK_MODE' ${DSIP_CONFIG_FILE})} + local RTPENGINE_URI=${RTPENGINE_URI:-$(getConfigAttrib 'RTPENGINE_URI' ${DSIP_CONFIG_FILE})} # update kamailio config file if (( $DEBUG == 1 )); then @@ -942,6 +944,7 @@ function updateKamailioConfig() { setKamailioConfigSubst 'DMQ_PORT' "${KAM_DMQ_PORT}" ${DSIP_KAMAILIO_CONFIG_FILE} setKamailioConfigSubst 'HOMER_HOST' "${HOMER_HEP_HOST}" ${DSIP_KAMAILIO_CONFIG_FILE} setKamailioConfigSubst 'HEP_PORT' "${HOMER_HEP_PORT}" ${DSIP_KAMAILIO_CONFIG_FILE} + setKamailioConfigSubst 'RTPENGINE_URI' "$RTPENGINE_URI" ${DSIP_KAMAILIO_CONFIG_FILE} setKamailioConfigGlobal 'server.api_server' "${DSIP_API_BASEURL}" ${DSIP_KAMAILIO_CONFIG_FILE} setKamailioConfigGlobal 'server.api_token' "${DSIP_API_TOKEN}" ${DSIP_KAMAILIO_CONFIG_FILE} setKamailioConfigGlobal 'server.role' "${ROLE}" ${DSIP_KAMAILIO_CONFIG_FILE} @@ -4036,6 +4039,15 @@ function processCMD() { exit 1 fi ;; + --rtpengine-uri=*) + RTPENGINE_URI=$(cut -s -d '=' -f 2- <<<"$1") + shift + # sanity check + if [[ -z "$RTPENGINE_URI" ]]; then + printerr 'Missing required argument to option "--rtpengine-uri="' + exit 1 + fi + ;; *) # fail on unknown option printerr "Invalid option [$OPT] for command [$ARG]" usageOptions diff --git a/dsiprouter/dsip_lib.sh b/dsiprouter/dsip_lib.sh index 72a9f707..4ac1beb5 100644 --- a/dsiprouter/dsip_lib.sh +++ b/dsiprouter/dsip_lib.sh @@ -274,7 +274,7 @@ function encryptConfigAttrib() { #updateConfig(settings, {'$NAME': AES_CTR.encrypt('$VALUE')}) #EOPY } -export -f setConfigAttrib +export -f encryptConfigAttrib # $1 == attribute name # $2 == python config file @@ -1208,7 +1208,6 @@ EOF } export -f sqlAsTransaction -# TODO: remove dependency on system python3 # usage: parseDBConnURI # field: -user # -pass @@ -1249,16 +1248,17 @@ function parseDBConnURI() { ;; esac - # WARNING: we must use system python3 here (dsiprouter python venv may not exist) - python3 < Date: Sun, 11 Aug 2024 11:41:39 -0600 Subject: [PATCH 04/10] Compartmentalize Mysql Portion of Installation - mariadb server now installs with `-all` or explicitly with `-mysql` - move dev/lib package installs to the rtpengine installation scripts --- dsiprouter.sh | 12 ++++++++---- mysql/almalinux/8.sh | 2 +- mysql/amzn/2.sh | 4 ++-- mysql/centos/7.sh | 2 +- mysql/centos/8.sh | 2 +- mysql/centos/9.sh | 1 - mysql/rhel/8.sh | 2 +- mysql/rocky/8.sh | 2 +- mysql/ubuntu/22.sh | 2 +- rtpengine/amzn/install.sh | 6 ++++-- rtpengine/centos/install.sh | 9 +++++---- rtpengine/debian/install.sh | 3 +-- rtpengine/ubuntu/install.sh | 1 + 13 files changed, 27 insertions(+), 21 deletions(-) diff --git a/dsiprouter.sh b/dsiprouter.sh index 1ad82a34..6439a18a 100755 --- a/dsiprouter.sh +++ b/dsiprouter.sh @@ -230,8 +230,7 @@ function setDynamicScriptSettings() { # Kamailio doesn't like hostname names with dots and LetsEncrypt can't create certs for that domain grep vultrusercontent <<< "$EXTERNAL_FQDN" >/dev/null if (( $? == 0 ));then - export EXTERNAL_FQDN="$INTERNAL_FQDN" - + export EXTERNAL_FQDN="$INTERNAL_FQDN" fi # network settings pulled from env variables or from config file @@ -3859,15 +3858,20 @@ function processCMD() { RUN_COMMANDS+=(installDnsmasq) shift ;; + -mysql|--mysql) + DEFAULT_SERVICES=0 + RUN_CMMANDS+=(installMysql) + shift + ;; -kam|--kamailio) DEFAULT_SERVICES=0 - RUN_COMMANDS+=(installSipsak installCron installMysql installKamailio) + RUN_COMMANDS+=(installSipsak installCron installKamailio) shift ;; -dsip|--dsiprouter) DEFAULT_SERVICES=0 DISPLAY_LOGIN_INFO=1 - RUN_COMMANDS+=(installSipsak installCron installMysql installNginx installDsiprouter) + RUN_COMMANDS+=(installSipsak installCron installNginx installDsiprouter) shift ;; -rtp|--rtpengine) diff --git a/mysql/almalinux/8.sh b/mysql/almalinux/8.sh index 41b18bf7..79a54017 100755 --- a/mysql/almalinux/8.sh +++ b/mysql/almalinux/8.sh @@ -16,7 +16,7 @@ function install() { useradd --system --user-group --shell /bin/false --comment "Mysql Database Server" mysql # install mysql packages - yum install -y mariadb mariadb-devel mariadb-server + yum install -y mariadb mariadb-server # Setup mysql config locations in a reliable manner # Setup mysql config locations in a reliable manner diff --git a/mysql/amzn/2.sh b/mysql/amzn/2.sh index 68f47cc0..c729dee2 100755 --- a/mysql/amzn/2.sh +++ b/mysql/amzn/2.sh @@ -17,8 +17,8 @@ function install() { # install mysql packages amazon-linux-extras enable mariadb10.5 >/dev/null - yum clean -y metadata - yum install -y mariadb mariadb-libs mariadb-devel mariadb-server + yum makecache -y + yum install -y mariadb mariadb-server # Setup mysql config locations in a reliable manner rm -f ~/.my.cnf 2>/dev/null diff --git a/mysql/centos/7.sh b/mysql/centos/7.sh index f2aebca7..794f95be 100755 --- a/mysql/centos/7.sh +++ b/mysql/centos/7.sh @@ -30,7 +30,7 @@ function install() { } # install mysql packages - yum install -y mariadb mariadb-libs mariadb-devel mariadb-server + yum install -y mariadb mariadb-server if (( $? != 0 )); then printerr 'Failed installing mariadb packages' diff --git a/mysql/centos/8.sh b/mysql/centos/8.sh index de795e30..58ed2d99 100755 --- a/mysql/centos/8.sh +++ b/mysql/centos/8.sh @@ -16,7 +16,7 @@ function install() { useradd --system --user-group --shell /bin/false --comment "Mysql Database Server" mysql # install mysql packages - dnf install -y mariadb mariadb-server mariadb-devel + dnf install -y mariadb mariadb-server if (( $? != 0 )); then printerr 'Failed installing mariadb packages' diff --git a/mysql/centos/9.sh b/mysql/centos/9.sh index ff8725df..444b1949 100755 --- a/mysql/centos/9.sh +++ b/mysql/centos/9.sh @@ -17,7 +17,6 @@ function install() { # install mysql packages dnf install -y mariadb mariadb-server && - dnf install -y --enablerepo=crb mariadb-devel if (( $? != 0 )); then printerr 'Failed installing mariadb packages' diff --git a/mysql/rhel/8.sh b/mysql/rhel/8.sh index 8968716a..3c64904b 100755 --- a/mysql/rhel/8.sh +++ b/mysql/rhel/8.sh @@ -16,7 +16,7 @@ function install() { useradd --system --user-group --shell /bin/false --comment "Mysql Database Server" mysql # install mysql packages - dnf install -y mariadb mariadb-devel mariadb-server + dnf install -y mariadb mariadb-server # Setup mysql config locations in a reliable manner rm -f ~/.my.cnf 2>/dev/null diff --git a/mysql/rocky/8.sh b/mysql/rocky/8.sh index 41b18bf7..79a54017 100755 --- a/mysql/rocky/8.sh +++ b/mysql/rocky/8.sh @@ -16,7 +16,7 @@ function install() { useradd --system --user-group --shell /bin/false --comment "Mysql Database Server" mysql # install mysql packages - yum install -y mariadb mariadb-devel mariadb-server + yum install -y mariadb mariadb-server # Setup mysql config locations in a reliable manner # Setup mysql config locations in a reliable manner diff --git a/mysql/ubuntu/22.sh b/mysql/ubuntu/22.sh index ccccef3a..523bb038 100755 --- a/mysql/ubuntu/22.sh +++ b/mysql/ubuntu/22.sh @@ -16,7 +16,7 @@ function install { useradd --system --user-group --shell /bin/false --comment "Mysql Database Server" mysql # install mysql packages - apt-get install -y mariadb-server mariadb-client libmariadbd-dev + apt-get install -y mariadb-server mariadb-client # Make sure no extra configs present on fresh install rm -f ~/.my.cnf diff --git a/rtpengine/amzn/install.sh b/rtpengine/amzn/install.sh index 5b28e956..89a56ef4 100755 --- a/rtpengine/amzn/install.sh +++ b/rtpengine/amzn/install.sh @@ -92,15 +92,17 @@ function install { amazon-linux-extras enable -y GraphicsMagick1.3 >/dev/null amazon-linux-extras enable -y redis6 >/dev/null amazon-linux-extras install -y epel >/dev/null + amazon-linux-extras enable mariadb10.5 >/dev/null yum groupinstall --setopt=group_package_types=mandatory,default -y 'Development Tools' yum install -y gcc glib2 glib2-devel zlib zlib-devel pcre pcre-devel libcurl libcurl-devel libjpeg-turbo-devel \ xmlrpc-c xmlrpc-c-devel libpcap libpcap-devel hiredis hiredis-devel json-glib json-glib-devel libevent \ libevent-devel iptables iptables-devel xmlrpc-c-devel gperf redhat-rpm-config rpm-build rpmrebuild cmake3 \ pkgconfig freetype-devel fontconfig-devel libxml2-devel nc dkms logrotate rsyslog perl perl-IPC-Cmd libtiff-devel \ - bc libwebsockets-devel gperf gperftools gperftools-devel gperftools-libs gzip mariadb-devel perl-Config-Tiny \ + bc libwebsockets-devel gperf gperftools gperftools-devel gperftools-libs gzip perl-Config-Tiny \ libbluray-devel libavcodec-devel libavformat-devel libavutil-devel libswresample-devel libavfilter-devel \ libjpeg-turbo-devel mosquitto-devel glib2-devel xmlrpc-c-devel hiredis-devel libpcap-devel libevent-devel \ - json-glib-devel gperf nasm yasm yasm-devel autoconf automake bzip2 bzip2-devel libtool make mercurial libtiff-devel + json-glib-devel gperf nasm yasm yasm-devel autoconf automake bzip2 bzip2-devel libtool make mercurial libtiff-devel \ + mariadb-libs mariadb-devel if (( $? != 0 )); then printerr "Could not install the required libraries for RTPEngine" diff --git a/rtpengine/centos/install.sh b/rtpengine/centos/install.sh index 2074d7b7..83cae9ff 100755 --- a/rtpengine/centos/install.sh +++ b/rtpengine/centos/install.sh @@ -104,7 +104,8 @@ function install { xmlrpc-c libpcap libpcap-devel hiredis hiredis-devel json-glib json-glib-devel libevent libevent-devel \ iptables iptables-devel gperf nc dkms perl perl-IPC-Cmd spandsp spandsp-devel logrotate rsyslog mosquitto-devel \ redhat-rpm-config rpm-build pkgconfig perl-Config-Tiny gperftools-libs gperftools gperftools-devel gzip \ - libwebsockets-devel iptables-legacy-devel pandoc + libwebsockets-devel iptables-legacy-devel pandoc && + dnf install -y --enablerepo=crb mariadb-devel elif (( ${DISTRO_VER} == 8 )); then dnf install -y epel-release && dnf install -y epel-next-release && @@ -116,7 +117,7 @@ function install { xmlrpc-c libpcap libpcap-devel hiredis hiredis-devel json-glib json-glib-devel libevent libevent-devel \ iptables iptables-devel gperf nc dkms perl perl-IPC-Cmd spandsp spandsp-devel logrotate rsyslog mosquitto-devel \ redhat-rpm-config rpm-build pkgconfig perl-Config-Tiny gperftools-libs gperftools gperftools-devel gzip \ - libwebsockets-devel opus-devel xmlrpc-c-devel gcc-toolset-13 pandoc && + libwebsockets-devel opus-devel xmlrpc-c-devel gcc-toolset-13 pandoc mariadb-devel mariadb-libs && source scl_source enable gcc-toolset-13 else yum-config-manager --enable centos-sclo-rh >/dev/null && @@ -124,11 +125,11 @@ function install { yum install -y https://mirrors.rpmfusion.org/free/el/rpmfusion-free-release-${RHEL_BASE_VER}.noarch.rpm && yum install -y https://mirrors.rpmfusion.org/nonfree/el/rpmfusion-nonfree-release-${RHEL_BASE_VER}.noarch.rpm && yum install -y ffmpeg ffmpeg-devel && - yum install -y gcc glib2 glib2-devel zlib zlib-devel openssl openssl-devel pcre2 pcre2-devel curl libcurl libcurl-devel mariadb-devel \ + yum install -y gcc glib2 glib2-devel zlib zlib-devel openssl openssl-devel pcre2 pcre2-devel curl libcurl libcurl-devel \ xmlrpc-c xmlrpc-c-devel libpcap libpcap-devel hiredis hiredis-devel json-glib json-glib-devel libevent libevent-devel \ iptables iptables-devel xmlrpc-c-devel gperf redhat-lsb nc dkms perl perl-IPC-Cmd spandsp spandsp-devel logrotate rsyslog \ redhat-rpm-config rpm-build pkgconfig perl-Config-Tiny gperftools-libs gperftools gperftools-devel gzip libwebsockets-devel \ - mosquitto-devel opus-devel devtoolset-11 pandoc + mosquitto-devel opus-devel devtoolset-11 pandoc mariadb-devel mariadb-libs && source scl_source enable devtoolset-11 fi diff --git a/rtpengine/debian/install.sh b/rtpengine/debian/install.sh index 02115bae..5f8199ce 100755 --- a/rtpengine/debian/install.sh +++ b/rtpengine/debian/install.sh @@ -107,9 +107,9 @@ function install { local NPROC=$(nproc) # Install required packages and remove conflicting packages + { dpkg -l ufw &>/dev/null && apt-get remove -y ufw || :; } && case "${DISTRO_VER}" in 10) - apt-get remove -y ufw && apt-get install -y git logrotate rsyslog dpkg-dev && apt-get install -y -t bullseye libbcg729-0 libbcg729-dev debhelper dkms libglib2.0-dev libncurses-dev \ zlib1g-dev default-libmysqlclient-dev libmariadb-dev firewalld python3 python3-dev python3-websockets \ @@ -117,7 +117,6 @@ function install { libsocket6-perl libdigest-hmac-perl libio-multiplex-perl libio-socket-inet6-perl libjson-perl libtest2-suite-perl ;; *) - apt-get remove -y ufw && apt-get install -y git logrotate rsyslog firewalld dpkg-dev ;; esac diff --git a/rtpengine/ubuntu/install.sh b/rtpengine/ubuntu/install.sh index 3906457b..180c3fba 100755 --- a/rtpengine/ubuntu/install.sh +++ b/rtpengine/ubuntu/install.sh @@ -29,6 +29,7 @@ function install { apt-get install -y libmysqlclient-dev apt-get install -y libmariadbclient-dev apt-get install -y default-libmysqlclient-dev + apt-get install -y libmariadbd-dev apt-get install -y module-assistant apt-get install -y dkms apt-get install -y unzip From 036e8ebff03bd6852d117fad1d0d6ff116d3468f Mon Sep 17 00:00:00 2001 From: Tyler Moore Date: Wed, 11 Sep 2024 16:04:29 -0600 Subject: [PATCH 05/10] Fix Homer Updates in RTPEngine Config - get default values from `settings.py` when running `dsiprouter updatertpconfig` --- dsiprouter.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/dsiprouter.sh b/dsiprouter.sh index 6439a18a..59a29da6 100755 --- a/dsiprouter.sh +++ b/dsiprouter.sh @@ -1036,6 +1036,8 @@ function updateKamailioStartup { function updateRtpengineConfig() { local INTERFACE="" local HOMER_ID=${HOMER_ID:-$(getConfigAttrib 'HOMER_ID' ${DSIP_CONFIG_FILE})} + local HOMER_HEP_HOST=${HOMER_HEP_HOST:-$(getConfigAttrib 'HOMER_HEP_HOST' ${DSIP_CONFIG_FILE})} + local HOMER_HEP_PORT=${HOMER_HEP_PORT:-$(getConfigAttrib 'HOMER_HEP_PORT' ${DSIP_CONFIG_FILE})} local RTP_PORT_MIN=${RTP_PORT_MIN:-$(getRtpengineConfigAttrib 'RTP_PORT_MIN' ${SYSTEM_RTPENGINE_CONFIG_FILE})} local RTP_PORT_MAX=${RTP_PORT_MAX:-$(getRtpengineConfigAttrib 'RTP_PORT_MAX' ${SYSTEM_RTPENGINE_CONFIG_FILE})} @@ -1061,11 +1063,11 @@ function updateRtpengineConfig() { setRtpengineConfigAttrib 'port-min' "$RTP_PORT_MIN" ${SYSTEM_RTPENGINE_CONFIG_FILE} setRtpengineConfigAttrib 'port-max' "$RTP_PORT_MAX" ${SYSTEM_RTPENGINE_CONFIG_FILE} - if [[ -n "$HOMER_HEP_HOST" ]]; then + if [[ -n "$HOMER_HEP_HOST" && -n "$HOMER_HEP_PORT" ]]; then enableRtpengineConfigAttrib 'homer' ${SYSTEM_RTPENGINE_CONFIG_FILE} enableRtpengineConfigAttrib 'homer-protocol' ${SYSTEM_RTPENGINE_CONFIG_FILE} enableRtpengineConfigAttrib 'homer-id' ${SYSTEM_RTPENGINE_CONFIG_FILE} - setRtpengineConfigAttrib 'homer' "$HOMER_HEP_HOST" ${SYSTEM_RTPENGINE_CONFIG_FILE} + setRtpengineConfigAttrib 'homer' "${HOMER_HEP_HOST}:${HOMER_HEP_PORT}" ${SYSTEM_RTPENGINE_CONFIG_FILE} setRtpengineConfigAttrib 'homer-id' "$HOMER_ID" ${SYSTEM_RTPENGINE_CONFIG_FILE} else disableRtpengineConfigAttrib 'homer' ${SYSTEM_RTPENGINE_CONFIG_FILE} From 6f83090fa4fe1071de66d3d573da714bc494593f Mon Sep 17 00:00:00 2001 From: Tyler Moore Date: Fri, 20 Sep 2024 13:12:18 -0600 Subject: [PATCH 06/10] Fix HEP Port Not Set In Some Cases - remove HEP port from static variables in CLI - make dynamic lookups for homer variables more reliable --- dsiprouter.sh | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/dsiprouter.sh b/dsiprouter.sh index 59a29da6..3597f5d5 100755 --- a/dsiprouter.sh +++ b/dsiprouter.sh @@ -128,7 +128,6 @@ function setStaticScriptSettings() { export KAM_SIPS_PORT=5061 export KAM_DMQ_PORT=5090 export KAM_WSS_PORT=4443 - export HOMER_HEP_PORT=9060 export DSIP_PROTO='https' export DSIP_API_PROTO='https' @@ -910,7 +909,7 @@ function updateKamailioConfig() { disableKamailioConfigAttrib 'WITH_DMQ' ${DSIP_KAMAILIO_CONFIG_FILE} setKamailioConfigSubst 'DMQ_REPLICATE_ENABLED' '0' ${DSIP_KAMAILIO_CONFIG_FILE} fi - if [[ -n "$HOMER_HEP_HOST" ]]; then + if [[ -n "$HOMER_HEP_HOST" && -n "$HOMER_HEP_PORT" ]]; then enableKamailioConfigAttrib 'WITH_HOMER' ${DSIP_KAMAILIO_CONFIG_FILE} else disableKamailioConfigAttrib 'WITH_HOMER' ${DSIP_KAMAILIO_CONFIG_FILE} @@ -1035,11 +1034,11 @@ function updateKamailioStartup { # should be run after reboot or change in network configurations function updateRtpengineConfig() { local INTERFACE="" + local RTP_PORT_MIN=${RTP_PORT_MIN:-$(getRtpengineConfigAttrib 'RTP_PORT_MIN' ${SYSTEM_RTPENGINE_CONFIG_FILE})} + local RTP_PORT_MAX=${RTP_PORT_MAX:-$(getRtpengineConfigAttrib 'RTP_PORT_MAX' ${SYSTEM_RTPENGINE_CONFIG_FILE})} local HOMER_ID=${HOMER_ID:-$(getConfigAttrib 'HOMER_ID' ${DSIP_CONFIG_FILE})} local HOMER_HEP_HOST=${HOMER_HEP_HOST:-$(getConfigAttrib 'HOMER_HEP_HOST' ${DSIP_CONFIG_FILE})} local HOMER_HEP_PORT=${HOMER_HEP_PORT:-$(getConfigAttrib 'HOMER_HEP_PORT' ${DSIP_CONFIG_FILE})} - local RTP_PORT_MIN=${RTP_PORT_MIN:-$(getRtpengineConfigAttrib 'RTP_PORT_MIN' ${SYSTEM_RTPENGINE_CONFIG_FILE})} - local RTP_PORT_MAX=${RTP_PORT_MAX:-$(getRtpengineConfigAttrib 'RTP_PORT_MAX' ${SYSTEM_RTPENGINE_CONFIG_FILE})} if (( ${NETWORK_MODE} == 2 )); then # TODO: ipv6 support broken here @@ -1062,13 +1061,16 @@ function updateRtpengineConfig() { setRtpengineConfigAttrib 'interface' "$INTERFACE" ${SYSTEM_RTPENGINE_CONFIG_FILE} setRtpengineConfigAttrib 'port-min' "$RTP_PORT_MIN" ${SYSTEM_RTPENGINE_CONFIG_FILE} setRtpengineConfigAttrib 'port-max' "$RTP_PORT_MAX" ${SYSTEM_RTPENGINE_CONFIG_FILE} + setRtpengineConfigAttrib 'homer' "${HOMER_HEP_HOST}:${HOMER_HEP_PORT}" ${SYSTEM_RTPENGINE_CONFIG_FILE} + + if [[ -n "$HOMER_ID" && "$HOMER_ID" != "None" ]]; then + setRtpengineConfigAttrib 'homer-id' "$HOMER_ID" ${SYSTEM_RTPENGINE_CONFIG_FILE} + fi if [[ -n "$HOMER_HEP_HOST" && -n "$HOMER_HEP_PORT" ]]; then enableRtpengineConfigAttrib 'homer' ${SYSTEM_RTPENGINE_CONFIG_FILE} enableRtpengineConfigAttrib 'homer-protocol' ${SYSTEM_RTPENGINE_CONFIG_FILE} enableRtpengineConfigAttrib 'homer-id' ${SYSTEM_RTPENGINE_CONFIG_FILE} - setRtpengineConfigAttrib 'homer' "${HOMER_HEP_HOST}:${HOMER_HEP_PORT}" ${SYSTEM_RTPENGINE_CONFIG_FILE} - setRtpengineConfigAttrib 'homer-id' "$HOMER_ID" ${SYSTEM_RTPENGINE_CONFIG_FILE} else disableRtpengineConfigAttrib 'homer' ${SYSTEM_RTPENGINE_CONFIG_FILE} disableRtpengineConfigAttrib 'homer-protocol' ${SYSTEM_RTPENGINE_CONFIG_FILE} @@ -2034,9 +2036,7 @@ function installKamailio() { if (( $? == 0 )); then configureSSL configureKamailioDB - if [[ ! -f "$DSIP_KAMAILIO_CONFIG_FILE" ]]; then - generateKamailioConfig - fi + generateKamailioConfig updateKamailioConfig updateKamailioStartup else From f1b6e3a1fb20a74f2f619b60fb6a2869d1b05e23 Mon Sep 17 00:00:00 2001 From: Tyler Moore Date: Tue, 24 Sep 2024 18:48:30 -0600 Subject: [PATCH 07/10] Support Remote RTPEngine Media Server - add support for media proxy through a remote RTPEngine instance - add capability for rtpengine service to be dynamically disabled - update RHEL-based distros rtpengine installs - add CLI option `--rtpengine-uri=` to `install` subcommand - improve local host check for services that can be either remote or local --- docs/source/user/command_line_options.rst | 5 +- dsiprouter.sh | 158 ++++++++---- dsiprouter/dsip_completion.sh | 4 + dsiprouter/dsip_lib.sh | 23 ++ kamailio/configs/kamailio.cfg | 24 +- resources/man/dsiprouter.1 | 6 +- rtpengine/almalinux/install.sh | 300 +++++++++++----------- rtpengine/amzn/install.sh | 48 ++-- rtpengine/centos/install.sh | 44 ++-- rtpengine/debian/install.sh | 52 ++-- rtpengine/rhel/install.sh | 227 ++++++++-------- rtpengine/rocky/install.sh | 298 ++++++++++----------- rtpengine/systemd/dummy.service | 11 + rtpengine/ubuntu/install.sh | 179 ++++++------- 14 files changed, 722 insertions(+), 657 deletions(-) create mode 100644 rtpengine/systemd/dummy.service diff --git a/docs/source/user/command_line_options.rst b/docs/source/user/command_line_options.rst index 940b6770..6b2bf5b6 100644 --- a/docs/source/user/command_line_options.rst +++ b/docs/source/user/command_line_options.rst @@ -15,8 +15,9 @@ start Starts dSIPRouter stop Stops dSIPRouter restart Restarts dSIPRouter chown Update file permissions for dSIPRouter and related services -configurekam Reconfigures the Kamailio configuration file based on dSIPRouter settings -configuredsip Reconfigures the dSIPRouter configuration file, updating dynamic settings +configurekam Reconfigures the Kamailio configurations based on dSIPRouter settings +configuredsip Reconfigures the dSIPRouter configurations, updating any dynamic settings +configurertp Reconfigures the RTPEngine configurations based on dSIPRouter settings renewsslcert Renew configured letsencrypt SSL certificate configuresslcert Reconfigures SSL certificate used by Kamailio and dSIPRouter installmodules Install / uninstall dDSIProuter modules diff --git a/dsiprouter.sh b/dsiprouter.sh index 3597f5d5..da1e9122 100755 --- a/dsiprouter.sh +++ b/dsiprouter.sh @@ -297,15 +297,15 @@ function setDynamicScriptSettings() { # if the public ip address is not the same as the internal address then enable serverside NAT if [[ "$EXTERNAL_IP_ADDR" != "$INTERNAL_IP_ADDR" ]]; then - export SERVERNAT=1 + export SIGNAL_SERVERNAT=1 else - export SERVERNAT=0 + export SIGNAL_SERVERNAT=0 fi # same as above but for ipv6, note that NAT is rarely used on ipv6 networks if (( ${IPV6_ENABLED} == 1 )) && [[ "$EXTERNAL_IP6_ADDR" != "$INTERNAL_IP6_ADDR" ]]; then - export SERVERNAT6=1 + export SIGNAL_SERVERNAT6=1 else - export SERVERNAT6=0 + export SIGNAL_SERVERNAT6=0 fi # grab root db settings from env or settings file @@ -513,40 +513,45 @@ function initialChecks() { setDynamicScriptSettings } -# exported because its used throughout called scripts as well +# exported because its used throughout child scripts as well function reconfigureMysqlSystemdService() { - local KAMDB_HOST="${SET_KAM_DB_HOST:-$KAM_DB_HOST}" - local KAMDB_LOCATION="$(cat ${DSIP_SYSTEM_CONFIG_DIR}/.mysqldblocation 2>/dev/null)" - - case "$KAMDB_HOST" in - # in this case mysql server is running on this node - "localhost"|"127.0.0.1"|"::1"|"${INTERNAL_IP_ADDR}"|"${EXTERNAL_IP_ADDR}"|"${INTERNAL_IP6_ADDR}"|"${EXTERNAL_IP6_ADDR}"|"$(hostname 2>/dev/null)"|"$(hostname -f 2>/dev/null)") - # if previously was remote and now local re-generate service files - if [[ "${KAMDB_LOCATION}" == "remote" ]]; then - systemctl disable mariadb - rm -f /etc/systemd/system/mariadb.service 2>/dev/null - fi + local KAM_DB_HOST="${SET_KAM_DB_HOST:-$KAM_DB_HOST}" + KAM_DB_HOST=${KAM_DB_HOST:-$(getConfigAttrib 'KAM_DB_HOST' ${DSIP_CONFIG_FILE})} - printf '%s' 'local' > ${DSIP_SYSTEM_CONFIG_DIR}/.mysqldblocation - ;; - # in this case mysql server is running on a remote node - *) - # if previously was local and now remote or inital run and is remote replace service files w/ dummy - if [[ "${KAMDB_LOCATION}" == "local" ]] || [[ "${KAMDB_LOCATION}" == "" ]]; then - systemctl disable mariadb - cp -f ${DSIP_PROJECT_DIR}/mysql/systemd/dummy.service /etc/systemd/system/mariadb.service - chmod 644 /etc/systemd/system/mariadb.service - fi - - printf '%s' 'remote' > ${DSIP_SYSTEM_CONFIG_DIR}/.mysqldblocation - ;; - esac + if isHostLocal "$KAM_DB_HOST"; then + # in this case mysql DBMS is running locally on this server + rm -f /etc/systemd/system/mariadb.service 2>/dev/null + else + # in this case mysql DBMS is running on a remote server + cp -f ${DSIP_PROJECT_DIR}/mysql/systemd/dummy.service /etc/systemd/system/mariadb.service + chmod 644 /etc/systemd/system/mariadb.service + fi systemctl daemon-reload systemctl enable mariadb } export -f reconfigureMysqlSystemdService +# note: exports variable MEDIA_SERVERNAT +function reconfigureRtpengineSystemdService() { + local RTPENGINE_URI=${RTPENGINE_URI:-$(getConfigAttrib 'RTPENGINE_URI' ${DSIP_CONFIG_FILE})} + local RTPENGINE_HOST=$(cut -s -d ':' -f 2 <<<"$RTPENGINE_URI") + + if isHostLocal "$RTPENGINE_HOST"; then + # in this case rtpengine is running locally on this server + export MEDIA_SERVERNAT=1 + rm -f /etc/systemd/system/rtpengine.service 2>/dev/null + else + # in this case rtpengine is running on a remote server + export MEDIA_SERVERNAT=0 + cp -f ${DSIP_PROJECT_DIR}/rtpengine/systemd/dummy.service /etc/systemd/system/rtpengine.service + chmod 644 /etc/systemd/system/rtpengine.service + fi + + systemctl daemon-reload + systemctl enable rtpengine +} + function generateDsiprouterConfig() { mkdir -p ${BACKUPS_DIR}/gui/ cp -f ${DSIP_SYSTEM_CONFIG_DIR}/gui/*.py ${BACKUPS_DIR}/gui/ 2>/dev/null @@ -875,6 +880,7 @@ function updateKamailioConfig() { local HOMER_HEP_PORT=${HOMER_HEP_PORT:-$(getConfigAttrib 'HOMER_HEP_PORT' ${DSIP_CONFIG_FILE})} local NETWORK_MODE=${NETWORK_MODE:-$(getConfigAttrib 'NETWORK_MODE' ${DSIP_CONFIG_FILE})} local RTPENGINE_URI=${RTPENGINE_URI:-$(getConfigAttrib 'RTPENGINE_URI' ${DSIP_CONFIG_FILE})} + local RTPENGINE_HOST=$(cut -s -d ':' -f 2 <<<"$RTPENGINE_URI") # update kamailio config file if (( $DEBUG == 1 )); then @@ -882,15 +888,15 @@ function updateKamailioConfig() { else disableKamailioConfigAttrib 'WITH_DEBUG' ${DSIP_KAMAILIO_CONFIG_FILE} fi - if (( $SERVERNAT == 1 )); then - enableKamailioConfigAttrib 'WITH_SERVERNAT' ${DSIP_KAMAILIO_CONFIG_FILE} + if (( $SIGNAL_SERVERNAT == 1 )); then + enableKamailioConfigAttrib 'WITH_SIGNAL_SERVERNAT' ${DSIP_KAMAILIO_CONFIG_FILE} else - disableKamailioConfigAttrib 'WITH_SERVERNAT' ${DSIP_KAMAILIO_CONFIG_FILE} + disableKamailioConfigAttrib 'WITH_SIGNAL_SERVERNAT' ${DSIP_KAMAILIO_CONFIG_FILE} fi - if (( $SERVERNAT6 == 1 )); then - enableKamailioConfigAttrib 'WITH_SERVERNAT6' ${DSIP_KAMAILIO_CONFIG_FILE} + if (( $SIGNAL_SERVERNAT6 == 1 )); then + enableKamailioConfigAttrib 'WITH_SIGNAL_SERVERNAT6' ${DSIP_KAMAILIO_CONFIG_FILE} else - disableKamailioConfigAttrib 'WITH_SERVERNAT6' ${DSIP_KAMAILIO_CONFIG_FILE} + disableKamailioConfigAttrib 'WITH_SIGNAL_SERVERNAT6' ${DSIP_KAMAILIO_CONFIG_FILE} fi if (( $IPV6_ENABLED == 1 )); then enableKamailioConfigAttrib 'WITH_IPV6' ${DSIP_KAMAILIO_CONFIG_FILE} @@ -925,6 +931,12 @@ function updateKamailioConfig() { else disableKamailioConfigAttrib 'WITH_SCTP' ${DSIP_KAMAILIO_CONFIG_FILE} fi + if isHostLocal "$RTPENGINE_HOST"; then + enableKamailioConfigAttrib 'WITH_MEDIA_SERVERNAT' ${DSIP_KAMAILIO_CONFIG_FILE} + else + disableKamailioConfigAttrib 'WITH_MEDIA_SERVERNAT' ${DSIP_KAMAILIO_CONFIG_FILE} + fi + setKamailioConfigSubst 'DSIP_CLUSTER_ID' "${DSIP_CLUSTER_ID}" ${DSIP_KAMAILIO_CONFIG_FILE} setKamailioConfigSubst 'DSIP_VERSION' "${DSIP_VERSION}" ${DSIP_KAMAILIO_CONFIG_FILE} setKamailioConfigSubst 'INTERNAL_IP_ADDR' "${INTERNAL_IP_ADDR}" ${DSIP_KAMAILIO_CONFIG_FILE} @@ -1030,6 +1042,13 @@ function updateKamailioStartup { addDependsOnInit "kamailio.service" } +function generateRtpengineConfig() { + mkdir -p ${BACKUPS_DIR}/rtpengine/ + cp -af ${DSIP_SYSTEM_CONFIG_DIR}/rtpengine/. ${BACKUPS_DIR}/rtpengine/ 2>/dev/null + cp -f ${DSIP_PROJECT_DIR}/rtpengine/configs/rtpengine.conf ${DSIP_SYSTEM_CONFIG_DIR}/rtpengine/ + ln -sft ${SYSTEM_RTPENGINE_CONFIG_DIR}/ ${DSIP_SYSTEM_CONFIG_DIR}/rtpengine/* +} + # updates and settings in rtpengine config that may change # should be run after reboot or change in network configurations function updateRtpengineConfig() { @@ -1044,13 +1063,13 @@ function updateRtpengineConfig() { # TODO: ipv6 support broken here INTERFACE="public/${EXTERNAL_IP_ADDR}; private/${INTERNAL_IP_ADDR}" else - if (( ${SERVERNAT} == 1 )); then + if (( ${SIGNAL_SERVERNAT} == 1 )); then INTERFACE="ipv4/${INTERNAL_IP_ADDR}!${EXTERNAL_IP_ADDR}" else INTERFACE="ipv4/${INTERNAL_IP_ADDR}" fi if (( ${IPV6_ENABLED} == 1 )); then - if (( ${SERVERNAT6} == 1 )); then + if (( ${SIGNAL_SERVERNAT6} == 1 )); then INTERFACE="${INTERFACE}; ipv6/${INTERNAL_IP6_ADDR}!${EXTERNAL_IP6_ADDR}" else INTERFACE="${INTERFACE}; ipv6/${INTERNAL_IP6_ADDR}" @@ -1082,15 +1101,19 @@ function updateRtpengineConfig() { # update rtpengine service startup commands accounting for any changes function updateRtpengineStartup() { - local RTP_UPDATE_OPTS="" + reconfigureRtpengineSystemdService - # update rtpengine configs on reboot + # always clear out the dsip-init entries for rtpengine removeInitCmd "/usr/bin/dsiprouter updatertpconfig" - addInitCmd "/usr/bin/dsiprouter updatertpconfig $RTP_UPDATE_OPTS" - - # make sure dsip-init service runs prior to rtpengine service removeDependsOnInit "rtpengine.service" - addDependsOnInit "rtpengine.service" + + # conditionally add the dsip-init entries (MEDIA_SERVERNAT==1 only when rtpengine service is local) + if (( ${MEDIA_SERVERNAT} == 1 )); then + # update rtpengine configs on reboot + addInitCmd "/usr/bin/dsiprouter updatertpconfig" + # make sure dsip-init service runs prior to rtpengine service + addDependsOnInit "rtpengine.service" + fi } # updates DNSmasq configs from DB @@ -1166,9 +1189,8 @@ export -f updateCACertsDir function generateKamailioConfig() { # Backup kamcfg, generate fresh config from templates, and link it in where kamailio wants it mkdir -p ${BACKUPS_DIR}/kamailio - cp -f ${SYSTEM_KAMAILIO_CONFIG_DIR}/*.cfg ${BACKUPS_DIR}/kamailio/ 2>/dev/null - rm -f ${SYSTEM_KAMAILIO_CONFIG_DIR}/*.cfg 2>/dev/null - cp -f ${PROJECT_KAMAILIO_CONFIG_DIR}/* ${DSIP_SYSTEM_CONFIG_DIR}/kamailio/ + cp -af ${SYSTEM_KAMAILIO_CONFIG_DIR}/. ${BACKUPS_DIR}/kamailio/ + cp -f ${PROJECT_KAMAILIO_CONFIG_DIR}/*.cfg ${DSIP_SYSTEM_CONFIG_DIR}/kamailio/ ln -sft ${SYSTEM_KAMAILIO_CONFIG_DIR}/ ${DSIP_SYSTEM_CONFIG_DIR}/kamailio/* # version specific settings @@ -1395,7 +1417,7 @@ function installScriptRequirements() { # Any setup that needs to be done before the script can run properly function setupScriptRequiredFiles() { # make sure dirs exist required for this script - mkdir -p ${DSIP_SYSTEM_CONFIG_DIR}{,/gui,/kamailio} ${SRC_DIR} ${DSIP_RUN_DIR} ${DSIP_LIB_DIR} ${DSIP_CERTS_DIR}{,/ca} ${BACKUPS_DIR} + mkdir -p ${DSIP_SYSTEM_CONFIG_DIR}{,/gui,/kamailio,/rtpengine} ${SRC_DIR} ${DSIP_RUN_DIR} ${DSIP_LIB_DIR} ${DSIP_CERTS_DIR}{,/ca} ${BACKUPS_DIR} # only copy the template file over to the DSIP_CONFIG_FILE if it doesn't already exist if [[ ! -f "${DSIP_CONFIG_FILE}" ]]; then @@ -1631,6 +1653,7 @@ function installRTPEngine() { exit 1 fi + generateRtpengineConfig # config updates that are the same across all OS updateRtpengineConfig # add the config updates to dsip-init service @@ -3577,6 +3600,13 @@ function updatePermissions() { mkdir -p /run/rtpengine chown -R rtpengine:rtpengine /run/rtpengine chmod 770 /run/rtpengine + + if id -u dsiprouter &>/dev/null; then + chown -R dsiprouter:rtpengine ${DSIP_SYSTEM_CONFIG_DIR}/rtpengine/ + else + chown -R root:rtpengine ${DSIP_SYSTEM_CONFIG_DIR}/rtpengine/ + fi + find ${DSIP_SYSTEM_CONFIG_DIR}/rtpengine/ -type f -exec chmod 640 {} + } # no args given set permissions for all services @@ -3720,6 +3750,8 @@ function usageOptions() { "configurekam" "[-debug]" printf "%-30s %s\n" \ "configuredsip" "[-debug]" + printf "%-30s %s\n" \ + "configurertp" "[-debug]" printf "%-30s %s\n" \ "renewsslcert" "[-debug]" printf "%-30s %s\n" \ @@ -4053,6 +4085,7 @@ function processCMD() { printerr 'Missing required argument to option "--rtpengine-uri="' exit 1 fi + RUN_CMMANDS+=(updateRtpengineStartup) ;; *) # fail on unknown option printerr "Invalid option [$OPT] for command [$ARG]" @@ -4475,8 +4508,28 @@ function processCMD() { updatePermissions "$@" exit $? ;; - # TODO: add commands for configuring rtpengine using same setup - # i.e.) configurertp should be externally accessible and documented + configurertp) + # reconfigure rtpengine configs + RUN_COMMANDS+=(generateRtpengineConfig updateRtpengineConfig updateRtpengineStartup) + shift + + while (( $# > 0 )); do + OPT="$1" + case $OPT in + -debug) + export DEBUG=1 + set -x + shift + ;; + *) # fail on unknown option + printerr "Invalid option [$OPT] for command [$ARG]" + usageOptions + exit 1 + shift + ;; + esac + done + ;; configurekam) # reconfigure kamailio configs RUN_COMMANDS+=(generateKamailioConfig updateKamailioConfig updateKamailioStartup) @@ -4561,7 +4614,7 @@ function processCMD() { rm -f $DSIP_CERTS_DIR/dsiprouter-key.pem shift ;; - -o|--override=*) + -o|--override=*) if echo "$1" | grep -q '=' 2>/dev/null; then DNS_NAME_OVERRIDE=$(echo "$1" | cut -d '=' -f 2) shift @@ -4570,7 +4623,7 @@ function processCMD() { DNS_NAME_OVERRIDE="$1" shift fi - ;; + ;; *) # fail on unknown option printerr "Invalid option [$OPT] for command [$ARG]" usageOptions @@ -4884,7 +4937,6 @@ function processCMD() { done ;; # internal command, update rtpengine config dynamically - # TODO: create configurertp command for user configurable settings updatertpconfig) # update rtpengine config RUN_COMMANDS+=(updateRtpengineConfig) diff --git a/dsiprouter/dsip_completion.sh b/dsiprouter/dsip_completion.sh index 1a30611a..327edcf2 100644 --- a/dsiprouter/dsip_completion.sh +++ b/dsiprouter/dsip_completion.sh @@ -22,6 +22,7 @@ _dsiprouter() { chown configurekam configuredsip + configurertp renewsslcert configuresslcert installmodules @@ -47,6 +48,7 @@ _dsiprouter() { [chown]='' [configurekam]='' [configuredsip]='' + [configurertp]='' [renewsslcert]='' [configuresslcert]='' [installmodules]='' @@ -72,6 +74,7 @@ _dsiprouter() { [chown]='' [configurekam]='' [configuredsip]='' + [configurertp]='' [renewsslcert]='' [configuresslcert]='--force' [installmodules]='' @@ -97,6 +100,7 @@ _dsiprouter() { [chown]='-debug -certs -dnsmasq -nginx -kamailio -dsiprouter -rtpengine' [configurekam]='-debug' [configuredsip]='-debug' + [configurertp]='-debug' [renewsslcert]='-debug' [configuresslcert]='-debug -f' [installmodules]='-debug' diff --git a/dsiprouter/dsip_lib.sh b/dsiprouter/dsip_lib.sh index 4ac1beb5..96ca9014 100644 --- a/dsiprouter/dsip_lib.sh +++ b/dsiprouter/dsip_lib.sh @@ -890,6 +890,29 @@ function getInternalCIDR() { } export -f getInternalCIDR +# $1 == host to check +# returns: 0 == host is local, 1 == host is remote +function isHostLocal() { ( + local LOCAL_MATCH=$( + joinwith '' '|' '' \ + localhost \ + $(hostname 2>/dev/null) \ + $(hostname -f 2>/dev/null) \ + $(ip -json address show | jq -r '.[].addr_info[].local') + ) + + shopt -s extglob + case "$1" in + $LOCAL_MATCH) + exit 0 + ;; + *) + exit 1 + ;; + esac +) } +export -f isHostLocal + # $1 == cmd as executed in systemd (by ExecStart=) # notes: take precaution when adding long running functions as they will block startup in boot order # notes: adding init commands on an AMI instance must not be long running processes, otherwise they will fail diff --git a/kamailio/configs/kamailio.cfg b/kamailio/configs/kamailio.cfg index 5580494f..0c1e8572 100644 --- a/kamailio/configs/kamailio.cfg +++ b/kamailio/configs/kamailio.cfg @@ -16,8 +16,9 @@ #!define WITH_NAT #!define WITH_DISPATCHER #!define WITH_CALL_SETTINGS -##!define WITH_SERVERNAT -##!define WITH_SERVERNAT6 +##!define WITH_SIGNAL_SERVERNAT +##!define WITH_SIGNAL_SERVERNAT6 +##!define WITH_MEDIA_SERVERNAT #!define WITH_MULTIDOMAIN #!define WITH_TELEBLOCK #!define WITH_ANTIFLOOD @@ -237,7 +238,7 @@ listen = udp:EXTERNAL_IP_ADDR:SIP_PORT listen = tcp:EXTERNAL_IP_ADDR:SIP_PORT #!endif -#!ifdef WITH_SERVERNAT +#!ifdef WITH_SIGNAL_SERVERNAT listen = udp:INTERNAL_IP_ADDR:SIP_PORT advertise EXTERNAL_IP_ADDR:SIP_PORT listen = tcp:INTERNAL_IP_ADDR:SIP_PORT advertise EXTERNAL_IP_ADDR:SIP_PORT #!ifdef WITH_TLS @@ -277,7 +278,7 @@ listen = sctp:[::1]:SIP_PORT listen = udp:[EXTERNAL_IP6_ADDR]:SIP_PORT listen = tcp:[EXTERNAL_IP6_ADDR]:SIP_PORT #!endif -#!ifdef WITH_SERVERNAT6 +#!ifdef WITH_SIGNAL_SERVERNAT6 listen = udp:[INTERNAL_IP6_ADDR]:SIP_PORT advertise EXTERNAL_IP6_ADDR:SIP_PORT listen = tcp:[INTERNAL_IP6_ADDR]:SIP_PORT advertise EXTERNAL_IP6_ADDR:SIP_PORT #!ifdef WITH_TLS @@ -1896,10 +1897,10 @@ route[REGISTRAR] { } # TODO: why are we setting clientside NAT here if serverside NAT is enabled? -#!ifdef WITH_SERVERNAT +#!ifdef WITH_SIGNAL_SERVERNAT setbflag(FLB_NATB); #!endif -#!ifdef WITH_SERVERNAT6 +#!ifdef WITH_SIGNAL_SERVERNAT6 setbflag(FLB_NATB); #!endif #!ifdef WITH_NAT @@ -2956,7 +2957,7 @@ route[SERVERNATDETECT] { } } -#!ifdef WITH_SERVERNAT +#!ifdef WITH_SIGNAL_SERVERNAT # source does not change throughout if (is_in_subnet($si, "INTERNAL_IP_NET") || is_myself("$si")) { setflag(FLT_SRC_INTERNAL_IP); @@ -2968,7 +2969,7 @@ route[SERVERNATDETECT] { } #!endif -#!ifdef WITH_SERVERNAT6 +#!ifdef WITH_SIGNAL_SERVERNAT6 # source does not change throughout if (!isflagset(FLT_SRC_INTERNAL_IP) && is_in_subnet($si, "INTERNAL_IP6_NET")) { setflag(FLT_SRC_INTERNAL_IP); @@ -3050,6 +3051,7 @@ route[RTPENGINEOFFER] { $var(reflags) = "trust-address replace-origin replace-session-connection rtcp-mux-demux ICE=remove " + $avp(dst_media_tp); } +#!ifdef WITH_MEDIA_SERVERNAT # for serverside NAT we may need to use one of the internal IPs as the media address if (isflagset(FLT_DST_INTERNAL_IP)) { if (isflagset(FLT_DST_IPV6)) { @@ -3093,7 +3095,7 @@ route[RTPENGINEOFFER] { } #!endif #!endif - +#!endif xlog("L_INFO", "reflags: $var(reflags)\n"); rtpengine_offer("$var(reflags)"); @@ -3136,6 +3138,7 @@ route[RTPENGINEANSWER] { $var(reflags) = "trust-address replace-origin replace-session-connection rtcp-mux-demux ICE=remove " + $avp(src_media_tp); } +#!ifdef WITH_MEDIA_SERVERNAT # NOTE: no need to set direction= here, direction will be determined from the offer # for serverside NAT we may need to use one of the internal IPs as the media address if (isflagset(FLT_SRC_INTERNAL_IP)) { @@ -3154,6 +3157,7 @@ route[RTPENGINEANSWER] { $var(reflags)= $var(reflags) + " media-address=EXTERNAL_IP_ADDR"; } } +#!endif xlog("L_INFO", "reflags: $var(reflags)\n"); rtpengine_answer("$var(reflags)"); @@ -3546,7 +3550,7 @@ onreply_route[MANAGE_REPLY] { # # TODO: is rewriting external/internal IP on reply necessary?? # we should only rewrite to internal on servernat -##!ifdef WITH_SERVERNAT +##!ifdef WITH_SIGNAL_SERVERNAT # # TODO: Need to evaluate this when running in AWS with an External SIP UAC # if (status=="200" && isbflagset(FLB_SRC_CARRIER)) { # if (isflagset(FLT_SRC_INTERNAL_IP)) { diff --git a/resources/man/dsiprouter.1 b/resources/man/dsiprouter.1 index 6181faad..326491b5 100644 --- a/resources/man/dsiprouter.1 +++ b/resources/man/dsiprouter.1 @@ -28,7 +28,11 @@ Stops dSIPRouter services. .IP restart Restarts dSIPRouter services. .IP configurekam -Configures the Kamailio service on the dSIPRouter platform. +Generate new config files for Kamailio based on the dSIPRouter settings. +.IP configuredsip +Generate new config files for dSIPRouter based on the environment variables (don't use unless you have read through dsiprouter.sh). +.IP configurertp +Generate new config files for RTPEngine based on the dSIPRouter settings. .IP renewsslcert Renew configured letsencrypt SSL certificate. .IP configuresslcert diff --git a/rtpengine/almalinux/install.sh b/rtpengine/almalinux/install.sh index 89f06f76..e47a8980 100755 --- a/rtpengine/almalinux/install.sh +++ b/rtpengine/almalinux/install.sh @@ -83,33 +83,49 @@ function rpmSearch() { fi } - # try installing in the following order: - # 1: headers from repos - # 2: headers from rpmfind.net (updates branch) - # 3: headers from rpmfind.net (os branch) - # 4: headers from linuxsoft.cern.ch (updates branch) - # 5: headers from linuxsoft.cern.ch (os branch) - function installKernelDevHeaders { - local OS_VER="$(cat /etc/redhat-release | cut -d ' ' -f 4)" - local OS_ARCH="$(uname -m)" - local OS_KERNEL="$(uname -r)" - +# try installing in the following order: +# 1: headers from repos +# 2: headers from rpmfind.net (updates branch) +# 3: headers from rpmfind.net (os branch) +# 4: headers from linuxsoft.cern.ch (updates branch) +# 5: headers from linuxsoft.cern.ch (os branch) +function installKernelDevHeaders { + local DISTRO_VER="$DISTRO_VER" + local OS_ARCH="$OS_ARCH" + local OS_KERNEL="$OS_KERNEL" + + if (( ${DISTRO_VER} >= 8 )); then + dnf install -y kernel-devel-${OS_KERNEL} kernel-headers-${OS_KERNEL} || + dnf install -y https://rpmfind.net/linux/centos/${DISTRO_VER}/updates/${OS_ARCH}/Packages/kernel-devel-${OS_KERNEL}.rpm \ + https://rpmfind.net/linux/centos/${DISTRO_VER}/updates/${OS_ARCH}/Packages/kernel-headers-${OS_KERNEL}.rpm || + dnf install -y https://rpmfind.net/linux/centos/${DISTRO_VER}/os/${OS_ARCH}/Packages/kernel-devel-${OS_KERNEL}.rpm \ + https://rpmfind.net/linux/centos/${DISTRO_VER}/os/${OS_ARCH}/Packages/kernel-headers-${OS_KERNEL}.rpm || + dnf install -y https://linuxsoft.cern.ch/cern/centos/${DISTRO_VER}/updates/${OS_ARCH}/Packages/kernel-devel-${OS_KERNEL}.rpm \ + https://linuxsoft.cern.ch/cern/centos/${DISTRO_VER}/updates/${OS_ARCH}/Packages/kernel-headers-${OS_KERNEL}.rpm || + dnf install -y https://linuxsoft.cern.ch/cern/centos/${DISTRO_VER}/os/${OS_ARCH}/Packages/kernel-devel-${OS_KERNEL}.rpm \ + https://linuxsoft.cern.ch/cern/centos/${DISTRO_VER}/os/${OS_ARCH}/Packages/kernel-headers-${OS_KERNEL}.rpm + else yum install -y kernel-devel-${OS_KERNEL} kernel-headers-${OS_KERNEL} || - yum install -y https://rpmfind.net/linux/centos/${OS_VER}/updates/${OS_ARCH}/Packages/kernel-devel-${OS_KERNEL}.rpm \ - https://rpmfind.net/linux/centos/${OS_VER}/updates/${OS_ARCH}/Packages/kernel-headers-${OS_KERNEL}.rpm || - yum install -y https://rpmfind.net/linux/centos/${OS_VER}/os/${OS_ARCH}/Packages/kernel-devel-${OS_KERNEL}.rpm \ - https://rpmfind.net/linux/centos/${OS_VER}/os/${OS_ARCH}/Packages/kernel-headers-${OS_KERNEL}.rpm || - yum install -y https://linuxsoft.cern.ch/cern/centos/${OS_VER}/updates/${OS_ARCH}/Packages/kernel-devel-${OS_KERNEL}.rpm \ - https://linuxsoft.cern.ch/cern/centos/${OS_VER}/updates/${OS_ARCH}/Packages/kernel-headers-${OS_KERNEL}.rpm || - yum install -y https://linuxsoft.cern.ch/cern/centos/${OS_VER}/os/${OS_ARCH}/Packages/kernel-devel-${OS_KERNEL}.rpm \ - https://linuxsoft.cern.ch/cern/centos/${OS_VER}/os/${OS_ARCH}/Packages/kernel-headers-${OS_KERNEL}.rpm - } + yum install -y https://rpmfind.net/linux/centos/${DISTRO_VER}/updates/${OS_ARCH}/Packages/kernel-devel-${OS_KERNEL}.rpm \ + https://rpmfind.net/linux/centos/${DISTRO_VER}/updates/${OS_ARCH}/Packages/kernel-headers-${OS_KERNEL}.rpm || + yum install -y https://rpmfind.net/linux/centos/${DISTRO_VER}/os/${OS_ARCH}/Packages/kernel-devel-${OS_KERNEL}.rpm \ + https://rpmfind.net/linux/centos/${DISTRO_VER}/os/${OS_ARCH}/Packages/kernel-headers-${OS_KERNEL}.rpm || + yum install -y https://linuxsoft.cern.ch/cern/centos/${DISTRO_VER}/updates/${OS_ARCH}/Packages/kernel-devel-${OS_KERNEL}.rpm \ + https://linuxsoft.cern.ch/cern/centos/${DISTRO_VER}/updates/${OS_ARCH}/Packages/kernel-headers-${OS_KERNEL}.rpm || + yum install -y https://linuxsoft.cern.ch/cern/centos/${DISTRO_VER}/os/${OS_ARCH}/Packages/kernel-devel-${OS_KERNEL}.rpm \ + https://linuxsoft.cern.ch/cern/centos/${DISTRO_VER}/os/${OS_ARCH}/Packages/kernel-headers-${OS_KERNEL}.rpm + fi +} # compile and install rtpengine from RPM's function install { + local RTPENGINE_RPM_VER BUILD_KERN_VERSIONS + local REBOOT_REQUIRED=0 local OS_ARCH=$(uname -m) local OS_KERNEL=$(uname -r) local RHEL_BASE_VER=$(rpm -E %{rhel}) + local DISTRO_VER="$(cat /etc/redhat-release | cut -d ' ' -f 4)" + local NPROC=$(nproc) # Install required libraries yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm @@ -125,125 +141,111 @@ function install { gperf gperftools gperftools-devel gperftools-libs gzip mariadb-devel perl-Config-Tiny spandsp \ $(rpmSearch -d centos -a x86_64 -f el7 librabbitmq) $(rpmSearch -d centos -a x86_64 -f el7 librabbitmq-devel) \ libbluray-devel libavcodec-devel libavformat-devel libavutil-devel libswresample-devel libavfilter-devel ffmpeg ffmpeg-devel \ - libjpeg-turbo-devel mosquitto-devel - yum install -y kernel-devel-${OS_KERNEL} kernel-headers-${OS_KERNEL} + libjpeg-turbo-devel mosquitto-devel && + installKernelDevHeaders if (( $? != 0 )); then printerr "Problem with installing the required libraries for RTPEngine" - exit 1 + return 1 fi - # create rtpengine user and group - # sometimes locks aren't properly removed (this seems to happen often on VM's) - rm -f /etc/passwd.lock /etc/shadow.lock /etc/group.lock /etc/gshadow.lock - useradd --system --user-group --shell /bin/false --comment "RTPengine RTP Proxy" rtpengine - - # Make and Configure RTPEngine - cd ${SRC_DIR} - rm -rf rtpengine.bak 2>/dev/null - mv -f rtpengine rtpengine.bak 2>/dev/null - git clone https://github.com/sipwise/rtpengine.git -b ${RTPENGINE_VER} - cd rtpengine - - RTPENGINE_RPM_VER=$(grep -oP 'Version:.+?\K[\w\.\~\+]+' ./el/rtpengine.spec) - if (( $(echo "$RTPENGINE_VER" | perl -0777 -pe 's|mr(\d+\.\d+)\.(\d+)\.(\d+)|\1\2\3 >= 6.511|gm' | bc -l) )); then - PREFIX="rtpengine-${RTPENGINE_RPM_VER}/" - else - PREFIX="ngcp-rtpengine-${RTPENGINE_RPM_VER}/" + BUILD_KERN_VERSIONS=$(joinwith '' ',' '' $(rpm -q kernel-headers | sed 's/kernel-headers-//g')) + + # rtpengine >= mr11.3.1.1 requires curl >= 7.43.0 + if versionCompare "$(tr -d '[a-zA-Z]' <<<"$RTPENGINE_VER")" gteq "11.3.1.1"; then + if versionCompare "$(curl -V | head -1 | awk '{print $2}')" lt "7.43.0"; then + printdbg 'curl version is not recent enough.. compiling curl 7.8.0' + if [[ ! -d ${SRC_DIR}/curl ]]; then + ( + cd ${SRC_DIR} && + curl -sL https://curl.haxx.se/download/curl-7.80.0.tar.gz 2>/dev/null | + tar -xzf - --transform 's%curl-7.80.0%curl%'; + ) + fi + ( + cd ${SRC_DIR}/curl && + ./configure --prefix=/usr --libdir=/usr/lib64 --with-ssl && + make -j $NRPOC && + make -j $NPROC install && + ldconfig + ) + if (( $? != 0 )); then + printerr 'Failed to compile curl' + return 1 + fi + fi fi - RPM_BUILD_ROOT="${HOME}/rpmbuild" - rm -rf ${RPM_BUILD_ROOT} - mkdir -p ${RPM_BUILD_ROOT}/SOURCES - git archive --output ${RPM_BUILD_ROOT}/SOURCES/ngcp-rtpengine-${RTPENGINE_RPM_VER}.tar.gz --prefix=${PREFIX} ${RTPENGINE_VER} - # fix for rpm build path issue - perl -i -pe 's|(%define archname) rtpengine-mr|\1 rtpengine-|' ./el/rtpengine.spec - # build the RPM's - rpmbuild -ba ./el/rtpengine.spec - # install the RPM's - yum localinstall -y ${RPM_BUILD_ROOT}/RPMS/${OS_ARCH}/ngcp-rtpengine-${RTPENGINE_RPM_VER}*.rpm \ - ${RPM_BUILD_ROOT}/RPMS/noarch/ngcp-rtpengine-dkms-${RTPENGINE_RPM_VER}*.rpm \ - ${RPM_BUILD_ROOT}/RPMS/${OS_ARCH}/ngcp-rtpengine-kernel-${RTPENGINE_RPM_VER}*.rpm -# ${RPM_BUILD_ROOT}/RPMS/${OS_ARCH}/ngcp-rtpengine-recording-${RTPENGINE_RPM_VER}*.rpm + # reuse repo if it exists and matches version we want to install + if [[ -d ${SRC_DIR}/rtpengine ]]; then + if [[ "$(getGitTagFromShallowRepo ${SRC_DIR}/rtpengine)" != "${RTPENGINE_VER}" ]]; then + rm -rf ${SRC_DIR}/rtpengine + git clone --depth 1 -c advice.detachedHead=false -b ${RTPENGINE_VER} https://github.com/sipwise/rtpengine.git ${SRC_DIR}/rtpengine + fi + else + git clone --depth 1 -c advice.detachedHead=false -b ${RTPENGINE_VER} https://github.com/sipwise/rtpengine.git ${SRC_DIR}/rtpengine + fi - if (( $? != 0 )); then - printerr "Problem installing RTPEngine RPM's" - exit 1 + # apply our patches + ( + cd ${SRC_DIR}/rtpengine && + patch -p1 -N <${DSIP_PROJECT_DIR}/rtpengine/el-${RTPENGINE_VER}.patch + ) + if (( $? > 1 )); then + printerr 'Failed patching RTPEngine files prior to build' + return 1 fi - # ensure config dirs exist - mkdir -p /var/run/rtpengine ${SYSTEM_RTPENGINE_CONFIG_DIR} - chown -R rtpengine:rtpengine /var/run/rtpengine + RTPENGINE_RPM_VER=$(grep -oP 'Version:.+?\K[\w\.\~\+]+' ${SRC_DIR}/rtpengine/el/rtpengine.spec) + RPM_BUILD_ROOT="${HOME}/rpmbuild" + rm -rf ${RPM_BUILD_ROOT} 2>/dev/null + mkdir -p ${RPM_BUILD_ROOT}/SOURCES && + ( + cd ${SRC_DIR} && + tar -czf ${RPM_BUILD_ROOT}/SOURCES/ngcp-rtpengine-${RTPENGINE_RPM_VER}.tar.gz \ + --transform="s%^rtpengine%ngcp-rtpengine-$RTPENGINE_RPM_VER%g" rtpengine/ && + echo "%__make $(which make) -j $NPROC" >~/.rpmmacros && + # fix for BUG: "exec_prefix: command not found" + function exec_prefix() { echo -n '/usr'; } && export -f exec_prefix && + # build the RPM's + rpmbuild -ba --define "kversion $BUILD_KERN_VERSIONS" ${SRC_DIR}/rtpengine/el/rtpengine.spec && + rm -f ~/.rpmmacros && unset -f exec_prefix && + systemctl mask ngcp-rtpengine-daemon.service + + # install the RPM's + if (( ${DISTRO_VER} >= 8 )); then + dnf install -y ${RPM_BUILD_ROOT}/RPMS/${OS_ARCH}/ngcp-rtpengine-${RTPENGINE_RPM_VER}*.rpm \ + ${RPM_BUILD_ROOT}/RPMS/noarch/ngcp-rtpengine-dkms-${RTPENGINE_RPM_VER}*.rpm \ + ${RPM_BUILD_ROOT}/RPMS/${OS_ARCH}/ngcp-rtpengine-kernel-${RTPENGINE_RPM_VER}*.rpm + else + yum localinstall -y ${RPM_BUILD_ROOT}/RPMS/${OS_ARCH}/ngcp-rtpengine-${RTPENGINE_RPM_VER}*.rpm \ + ${RPM_BUILD_ROOT}/RPMS/noarch/ngcp-rtpengine-dkms-${RTPENGINE_RPM_VER}*.rpm \ + ${RPM_BUILD_ROOT}/RPMS/${OS_ARCH}/ngcp-rtpengine-kernel-${RTPENGINE_RPM_VER}*.rpm + fi + ) - # Configure RTPEngine to support kernel packet forwarding - cd ${SRC_DIR}/rtpengine/kernel-module && - make && - cp -f xt_RTPENGINE.ko /lib/modules/${OS_KERNEL}/updates/ && if (( $? != 0 )); then - printerr "Problem installing RTPEngine kernel-module" - exit 1 + printerr "Problems occurred compiling rtpengine" + return 1 fi - # Remove RTPEngine kernel module if previously inserted - if lsmod | grep 'xt_RTPENGINE'; then - rmmod xt_RTPENGINE - fi - # Load new RTPEngine kernel module - depmod -a && - modprobe xt_RTPENGINE - - # set the forwarding table for the kernel module - echo 'add 0' > /proc/rtpengine/control - iptables -I INPUT -p udp -j RTPENGINE --id 0 - ip6tables -I INPUT -p udp -j RTPENGINE --id 0 - - if (( ${SERVERNAT:-0} == 0 )); then - INTERFACE="ipv4/${INTERNAL_IP}" - if (( ${IPV6_ENABLED} == 1 )); then - INTERFACE="${INTERFACE}; ipv6/${INTERNAL_IP6}" - fi - else - INTERFACE="ipv4/${INTERNAL_IP}!${EXTERNAL_IP}" - if (( ${IPV6_ENABLED} == 1 )); then - INTERFACE="${INTERFACE}; ipv6/${INTERNAL_IP6}!${EXTERNAL_IP6}" - fi + # warn user if kernel module not loaded yet + if (( $REBOOT_REQUIRED == 1 )); then + printwarn "A reboot is required to load the RTPEngine kernel module" fi - # rtpengine config file - # set table = 0 for kernel packet forwarding - (cat << EOF -[rtpengine] -table = 0 -interface = ${INTERFACE} -listen-ng = 127.0.0.1:7722 -port-min = ${RTP_PORT_MIN} -port-max = ${RTP_PORT_MAX} -log-level = 7 -log-facility = local1 -log-facility-cdr = local1 -log-facility-rtcp = local1 -EOF - ) > ${SYSTEM_RTPENGINE_CONFIG_FILE} + # ensure config dirs exist + mkdir -p /run/rtpengine ${SYSTEM_RTPENGINE_CONFIG_DIR} + chown -R rtpengine:rtpengine /run/rtpengine # setup rtpengine defaults file - (cat << 'EOF' -RUN_RTPENGINE=yes -CONFIG_FILE=/etc/rtpengine/rtpengine.conf -# CONFIG_SECTION=rtpengine -PIDFILE=/var/run/rtpengine/rtpengine.pid -MANAGE_IPTABLES=yes -TABLE=0 -SET_USER=rtpengine -SET_GROUP=rtpengine -LOG_STDERR=yes -EOF - ) > /etc/default/rtpengine.conf + cp -f ${DSIP_PROJECT_DIR}/rtpengine/configs/default.conf /etc/default/rtpengine.conf # Enable and start firewalld if not already running systemctl enable firewalld systemctl start firewalld - if (( $? != 0 )); then + if (( $? != 0 )) && (( ${DISTRO_VER} == 7 )); then # fix for bug: https://bugzilla.redhat.com/show_bug.cgi?id=1575845 systemctl restart dbus systemctl restart firewalld @@ -251,6 +253,10 @@ EOF systemctl restart systemd-logind fi + # give rtpengine permissions in selinux + semanage port -a -t rtp_media_port_t -p udp ${RTP_PORT_MIN}-${RTP_PORT_MAX} || + semanage port -m -t rtp_media_port_t -p udp ${RTP_PORT_MIN}-${RTP_PORT_MAX} + # Setup Firewall rules for RTPEngine firewall-cmd --zone=public --add-port=${RTP_PORT_MIN}-${RTP_PORT_MAX}/udp --permanent firewall-cmd --reload @@ -263,57 +269,59 @@ EOF # Setup logrotate cp -f ${DSIP_PROJECT_DIR}/resources/logrotate/rtpengine /etc/logrotate.d/rtpengine - # Setup Firewall rules for RTPEngine - firewall-cmd --zone=public --add-port=${RTP_PORT_MIN}-${RTP_PORT_MAX}/udp --permanent - firewall-cmd --reload - # Setup tmp files - echo "d /var/run/rtpengine.pid 0755 rtpengine rtpengine - -" > /etc/tmpfiles.d/rtpengine.conf + echo "d /run/rtpengine/rtpengine.pid 0755 rtpengine rtpengine - -" > /etc/tmpfiles.d/rtpengine.conf # Reconfigure systemd service files - rm -f /lib/systemd/system/rtpengine.service 2>/dev/null - cp -f ${DSIP_PROJECT_DIR}/rtpengine/systemd/rtpengine-v1.service /lib/systemd/system/rtpengine.service - cp -f ${DSIP_PROJECT_DIR}/rtpengine/rtpengine-{start-pre,stop-post} /usr/sbin/ - chmod +x /usr/sbin/rtpengine-{start-pre,stop-post} /usr/bin/rtpengine - - # Reload systemd configs + if (( ${DISTRO_VER} > 7 )); then + cp -f ${DSIP_PROJECT_DIR}/rtpengine/systemd/rtpengine-v3.service /lib/systemd/system/rtpengine.service + else + cp -f ${DSIP_PROJECT_DIR}/rtpengine/systemd/rtpengine-v2.service /lib/systemd/system/rtpengine.service + fi + chmod 644 /lib/systemd/system/rtpengine.service systemctl daemon-reload - # Enable the RTPEngine to start during boot systemctl enable rtpengine - # Start RTPEngine - systemctl start rtpengine - - # Start manually if the service fails to start - if [ $? -ne 0 ]; then - /usr/bin/rtpengine --config-file=${SYSTEM_RTPENGINE_CONFIG_FILE} --pidfile=/var/run/rtpengine/rtpengine.pid - fi - # File to signify that the install happened - if [ $? -eq 0 ]; then - touch ${DSIP_PROJECT_DIR}/.rtpengineinstalled - printdbg "RTPEngine has been installed!" + # preliminary check that rtpengine actually installed + if cmdExists rtpengine; then + return 0 else - printerr "FAILED: RTPEngine could not be installed!" + return 1 fi } # Remove RTPEngine function uninstall { systemctl stop rtpengine + systemctl disable rtpengine + rm -f /{etc,lib}/systemd/system/rtpengine.service 2>/dev/null + systemctl daemon-reload + + yum remove -y ngcp-rtpengine\* + rm -f /usr/bin/rtpengine rm -f /etc/rsyslog.d/rtpengine.conf rm -f /etc/logrotate.d/rtpengine - printdbg "Removed RTPEngine for $DISTRO" + + # remove our selinux changes + semanage port -D -t rtp_media_port_t -p udp + + # remove our firewall changes + firewall-cmd --zone=public --remove-port=${RTP_PORT_MIN}-${RTP_PORT_MAX}/udp --permanent + firewall-cmd --reload + + return 0 } case "$1" in - uninstall|remove) - uninstall && exit 0 - ;; install) - install && exit 0 + install && exit 0 || exit 1 + ;; + uninstall) + uninstall && exit 0 || exit 1 ;; *) - printerr "usage $0 [install | uninstall]" && exit 1 + printerr "Usage: $0 [install | uninstall]" + exit 1 ;; esac diff --git a/rtpengine/amzn/install.sh b/rtpengine/amzn/install.sh index 89a56ef4..ca7e199c 100755 --- a/rtpengine/amzn/install.sh +++ b/rtpengine/amzn/install.sh @@ -106,7 +106,7 @@ function install { if (( $? != 0 )); then printerr "Could not install the required libraries for RTPEngine" - exit 1 + return 1 fi yum install -y kernel-devel-${OS_KERNEL} kernel-headers-${OS_KERNEL} || { @@ -118,7 +118,7 @@ function install { if (( $? != 0 )); then printerr "Could not install kernel headers" - exit 1 + return 1 fi # link latest version of cmake @@ -355,7 +355,7 @@ function install { if (( $? != 0 )); then printerr "Problems occurred compiling rtpengine" - exit 1 + return 1 fi # make sure RTPEngine kernel module configured @@ -363,20 +363,13 @@ function install { if rpm -qa | grep -q "kernel-headers-$(uname -r)"; then if [[ -z "$(find /lib/modules/${OS_KERNEL}/ -name 'xt_RTPENGINE.ko' 2>/dev/null)" ]]; then printerr "Problem installing RTPEngine kernel module" - exit 1 + return 1 fi fi # ensure config dirs exist - mkdir -p /var/run/rtpengine ${SYSTEM_RTPENGINE_CONFIG_DIR} - chown -R rtpengine:rtpengine /var/run/rtpengine - - # rtpengine config file - # ref example config: https://github.com/sipwise/rtpengine/blob/master/etc/rtpengine.sample.conf - # TODO: move from 2 separate config files to generating entire config - # 1st we should change to generating config using rtpengine-start-pre - # eventually we should create a config parser similar to how kamailio config is parsed - cp -f ${DSIP_PROJECT_DIR}/rtpengine/configs/rtpengine.conf ${SYSTEM_RTPENGINE_CONFIG_FILE} + mkdir -p /run/rtpengine ${SYSTEM_RTPENGINE_CONFIG_DIR} + chown -R rtpengine:rtpengine /run/rtpengine # setup rtpengine defaults file cp -f ${DSIP_PROJECT_DIR}/rtpengine/configs/default.conf /etc/default/rtpengine.conf @@ -421,17 +414,17 @@ function install { # preliminary check that rtpengine actually installed if cmdExists rtpengine; then - exit 0 + return 0 else - exit 1 + return 1 fi } # Remove RTPEngine function uninstall { - systemctl disable rtpengine systemctl stop rtpengine - rm -f /lib/systemd/system/rtpengine.service + systemctl disable rtpengine + rm -f /{etc,lib}/systemd/system/rtpengine.service 2>/dev/null systemctl daemon-reload yum remove -y ngcp-rtpengine\* @@ -447,23 +440,22 @@ function uninstall { ) done - # check that rtpengine actually uninstalled - if ! cmdExists rtpengine; then - exit 0 - else - exit 1 - fi + # remove our firewall changes + firewall-cmd --zone=public --remove-port=${RTP_PORT_MIN}-${RTP_PORT_MAX}/udp --permanent + firewall-cmd --reload + + return 0 } case "$1" in - uninstall) - uninstall - ;; install) - install + install && exit 0 || exit 1 + ;; + uninstall) + uninstall && exit 0 || exit 1 ;; *) - printerr "usage $0 [install | uninstall]" + printerr "Usage: $0 [install | uninstall]" exit 1 ;; esac diff --git a/rtpengine/centos/install.sh b/rtpengine/centos/install.sh index 83cae9ff..f920fb15 100755 --- a/rtpengine/centos/install.sh +++ b/rtpengine/centos/install.sh @@ -135,7 +135,7 @@ function install { if (( $? != 0 )); then printerr "Could not install the required libraries for RTPEngine" - exit 1 + return 1 fi if (( ${DISTRO_VER} >= 8 )); then @@ -158,7 +158,7 @@ function install { if (( $? != 0 )); then printerr "Could not install kernel headers" - exit 1 + return 1 fi BUILD_KERN_VERSIONS=$(joinwith '' ',' '' $(rpm -q kernel-headers | sed 's/kernel-headers-//g')) @@ -238,7 +238,7 @@ function install { if (( $? != 0 )); then printerr "Problems occurred compiling rtpengine" - exit 1 + return 1 fi # warn user if kernel module not loaded yet @@ -247,16 +247,9 @@ function install { fi # ensure config dirs exist - mkdir -p /var/run/rtpengine ${SYSTEM_RTPENGINE_CONFIG_DIR} + mkdir -p /run/rtpengine ${SYSTEM_RTPENGINE_CONFIG_DIR} chown -R rtpengine:rtpengine /run/rtpengine - # rtpengine config file - # ref example config: https://github.com/sipwise/rtpengine/blob/master/etc/rtpengine.sample.conf - # TODO: move from 2 separate config files to generating entire config - # 1st we should change to generating config using rtpengine-start-pre - # eventually we should create a config parser similar to how kamailio config is parsed - cp -f ${DSIP_PROJECT_DIR}/rtpengine/configs/rtpengine.conf ${SYSTEM_RTPENGINE_CONFIG_FILE} - # setup rtpengine defaults file cp -f ${DSIP_PROJECT_DIR}/rtpengine/configs/default.conf /etc/default/rtpengine.conf @@ -292,30 +285,31 @@ function install { echo "d /run/rtpengine/rtpengine.pid 0755 rtpengine rtpengine - -" > /etc/tmpfiles.d/rtpengine.conf # Reconfigure systemd service files - rm -f /lib/systemd/system/rtpengine.service 2>/dev/null if (( ${DISTRO_VER} > 7 )); then cp -f ${DSIP_PROJECT_DIR}/rtpengine/systemd/rtpengine-v3.service /lib/systemd/system/rtpengine.service else cp -f ${DSIP_PROJECT_DIR}/rtpengine/systemd/rtpengine-v2.service /lib/systemd/system/rtpengine.service fi - - # Reload systemd configs + chmod 644 /lib/systemd/system/rtpengine.service systemctl daemon-reload - # Enable the RTPEngine to start during boot systemctl enable rtpengine # preliminary check that rtpengine actually installed if cmdExists rtpengine; then - exit 0 + return 0 else - exit 1 + return 1 fi } # Remove RTPEngine function uninstall { - systemctl disable rtpengine systemctl stop rtpengine + systemctl disable rtpengine + rm -f /{etc,lib}/systemd/system/rtpengine.service 2>/dev/null + systemctl daemon-reload + + yum remove -y ngcp-rtpengine\* rm -f /usr/bin/rtpengine rm -f /etc/rsyslog.d/rtpengine.conf @@ -328,18 +322,18 @@ function uninstall { firewall-cmd --zone=public --remove-port=${RTP_PORT_MIN}-${RTP_PORT_MAX}/udp --permanent firewall-cmd --reload - printdbg "Removed RTPEngine for $DISTRO" + return 0 } case "$1" in - uninstall|remove) - uninstall && exit 0 - ;; install) - install && exit 0 + install && exit 0 || exit 1 + ;; + uninstall) + uninstall && exit 0 || exit 1 ;; *) - printerr "usage $0 [install | uninstall]" && exit 1 + printerr "Usage: $0 [install | uninstall]" + exit 1 ;; esac - diff --git a/rtpengine/debian/install.sh b/rtpengine/debian/install.sh index 5f8199ce..a9196d57 100755 --- a/rtpengine/debian/install.sh +++ b/rtpengine/debian/install.sh @@ -123,7 +123,7 @@ function install { if (( $? != 0 )); then printerr "Problem with installing the required libraries for RTPEngine" - exit 1 + return 1 fi # try installing kernel dev headers in the following order: @@ -144,7 +144,7 @@ function install { # debian ver <= 10 has package conflicts with some older kernels so allow userspace forwarding if (( $? != 0 && ${DISTRO_VER} > 10 )); then printerr "Problems occurred installing one or more kernel headers" - exit 1 + return 1 fi ## compile and install RTPEngine as a DEB package @@ -187,7 +187,7 @@ function install { if (( $? != 0 )); then printerr "Problem installing RTPEngine DEB's" - exit 1 + return 1 fi # make sure RTPEngine kernel module configured @@ -195,17 +195,16 @@ function install { if (( ${DISTRO_VER} > 10 )); then if [[ -z "$(find /lib/modules/${OS_KERNEL}/ -name 'xt_RTPENGINE.ko' 2>/dev/null)" ]]; then printerr "Problem installing RTPEngine kernel module" - exit 1 + return 1 fi fi # ensure config dirs exist - mkdir -p /var/run/rtpengine ${SYSTEM_RTPENGINE_CONFIG_DIR} - chown -R rtpengine:rtpengine /var/run/rtpengine + mkdir -p /run/rtpengine ${SYSTEM_RTPENGINE_CONFIG_DIR} + chown -R rtpengine:rtpengine /run/rtpengine - # rtpengine config file - # ref example config: https://github.com/sipwise/rtpengine/blob/master/etc/rtpengine.sample.conf - cp -f ${DSIP_PROJECT_DIR}/rtpengine/configs/rtpengine.conf ${SYSTEM_RTPENGINE_CONFIG_FILE} + # allow root to fix permissions before starting services (required to work with SELinux enabled) + usermod -a -G rtpengine root # setup rtpengine defaults file cp -f ${DSIP_PROJECT_DIR}/rtpengine/configs/default.conf /etc/default/rtpengine.conf @@ -230,49 +229,46 @@ function install { echo "d /var/run/rtpengine.pid 0755 rtpengine rtpengine - -" > /etc/tmpfiles.d/rtpengine.conf # Reconfigure systemd service files - rm -f /lib/systemd/system/rtpengine.service 2>/dev/null cp -f ${DSIP_PROJECT_DIR}/rtpengine/systemd/rtpengine-v3.service /lib/systemd/system/rtpengine.service - - # Reload systemd configs + chmod 644 /lib/systemd/system/rtpengine.service systemctl daemon-reload - # Enable the RTPEngine to start during boot systemctl enable rtpengine # preliminary check that rtpengine actually installed if cmdExists rtpengine; then - exit 0 + return 0 else - exit 1 + return 1 fi } # Remove RTPEngine function uninstall { - systemctl disable rtpengine systemctl stop rtpengine - rm -f /lib/systemd/system/rtpengine.service + systemctl disable rtpengine + rm -f /{etc,lib}/systemd/system/rtpengine.service 2>/dev/null systemctl daemon-reload apt-get remove -y ngcp-rtpengine\* rm -f /usr/sbin/rtpengine* /usr/bin/rtpengine /etc/rsyslog.d/rtpengine.conf /etc/logrotate.d/rtpengine - # check that rtpengine actually uninstalled - if ! cmdExists rtpengine; then - exit 0 - else - exit 1 - fi + # remove our firewall changes + firewall-cmd --zone=public --remove-port=${RTP_PORT_MIN}-${RTP_PORT_MAX}/udp --permanent + firewall-cmd --reload + + return 0 } case "$1" in - uninstall|remove) - uninstall - ;; install) - install + install && exit 0 || exit 1 + ;; + uninstall) + uninstall && exit 0 || exit 1 ;; *) - printerr "usage $0 [install | uninstall]" && exit 1 + printerr "Usage: $0 [install | uninstall]" + exit 1 ;; esac diff --git a/rtpengine/rhel/install.sh b/rtpengine/rhel/install.sh index 3c50810e..27d48c17 100755 --- a/rtpengine/rhel/install.sh +++ b/rtpengine/rhel/install.sh @@ -33,118 +33,103 @@ function install { printerr "Problem with installing the required libraries for RTPEngine" exit 1 fi + BUILD_KERN_VERSIONS=$(joinwith '' ',' '' $(rpm -q kernel-headers | sed 's/kernel-headers-//g')) + + # rtpengine >= mr11.3.1.1 requires curl >= 7.43.0 + if versionCompare "$(tr -d '[a-zA-Z]' <<<"$RTPENGINE_VER")" gteq "11.3.1.1"; then + if versionCompare "$(curl -V | head -1 | awk '{print $2}')" lt "7.43.0"; then + printdbg 'curl version is not recent enough.. compiling curl 7.8.0' + if [[ ! -d ${SRC_DIR}/curl ]]; then + ( + cd ${SRC_DIR} && + curl -sL https://curl.haxx.se/download/curl-7.80.0.tar.gz 2>/dev/null | + tar -xzf - --transform 's%curl-7.80.0%curl%'; + ) + fi + ( + cd ${SRC_DIR}/curl && + ./configure --prefix=/usr --libdir=/usr/lib64 --with-ssl && + make -j $NRPOC && + make -j $NPROC install && + ldconfig + ) + if (( $? != 0 )); then + printerr 'Failed to compile curl' + return 1 + fi + fi + fi - # create rtpengine user and group - # sometimes locks aren't properly removed (this seems to happen often on VM's) - rm -f /etc/passwd.lock /etc/shadow.lock /etc/group.lock /etc/gshadow.lock - useradd --system --user-group --shell /bin/false --comment "RTPengine RTP Proxy" rtpengine - - # Make and Configure RTPEngine - cd ${SRC_DIR} - rm -rf rtpengine.bak 2>/dev/null - mv -f rtpengine rtpengine.bak 2>/dev/null - git clone https://github.com/sipwise/rtpengine.git -b ${RTPENGINE_VER} - cd rtpengine - - RTPENGINE_RPM_VER=$(grep -oP 'Version:.+?\K[\w\.\~\+]+' ./el/rtpengine.spec) - if (( $(echo "$RTPENGINE_VER" | perl -0777 -pe 's|mr(\d+\.\d+)\.(\d+)\.(\d+)|\1\2\3 >= 6.511|gm' | bc -l) )); then - PREFIX="rtpengine-${RTPENGINE_RPM_VER}/" + # reuse repo if it exists and matches version we want to install + if [[ -d ${SRC_DIR}/rtpengine ]]; then + if [[ "$(getGitTagFromShallowRepo ${SRC_DIR}/rtpengine)" != "${RTPENGINE_VER}" ]]; then + rm -rf ${SRC_DIR}/rtpengine + git clone --depth 1 -c advice.detachedHead=false -b ${RTPENGINE_VER} https://github.com/sipwise/rtpengine.git ${SRC_DIR}/rtpengine + fi else - PREFIX="ngcp-rtpengine-${RTPENGINE_RPM_VER}/" + git clone --depth 1 -c advice.detachedHead=false -b ${RTPENGINE_VER} https://github.com/sipwise/rtpengine.git ${SRC_DIR}/rtpengine fi - RPM_BUILD_ROOT="${HOME}/rpmbuild" - rm -rf ${RPM_BUILD_ROOT} - mkdir -p ${RPM_BUILD_ROOT}/SOURCES - git archive --output ${RPM_BUILD_ROOT}/SOURCES/ngcp-rtpengine-${RTPENGINE_RPM_VER}.tar.gz --prefix=${PREFIX} ${RTPENGINE_VER} - # fix for rpm build path issue - perl -i -pe 's|(%define archname) rtpengine-mr|\1 rtpengine-|' ./el/rtpengine.spec - # build the RPM's - rpmbuild -ba ./el/rtpengine.spec - # install the RPM's - yum localinstall -y ${RPM_BUILD_ROOT}/RPMS/${OS_ARCH}/ngcp-rtpengine-${RTPENGINE_RPM_VER}*.rpm \ - ${RPM_BUILD_ROOT}/RPMS/noarch/ngcp-rtpengine-dkms-${RTPENGINE_RPM_VER}*.rpm \ - ${RPM_BUILD_ROOT}/RPMS/${OS_ARCH}/ngcp-rtpengine-kernel-${RTPENGINE_RPM_VER}*.rpm -# ${RPM_BUILD_ROOT}/RPMS/${OS_ARCH}/ngcp-rtpengine-recording-${RTPENGINE_RPM_VER}*.rpm - - if (( $? != 0 )); then - printerr "Problem installing RTPEngine RPM's" - exit 1 + # apply our patches + ( + cd ${SRC_DIR}/rtpengine && + patch -p1 -N <${DSIP_PROJECT_DIR}/rtpengine/el-${RTPENGINE_VER}.patch + ) + if (( $? > 1 )); then + printerr 'Failed patching RTPEngine files prior to build' + return 1 fi - # ensure config dirs exist - mkdir -p /var/run/rtpengine ${SYSTEM_RTPENGINE_CONFIG_DIR} - chown -R rtpengine:rtpengine /var/run/rtpengine + RTPENGINE_RPM_VER=$(grep -oP 'Version:.+?\K[\w\.\~\+]+' ${SRC_DIR}/rtpengine/el/rtpengine.spec) + RPM_BUILD_ROOT="${HOME}/rpmbuild" + rm -rf ${RPM_BUILD_ROOT} 2>/dev/null + mkdir -p ${RPM_BUILD_ROOT}/SOURCES && + ( + cd ${SRC_DIR} && + tar -czf ${RPM_BUILD_ROOT}/SOURCES/ngcp-rtpengine-${RTPENGINE_RPM_VER}.tar.gz \ + --transform="s%^rtpengine%ngcp-rtpengine-$RTPENGINE_RPM_VER%g" rtpengine/ && + echo "%__make $(which make) -j $NPROC" >~/.rpmmacros && + # fix for BUG: "exec_prefix: command not found" + function exec_prefix() { echo -n '/usr'; } && export -f exec_prefix && + # build the RPM's + rpmbuild -ba --define "kversion $BUILD_KERN_VERSIONS" ${SRC_DIR}/rtpengine/el/rtpengine.spec && + rm -f ~/.rpmmacros && unset -f exec_prefix && + systemctl mask ngcp-rtpengine-daemon.service + + # install the RPM's + if (( ${DISTRO_VER} >= 8 )); then + dnf install -y ${RPM_BUILD_ROOT}/RPMS/${OS_ARCH}/ngcp-rtpengine-${RTPENGINE_RPM_VER}*.rpm \ + ${RPM_BUILD_ROOT}/RPMS/noarch/ngcp-rtpengine-dkms-${RTPENGINE_RPM_VER}*.rpm \ + ${RPM_BUILD_ROOT}/RPMS/${OS_ARCH}/ngcp-rtpengine-kernel-${RTPENGINE_RPM_VER}*.rpm + else + yum localinstall -y ${RPM_BUILD_ROOT}/RPMS/${OS_ARCH}/ngcp-rtpengine-${RTPENGINE_RPM_VER}*.rpm \ + ${RPM_BUILD_ROOT}/RPMS/noarch/ngcp-rtpengine-dkms-${RTPENGINE_RPM_VER}*.rpm \ + ${RPM_BUILD_ROOT}/RPMS/${OS_ARCH}/ngcp-rtpengine-kernel-${RTPENGINE_RPM_VER}*.rpm + fi + ) - # Configure RTPEngine to support kernel packet forwarding - cd ${SRC_DIR}/rtpengine/kernel-module && - make && - cp -f xt_RTPENGINE.ko /lib/modules/${OS_KERNEL}/updates/ && if (( $? != 0 )); then - printerr "Problem installing RTPEngine kernel-module" - exit 1 + printerr "Problems occurred compiling rtpengine" + return 1 fi - # Remove RTPEngine kernel module if previously inserted - if lsmod | grep 'xt_RTPENGINE'; then - rmmod xt_RTPENGINE - fi - # Load new RTPEngine kernel module - depmod -a && - modprobe xt_RTPENGINE - - # set the forwarding table for the kernel module - echo 'add 0' > /proc/rtpengine/control - iptables -I INPUT -p udp -j RTPENGINE --id 0 - ip6tables -I INPUT -p udp -j RTPENGINE --id 0 - - if (( ${SERVERNAT:-0} == 0 )); then - INTERFACE="ipv4/${INTERNAL_IP}" - if (( ${IPV6_ENABLED} == 1 )); then - INTERFACE="${INTERFACE}; ipv6/${INTERNAL_IP6}" - fi - else - INTERFACE="ipv4/${INTERNAL_IP}!${EXTERNAL_IP}" - if (( ${IPV6_ENABLED} == 1 )); then - INTERFACE="${INTERFACE}; ipv6/${INTERNAL_IP6}!${EXTERNAL_IP6}" - fi + # warn user if kernel module not loaded yet + if (( $REBOOT_REQUIRED == 1 )); then + printwarn "A reboot is required to load the RTPEngine kernel module" fi - # rtpengine config file - # set table = 0 for kernel packet forwarding - (cat << EOF -[rtpengine] -table = 0 -interface = ${INTERFACE} -listen-ng = 127.0.0.1:7722 -port-min = ${RTP_PORT_MIN} -port-max = ${RTP_PORT_MAX} -log-level = 7 -log-facility = local1 -log-facility-cdr = local1 -log-facility-rtcp = local1 -EOF - ) > ${SYSTEM_RTPENGINE_CONFIG_FILE} + # ensure config dirs exist + mkdir -p /run/rtpengine ${SYSTEM_RTPENGINE_CONFIG_DIR} + chown -R rtpengine:rtpengine /run/rtpengine # setup rtpengine defaults file - (cat << 'EOF' -RUN_RTPENGINE=yes -CONFIG_FILE=/etc/rtpengine/rtpengine.conf -# CONFIG_SECTION=rtpengine -PIDFILE=/var/run/rtpengine/rtpengine.pid -MANAGE_IPTABLES=yes -TABLE=0 -SET_USER=rtpengine -SET_GROUP=rtpengine -LOG_STDERR=yes -EOF - ) > /etc/default/rtpengine.conf + cp -f ${DSIP_PROJECT_DIR}/rtpengine/configs/default.conf /etc/default/rtpengine.conf # Enable and start firewalld if not already running systemctl enable firewalld systemctl start firewalld - if (( $? != 0 )); then + if (( $? != 0 )) && (( ${DISTRO_VER} == 7 )); then # fix for bug: https://bugzilla.redhat.com/show_bug.cgi?id=1575845 systemctl restart dbus systemctl restart firewalld @@ -152,6 +137,10 @@ EOF systemctl restart systemd-logind fi + # give rtpengine permissions in selinux + semanage port -a -t rtp_media_port_t -p udp ${RTP_PORT_MIN}-${RTP_PORT_MAX} || + semanage port -m -t rtp_media_port_t -p udp ${RTP_PORT_MIN}-${RTP_PORT_MAX} + # Setup Firewall rules for RTPEngine firewall-cmd --zone=public --add-port=${RTP_PORT_MIN}-${RTP_PORT_MAX}/udp --permanent firewall-cmd --reload @@ -164,57 +153,55 @@ EOF # Setup logrotate cp -f ${DSIP_PROJECT_DIR}/resources/logrotate/rtpengine /etc/logrotate.d/rtpengine - # Setup Firewall rules for RTPEngine - firewall-cmd --zone=public --add-port=${RTP_PORT_MIN}-${RTP_PORT_MAX}/udp --permanent - firewall-cmd --reload - # Setup tmp files - echo "d /var/run/rtpengine.pid 0755 rtpengine rtpengine - -" > /etc/tmpfiles.d/rtpengine.conf + echo "d /run/rtpengine/rtpengine.pid 0755 rtpengine rtpengine - -" > /etc/tmpfiles.d/rtpengine.conf # Reconfigure systemd service files - rm -f /lib/systemd/system/rtpengine.service 2>/dev/null cp -f ${DSIP_PROJECT_DIR}/rtpengine/systemd/rtpengine-v1.service /lib/systemd/system/rtpengine.service + chmod 644 /lib/systemd/system/rtpengine.service cp -f ${DSIP_PROJECT_DIR}/rtpengine/rtpengine-{start-pre,stop-post} /usr/sbin/ chmod +x /usr/sbin/rtpengine-{start-pre,stop-post} /usr/bin/rtpengine - - # Reload systemd configs systemctl daemon-reload - # Enable the RTPEngine to start during boot systemctl enable rtpengine - # Start RTPEngine - systemctl start rtpengine - - # Start manually if the service fails to start - if [ $? -ne 0 ]; then - /usr/bin/rtpengine --config-file=${SYSTEM_RTPENGINE_CONFIG_FILE} --pidfile=/var/run/rtpengine/rtpengine.pid - fi - # File to signify that the install happened - if [ $? -eq 0 ]; then - touch ${DSIP_PROJECT_DIR}/.rtpengineinstalled - printdbg "RTPEngine has been installed!" + # preliminary check that rtpengine actually installed + if cmdExists rtpengine; then + return 0 else - printerr "FAILED: RTPEngine could not be installed!" + return 1 fi } # Remove RTPEngine function uninstall { systemctl stop rtpengine + systemctl disable rtpengine + rm -f /{etc,lib}/systemd/system/rtpengine.service 2>/dev/null + systemctl daemon-reload + + yum remove -y ngcp-rtpengine\* + + rm -f /usr/sbin/rtpengine-{start-pre,stop-post} rm -f /usr/bin/rtpengine rm -f /etc/rsyslog.d/rtpengine.conf rm -f /etc/logrotate.d/rtpengine - printdbg "Removed RTPEngine for $DISTRO" + + # remove our firewall changes + firewall-cmd --zone=public --remove-port=${RTP_PORT_MIN}-${RTP_PORT_MAX}/udp --permanent + firewall-cmd --reload + + return 0 } case "$1" in - uninstall|remove) - uninstall && exit 0 - ;; install) - install && exit 0 + install && exit 0 || exit 1 + ;; + uninstall) + uninstall && exit 0 || exit 1 ;; *) - printerr "usage $0 [install | uninstall]" && exit 1 + printerr "Usage: $0 [install | uninstall]" + exit 1 ;; esac diff --git a/rtpengine/rocky/install.sh b/rtpengine/rocky/install.sh index 89f06f76..d6c6ddf5 100755 --- a/rtpengine/rocky/install.sh +++ b/rtpengine/rocky/install.sh @@ -83,33 +83,49 @@ function rpmSearch() { fi } - # try installing in the following order: - # 1: headers from repos - # 2: headers from rpmfind.net (updates branch) - # 3: headers from rpmfind.net (os branch) - # 4: headers from linuxsoft.cern.ch (updates branch) - # 5: headers from linuxsoft.cern.ch (os branch) - function installKernelDevHeaders { - local OS_VER="$(cat /etc/redhat-release | cut -d ' ' -f 4)" - local OS_ARCH="$(uname -m)" - local OS_KERNEL="$(uname -r)" - +# try installing in the following order: +# 1: headers from repos +# 2: headers from rpmfind.net (updates branch) +# 3: headers from rpmfind.net (os branch) +# 4: headers from linuxsoft.cern.ch (updates branch) +# 5: headers from linuxsoft.cern.ch (os branch) +function installKernelDevHeaders { + local DISTRO_VER="$DISTRO_VER" + local OS_ARCH="$OS_ARCH" + local OS_KERNEL="$OS_KERNEL" + + if (( ${DISTRO_VER} >= 8 )); then + dnf install -y kernel-devel-${OS_KERNEL} kernel-headers-${OS_KERNEL} || + dnf install -y https://rpmfind.net/linux/centos/${DISTRO_VER}/updates/${OS_ARCH}/Packages/kernel-devel-${OS_KERNEL}.rpm \ + https://rpmfind.net/linux/centos/${DISTRO_VER}/updates/${OS_ARCH}/Packages/kernel-headers-${OS_KERNEL}.rpm || + dnf install -y https://rpmfind.net/linux/centos/${DISTRO_VER}/os/${OS_ARCH}/Packages/kernel-devel-${OS_KERNEL}.rpm \ + https://rpmfind.net/linux/centos/${DISTRO_VER}/os/${OS_ARCH}/Packages/kernel-headers-${OS_KERNEL}.rpm || + dnf install -y https://linuxsoft.cern.ch/cern/centos/${DISTRO_VER}/updates/${OS_ARCH}/Packages/kernel-devel-${OS_KERNEL}.rpm \ + https://linuxsoft.cern.ch/cern/centos/${DISTRO_VER}/updates/${OS_ARCH}/Packages/kernel-headers-${OS_KERNEL}.rpm || + dnf install -y https://linuxsoft.cern.ch/cern/centos/${DISTRO_VER}/os/${OS_ARCH}/Packages/kernel-devel-${OS_KERNEL}.rpm \ + https://linuxsoft.cern.ch/cern/centos/${DISTRO_VER}/os/${OS_ARCH}/Packages/kernel-headers-${OS_KERNEL}.rpm + else yum install -y kernel-devel-${OS_KERNEL} kernel-headers-${OS_KERNEL} || - yum install -y https://rpmfind.net/linux/centos/${OS_VER}/updates/${OS_ARCH}/Packages/kernel-devel-${OS_KERNEL}.rpm \ - https://rpmfind.net/linux/centos/${OS_VER}/updates/${OS_ARCH}/Packages/kernel-headers-${OS_KERNEL}.rpm || - yum install -y https://rpmfind.net/linux/centos/${OS_VER}/os/${OS_ARCH}/Packages/kernel-devel-${OS_KERNEL}.rpm \ - https://rpmfind.net/linux/centos/${OS_VER}/os/${OS_ARCH}/Packages/kernel-headers-${OS_KERNEL}.rpm || - yum install -y https://linuxsoft.cern.ch/cern/centos/${OS_VER}/updates/${OS_ARCH}/Packages/kernel-devel-${OS_KERNEL}.rpm \ - https://linuxsoft.cern.ch/cern/centos/${OS_VER}/updates/${OS_ARCH}/Packages/kernel-headers-${OS_KERNEL}.rpm || - yum install -y https://linuxsoft.cern.ch/cern/centos/${OS_VER}/os/${OS_ARCH}/Packages/kernel-devel-${OS_KERNEL}.rpm \ - https://linuxsoft.cern.ch/cern/centos/${OS_VER}/os/${OS_ARCH}/Packages/kernel-headers-${OS_KERNEL}.rpm - } + yum install -y https://rpmfind.net/linux/centos/${DISTRO_VER}/updates/${OS_ARCH}/Packages/kernel-devel-${OS_KERNEL}.rpm \ + https://rpmfind.net/linux/centos/${DISTRO_VER}/updates/${OS_ARCH}/Packages/kernel-headers-${OS_KERNEL}.rpm || + yum install -y https://rpmfind.net/linux/centos/${DISTRO_VER}/os/${OS_ARCH}/Packages/kernel-devel-${OS_KERNEL}.rpm \ + https://rpmfind.net/linux/centos/${DISTRO_VER}/os/${OS_ARCH}/Packages/kernel-headers-${OS_KERNEL}.rpm || + yum install -y https://linuxsoft.cern.ch/cern/centos/${DISTRO_VER}/updates/${OS_ARCH}/Packages/kernel-devel-${OS_KERNEL}.rpm \ + https://linuxsoft.cern.ch/cern/centos/${DISTRO_VER}/updates/${OS_ARCH}/Packages/kernel-headers-${OS_KERNEL}.rpm || + yum install -y https://linuxsoft.cern.ch/cern/centos/${DISTRO_VER}/os/${OS_ARCH}/Packages/kernel-devel-${OS_KERNEL}.rpm \ + https://linuxsoft.cern.ch/cern/centos/${DISTRO_VER}/os/${OS_ARCH}/Packages/kernel-headers-${OS_KERNEL}.rpm + fi +} # compile and install rtpengine from RPM's function install { + local RTPENGINE_RPM_VER BUILD_KERN_VERSIONS + local REBOOT_REQUIRED=0 local OS_ARCH=$(uname -m) local OS_KERNEL=$(uname -r) local RHEL_BASE_VER=$(rpm -E %{rhel}) + local DISTRO_VER="$(cat /etc/redhat-release | cut -d ' ' -f 4)" + local NPROC=$(nproc) # Install required libraries yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm @@ -125,125 +141,111 @@ function install { gperf gperftools gperftools-devel gperftools-libs gzip mariadb-devel perl-Config-Tiny spandsp \ $(rpmSearch -d centos -a x86_64 -f el7 librabbitmq) $(rpmSearch -d centos -a x86_64 -f el7 librabbitmq-devel) \ libbluray-devel libavcodec-devel libavformat-devel libavutil-devel libswresample-devel libavfilter-devel ffmpeg ffmpeg-devel \ - libjpeg-turbo-devel mosquitto-devel - yum install -y kernel-devel-${OS_KERNEL} kernel-headers-${OS_KERNEL} + libjpeg-turbo-devel mosquitto-devel && + installKernelDevHeaders if (( $? != 0 )); then printerr "Problem with installing the required libraries for RTPEngine" exit 1 fi - # create rtpengine user and group - # sometimes locks aren't properly removed (this seems to happen often on VM's) - rm -f /etc/passwd.lock /etc/shadow.lock /etc/group.lock /etc/gshadow.lock - useradd --system --user-group --shell /bin/false --comment "RTPengine RTP Proxy" rtpengine - - # Make and Configure RTPEngine - cd ${SRC_DIR} - rm -rf rtpengine.bak 2>/dev/null - mv -f rtpengine rtpengine.bak 2>/dev/null - git clone https://github.com/sipwise/rtpengine.git -b ${RTPENGINE_VER} - cd rtpengine - - RTPENGINE_RPM_VER=$(grep -oP 'Version:.+?\K[\w\.\~\+]+' ./el/rtpengine.spec) - if (( $(echo "$RTPENGINE_VER" | perl -0777 -pe 's|mr(\d+\.\d+)\.(\d+)\.(\d+)|\1\2\3 >= 6.511|gm' | bc -l) )); then - PREFIX="rtpengine-${RTPENGINE_RPM_VER}/" - else - PREFIX="ngcp-rtpengine-${RTPENGINE_RPM_VER}/" + BUILD_KERN_VERSIONS=$(joinwith '' ',' '' $(rpm -q kernel-headers | sed 's/kernel-headers-//g')) + + # rtpengine >= mr11.3.1.1 requires curl >= 7.43.0 + if versionCompare "$(tr -d '[a-zA-Z]' <<<"$RTPENGINE_VER")" gteq "11.3.1.1"; then + if versionCompare "$(curl -V | head -1 | awk '{print $2}')" lt "7.43.0"; then + printdbg 'curl version is not recent enough.. compiling curl 7.8.0' + if [[ ! -d ${SRC_DIR}/curl ]]; then + ( + cd ${SRC_DIR} && + curl -sL https://curl.haxx.se/download/curl-7.80.0.tar.gz 2>/dev/null | + tar -xzf - --transform 's%curl-7.80.0%curl%'; + ) + fi + ( + cd ${SRC_DIR}/curl && + ./configure --prefix=/usr --libdir=/usr/lib64 --with-ssl && + make -j $NRPOC && + make -j $NPROC install && + ldconfig + ) + if (( $? != 0 )); then + printerr 'Failed to compile curl' + return 1 + fi + fi fi - RPM_BUILD_ROOT="${HOME}/rpmbuild" - rm -rf ${RPM_BUILD_ROOT} - mkdir -p ${RPM_BUILD_ROOT}/SOURCES - git archive --output ${RPM_BUILD_ROOT}/SOURCES/ngcp-rtpengine-${RTPENGINE_RPM_VER}.tar.gz --prefix=${PREFIX} ${RTPENGINE_VER} - # fix for rpm build path issue - perl -i -pe 's|(%define archname) rtpengine-mr|\1 rtpengine-|' ./el/rtpengine.spec - # build the RPM's - rpmbuild -ba ./el/rtpengine.spec - # install the RPM's - yum localinstall -y ${RPM_BUILD_ROOT}/RPMS/${OS_ARCH}/ngcp-rtpengine-${RTPENGINE_RPM_VER}*.rpm \ - ${RPM_BUILD_ROOT}/RPMS/noarch/ngcp-rtpengine-dkms-${RTPENGINE_RPM_VER}*.rpm \ - ${RPM_BUILD_ROOT}/RPMS/${OS_ARCH}/ngcp-rtpengine-kernel-${RTPENGINE_RPM_VER}*.rpm -# ${RPM_BUILD_ROOT}/RPMS/${OS_ARCH}/ngcp-rtpengine-recording-${RTPENGINE_RPM_VER}*.rpm + # reuse repo if it exists and matches version we want to install + if [[ -d ${SRC_DIR}/rtpengine ]]; then + if [[ "$(getGitTagFromShallowRepo ${SRC_DIR}/rtpengine)" != "${RTPENGINE_VER}" ]]; then + rm -rf ${SRC_DIR}/rtpengine + git clone --depth 1 -c advice.detachedHead=false -b ${RTPENGINE_VER} https://github.com/sipwise/rtpengine.git ${SRC_DIR}/rtpengine + fi + else + git clone --depth 1 -c advice.detachedHead=false -b ${RTPENGINE_VER} https://github.com/sipwise/rtpengine.git ${SRC_DIR}/rtpengine + fi - if (( $? != 0 )); then - printerr "Problem installing RTPEngine RPM's" - exit 1 + # apply our patches + ( + cd ${SRC_DIR}/rtpengine && + patch -p1 -N <${DSIP_PROJECT_DIR}/rtpengine/el-${RTPENGINE_VER}.patch + ) + if (( $? > 1 )); then + printerr 'Failed patching RTPEngine files prior to build' + return 1 fi - # ensure config dirs exist - mkdir -p /var/run/rtpengine ${SYSTEM_RTPENGINE_CONFIG_DIR} - chown -R rtpengine:rtpengine /var/run/rtpengine + RTPENGINE_RPM_VER=$(grep -oP 'Version:.+?\K[\w\.\~\+]+' ${SRC_DIR}/rtpengine/el/rtpengine.spec) + RPM_BUILD_ROOT="${HOME}/rpmbuild" + rm -rf ${RPM_BUILD_ROOT} 2>/dev/null + mkdir -p ${RPM_BUILD_ROOT}/SOURCES && + ( + cd ${SRC_DIR} && + tar -czf ${RPM_BUILD_ROOT}/SOURCES/ngcp-rtpengine-${RTPENGINE_RPM_VER}.tar.gz \ + --transform="s%^rtpengine%ngcp-rtpengine-$RTPENGINE_RPM_VER%g" rtpengine/ && + echo "%__make $(which make) -j $NPROC" >~/.rpmmacros && + # fix for BUG: "exec_prefix: command not found" + function exec_prefix() { echo -n '/usr'; } && export -f exec_prefix && + # build the RPM's + rpmbuild -ba --define "kversion $BUILD_KERN_VERSIONS" ${SRC_DIR}/rtpengine/el/rtpengine.spec && + rm -f ~/.rpmmacros && unset -f exec_prefix && + systemctl mask ngcp-rtpengine-daemon.service + + # install the RPM's + if (( ${DISTRO_VER} >= 8 )); then + dnf install -y ${RPM_BUILD_ROOT}/RPMS/${OS_ARCH}/ngcp-rtpengine-${RTPENGINE_RPM_VER}*.rpm \ + ${RPM_BUILD_ROOT}/RPMS/noarch/ngcp-rtpengine-dkms-${RTPENGINE_RPM_VER}*.rpm \ + ${RPM_BUILD_ROOT}/RPMS/${OS_ARCH}/ngcp-rtpengine-kernel-${RTPENGINE_RPM_VER}*.rpm + else + yum localinstall -y ${RPM_BUILD_ROOT}/RPMS/${OS_ARCH}/ngcp-rtpengine-${RTPENGINE_RPM_VER}*.rpm \ + ${RPM_BUILD_ROOT}/RPMS/noarch/ngcp-rtpengine-dkms-${RTPENGINE_RPM_VER}*.rpm \ + ${RPM_BUILD_ROOT}/RPMS/${OS_ARCH}/ngcp-rtpengine-kernel-${RTPENGINE_RPM_VER}*.rpm + fi + ) - # Configure RTPEngine to support kernel packet forwarding - cd ${SRC_DIR}/rtpengine/kernel-module && - make && - cp -f xt_RTPENGINE.ko /lib/modules/${OS_KERNEL}/updates/ && if (( $? != 0 )); then - printerr "Problem installing RTPEngine kernel-module" - exit 1 + printerr "Problems occurred compiling rtpengine" + return 1 fi - # Remove RTPEngine kernel module if previously inserted - if lsmod | grep 'xt_RTPENGINE'; then - rmmod xt_RTPENGINE - fi - # Load new RTPEngine kernel module - depmod -a && - modprobe xt_RTPENGINE - - # set the forwarding table for the kernel module - echo 'add 0' > /proc/rtpengine/control - iptables -I INPUT -p udp -j RTPENGINE --id 0 - ip6tables -I INPUT -p udp -j RTPENGINE --id 0 - - if (( ${SERVERNAT:-0} == 0 )); then - INTERFACE="ipv4/${INTERNAL_IP}" - if (( ${IPV6_ENABLED} == 1 )); then - INTERFACE="${INTERFACE}; ipv6/${INTERNAL_IP6}" - fi - else - INTERFACE="ipv4/${INTERNAL_IP}!${EXTERNAL_IP}" - if (( ${IPV6_ENABLED} == 1 )); then - INTERFACE="${INTERFACE}; ipv6/${INTERNAL_IP6}!${EXTERNAL_IP6}" - fi + # warn user if kernel module not loaded yet + if (( $REBOOT_REQUIRED == 1 )); then + printwarn "A reboot is required to load the RTPEngine kernel module" fi - # rtpengine config file - # set table = 0 for kernel packet forwarding - (cat << EOF -[rtpengine] -table = 0 -interface = ${INTERFACE} -listen-ng = 127.0.0.1:7722 -port-min = ${RTP_PORT_MIN} -port-max = ${RTP_PORT_MAX} -log-level = 7 -log-facility = local1 -log-facility-cdr = local1 -log-facility-rtcp = local1 -EOF - ) > ${SYSTEM_RTPENGINE_CONFIG_FILE} + # ensure config dirs exist + mkdir -p /run/rtpengine ${SYSTEM_RTPENGINE_CONFIG_DIR} + chown -R rtpengine:rtpengine /run/rtpengine # setup rtpengine defaults file - (cat << 'EOF' -RUN_RTPENGINE=yes -CONFIG_FILE=/etc/rtpengine/rtpengine.conf -# CONFIG_SECTION=rtpengine -PIDFILE=/var/run/rtpengine/rtpengine.pid -MANAGE_IPTABLES=yes -TABLE=0 -SET_USER=rtpengine -SET_GROUP=rtpengine -LOG_STDERR=yes -EOF - ) > /etc/default/rtpengine.conf + cp -f ${DSIP_PROJECT_DIR}/rtpengine/configs/default.conf /etc/default/rtpengine.conf # Enable and start firewalld if not already running systemctl enable firewalld systemctl start firewalld - if (( $? != 0 )); then + if (( $? != 0 )) && (( ${DISTRO_VER} == 7 )); then # fix for bug: https://bugzilla.redhat.com/show_bug.cgi?id=1575845 systemctl restart dbus systemctl restart firewalld @@ -251,6 +253,10 @@ EOF systemctl restart systemd-logind fi + # give rtpengine permissions in selinux + semanage port -a -t rtp_media_port_t -p udp ${RTP_PORT_MIN}-${RTP_PORT_MAX} || + semanage port -m -t rtp_media_port_t -p udp ${RTP_PORT_MIN}-${RTP_PORT_MAX} + # Setup Firewall rules for RTPEngine firewall-cmd --zone=public --add-port=${RTP_PORT_MIN}-${RTP_PORT_MAX}/udp --permanent firewall-cmd --reload @@ -263,57 +269,59 @@ EOF # Setup logrotate cp -f ${DSIP_PROJECT_DIR}/resources/logrotate/rtpengine /etc/logrotate.d/rtpengine - # Setup Firewall rules for RTPEngine - firewall-cmd --zone=public --add-port=${RTP_PORT_MIN}-${RTP_PORT_MAX}/udp --permanent - firewall-cmd --reload - # Setup tmp files - echo "d /var/run/rtpengine.pid 0755 rtpengine rtpengine - -" > /etc/tmpfiles.d/rtpengine.conf + echo "d /run/rtpengine/rtpengine.pid 0755 rtpengine rtpengine - -" > /etc/tmpfiles.d/rtpengine.conf # Reconfigure systemd service files - rm -f /lib/systemd/system/rtpengine.service 2>/dev/null - cp -f ${DSIP_PROJECT_DIR}/rtpengine/systemd/rtpengine-v1.service /lib/systemd/system/rtpengine.service - cp -f ${DSIP_PROJECT_DIR}/rtpengine/rtpengine-{start-pre,stop-post} /usr/sbin/ - chmod +x /usr/sbin/rtpengine-{start-pre,stop-post} /usr/bin/rtpengine - - # Reload systemd configs + if (( ${DISTRO_VER} > 7 )); then + cp -f ${DSIP_PROJECT_DIR}/rtpengine/systemd/rtpengine-v3.service /lib/systemd/system/rtpengine.service + else + cp -f ${DSIP_PROJECT_DIR}/rtpengine/systemd/rtpengine-v2.service /lib/systemd/system/rtpengine.service + fi + chmod 644 /lib/systemd/system/rtpengine.service systemctl daemon-reload - # Enable the RTPEngine to start during boot systemctl enable rtpengine - # Start RTPEngine - systemctl start rtpengine - - # Start manually if the service fails to start - if [ $? -ne 0 ]; then - /usr/bin/rtpengine --config-file=${SYSTEM_RTPENGINE_CONFIG_FILE} --pidfile=/var/run/rtpengine/rtpengine.pid - fi - # File to signify that the install happened - if [ $? -eq 0 ]; then - touch ${DSIP_PROJECT_DIR}/.rtpengineinstalled - printdbg "RTPEngine has been installed!" + # preliminary check that rtpengine actually installed + if cmdExists rtpengine; then + return 0 else - printerr "FAILED: RTPEngine could not be installed!" + return 1 fi } # Remove RTPEngine function uninstall { systemctl stop rtpengine + systemctl disable rtpengine + rm -f /{etc,lib}/systemd/system/rtpengine.service 2>/dev/null + systemctl daemon-reload + + yum remove -y ngcp-rtpengine\* + rm -f /usr/bin/rtpengine rm -f /etc/rsyslog.d/rtpengine.conf rm -f /etc/logrotate.d/rtpengine - printdbg "Removed RTPEngine for $DISTRO" + + # remove our selinux changes + semanage port -D -t rtp_media_port_t -p udp + + # remove our firewall changes + firewall-cmd --zone=public --remove-port=${RTP_PORT_MIN}-${RTP_PORT_MAX}/udp --permanent + firewall-cmd --reload + + return 0 } case "$1" in - uninstall|remove) - uninstall && exit 0 - ;; install) - install && exit 0 + install && exit 0 || exit 1 + ;; + uninstall) + uninstall && exit 0 || exit 1 ;; *) - printerr "usage $0 [install | uninstall]" && exit 1 + printerr "Usage: $0 [install | uninstall]" + exit 1 ;; esac diff --git a/rtpengine/systemd/dummy.service b/rtpengine/systemd/dummy.service new file mode 100644 index 00000000..3eaa65a0 --- /dev/null +++ b/rtpengine/systemd/dummy.service @@ -0,0 +1,11 @@ +[Unit] +Description=RTPEngine Dummy Service + +[Service] +Type=oneshot +ExecStart=/bin/true +RemainAfterExit=true +TimeoutSec=0 + +[Install] +WantedBy=multi-user.target diff --git a/rtpengine/ubuntu/install.sh b/rtpengine/ubuntu/install.sh index 180c3fba..661f7b72 100755 --- a/rtpengine/ubuntu/install.sh +++ b/rtpengine/ubuntu/install.sh @@ -64,87 +64,67 @@ function install { "Pin-Priority: 750" > /etc/apt/preferences.d/debhelper fi - # create rtpengine user and group - # sometimes locks aren't properly removed (this seems to happen often on VM's) - rm -f /etc/passwd.lock /etc/shadow.lock /etc/group.lock /etc/gshadow.lock - useradd --system --user-group --shell /bin/false --comment "RTPengine RTP Proxy" rtpengine - - cd ${SRC_DIR} - rm -rf rtpengine.bak 2>/dev/null - mv -f rtpengine rtpengine.bak 2>/dev/null - git clone https://github.com/sipwise/rtpengine.git -b ${RTPENGINE_VER} - cd rtpengine - ./debian/flavors/no_ngcp - dpkg-buildpackage - cd .. - dpkg -i ngcp-rtpengine-daemon_* - dpkg -i ngcp-rtpengine-iptables_* - dpkg -i ngcp-rtpengine-kernel-source_* - dpkg -i ngcp-rtpengine-kernel-dkms_* - - if [ $? -ne 0 ]; then - printerr "Problem installing RTPEngine DEB's" - exit 1 + ## compile and install RTPEngine as a DEB package + ## reuse repo if it exists and matches version we want to install + if [[ -d ${SRC_DIR}/rtpengine ]]; then + if [[ "$(getGitTagFromShallowRepo ${SRC_DIR}/rtpengine)" != "${RTPENGINE_VER}" ]]; then + rm -rf ${SRC_DIR}/rtpengine + git clone --depth 1 -c advice.detachedHead=false -b ${RTPENGINE_VER} https://github.com/sipwise/rtpengine.git ${SRC_DIR}/rtpengine + fi + else + git clone --depth 1 -c advice.detachedHead=false -b ${RTPENGINE_VER} https://github.com/sipwise/rtpengine.git ${SRC_DIR}/rtpengine fi - # ensure config dirs exist - mkdir -p /var/run/rtpengine ${SYSTEM_RTPENGINE_CONFIG_DIR} - chown -R rtpengine:rtpengine /var/run/rtpengine + # apply our patches + ( + cd ${SRC_DIR}/rtpengine && + patch -p1 -N <${DSIP_PROJECT_DIR}/rtpengine/deb-${RTPENGINE_VER}.patch + ) + if (( $? > 1 )); then + printerr 'Failed patching RTPEngine files prior to build' + return 1 + fi + + # build and install using dpkg + ( + cd ${SRC_DIR}/rtpengine + + # install all missing dependencies from the control file + MISSING_PKGS=$(getDebDependencies) + [[ -n "$MISSING_PKGS" ]] && apt-get install -y $MISSING_PKGS - # Remove RTPEngine kernel module if previously inserted - if lsmod | grep 'xt_RTPENGINE'; then - rmmod xt_RTPENGINE + dpkg-buildpackage -us -uc -sa --jobs=$NPROC || exit 1 + + systemctl mask ngcp-rtpengine-daemon.service + + apt-get install -y ../ngcp-rtpengine-daemon_*${RTPENGINE_VER}*.deb ../ngcp-rtpengine-iptables_*${RTPENGINE_VER}*.deb \ + ../ngcp-rtpengine-kernel-dkms_*${RTPENGINE_VER}*.deb ../ngcp-rtpengine-utils_*${RTPENGINE_VER}*.deb + exit $? + ) + + if (( $? != 0 )); then + printerr "Problem installing RTPEngine DEB's" + return 1 fi - # Load new RTPEngine kernel module - depmod -a && - modprobe xt_RTPENGINE - - # set the forwarding table for the kernel module - echo 'add 0' > /proc/rtpengine/control - iptables -I INPUT -p udp -j RTPENGINE --id 0 - ip6tables -I INPUT -p udp -j RTPENGINE --id 0 - - if (( ${SERVERNAT:-0} == 0 )); then - INTERFACE="ipv4/${INTERNAL_IP}" - if (( ${IPV6_ENABLED} == 1 )); then - INTERFACE="${INTERFACE}; ipv6/${INTERNAL_IP6}" - fi - else - INTERFACE="ipv4/${INTERNAL_IP}!${EXTERNAL_IP}" - if (( ${IPV6_ENABLED} == 1 )); then - INTERFACE="${INTERFACE}; ipv6/${INTERNAL_IP6}!${EXTERNAL_IP6}" + + # make sure RTPEngine kernel module configured + # skip this check for older versions as we allow userspace forwarding + if (( ${DISTRO_VER} > 10 )); then + if [[ -z "$(find /lib/modules/${OS_KERNEL}/ -name 'xt_RTPENGINE.ko' 2>/dev/null)" ]]; then + printerr "Problem installing RTPEngine kernel module" + return 1 fi fi - # rtpengine config file - # set table = 0 for kernel packet forwarding - (cat << EOF -[rtpengine] -table = 0 -interface = ${INTERFACE} -listen-ng = 127.0.0.1:7722 -port-min = ${RTP_PORT_MIN} -port-max = ${RTP_PORT_MAX} -log-level = 7 -log-facility = local1 -log-facility-cdr = local1 -log-facility-rtcp = local1 -EOF - ) > ${SYSTEM_RTPENGINE_CONFIG_FILE} + # ensure config dirs exist + mkdir -p /run/rtpengine ${SYSTEM_RTPENGINE_CONFIG_DIR} + chown -R rtpengine:rtpengine /run/rtpengine + + # allow root to fix permissions before starting services (required to work with SELinux enabled) + usermod -a -G rtpengine root # setup rtpengine defaults file - (cat << 'EOF' -RUN_RTPENGINE=yes -CONFIG_FILE=/etc/rtpengine/rtpengine.conf -# CONFIG_SECTION=rtpengine -PIDFILE=/var/run/rtpengine/rtpengine.pid -MANAGE_IPTABLES=yes -TABLE=0 -SET_USER=rtpengine -SET_GROUP=rtpengine -LOG_STDERR=yes -EOF - ) > /etc/default/rtpengine.conf + cp -f ${DSIP_PROJECT_DIR}/rtpengine/configs/default.conf /etc/default/rtpengine.conf # Enable and start firewalld if not already running systemctl enable firewalld @@ -164,52 +144,53 @@ EOF # Setup tmp files echo "d /var/run/rtpengine.pid 0755 rtpengine rtpengine - -" > /etc/tmpfiles.d/rtpengine.conf - systemctl stop ngcp-rtpengine-daemon - # Reconfigure systemd service files - rm -f /lib/systemd/system/rtpengine.service /etc/init.d/ngcp-rtpengine-daemon - cp -f ${DSIP_PROJECT_DIR}/rtpengine/systemd/rtpengine-v1.service /lib/systemd/system/rtpengine.service - cp -f ${DSIP_PROJECT_DIR}/rtpengine/rtpengine-{start-pre,stop-post} /usr/sbin/ - chmod +x /usr/sbin/rtpengine-{start-pre,stop-post} /usr/bin/rtpengine + # Reconfigure systemd service files + cp -f ${DSIP_PROJECT_DIR}/rtpengine/systemd/rtpengine-v2.service /lib/systemd/system/rtpengine.service + chmod 644 /lib/systemd/system/rtpengine.service + systemctl daemon-reload + systemctl enable rtpengine # Reload systemd configs systemctl daemon-reload # Enable the RTPEngine to start during boot systemctl enable rtpengine - # Start RTPEngine - systemctl start rtpengine - # Start manually if the service fails to start - if [ $? -eq 1 ]; then - /usr/bin/rtpengine --config-file=${SYSTEM_RTPENGINE_CONFIG_FILE} --pidfile=/var/run/rtpengine/rtpengine.pid - fi - - # File to signify that the install happened - if [ $? -eq 0 ]; then - touch ${DSIP_PROJECT_DIR}/.rtpengineinstalled - printdbg "RTPEngine has been installed!" + # preliminary check that rtpengine actually installed + if cmdExists rtpengine; then + return 0 else - printerr "FAILED: RTPEngine could not be installed!" + return 1 fi } # Remove RTPEngine function uninstall { systemctl stop rtpengine - rm -f /usr/bin/rtpengine - rm -f /etc/rsyslog.d/rtpengine.conf - rm -f /etc/logrotate.d/rtpengine - printdbg "Removed RTPEngine for $DISTRO" + systemctl disable rtpengine + rm -f /{etc,lib}/systemd/system/rtpengine.service 2>/dev/null + systemctl daemon-reload + + apt-get remove -y ngcp-rtpengine\* + + rm -f /usr/sbin/rtpengine* /usr/bin/rtpengine /etc/rsyslog.d/rtpengine.conf /etc/logrotate.d/rtpengine + + # remove our firewall changes + firewall-cmd --zone=public --remove-port=${RTP_PORT_MIN}-${RTP_PORT_MAX}/udp --permanent + firewall-cmd --reload + + return 0 } case "$1" in - uninstall|remove) - uninstall - ;; install) - install + install && exit 0 || exit 1 + ;; + uninstall) + uninstall && exit 0 || exit 1 ;; *) - printerr "usage $0 [install | uninstall]" && exit 1 + printerr "Usage: $0 [install | uninstall]" + exit 1 ;; esac From 69fdb7ffd8fc719df8feebdc4bf27c7c920b4a22 Mon Sep 17 00:00:00 2001 From: Tyler Moore Date: Thu, 31 Oct 2024 14:15:02 -0600 Subject: [PATCH 08/10] Fix isHostLocal Matching Pattern --- dsiprouter/dsip_lib.sh | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) diff --git a/dsiprouter/dsip_lib.sh b/dsiprouter/dsip_lib.sh index 96ca9014..8b88cf72 100644 --- a/dsiprouter/dsip_lib.sh +++ b/dsiprouter/dsip_lib.sh @@ -892,7 +892,7 @@ export -f getInternalCIDR # $1 == host to check # returns: 0 == host is local, 1 == host is remote -function isHostLocal() { ( +function isHostLocal() { local LOCAL_MATCH=$( joinwith '' '|' '' \ localhost \ @@ -901,16 +901,11 @@ function isHostLocal() { ( $(ip -json address show | jq -r '.[].addr_info[].local') ) - shopt -s extglob - case "$1" in - $LOCAL_MATCH) - exit 0 - ;; - *) - exit 1 - ;; - esac -) } + if [[ "$1" =~ $LOCAL_MATCH ]]; then + return 0 + fi + return 1 +} export -f isHostLocal # $1 == cmd as executed in systemd (by ExecStart=) From 4dacc2ecb2a2f741b17e5601c0f3ca429472e5a4 Mon Sep 17 00:00:00 2001 From: Tyler Moore Date: Fri, 8 Nov 2024 13:50:00 -0700 Subject: [PATCH 09/10] Debian12 UltraDict Dependency Fix - run UltraDict install separate to workaround hanging install --- dsiprouter/debian/12.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/dsiprouter/debian/12.sh b/dsiprouter/debian/12.sh index a034bd1c..c69d6626 100755 --- a/dsiprouter/debian/12.sh +++ b/dsiprouter/debian/12.sh @@ -45,7 +45,9 @@ function install() { firewall-cmd --zone=public --add-port=${DSIP_PORT}/tcp --permanent firewall-cmd --reload + # TODO: figure out why compiling ultradict with the other deps hangs python3 -m venv --upgrade-deps ${PYTHON_VENV} && + ${PYTHON_CMD} -m pip install UltraDict && ${PYTHON_CMD} -m pip install -r ${DSIP_PROJECT_DIR}/gui/requirements.txt if (( $? == 1 )); then printerr "Failed installing required python libraries" From 05f15910c409a5b8b32b6ff1ddc6a2771b4a61b4 Mon Sep 17 00:00:00 2001 From: Tyler Moore Date: Tue, 19 Nov 2024 14:23:43 -0700 Subject: [PATCH 10/10] OS Support Updates - centos7 --> deprecated - centos9 stability fixes - rhel9 --> alpha - rhel8 --> beta - alma8 --> alpha - alma8 --> beta - rocky9 --> alpha - rocky8 --> beta - ubuntu 24.04 --> beta - debian 10/11/12 pinned kamailio to 5.8.3 - debian 9 pinned kamailio to 5.5.7 - centos 8/9 pinned kamailio to 5.8.3 - centos7 pinned kamailio to 5.7.6 - amazn2 pinned kamailo to 5.7.6 - ubuntu 24.04 pinned kamailio to 5.8.4 / rtpengine to mr11.5.1.11 - ubuntu 22.04 pinned kamailio to 5.8.3 / rtpengine to mr11.5.1.11 - ubuntu 20.04 pinned kamailio to 5.8.3 - rhel8/9 pinned kamailio to 5.8.3 - alma 8/9 pinned kamalio to 5.8.3 / rtpengine to mr11.5.1.11 - rocky 8/9 pinned kamalio to 5.8.3 / rtpengine to mr11.5.1.11 - add back in swap file for low memory systems (2GB) - update OS support in docs - fix `RTPENGINE_URI` missing from `dsip_settings` python interfaces --- docs/source/user/installing.rst | 3 +- dsiprouter.sh | 323 +++++++++++------- dsiprouter/almalinux/8.sh | 6 +- dsiprouter/almalinux/9.sh | 125 +++++++ dsiprouter/amzn/2.sh | 2 +- dsiprouter/centos/9.sh | 3 +- dsiprouter/dsip_lib.sh | 6 +- dsiprouter/rhel/9.sh | 125 +++++++ dsiprouter/rocky/8.sh | 5 +- dsiprouter/rocky/9.sh | 125 +++++++ dsiprouter/ubuntu/24.sh | 124 +++++++ gui/database/__init__.py | 1 + kamailio/almalinux/8.sh | 42 ++- kamailio/almalinux/9.sh | 276 +++++++++++++++ kamailio/amzn/2.sh | 2 +- kamailio/centos/7.sh | 47 +-- kamailio/centos/8.sh | 42 ++- kamailio/centos/9.sh | 43 ++- kamailio/debian/10.sh | 15 +- kamailio/debian/11.sh | 15 +- kamailio/debian/12.sh | 15 +- kamailio/debian/9.sh | 30 +- kamailio/modules/dsiprouter/README.md | 4 +- kamailio/rhel/8.sh | 13 +- kamailio/rhel/9.sh | 276 +++++++++++++++ kamailio/rocky/8.sh | 45 +-- kamailio/rocky/9.sh | 276 +++++++++++++++ kamailio/ubuntu/20.sh | 119 ++++--- kamailio/ubuntu/22.sh | 72 ++-- kamailio/ubuntu/24.sh | 300 ++++++++++++++++ mysql/almalinux/9.sh | 86 +++++ mysql/rhel/9.sh | 86 +++++ mysql/rocky/9.sh | 86 +++++ mysql/ubuntu/24.sh | 79 +++++ nginx/almalinux/9.sh | 116 +++++++ nginx/rhel/9.sh | 116 +++++++ nginx/rocky/9.sh | 116 +++++++ nginx/ubuntu/24.sh | 89 +++++ .../apt/debian/10/official-releases.pref | 72 ++++ .../apt/debian/11/official-releases.pref | 57 ++++ .../apt/debian/12/official-releases.pref | 57 ++++ resources/apt/debian/8/official-releases.list | 11 - .../apt/debian/{ => 9}/official-releases.pref | 39 +-- .../ubuntu/{ => 20.04}/official-releases.pref | 15 +- .../apt/ubuntu/22.04/official-releases.pref | 49 +++ .../apt/ubuntu/24.04/official-releases.list | 17 + .../apt/ubuntu/24.04/official-releases.pref | 49 +++ rtpengine/almalinux/install.sh | 168 ++++----- rtpengine/amzn/install.sh | 2 +- rtpengine/centos/install.sh | 2 +- rtpengine/debian/install.sh | 9 +- rtpengine/rhel/install.sh | 2 +- rtpengine/rocky/install.sh | 172 ++++------ rtpengine/ubuntu/install.sh | 200 +++++++---- 54 files changed, 3487 insertions(+), 688 deletions(-) create mode 100755 dsiprouter/almalinux/9.sh create mode 100755 dsiprouter/rhel/9.sh create mode 100755 dsiprouter/rocky/9.sh create mode 100755 dsiprouter/ubuntu/24.sh create mode 100755 kamailio/almalinux/9.sh create mode 100755 kamailio/rhel/9.sh create mode 100755 kamailio/rocky/9.sh create mode 100755 kamailio/ubuntu/24.sh create mode 100755 mysql/almalinux/9.sh create mode 100755 mysql/rhel/9.sh create mode 100755 mysql/rocky/9.sh create mode 100755 mysql/ubuntu/24.sh create mode 100755 nginx/almalinux/9.sh create mode 100755 nginx/rhel/9.sh create mode 100755 nginx/rocky/9.sh create mode 100755 nginx/ubuntu/24.sh create mode 100644 resources/apt/debian/10/official-releases.pref create mode 100644 resources/apt/debian/11/official-releases.pref create mode 100644 resources/apt/debian/12/official-releases.pref delete mode 100644 resources/apt/debian/8/official-releases.list rename resources/apt/debian/{ => 9}/official-releases.pref (73%) rename resources/apt/ubuntu/{ => 20.04}/official-releases.pref (80%) create mode 100644 resources/apt/ubuntu/22.04/official-releases.pref create mode 100644 resources/apt/ubuntu/24.04/official-releases.list create mode 100644 resources/apt/ubuntu/24.04/official-releases.pref diff --git a/docs/source/user/installing.rst b/docs/source/user/installing.rst index 84c942d5..90e11d65 100644 --- a/docs/source/user/installing.rst +++ b/docs/source/user/installing.rst @@ -49,11 +49,12 @@ Debian 10 (buster) STABLE Debian 9 (stretch) DEPRECATED CentOS 9 (stream) STABLE CentOS 8 (stream) STABLE -CentOS 7 STABLE +CentOS 7 DEPRECATED RedHat Linux 8 ALPHA Alma Linux 8 ALPHA Rocky Linux 8 ALPHA Amazon Linux 2 STABLE +Ubuntu 24.04 (noble) ALPHA Ubuntu 22.04 (jammy) ALPHA Ubuntu 20.04 (focal) DEPRECATED =================================== ================ diff --git a/dsiprouter.sh b/dsiprouter.sh index da1e9122..9438ee5a 100755 --- a/dsiprouter.sh +++ b/dsiprouter.sh @@ -7,17 +7,21 @@ #========================== NOTES ==========================# # # Supported OS: -# - Debian 12 (bullseye) - STABLE +# - Debian 12 (bookworm) - STABLE # - Debian 11 (bullseye) - STABLE # - Debian 10 (buster) - STABLE # - Debian 9 (stretch) - DEPRECATED # - CentOS 9 (stream) - STABLE # - CentOS 8 (stream) - STABLE -# - CentOS 7 - STABLE +# - CentOS 7 - DEPRECATED +# - RedHat Linux 9 - ALPHA # - RedHat Linux 8 - ALPHA -# - Alma Linux 8 - ALPHA -# - Rocky Linux 8 - ALPHA +# - Alma Linux 9 - ALPHA +# - Alma Linux 8 - BETA +# - Rocky Linux 9 - ALPHA +# - Rocky Linux 8 - BETA # - Amazon Linux 2 - STABLE +# - Ubuntu 24.04 (noble) - BETA # - Ubuntu 22.04 (jammy) - ALPHA # - Ubuntu 20.04 (focal) - DEPRECATED # @@ -104,16 +108,11 @@ function setStaticScriptSettings() { export SRC_DIR="/usr/local/src" export BACKUPS_DIR="/var/backups/dsiprouter" IMAGE_BUILD=${IMAGE_BUILD:-0} - APT_OFFICIAL_SOURCES="/etc/apt/sources.list" - APT_OFFICIAL_PREFS="/etc/apt/preferences" - APT_OFFICIAL_SOURCES_BAK="${BACKUPS_DIR}/original-sources.list" - APT_OFFICIAL_PREFS_BAK="${BACKUPS_DIR}/original-sources.pref" - APT_DSIP_CONFIG="/etc/apt/apt.conf.d/99dsiprouter" YUM_OFFICIAL_REPOS="/etc/yum.repos.d/official-releases.repo" # Force the installation of an Kamailio version by uncommenting # can also be set as an environment variable - #KAM_VERSION=57 # Version 5.7.x + #KAM_VERSION=5.8.3 # Force the installation of an RTPEngine version by uncommenting # can also be set as an environment variable @@ -410,93 +409,130 @@ function validateOSInfo() { export DISTRO_MAJOR_VER=$(cut -d '.' -f 1 <<<"$DISTRO_VER") export DISTRO_MINOR_VER=$(cut -s -d '.' -f 2 <<<"$DISTRO_VER") - if [[ "$DISTRO" == "debian" ]]; then + case "$DISTRO" in + debian) case "$DISTRO_VER" in - 12) - KAM_VERSION=${KAM_VERSION:-58} - RTPENGINE_VER=${RTPENGINE_VER:-"mr11.5.1.11"} - export APT_STRETCH_PRIORITY=50 APT_BUSTER_PRIORITY=50 APT_BULLSEYE_PRIORITY=500 APT_BOOKWORM_PRIORITY=990 - ;; - 11) - KAM_VERSION=${KAM_VERSION:-58} - RTPENGINE_VER=${RTPENGINE_VER:-"mr11.5.1.11"} - export APT_STRETCH_PRIORITY=50 APT_BUSTER_PRIORITY=50 APT_BULLSEYE_PRIORITY=990 APT_BOOKWORM_PRIORITY=500 - ;; - 10) - KAM_VERSION=${KAM_VERSION:-58} - RTPENGINE_VER=${RTPENGINE_VER:-"mr11.5.1.11"} - export APT_STRETCH_PRIORITY=50 APT_BUSTER_PRIORITY=990 APT_BULLSEYE_PRIORITY=500 APT_BOOKWORM_PRIORITY=100 - ;; - 9) - printerr "Your Operating System Version is DEPRECATED. To ask for support open an issue https://github.com/dOpensource/dsiprouter/" - KAM_VERSION=${KAM_VERSION:-55} - RTPENGINE_VER=${RTPENGINE_VER:-"mr9.5.5.1"} - ;; - *) - printerr "Your Operating System Version is not supported yet. Please open an issue at https://github.com/dOpensource/dsiprouter/" - exit 1 - ;; + 12|11|10) + KAM_VERSION=${KAM_VERSION:-"5.8.3"} + RTPENGINE_VER=${RTPENGINE_VER:-"mr11.5.1.11"} + ;; + 9) + printerr "Your Operating System Version is DEPRECATED. To ask for support open an issue https://github.com/dOpensource/dsiprouter/" + KAM_VERSION=${KAM_VERSION:-"5.5.7"} + RTPENGINE_VER=${RTPENGINE_VER:-"mr9.5.5.1"} + ;; + *) + printerr "Your Operating System Version is not supported yet. Please open an issue at https://github.com/dOpensource/dsiprouter/" + exit 1 + ;; esac - elif [[ "$DISTRO" == "centos" ]]; then + ;; + centos) case "$DISTRO_VER" in - 8|9) - KAM_VERSION=${KAM_VERSION:-58} - RTPENGINE_VER=${RTPENGINE_VER:-"mr11.5.1.11"} - ;; - 7) - KAM_VERSION=${KAM_VERSION:-57} - RTPENGINE_VER=${RTPENGINE_VER:-"mr11.5.1.11"} - ;; - *) - printerr "Your Operating System Version is not supported yet. Please open an issue at https://github.com/dOpensource/dsiprouter/" - exit 1 + 8|9) + KAM_VERSION=${KAM_VERSION:-"5.8.3"} + RTPENGINE_VER=${RTPENGINE_VER:-"mr11.5.1.11"} + ;; + 7) + printwarn "Your Operating System Version is DEPRECATED. To ask for support open an issue https://github.com/dOpensource/dsiprouter/" + KAM_VERSION=${KAM_VERSION:-"5.7.6"} + RTPENGINE_VER=${RTPENGINE_VER:-"mr11.5.1.11"} + ;; + *) + printerr "Your Operating System Version is not supported yet. Please open an issue at https://github.com/dOpensource/dsiprouter/" + exit 1 ;; esac - elif [[ "$DISTRO" == "amzn" ]]; then + ;; + amzn) case "$DISTRO_VER" in - 2) - KAM_VERSION=${KAM_VERSION:-57} - RTPENGINE_VER=${RTPENGINE_VER:-"mr9.5.5.1"} - ;; - *) - printerr "Your Operating System Version is not supported yet. Please open an issue at https://github.com/dOpensource/dsiprouter/" - exit 1 - ;; + 2) + KAM_VERSION=${KAM_VERSION:-"5.7.6"} + RTPENGINE_VER=${RTPENGINE_VER:-"mr9.5.5.1"} + ;; + *) + printerr "Your Operating System Version is not supported yet. Please open an issue at https://github.com/dOpensource/dsiprouter/" + exit 1 + ;; esac - elif [[ "$DISTRO" == "ubuntu" ]]; then + ;; + ubuntu) case "$DISTRO_VER" in - 22.04) - printwarn "Your operating System Version is in ALPHA support. Some features may not work yet. Use at your own risk." - KAM_VERSION=${KAM_VERSION:-58} - RTPENGINE_VER=${RTPENGINE_VER:-"mr9.5.5.1"} - export APT_FOCAL_PRIORITY=100 APT_JAMMY_PRIORITY=990 - ;; - 20.04) - printwarn "Your Operating System Version is DEPRECATED. To ask for support open an issue https://github.com/dOpensource/dsiprouter/" - KAM_VERSION=${KAM_VERSION:-58} - RTPENGINE_VER=${RTPENGINE_VER:-"mr9.5.5.1"} - ;; - *) - printerr "Your Operating System Version is not supported yet. Please open an issue at https://github.com/dOpensource/dsiprouter/" - exit 1 - ;; + 24.04) + printwarn "Your operating System Version is in BETA support. Some features may have bugs. Use at your own risk." + KAM_VERSION=${KAM_VERSION:-"5.8.4"} + RTPENGINE_VER=${RTPENGINE_VER:-"mr11.5.1.11"} + ;; + 22.04) + printwarn "Your operating System Version is in ALPHA support. Some features may not work yet. Use at your own risk." + KAM_VERSION=${KAM_VERSION:-"5.8.3"} + RTPENGINE_VER=${RTPENGINE_VER:-"mr11.5.1.11"} + ;; + 20.04) + printwarn "Your Operating System Version is DEPRECATED. To ask for support open an issue https://github.com/dOpensource/dsiprouter/" + KAM_VERSION=${KAM_VERSION:-"5.8.3"} + RTPENGINE_VER=${RTPENGINE_VER:-"mr9.5.5.1"} + ;; + *) + printerr "Your Operating System Version is not supported yet. Please open an issue at https://github.com/dOpensource/dsiprouter/" + exit 1 + ;; esac - elif [[ "$DISTRO" =~ rhel|almalinux|rocky ]]; then + ;; + rhel) case "$DISTRO_MAJOR_VER" in - 8) - printwarn "Your operating System Version is in ALPHA support. Some features may not work yet. Use at your own risk." - KAM_VERSION=${KAM_VERSION:-58} - RTPENGINE_VER=${RTPENGINE_VER:-"mr9.5.5.1"} - ;; - *) - printerr "Your Operating System Version is not supported yet. Please open an issue at https://github.com/dOpensource/dsiprouter/" - exit 1 - ;; + 8|9) + printwarn "Your operating System Version is in ALPHA support. Some features may not work yet. Use at your own risk." + KAM_VERSION=${KAM_VERSION:-"5.8.3"} + RTPENGINE_VER=${RTPENGINE_VER:-"mr9.5.5.1"} + ;; + *) + printerr "Your Operating System Version is not supported yet. Please open an issue at https://github.com/dOpensource/dsiprouter/" + exit 1 + ;; esac - else + ;; + almalinux) + case "$DISTRO_MAJOR_VER" in + 9) + printwarn "Your operating System Version is in ALPHA support. Some features may not work yet. Use at your own risk." + KAM_VERSION=${KAM_VERSION:-"5.8.3"} + RTPENGINE_VER=${RTPENGINE_VER:-"mr11.5.1.11"} + ;; + 8) + printwarn "Your operating System Version is in BETA support. Some features may have bugs. Use at your own risk." + KAM_VERSION=${KAM_VERSION:-"5.8.3"} + RTPENGINE_VER=${RTPENGINE_VER:-"mr11.5.1.11"} + ;; + *) + printerr "Your Operating System Version is not supported yet. Please open an issue at https://github.com/dOpensource/dsiprouter/" + exit 1 + ;; + esac + ;; + rocky) + case "$DISTRO_MAJOR_VER" in + 9) + printwarn "Your operating System Version is in ALPHA support. Some features may not work yet. Use at your own risk." + KAM_VERSION=${KAM_VERSION:-"5.8.3"} + RTPENGINE_VER=${RTPENGINE_VER:-"mr11.5.1.11"} + ;; + 8) + printwarn "Your operating System Version is in BETA support. Some features may have bugs. Use at your own risk." + KAM_VERSION=${KAM_VERSION:-"5.8.3"} + RTPENGINE_VER=${RTPENGINE_VER:-"mr11.5.1.11"} + ;; + *) + printerr "Your Operating System Version is not supported yet. Please open an issue at https://github.com/dOpensource/dsiprouter/" + exit 1 + ;; + esac + ;; + *) printerr "Your Operating System is not supported yet. Please open an issue at https://github.com/dOpensource/dsiprouter/" exit 1 - fi + ;; + esac # export it for external scripts export KAM_VERSION @@ -507,9 +543,10 @@ function validateOSInfo() { function initialChecks() { validateRootPriv validateOSInfo + configureSystemRepos + installScriptRequirements setStaticScriptSettings setupScriptRequiredFiles - installScriptRequirements setDynamicScriptSettings } @@ -1187,6 +1224,8 @@ function updateCACertsDir() { export -f updateCACertsDir function generateKamailioConfig() { + local KAM_MAJ_MIN_INT=$(perl -pe 's%^([0-9])\.([0-9]).*$%\1\2%' <<<"$KAM_VERSION") + # Backup kamcfg, generate fresh config from templates, and link it in where kamailio wants it mkdir -p ${BACKUPS_DIR}/kamailio cp -af ${SYSTEM_KAMAILIO_CONFIG_DIR}/. ${BACKUPS_DIR}/kamailio/ @@ -1194,10 +1233,10 @@ function generateKamailioConfig() { ln -sft ${SYSTEM_KAMAILIO_CONFIG_DIR}/ ${DSIP_SYSTEM_CONFIG_DIR}/kamailio/* # version specific settings - if (( ${KAM_VERSION} >= 52 )); then + if (( ${KAM_MAJ_MIN_INT} >= 52 )); then sed -i -r -e 's~#+(modparam\(["'"'"']htable["'"'"'], ?["'"'"']dmq_init_sync["'"'"'], ?[0-9]\))~\1~g' ${DSIP_KAMAILIO_CONFIG_FILE} fi - if (( ${KAM_VERSION} <= 57 )); then + if (( ${KAM_MAJ_MIN_INT} <= 57 )); then sed -i -r -e 's~#*(modparam\(["'"'"']rtpengine["'"'"'], ?["'"'"']ping_mode["'"'"'], ?[0-9]\))~#\1~g' ${DSIP_KAMAILIO_CONFIG_FILE} fi @@ -1393,14 +1432,21 @@ function installScriptRequirements() { printdbg 'Installing one-time script requirements' - if cmdExists 'apt-get'; then - apt-get update -y && - apt-get install -y curl wget gawk perl sed git dnsutils openssl python3 jq xxd coreutils - elif cmdExists 'dnf'; then - dnf install -y curl wget gawk perl sed git bind-utils openssl python3 jq vim-common coreutils - elif cmdExists 'yum'; then - yum install -y curl wget gawk perl sed git bind-utils openssl python3 jq vim-common coreutils - fi + case "$DISTRO" in + rocky|almalinux) + dnf install -y curl wget gawk perl sed git bind-utils openssl python3.11 jq vim-common coreutils + ;; + *) + if cmdExists 'apt-get'; then + apt-get update -y && + apt-get install -y curl wget gawk perl sed git dnsutils openssl python3 jq xxd coreutils + elif cmdExists 'dnf'; then + dnf install -y curl wget gawk perl sed git bind-utils openssl python3 jq vim-common coreutils + elif cmdExists 'yum'; then + yum install -y curl wget gawk perl sed git bind-utils openssl python3 jq vim-common coreutils + fi + ;; + esac if (( $? != 0 )); then printerr 'Could not install script requirements' @@ -1496,22 +1542,37 @@ function configureSystemRepos() { printdbg 'Configuring system repositories' case "$DISTRO" in - debian|ubuntu) - # comment out cdrom in sources as it can halt install - sed -i -E 's/(^\w.*cdrom.*)/#\1/g' /etc/apt/sources.list - - apt-get install -y apt-transport-https - mv -f ${APT_OFFICIAL_SOURCES} ${APT_OFFICIAL_SOURCES_BAK} - mv -f ${APT_OFFICIAL_PREFS} ${APT_OFFICIAL_PREFS_BAK} 2>/dev/null - cp -f ${DSIP_PROJECT_DIR}/resources/apt/${DISTRO}/${DISTRO_VER}/official-releases.list ${APT_OFFICIAL_SOURCES} - envsubst < ${DSIP_PROJECT_DIR}/resources/apt/${DISTRO}/official-releases.pref > ${APT_OFFICIAL_PREFS} - apt-get update -y - ;; - # TODO: create official repo file (rhel/amzn/rocky/alma repo's?) - # TODO: install yum priorities plugin - # TODO: set priorities on official repo - #amzn) - # ;; + debian|ubuntu) + if [[ "$DISTRO" == "ubuntu" ]] && (( ${DISTRO_MAJOR_VER} >= 24 )); then + APT_OFFICIAL_SOURCES="/etc/apt/sources.d/ubuntu.sources" + APT_OFFICIAL_SOURCES_BAK="${BACKUPS_DIR}/original-sources.sources" + else + APT_OFFICIAL_SOURCES="/etc/apt/sources.list" + APT_OFFICIAL_SOURCES_BAK="${BACKUPS_DIR}/original-sources.list" + fi + APT_OFFICIAL_PREFS="/etc/apt/preferences" + APT_OFFICIAL_PREFS_BAK="${BACKUPS_DIR}/original-sources.pref" + APT_DSIP_CONFIG="/etc/apt/apt.conf.d/99dsiprouter" + + # comment out cdrom in sources as it can halt install + sed -i -E 's/(^\w.*cdrom.*)/#\1/g' /etc/apt/sources.list + + apt-get install -y apt-transport-https + mv -f ${APT_OFFICIAL_SOURCES} ${APT_OFFICIAL_SOURCES_BAK} + mv -f ${APT_OFFICIAL_PREFS} ${APT_OFFICIAL_PREFS_BAK} 2>/dev/null + cp -f ${DSIP_PROJECT_DIR}/resources/apt/${DISTRO}/${DISTRO_VER}/official-releases.list ${APT_OFFICIAL_SOURCES} + cp -f ${DSIP_PROJECT_DIR}/resources/apt/${DISTRO}/${DISTRO_VER}/official-releases.pref ${APT_OFFICIAL_PREFS} + apt-get update -y + ;; + almalinux) + # ref: https://almalinux.org/blog/2023-12-20-almalinux-8-key-update/ + rpm --import https://repo.almalinux.org/almalinux/RPM-GPG-KEY-AlmaLinux + ;; + # TODO: create official repo file (rhel/amzn/rocky/alma repo's?) + # TODO: install yum priorities plugin + # TODO: set priorities on official repo + #amzn) + # ;; esac if (( $? == 1 )); then @@ -1527,13 +1588,24 @@ function configureSystemRepos() { } # remove dsiprouter system configs -function removeDsipSystemConfig() { - if [ -f "${DSIP_SYSTEM_CONFIG_DIR}/.reposconfigured" ]; then +function revertSystemRepos() { + if [[ ! -f "${DSIP_SYSTEM_CONFIG_DIR}/.reposconfigured" ]]; then case "$DISTRO" in - debian|ubuntu) - mv -f ${APT_OFFICIAL_SOURCES_BAK} ${APT_OFFICIAL_SOURCES} - mv -f ${APT_OFFICIAL_PREFS_BAK} ${APT_OFFICIAL_PREFS} 2>/dev/null - apt-get update -y + debian|ubuntu) + if [[ "$DISTRO" == "ubuntu" ]] && (( ${DISTRO_MAJOR_VER} >= 24 )); then + APT_OFFICIAL_SOURCES="/etc/apt/sources.d/ubuntu.sources" + APT_OFFICIAL_SOURCES_BAK="${BACKUPS_DIR}/original-sources.sources" + else + APT_OFFICIAL_SOURCES="/etc/apt/sources.list" + APT_OFFICIAL_SOURCES_BAK="${BACKUPS_DIR}/original-sources.list" + fi + APT_OFFICIAL_PREFS="/etc/apt/preferences" + APT_OFFICIAL_PREFS_BAK="${BACKUPS_DIR}/original-sources.pref" + APT_DSIP_CONFIG="/etc/apt/apt.conf.d/99dsiprouter" + + mv -f ${APT_OFFICIAL_SOURCES_BAK} ${APT_OFFICIAL_SOURCES} + mv -f ${APT_OFFICIAL_PREFS_BAK} ${APT_OFFICIAL_PREFS} 2>/dev/null + apt-get update -y ;; esac fi @@ -3673,11 +3745,11 @@ function createSwapFile() { fi # only create if system has less than 2GB RAM and no existing swap files - if (( $(awk '/^MemTotal/ {print int($2/1000000)}' /proc/meminfo) < 2 )) && [[ -z "$(swapon --show=SIZE --noheadings)" ]]; then + if (( $(awk '/^MemTotal/ {print int($2/1024/1024)}' /proc/meminfo) < 2 )) && [[ -z "$(swapon --show=SIZE --noheadings)" ]]; then printdbg 'memory constraints require swapfile, creating now..' - # 1GB of swap space - dd if=/dev/zero of=${SWAP_FILE} bs=64M count=16 && + # 2GB of swap space + dd if=/dev/zero of=${SWAP_FILE} bs=64M count=32 && chmod 600 ${SWAP_FILE} && mkswap ${SWAP_FILE} && swapon ${SWAP_FILE} && @@ -3702,8 +3774,11 @@ function removeSwapFile() { fi swapoff ${SWAP_FILE} && - echo perl -i -pe "s%^${SWAP_FILE}[ \t].*\n%%" /etc/fstab && - printdbg 'swapfile removed' + sed -i "\%^${SWAP_FILE}%d" /etc/fstab && + printdbg 'swapfile removed' || { + printerr 'failed removing swap file' + exit 1 + } rm -f "${DSIP_SYSTEM_CONFIG_DIR}/.memupdatescomplete" } @@ -3875,7 +3950,7 @@ function processCMD() { case $ARG in install) # always add official repo's, set platform, and create init service - RUN_COMMANDS+=(configureSystemRepos setCloudPlatform createInitService installDsiprouterCli) + RUN_COMMANDS+=(setCloudPlatform createInitService createSwapFile installDsiprouterCli) shift local NEW_ROOT_DB_USER="" NEW_ROOT_DB_PASS="" NEW_ROOT_DB_NAME="" DB_CONN_URI="" TMP_ARG="" @@ -4143,7 +4218,7 @@ function processCMD() { # same goes for official repo configs, we only remove if all dsiprouter configs are being removed -all|--all) DEFAULT_SERVICES=0 - RUN_COMMANDS+=(uninstallRTPEngine uninstallDsiprouter uninstallNginx uninstallKamailio uninstallMysql uninstallDnsmasq uninstallSipsak uninstallDsiprouterCli removeInitService removeDsipSystemConfig) + RUN_COMMANDS+=(uninstallRTPEngine uninstallDsiprouter uninstallNginx uninstallKamailio uninstallMysql uninstallDnsmasq uninstallSipsak uninstallDsiprouterCli removeSwapFile removeInitService revertSystemRepos) shift ;; *) # fail on unknown option diff --git a/dsiprouter/almalinux/8.sh b/dsiprouter/almalinux/8.sh index 218d6047..9397a386 100755 --- a/dsiprouter/almalinux/8.sh +++ b/dsiprouter/almalinux/8.sh @@ -16,11 +16,11 @@ function install { useradd --system --user-group --shell /bin/false --comment "dSIPRouter SIP Provider Platform" dsiprouter # Install dependencies for dSIPRouter - dnf remove -y rs-epel-release* && dnf install -y dnf-utils && dnf --setopt=group_package_types=mandatory,default,optional groupinstall -y "Development Tools" && - dnf install -y firewalld python36 python36-libs python36-devel python36-pip MySQL-python sudo \ - logrotate rsyslog perl libev-devel util-linux postgresql-devel mariadb-devel + dnf install -y firewalld sudo logrotate rsyslog perl \ + python3.11 python3.11-pip python3.11-libs python3.11-devel python3.11-PyMySQL \ + libev-devel util-linux postgresql-devel mariadb-devel openldap-devel if (( $? != 0 )); then printerr 'Failed installing required packages' diff --git a/dsiprouter/almalinux/9.sh b/dsiprouter/almalinux/9.sh new file mode 100755 index 00000000..de79e27d --- /dev/null +++ b/dsiprouter/almalinux/9.sh @@ -0,0 +1,125 @@ +#!/usr/bin/env bash + +# Debug this script if in debug mode +(( $DEBUG == 1 )) && set -x + +# Import dsip_lib utility / shared functions if not already +if [[ "$DSIP_LIB_IMPORTED" != "1" ]]; then + . ${DSIP_PROJECT_DIR}/dsiprouter/dsip_lib.sh +fi + +function install { + # Install dependencies for dSIPRouter + dnf install -y firewalld logrotate rsyslog perl curl python3 python3-devel libpq-devel \ + libev-devel openldap-devel && + dnf install -y --enablerepo=crb mariadb-devel + + if (( $? != 0 )); then + printerr 'Failed installing required packages' + return 1 + fi + + # create dsiprouter user and group + # sometimes locks aren't properly removed (this seems to happen often on VM's) + rm -f /etc/passwd.lock /etc/shadow.lock /etc/group.lock /etc/gshadow.lock &>/dev/null + userdel dsiprouter &>/dev/null; groupdel dsiprouter &>/dev/null + useradd --system --user-group --shell /bin/false --comment "dSIPRouter SIP Provider Platform" dsiprouter + + # make sure the nginx user has access to dsiprouter directories + usermod -a -G dsiprouter nginx + # make dsiprouter user has access to kamailio files + usermod -a -G kamailio dsiprouter + + # setup runtime directorys for dsiprouter + mkdir -p ${DSIP_RUN_DIR} + chown -R dsiprouter:dsiprouter ${DSIP_RUN_DIR} + + # give dsiprouter permissions in SELINUX + semanage port -a -t http_port_t -p tcp ${DSIP_PORT} || + semanage port -m -t http_port_t -p tcp ${DSIP_PORT} + + # Enable and start firewalld + systemctl enable firewalld + systemctl start firewalld + + # Setup Firewall for DSIP_PORT + firewall-cmd --zone=public --add-port=${DSIP_PORT}/tcp --permanent + firewall-cmd --reload + + python3 -m venv --upgrade-deps ${PYTHON_VENV} && + ${PYTHON_CMD} -m pip install -r ${DSIP_PROJECT_DIR}/gui/requirements.txt + if (( $? == 1 )); then + printerr "Failed installing required python libraries" + return 1 + fi + + # setup dsiprouter nginx configs + perl -e "\$dsip_port='${DSIP_PORT}'; \$dsip_unix_sock='${DSIP_UNIX_SOCK}'; \$dsip_ssl_cert='${DSIP_SSL_CERT}'; \$dsip_ssl_key='${DSIP_SSL_KEY}';" \ + -pe 's%DSIP_UNIX_SOCK%${dsip_unix_sock}%g; s%DSIP_PORT%${dsip_port}%g; s%DSIP_SSL_CERT%${dsip_ssl_cert}%g; s%DSIP_SSL_KEY%${dsip_ssl_key}%g;' \ + ${DSIP_PROJECT_DIR}/nginx/configs/dsiprouter.conf >/etc/nginx/sites-available/dsiprouter.conf + ln -sf /etc/nginx/sites-available/dsiprouter.conf /etc/nginx/sites-enabled/dsiprouter.conf + + # Configure rsyslog defaults + if ! grep -q 'dSIPRouter rsyslog.conf' /etc/rsyslog.conf 2>/dev/null; then + cp -f ${DSIP_PROJECT_DIR}/resources/syslog/rsyslog.conf /etc/rsyslog.conf + fi + + # Setup dSIPRouter Logging + cp -f ${DSIP_PROJECT_DIR}/resources/syslog/dsiprouter.conf /etc/rsyslog.d/dsiprouter.conf + touch /var/log/dsiprouter.log + systemctl restart rsyslog + + # Setup logrotate + cp -f ${DSIP_PROJECT_DIR}/resources/logrotate/dsiprouter /etc/logrotate.d/dsiprouter + + # Install dSIPRouter as a service + perl -p \ + -e "s|'DSIP_RUN_DIR\=.*'|'DSIP_RUN_DIR=$DSIP_RUN_DIR'|;" \ + -e "s|'DSIP_PROJECT_DIR\=.*'|'DSIP_PROJECT_DIR=$DSIP_PROJECT_DIR'|;" \ + -e "s|'DSIP_SYSTEM_CONFIG_DIR\=.*'|'DSIP_SYSTEM_CONFIG_DIR=$DSIP_SYSTEM_CONFIG_DIR'|;" \ + ${DSIP_PROJECT_DIR}/dsiprouter/systemd/dsiprouter-v2.service > /lib/systemd/system/dsiprouter.service + chmod 644 /lib/systemd/system/dsiprouter.service + systemctl daemon-reload + systemctl enable dsiprouter + + # add hook to bash_completion in the standard debian location + echo '. /usr/share/bash-completion/bash_completion' > /etc/bash_completion + + return 0 +} + + +function uninstall { + rm -rf ${PYTHON_VENV} + + # Remove Firewall for DSIP_PORT + firewall-cmd --zone=public --remove-port=${DSIP_PORT}/tcp --permanent + firewall-cmd --reload + + # Remove dSIPRouter Logging + rm -f /etc/rsyslog.d/dsiprouter.conf + + # Remove logrotate settings + rm -f /etc/logrotate.d/dsiprouter + + # Remove dSIProuter as a service + systemctl stop dsiprouter.service + systemctl disable dsiprouter.service + rm -f /lib/systemd/system/dsiprouter.service + systemctl daemon-reload + + return 0 +} + +case "$1" in + uninstall) + uninstall && exit 0 || exit 1 + ;; + install) + install && exit 0 || exit 1 + ;; + *) + printerr "usage $0 [install | uninstall]" + exit 1 + ;; +esac diff --git a/dsiprouter/amzn/2.sh b/dsiprouter/amzn/2.sh index 90e38b47..d0ba6467 100755 --- a/dsiprouter/amzn/2.sh +++ b/dsiprouter/amzn/2.sh @@ -39,7 +39,7 @@ function install() { ( cd ${SRC_DIR}/openssl && ./Configure --prefix=/usr linux-$(uname -m) && - make -j $NRPOC && + make -j $NPROC && make -j $NPROC install ) || { printerr 'Failed to compile openssl' diff --git a/dsiprouter/centos/9.sh b/dsiprouter/centos/9.sh index 1f2cbd70..de79e27d 100755 --- a/dsiprouter/centos/9.sh +++ b/dsiprouter/centos/9.sh @@ -11,7 +11,8 @@ fi function install { # Install dependencies for dSIPRouter dnf install -y firewalld logrotate rsyslog perl curl python3 python3-devel libpq-devel \ - libev-devel openldap-devel + libev-devel openldap-devel && + dnf install -y --enablerepo=crb mariadb-devel if (( $? != 0 )); then printerr 'Failed installing required packages' diff --git a/dsiprouter/dsip_lib.sh b/dsiprouter/dsip_lib.sh index 8b88cf72..9283b13e 100644 --- a/dsiprouter/dsip_lib.sh +++ b/dsiprouter/dsip_lib.sh @@ -1356,7 +1356,11 @@ export -f sendKamCmd function hashCreds() { local CREDS SALT DK_LEN # we use system python3 if dsiprouter python venv does not yet exist - local PYTHON_CMD=${PYTHON_CMD:-python3} + if [[ -f "${DSIP_SYSTEM_CONFIG_DIR}/.dsiprouterinstalled" ]]; then + local PYTHON_CMD="$PYTHON_CMD" + else + local PYTHON_CMD="python3" + fi # grab credentials from stdin if provided if [[ -p /dev/stdin ]]; then diff --git a/dsiprouter/rhel/9.sh b/dsiprouter/rhel/9.sh new file mode 100755 index 00000000..de79e27d --- /dev/null +++ b/dsiprouter/rhel/9.sh @@ -0,0 +1,125 @@ +#!/usr/bin/env bash + +# Debug this script if in debug mode +(( $DEBUG == 1 )) && set -x + +# Import dsip_lib utility / shared functions if not already +if [[ "$DSIP_LIB_IMPORTED" != "1" ]]; then + . ${DSIP_PROJECT_DIR}/dsiprouter/dsip_lib.sh +fi + +function install { + # Install dependencies for dSIPRouter + dnf install -y firewalld logrotate rsyslog perl curl python3 python3-devel libpq-devel \ + libev-devel openldap-devel && + dnf install -y --enablerepo=crb mariadb-devel + + if (( $? != 0 )); then + printerr 'Failed installing required packages' + return 1 + fi + + # create dsiprouter user and group + # sometimes locks aren't properly removed (this seems to happen often on VM's) + rm -f /etc/passwd.lock /etc/shadow.lock /etc/group.lock /etc/gshadow.lock &>/dev/null + userdel dsiprouter &>/dev/null; groupdel dsiprouter &>/dev/null + useradd --system --user-group --shell /bin/false --comment "dSIPRouter SIP Provider Platform" dsiprouter + + # make sure the nginx user has access to dsiprouter directories + usermod -a -G dsiprouter nginx + # make dsiprouter user has access to kamailio files + usermod -a -G kamailio dsiprouter + + # setup runtime directorys for dsiprouter + mkdir -p ${DSIP_RUN_DIR} + chown -R dsiprouter:dsiprouter ${DSIP_RUN_DIR} + + # give dsiprouter permissions in SELINUX + semanage port -a -t http_port_t -p tcp ${DSIP_PORT} || + semanage port -m -t http_port_t -p tcp ${DSIP_PORT} + + # Enable and start firewalld + systemctl enable firewalld + systemctl start firewalld + + # Setup Firewall for DSIP_PORT + firewall-cmd --zone=public --add-port=${DSIP_PORT}/tcp --permanent + firewall-cmd --reload + + python3 -m venv --upgrade-deps ${PYTHON_VENV} && + ${PYTHON_CMD} -m pip install -r ${DSIP_PROJECT_DIR}/gui/requirements.txt + if (( $? == 1 )); then + printerr "Failed installing required python libraries" + return 1 + fi + + # setup dsiprouter nginx configs + perl -e "\$dsip_port='${DSIP_PORT}'; \$dsip_unix_sock='${DSIP_UNIX_SOCK}'; \$dsip_ssl_cert='${DSIP_SSL_CERT}'; \$dsip_ssl_key='${DSIP_SSL_KEY}';" \ + -pe 's%DSIP_UNIX_SOCK%${dsip_unix_sock}%g; s%DSIP_PORT%${dsip_port}%g; s%DSIP_SSL_CERT%${dsip_ssl_cert}%g; s%DSIP_SSL_KEY%${dsip_ssl_key}%g;' \ + ${DSIP_PROJECT_DIR}/nginx/configs/dsiprouter.conf >/etc/nginx/sites-available/dsiprouter.conf + ln -sf /etc/nginx/sites-available/dsiprouter.conf /etc/nginx/sites-enabled/dsiprouter.conf + + # Configure rsyslog defaults + if ! grep -q 'dSIPRouter rsyslog.conf' /etc/rsyslog.conf 2>/dev/null; then + cp -f ${DSIP_PROJECT_DIR}/resources/syslog/rsyslog.conf /etc/rsyslog.conf + fi + + # Setup dSIPRouter Logging + cp -f ${DSIP_PROJECT_DIR}/resources/syslog/dsiprouter.conf /etc/rsyslog.d/dsiprouter.conf + touch /var/log/dsiprouter.log + systemctl restart rsyslog + + # Setup logrotate + cp -f ${DSIP_PROJECT_DIR}/resources/logrotate/dsiprouter /etc/logrotate.d/dsiprouter + + # Install dSIPRouter as a service + perl -p \ + -e "s|'DSIP_RUN_DIR\=.*'|'DSIP_RUN_DIR=$DSIP_RUN_DIR'|;" \ + -e "s|'DSIP_PROJECT_DIR\=.*'|'DSIP_PROJECT_DIR=$DSIP_PROJECT_DIR'|;" \ + -e "s|'DSIP_SYSTEM_CONFIG_DIR\=.*'|'DSIP_SYSTEM_CONFIG_DIR=$DSIP_SYSTEM_CONFIG_DIR'|;" \ + ${DSIP_PROJECT_DIR}/dsiprouter/systemd/dsiprouter-v2.service > /lib/systemd/system/dsiprouter.service + chmod 644 /lib/systemd/system/dsiprouter.service + systemctl daemon-reload + systemctl enable dsiprouter + + # add hook to bash_completion in the standard debian location + echo '. /usr/share/bash-completion/bash_completion' > /etc/bash_completion + + return 0 +} + + +function uninstall { + rm -rf ${PYTHON_VENV} + + # Remove Firewall for DSIP_PORT + firewall-cmd --zone=public --remove-port=${DSIP_PORT}/tcp --permanent + firewall-cmd --reload + + # Remove dSIPRouter Logging + rm -f /etc/rsyslog.d/dsiprouter.conf + + # Remove logrotate settings + rm -f /etc/logrotate.d/dsiprouter + + # Remove dSIProuter as a service + systemctl stop dsiprouter.service + systemctl disable dsiprouter.service + rm -f /lib/systemd/system/dsiprouter.service + systemctl daemon-reload + + return 0 +} + +case "$1" in + uninstall) + uninstall && exit 0 || exit 1 + ;; + install) + install && exit 0 || exit 1 + ;; + *) + printerr "usage $0 [install | uninstall]" + exit 1 + ;; +esac diff --git a/dsiprouter/rocky/8.sh b/dsiprouter/rocky/8.sh index a7925b68..5d19b732 100755 --- a/dsiprouter/rocky/8.sh +++ b/dsiprouter/rocky/8.sh @@ -19,8 +19,9 @@ function install { dnf remove -y rs-epel-release* && dnf install -y dnf-utils && dnf --setopt=group_package_types=mandatory,default,optional groupinstall -y "Development Tools" && - dnf install -y firewalld sudo python36 python36-libs python36-devel python36-pip MySQL-python \ - python36-virtualenv logrotate rsyslog perl libev-devel util-linux postgresql-devel mariadb-devel + dnf install -y firewalld sudo logrotate rsyslog perl \ + python3.11 python3.11-pip python3.11-libs python3.11-devel python3.11-PyMySQL \ + libev-devel util-linux postgresql-devel mariadb-devel openldap-devel if (( $? != 0 )); then printerr 'Failed installing required packages' diff --git a/dsiprouter/rocky/9.sh b/dsiprouter/rocky/9.sh new file mode 100755 index 00000000..de79e27d --- /dev/null +++ b/dsiprouter/rocky/9.sh @@ -0,0 +1,125 @@ +#!/usr/bin/env bash + +# Debug this script if in debug mode +(( $DEBUG == 1 )) && set -x + +# Import dsip_lib utility / shared functions if not already +if [[ "$DSIP_LIB_IMPORTED" != "1" ]]; then + . ${DSIP_PROJECT_DIR}/dsiprouter/dsip_lib.sh +fi + +function install { + # Install dependencies for dSIPRouter + dnf install -y firewalld logrotate rsyslog perl curl python3 python3-devel libpq-devel \ + libev-devel openldap-devel && + dnf install -y --enablerepo=crb mariadb-devel + + if (( $? != 0 )); then + printerr 'Failed installing required packages' + return 1 + fi + + # create dsiprouter user and group + # sometimes locks aren't properly removed (this seems to happen often on VM's) + rm -f /etc/passwd.lock /etc/shadow.lock /etc/group.lock /etc/gshadow.lock &>/dev/null + userdel dsiprouter &>/dev/null; groupdel dsiprouter &>/dev/null + useradd --system --user-group --shell /bin/false --comment "dSIPRouter SIP Provider Platform" dsiprouter + + # make sure the nginx user has access to dsiprouter directories + usermod -a -G dsiprouter nginx + # make dsiprouter user has access to kamailio files + usermod -a -G kamailio dsiprouter + + # setup runtime directorys for dsiprouter + mkdir -p ${DSIP_RUN_DIR} + chown -R dsiprouter:dsiprouter ${DSIP_RUN_DIR} + + # give dsiprouter permissions in SELINUX + semanage port -a -t http_port_t -p tcp ${DSIP_PORT} || + semanage port -m -t http_port_t -p tcp ${DSIP_PORT} + + # Enable and start firewalld + systemctl enable firewalld + systemctl start firewalld + + # Setup Firewall for DSIP_PORT + firewall-cmd --zone=public --add-port=${DSIP_PORT}/tcp --permanent + firewall-cmd --reload + + python3 -m venv --upgrade-deps ${PYTHON_VENV} && + ${PYTHON_CMD} -m pip install -r ${DSIP_PROJECT_DIR}/gui/requirements.txt + if (( $? == 1 )); then + printerr "Failed installing required python libraries" + return 1 + fi + + # setup dsiprouter nginx configs + perl -e "\$dsip_port='${DSIP_PORT}'; \$dsip_unix_sock='${DSIP_UNIX_SOCK}'; \$dsip_ssl_cert='${DSIP_SSL_CERT}'; \$dsip_ssl_key='${DSIP_SSL_KEY}';" \ + -pe 's%DSIP_UNIX_SOCK%${dsip_unix_sock}%g; s%DSIP_PORT%${dsip_port}%g; s%DSIP_SSL_CERT%${dsip_ssl_cert}%g; s%DSIP_SSL_KEY%${dsip_ssl_key}%g;' \ + ${DSIP_PROJECT_DIR}/nginx/configs/dsiprouter.conf >/etc/nginx/sites-available/dsiprouter.conf + ln -sf /etc/nginx/sites-available/dsiprouter.conf /etc/nginx/sites-enabled/dsiprouter.conf + + # Configure rsyslog defaults + if ! grep -q 'dSIPRouter rsyslog.conf' /etc/rsyslog.conf 2>/dev/null; then + cp -f ${DSIP_PROJECT_DIR}/resources/syslog/rsyslog.conf /etc/rsyslog.conf + fi + + # Setup dSIPRouter Logging + cp -f ${DSIP_PROJECT_DIR}/resources/syslog/dsiprouter.conf /etc/rsyslog.d/dsiprouter.conf + touch /var/log/dsiprouter.log + systemctl restart rsyslog + + # Setup logrotate + cp -f ${DSIP_PROJECT_DIR}/resources/logrotate/dsiprouter /etc/logrotate.d/dsiprouter + + # Install dSIPRouter as a service + perl -p \ + -e "s|'DSIP_RUN_DIR\=.*'|'DSIP_RUN_DIR=$DSIP_RUN_DIR'|;" \ + -e "s|'DSIP_PROJECT_DIR\=.*'|'DSIP_PROJECT_DIR=$DSIP_PROJECT_DIR'|;" \ + -e "s|'DSIP_SYSTEM_CONFIG_DIR\=.*'|'DSIP_SYSTEM_CONFIG_DIR=$DSIP_SYSTEM_CONFIG_DIR'|;" \ + ${DSIP_PROJECT_DIR}/dsiprouter/systemd/dsiprouter-v2.service > /lib/systemd/system/dsiprouter.service + chmod 644 /lib/systemd/system/dsiprouter.service + systemctl daemon-reload + systemctl enable dsiprouter + + # add hook to bash_completion in the standard debian location + echo '. /usr/share/bash-completion/bash_completion' > /etc/bash_completion + + return 0 +} + + +function uninstall { + rm -rf ${PYTHON_VENV} + + # Remove Firewall for DSIP_PORT + firewall-cmd --zone=public --remove-port=${DSIP_PORT}/tcp --permanent + firewall-cmd --reload + + # Remove dSIPRouter Logging + rm -f /etc/rsyslog.d/dsiprouter.conf + + # Remove logrotate settings + rm -f /etc/logrotate.d/dsiprouter + + # Remove dSIProuter as a service + systemctl stop dsiprouter.service + systemctl disable dsiprouter.service + rm -f /lib/systemd/system/dsiprouter.service + systemctl daemon-reload + + return 0 +} + +case "$1" in + uninstall) + uninstall && exit 0 || exit 1 + ;; + install) + install && exit 0 || exit 1 + ;; + *) + printerr "usage $0 [install | uninstall]" + exit 1 + ;; +esac diff --git a/dsiprouter/ubuntu/24.sh b/dsiprouter/ubuntu/24.sh new file mode 100755 index 00000000..95b3fdbb --- /dev/null +++ b/dsiprouter/ubuntu/24.sh @@ -0,0 +1,124 @@ +#!/usr/bin/env bash + +# Debug this script if in debug mode +(( $DEBUG == 1 )) && set -x + +# Import dsip_lib utility / shared functions if not already +if [[ "$DSIP_LIB_IMPORTED" != "1" ]]; then + . ${DSIP_PROJECT_DIR}/dsiprouter/dsip_lib.sh +fi + +function install() { + # create dsiprouter user and group + # sometimes locks aren't properly removed (this seems to happen often on VM's) + rm -f /etc/passwd.lock /etc/shadow.lock /etc/group.lock /etc/gshadow.lock &>/dev/null + userdel dsiprouter &>/dev/null; groupdel dsiprouter &>/dev/null + useradd --system --user-group --shell /bin/false --comment "dSIPRouter SIP Provider Platform" dsiprouter + + # Install Dependencies and remove any conflicting packages + apt-get remove -y ufw && + apt-get install -y build-essential pkg-config python3-pip \ + python3-dev libpq-dev python3-venv libev-dev libffi-dev default-libmysqlclient-dev \ + curl python3 firewalld sudo logrotate rsyslog perl sngrep uuid-runtime && + # Install libraries needed to install the python-ldap package + apt-get install -y libsasl2-dev python-dev-is-python3 libldap2-dev libssl-dev + + if (( $? != 0 )); then + printerr 'Failed installing required packages' + return 1 + fi + + # make sure the nginx user has access to dsiprouter directories + usermod -a -G dsiprouter nginx + # make dsiprouter user has access to kamailio files + usermod -a -G kamailio dsiprouter + + # setup runtime directorys for dsiprouter + mkdir -p ${DSIP_RUN_DIR} + chown -R dsiprouter:dsiprouter ${DSIP_RUN_DIR} + + # Enable and start firewalld if not already running + systemctl enable firewalld + systemctl start firewalld + + # Setup Firewall for DSIP_PORT + firewall-cmd --zone=public --add-port=${DSIP_PORT}/tcp --permanent + firewall-cmd --reload + + # TODO: figure out why compiling ultradict with the other deps hangs + python3 -m venv --upgrade-deps ${PYTHON_VENV} && + ${PYTHON_CMD} -m pip install UltraDict && + ${PYTHON_CMD} -m pip install -r ${DSIP_PROJECT_DIR}/gui/requirements.txt + if (( $? == 1 )); then + printerr "Failed installing required python libraries" + return 1 + fi + + # setup dsiprouter nginx configs + perl -e "\$dsip_port='${DSIP_PORT}'; \$dsip_unix_sock='${DSIP_UNIX_SOCK}'; \$dsip_ssl_cert='${DSIP_SSL_CERT}'; \$dsip_ssl_key='${DSIP_SSL_KEY}';" \ + -pe 's%DSIP_UNIX_SOCK%${dsip_unix_sock}%g; s%DSIP_PORT%${dsip_port}%g; s%DSIP_SSL_CERT%${dsip_ssl_cert}%g; s%DSIP_SSL_KEY%${dsip_ssl_key}%g;' \ + ${DSIP_PROJECT_DIR}/nginx/configs/dsiprouter.conf >/etc/nginx/sites-available/dsiprouter.conf + ln -sf /etc/nginx/sites-available/dsiprouter.conf /etc/nginx/sites-enabled/dsiprouter.conf + + # Configure rsyslog defaults + if ! grep -q 'dSIPRouter rsyslog.conf' /etc/rsyslog.conf 2>/dev/null; then + cp -f ${DSIP_PROJECT_DIR}/resources/syslog/rsyslog.conf /etc/rsyslog.conf + fi + + # Setup dSIPRouter Logging + cp -f ${DSIP_PROJECT_DIR}/resources/syslog/dsiprouter.conf /etc/rsyslog.d/dsiprouter.conf + touch /var/log/dsiprouter.log + systemctl restart rsyslog + + # Setup logrotate + cp -f ${DSIP_PROJECT_DIR}/resources/logrotate/dsiprouter /etc/logrotate.d/dsiprouter + + # Install dSIPRouter as a service + perl -p \ + -e "s|'DSIP_RUN_DIR\=.*'|'DSIP_RUN_DIR=$DSIP_RUN_DIR'|;" \ + -e "s|'DSIP_PROJECT_DIR\=.*'|'DSIP_PROJECT_DIR=$DSIP_PROJECT_DIR'|;" \ + -e "s|'DSIP_SYSTEM_CONFIG_DIR\=.*'|'DSIP_SYSTEM_CONFIG_DIR=$DSIP_SYSTEM_CONFIG_DIR'|;" \ + ${DSIP_PROJECT_DIR}/dsiprouter/systemd/dsiprouter-v2.service > /lib/systemd/system/dsiprouter.service + chmod 644 /lib/systemd/system/dsiprouter.service + systemctl daemon-reload + systemctl enable dsiprouter + + return 0 +} + +function uninstall() { + apt-get remove -y curl python3 python3-pip python-dev python3-openssl libpq-dev firewalld + apt-get remove -y --allow-unauthenticated libmariadbclient-dev + apt-get remove -y logrotate rsyslog perl sngrep libev-dev uuid-runtime + + # Remove Firewall for DSIP_PORT + firewall-cmd --zone=public --remove-port=${DSIP_PORT}/tcp --permanent + firewall-cmd --reload + + # Remove dSIPRouter Logging + rm -f /etc/rsyslog.d/dsiprouter.conf + + # Remove logrotate settings + rm -f /etc/logrotate.d/dsiprouter + + # Remove dSIProuter as a service + systemctl stop dsiprouter.service + systemctl disable dsiprouter.service + rm -f /lib/systemd/system/dsiprouter.service + systemctl daemon-reload + + return 0 +} + +case "$1" in + install) + install && exit 0 || exit 1 + ;; + uninstall) + uninstall && exit 0 || exit 1 + ;; + *) + printerr "Usage: $0 [install | uninstall]" + exit 1 + ;; +esac diff --git a/gui/database/__init__.py b/gui/database/__init__.py index d876acc0..f524de7a 100644 --- a/gui/database/__init__.py +++ b/gui/database/__init__.py @@ -981,6 +981,7 @@ def settingsToTableFormat(settings, updates=None): ('MAIL_DEFAULT_SENDER', data['MAIL_DEFAULT_SENDER']), ('MAIL_DEFAULT_SUBJECT', data['MAIL_DEFAULT_SUBJECT']), ('DSIP_LICENSE_STORE', data['DSIP_LICENSE_STORE']), + ('RTPENGINE_URI', data['RTPENGINE_URI']), ]) diff --git a/kamailio/almalinux/8.sh b/kamailio/almalinux/8.sh index c0876614..df44089f 100755 --- a/kamailio/almalinux/8.sh +++ b/kamailio/almalinux/8.sh @@ -9,21 +9,28 @@ if [[ "$DSIP_LIB_IMPORTED" != "1" ]]; then fi function install() { - local KAM_VERSION_DOTTED=$(perl -pe 's%([0-9])([0-9])%\1.\2%' <<<"$KAM_VERSION") + local KAM_MINOR_VERSION=$(perl -pe 's%^([0-9])\.([0-9]).*$%\1.\2%' <<<"$KAM_VERSION") local RHEL_BASE_VER=$(rpm -E %{rhel}) + local NPROC=$(nproc) # Install Dependencies - yum groupinstall --setopt=group_package_types=mandatory,default,optional -y 'core' - yum groupinstall --setopt=group_package_types=mandatory,default,optional -y 'base' - yum groupinstall --setopt=group_package_types=mandatory,default,optional -y 'Development Tools' - yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm - yum install -y psmisc curl wget sed gawk vim perl firewalld uuid-devel openssl-devel - yum install -y logrotate rsyslog python3 python3-virtualenv policycoreutils-python-utils + dnf config-manager --enable powertools && + dnf install -y epel-release && + dnf groupinstall --setopt=group_package_types=mandatory,default,optional -y 'core' && + dnf groupinstall --setopt=group_package_types=mandatory,default,optional -y 'base' && + dnf groupinstall --setopt=group_package_types=mandatory,default,optional -y 'Development Tools' && + dnf install -y psmisc curl wget sed gawk vim perl firewalld logrotate rsyslog \ + uuid openssl-devel libatomic libuuid-devel libjwt-devel bzip2-devel libffi-devel libcurl-devel \ + python3.11 python3.11-pip policycoreutils-python-utils + + if (( $? != 0 )); then + printerr 'Failed installing required packages' + exit 1 + fi # we need a newer version of certbot than the distro repos offer - yum remove -y *certbot* - python3 -m venv /opt/certbot/ - /opt/certbot/bin/pip install --upgrade pip + dnf remove -y *certbot* + python3 -m venv --upgrade-deps /opt/certbot/ /opt/certbot/bin/pip install certbot ln -sf /opt/certbot/bin/certbot /usr/bin/certbot @@ -43,7 +50,6 @@ function install() { fi # create kamailio user and group - mkdir -p /var/run/kamailio # sometimes locks aren't properly removed (this seems to happen often on VM's) rm -f /etc/passwd.lock /etc/shadow.lock /etc/group.lock /etc/gshadow.lock useradd --system --user-group --shell /bin/false --comment "Kamailio SIP Proxy" kamailio @@ -53,7 +59,7 @@ function install() { (cat << EOF [kamailio] name=Kamailio -baseurl=https://rpm.kamailio.org/rhel/${RHEL_BASE_VER}/${KAM_VERSION_DOTTED}/${KAM_VERSION_DOTTED}/\$basearch/ +baseurl=https://rpm.kamailio.org/centos/${RHEL_BASE_VER}/${KAM_MINOR_VERSION}/${KAM_VERSION}/\$basearch/ enabled=1 metadata_expire=30d gpgcheck=1 @@ -63,8 +69,9 @@ type=rpm EOF ) > /etc/yum.repos.d/kamailio.repo - yum makecache -y - yum install -y kamailio kamailio-ldap kamailio-mysql kamailio-sipdump kamailio-websocket \ + dnf clean -y metadata + dnf makecache -y + dnf install -y kamailio kamailio-ldap kamailio-mysql kamailio-sipdump kamailio-websocket \ kamailio-postgresql kamailio-debuginfo kamailio-xmpp kamailio-unixodbc kamailio-utils kamailio-tls \ kamailio-presence kamailio-outbound kamailio-gzcompress kamailio-http_async_client kamailio-dmq_userloc \ kamailio-sctp @@ -79,7 +86,6 @@ EOF fi # get info about the kamailio install for later use in script - KAM_VERSION_FULL=$(kamailio -v 2>/dev/null | grep '^version:' | awk '{print $3}') KAM_MODULES_DIR=$(find /usr/lib{32,64,}/{i386*/*,i386*/kamailio/*,x86_64*/*,x86_64*/kamailio/*,*} -name drouting.so -printf '%h' -quit 2>/dev/null) touch /etc/tmpfiles.d/kamailio.conf @@ -204,12 +210,12 @@ EOF ## compile and install STIR/SHAKEN module ## reuse repo if it exists and matches version we want to install if [[ -d ${SRC_DIR}/kamailio ]]; then - if [[ "$(getGitTagFromShallowRepo ${SRC_DIR}/kamailio)" != "${KAM_VERSION_FULL}" ]]; then + if [[ "$(getGitTagFromShallowRepo ${SRC_DIR}/kamailio)" != "${KAM_VERSION}" ]]; then rm -rf ${SRC_DIR}/kamailio - git clone --depth 1 -c advice.detachedHead=false -b ${KAM_VERSION_FULL} https://github.com/kamailio/kamailio.git ${SRC_DIR}/kamailio + git clone --depth 1 -c advice.detachedHead=false -b ${KAM_VERSION} https://github.com/kamailio/kamailio.git ${SRC_DIR}/kamailio fi else - git clone --depth 1 -c advice.detachedHead=false -b ${KAM_VERSION_FULL} https://github.com/kamailio/kamailio.git ${SRC_DIR}/kamailio + git clone --depth 1 -c advice.detachedHead=false -b ${KAM_VERSION} https://github.com/kamailio/kamailio.git ${SRC_DIR}/kamailio fi ( cd ${SRC_DIR}/kamailio/src/modules/stirshaken && diff --git a/kamailio/almalinux/9.sh b/kamailio/almalinux/9.sh new file mode 100755 index 00000000..4f980a94 --- /dev/null +++ b/kamailio/almalinux/9.sh @@ -0,0 +1,276 @@ +#!/usr/bin/env bash + +# Debug this script if in debug mode +(( $DEBUG == 1 )) && set -x + +# Import dsip_lib utility / shared functions if not already +if [[ "$DSIP_LIB_IMPORTED" != "1" ]]; then + . ${DSIP_PROJECT_DIR}/dsiprouter/dsip_lib.sh +fi + +function install() { + local KAM_MINOR_VERSION=$(perl -pe 's%^([0-9])\.([0-9]).*$%\1.\2%' <<<"$KAM_VERSION") + local RHEL_BASE_VER=$(rpm -E %{rhel}) + local NPROC=$(nproc) + + # Install Dependencies + dnf groupinstall -y 'core' && + dnf groupinstall -y 'base' && + dnf groupinstall -y 'Development Tools' && + dnf install -y epel-release dnf-plugins-core && + dnf install -y git curl perl firewalld logrotate rsyslog certbot cmake libuuid-devel \ + libcurl-devel libjwt-devel libatomic openssl-devel policycoreutils-python-utils + + if (( $? != 0 )); then + printerr 'Failed installing required packages' + return 1 + fi + + dnf install -y kernel-modules-extra-$(uname -r) || { + printwarn 'could not install kernel modules for current kernel' + echo 'upgrading kernel and installing new modules' + printwarn 'you will need to reboot the machine for changes to take effect' + dnf install -y kernel-modules-extra + } + + if (( $? == 0 )); then + echo 'sctp' >/etc/modules-load.d/sctp.conf + sed -i -re 's%^blacklist sctp%#blacklist sctp%g' /etc/modprobe.d/* + modprobe sctp + else + printwarn 'Could not install kernel modules for SCTP support. Continuing installation...' + fi + + # sometimes locks aren't properly removed (this seems to happen often on VM's) + rm -f /etc/passwd.lock /etc/shadow.lock /etc/group.lock /etc/gshadow.lock &>/dev/null + userdel kamailio &>/dev/null; groupdel kamailio &>/dev/null + useradd --system --user-group --shell /bin/false --comment "Kamailio SIP Proxy" kamailio + + # TODO: fix upstream kamailio.repo file + #dnf config-manager -y --add-repo https://rpm.kamailio.org/centos/kamailio.repo && + #dnf config-manager --disable 'kamailio*' && + #dnf config-manager --enable "kamailio-$KAM_VERSION_DOTTED" && + + # Add the Kamailio repos to yum + (cat << EOF +[kamailio] +name=Kamailio +baseurl=https://rpm.kamailio.org/centos/${RHEL_BASE_VER}/${KAM_MINOR_VERSION}/${KAM_VERSION}/\$basearch/ +enabled=1 +metadata_expire=30d +gpgcheck=1 +repo_gpgcheck=0 +gpgkey=https://rpm.kamailio.org/rpm-pub.key +type=rpm +EOF + ) > /etc/yum.repos.d/kamailio.repo + + dnf clean -y metadata + dnf makecache -y + dnf install -y kamailio kamailio-ldap kamailio-mysql kamailio-sipdump kamailio-websocket kamailio-postgresql kamailio-debuginfo \ + kamailio-xmpp kamailio-unixodbc kamailio-utils kamailio-tls kamailio-presence kamailio-outbound kamailio-gzcompress \ + kamailio-http_async_client kamailio-dmq_userloc kamailio-jansson kamailio-json kamailio-uuid kamailio-sctp + + if (( $? != 0 )); then + printerr 'Failed installing kamailio packages' + return 1 + fi + + # get info about the kamailio install for later use in script + KAM_MODULES_DIR=$(find /usr/lib{32,64,}/{i386*/*,i386*/kamailio/*,x86_64*/*,x86_64*/kamailio/*,*} -name drouting.so -printf '%h' -quit 2>/dev/null) + + # make sure run dir exists + mkdir -p /var/run/kamailio + chown -R kamailio:kamailio /var/run/kamailio + + # create kamailio defaults config + cp -f ${DSIP_PROJECT_DIR}/kamailio/systemd/kamailio.conf /etc/default/kamailio.conf + + touch /etc/tmpfiles.d/kamailio.conf + echo "d /run/kamailio 0750 kamailio users" > /etc/tmpfiles.d/kamailio.conf + + # Configure Kamailio and Required Database Modules + mkdir -p ${SYSTEM_KAMAILIO_CONFIG_DIR} ${BACKUPS_DIR}/kamailio + mv -f ${SYSTEM_KAMAILIO_CONFIG_DIR}/kamctlrc ${BACKUPS_DIR}/kamailio/kamctlrc.$(date +%Y%m%d_%H%M%S) + if [[ -z "${ROOT_DB_PASS-unset}" ]]; then + local ROOTPW_SETTING="DBROOTPWSKIP=yes" + else + local ROOTPW_SETTING="DBROOTPW=\"${ROOT_DB_PASS}\"" + fi + + # TODO: we should set STORE_PLAINTEXT_PW to 0, this is not default but would need tested + cat <${SYSTEM_KAMAILIO_CONFIG_DIR}/kamctlrc +DBENGINE=MYSQL +DBHOST="${KAM_DB_HOST}" +DBPORT="${KAM_DB_PORT}" +DBNAME="${KAM_DB_NAME}" +DBROUSER="${KAM_DB_USER}" +DBROPW="${KAM_DB_PASS}" +DBRWUSER="${KAM_DB_USER}" +DBRWPW="${KAM_DB_PASS}" +DBROOTUSER="${ROOT_DB_USER}" +${ROOTPW_SETTING} +CHARSET=utf8 +INSTALL_EXTRA_TABLES=yes +INSTALL_PRESENCE_TABLES=yes +INSTALL_DBUID_TABLES=yes +#STORE_PLAINTEXT_PW=0 +EOF + + # Execute 'kamdbctl create' to create the Kamailio database schema + kamdbctl create + + # give kamailio permissions in SELINUX + semanage port -a -t sip_port_t -p udp ${KAM_SIP_PORT} || semanage port -m -t sip_port_t -p udp ${KAM_SIP_PORT} + semanage port -a -t sip_port_t -p tcp ${KAM_SIP_PORT} || semanage port -m -t sip_port_t -p tcp ${KAM_SIP_PORT} + semanage port -a -t sip_port_t -p tcp ${KAM_SIPS_PORT} || semanage port -m -t sip_port_t -p tcp ${KAM_SIPS_PORT} + semanage port -a -t sip_port_t -p tcp ${KAM_WSS_PORT} || semanage port -m -t sip_port_t -p tcp ${KAM_WSS_PORT} + semanage port -a -t sip_port_t -p udp ${KAM_DMQ_PORT} || semanage port -m -t sip_port_t -p udp ${KAM_DMQ_PORT} + + # Start firewalld + systemctl enable firewalld + systemctl start firewalld + + # Setup firewall rules + firewall-cmd --zone=public --add-port=${KAM_SIP_PORT}/udp --permanent + firewall-cmd --zone=public --add-port=${KAM_SIP_PORT}/tcp --permanent + firewall-cmd --zone=public --add-port=${KAM_SIPS_PORT}/tcp --permanent + firewall-cmd --zone=public --add-port=${KAM_WSS_PORT}/tcp --permanent + firewall-cmd --zone=public --add-port=${KAM_DMQ_PORT}/udp --permanent + firewall-cmd --reload + + # Configure Kamailio systemd service + cp -f ${DSIP_PROJECT_DIR}/kamailio/systemd/kamailio-v2.service /lib/systemd/system/kamailio.service + chmod 644 /lib/systemd/system/kamailio.service + systemctl daemon-reload + systemctl enable kamailio + + # Configure rsyslog defaults + if ! grep -q 'dSIPRouter rsyslog.conf' /etc/rsyslog.conf 2>/dev/null; then + cp -f ${DSIP_PROJECT_DIR}/resources/syslog/rsyslog.conf /etc/rsyslog.conf + fi + + # Setup kamailio Logging + cp -f ${DSIP_PROJECT_DIR}/resources/syslog/kamailio.conf /etc/rsyslog.d/kamailio.conf + touch /var/log/kamailio.log + systemctl restart rsyslog + + # Setup logrotate + cp -f ${DSIP_PROJECT_DIR}/resources/logrotate/kamailio /etc/logrotate.d/kamailio + + # Setup Kamailio to use the CA cert's that are shipped with the OS + mkdir -p ${DSIP_SYSTEM_CONFIG_DIR}/certs/stirshaken + ln -s /etc/ssl/certs/ca-bundle.crt ${DSIP_SSL_CA} + updateCACertsDir + + # setup STIR/SHAKEN module for kamailio + ## compile and install libks + if [[ ! -d ${SRC_DIR}/libks ]]; then + git clone --single-branch -c advice.detachedHead=false https://github.com/signalwire/libks -b v1.8.3 ${SRC_DIR}/libks + fi + ( + cd ${SRC_DIR}/libks && + cmake -DCMAKE_BUILD_TYPE=Release . && + make -j $NPROC CFLAGS='-Wno-deprecated-declarations' && + make -j $NPROC install + ) || { + printerr 'Failed to compile and install libks' + return 1 + } + + ## compile and install libstirshaken + if [[ ! -d ${SRC_DIR}/libstirshaken ]]; then + git clone --depth 1 -c advice.detachedHead=false https://github.com/signalwire/libstirshaken ${SRC_DIR}/libstirshaken + fi + ( + cd ${SRC_DIR}/libstirshaken && + ./bootstrap.sh && + ./configure --prefix=/usr --libdir=/usr/lib64 && + make -j $NPROC CFLAGS='-Wno-deprecated-declarations' && + make -j $NPROC install && + ldconfig + ) || { + printerr 'Failed to compile and install libstirshaken' + return 1 + } + + ## compile and install STIR/SHAKEN module + ## reuse repo if it exists and matches version we want to install + if [[ -d ${SRC_DIR}/kamailio ]]; then + if [[ "$(getGitTagFromShallowRepo ${SRC_DIR}/kamailio)" != "${KAM_VERSION}" ]]; then + rm -rf ${SRC_DIR}/kamailio + git clone --depth 1 -c advice.detachedHead=false -b ${KAM_VERSION} https://github.com/kamailio/kamailio.git ${SRC_DIR}/kamailio + fi + else + git clone --depth 1 -c advice.detachedHead=false -b ${KAM_VERSION} https://github.com/kamailio/kamailio.git ${SRC_DIR}/kamailio + fi + ( + cd ${SRC_DIR}/kamailio/src/modules/stirshaken && + make -j $NPROC + ) && + cp -f ${SRC_DIR}/kamailio/src/modules/stirshaken/stirshaken.so ${KAM_MODULES_DIR}/ || { + printerr 'Failed to compile and install STIR/SHAKEN module' + return 1 + } + + # patch uac module to support reload_delta + # TODO: commit upstream (https://github.com/kamailio/kamailio.git) + ( + cd ${SRC_DIR}/kamailio/src/modules/uac && + patch -p4 -N <${DSIP_PROJECT_DIR}/kamailio/uac.patch + (( $? > 1 )) && exit 1 + make -j $NPROC && + cp -f ${SRC_DIR}/kamailio/src/modules/uac/uac.so ${KAM_MODULES_DIR}/ + ) || { + printerr 'Failed to patch uac module' + return 1 + } + + return 0 +} + +function uninstall { + # Stop servers + systemctl stop kamailio + systemctl disable kamailio + + # Backup kamailio configuration directory + mv -f ${SYSTEM_KAMAILIO_CONFIG_DIR} ${SYSTEM_KAMAILIO_CONFIG_DIR}.bak.$(date +%Y%m%d_%H%M%S) + + # Uninstall Kamailio modules + dnf remove -y kamailio\* + + # remove our selinux changes + semanage port -D -t sip_port_t -p udp + semanage port -D -t sip_port_t -p tcp + semanage port -D -t rabbitmq_port_t -p udp + + # Remove firewall rules that was created by us: + firewall-cmd --zone=public --remove-port=${KAM_SIP_PORT}/udp --permanent + firewall-cmd --zone=public --remove-port=${KAM_SIP_PORT}/tcp --permanent + firewall-cmd --zone=public --remove-port=${KAM_SIPS_PORT}/tcp --permanent + firewall-cmd --zone=public --remove-port=${KAM_WSS_PORT}/tcp --permanent + firewall-cmd --zone=public --remove-port=${KAM_DMQ_PORT}/udp --permanent + firewall-cmd --reload + + # Remove kamailio Logging + rm -f /etc/rsyslog.d/kamailio.conf + + # Remove logrotate settings + rm -f /etc/logrotate.d/kamailio + + return 0 +} + +case "$1" in + install) + install && exit 0 || exit 1 + ;; + uninstall) + uninstall && exit 0 || exit 1 + ;; + *) + printerr "Usage: $0 [install | uninstall]" + exit 1 + ;; +esac diff --git a/kamailio/amzn/2.sh b/kamailio/amzn/2.sh index 96376c92..e1f6929d 100755 --- a/kamailio/amzn/2.sh +++ b/kamailio/amzn/2.sh @@ -43,7 +43,7 @@ function install() { ( cd ${SRC_DIR}/openssl && ./Configure --prefix=/usr linux-$(uname -m) && - make -j $NRPOC && + make -j $NPROC && make -j $NPROC install ) || { printerr 'Failed to compile openssl' diff --git a/kamailio/centos/7.sh b/kamailio/centos/7.sh index 4ffc3cd0..8188399f 100755 --- a/kamailio/centos/7.sh +++ b/kamailio/centos/7.sh @@ -9,7 +9,9 @@ if [[ "$DSIP_LIB_IMPORTED" != "1" ]]; then fi function install() { - local KAM_VERSION_DOTTED RHEL_BASE_VER NPROC + local KAM_MINOR_VERSION=$(perl -pe 's%^([0-9])\.([0-9]).*$%\1.\2%' <<<"$KAM_VERSION") + local RHEL_BASE_VER=$(rpm -E %{rhel}) + local NPROC=$(nproc) # Install Dependencies yum groupinstall -y 'Development Tools' && @@ -34,11 +36,6 @@ function install() { sed -i -re 's%^blacklist sctp%#blacklist sctp%g' /etc/modprobe.d/* modprobe sctp - # hardcoded to the latest release available for centos (patch updates broken) - KAM_VERSION_DOTTED='5.7.4' - RHEL_BASE_VER=$(rpm -E %{rhel}) - NPROC=$(nproc) - ## compile and install openssl v1.1.1 (repo versions too old) ## we must overwrite system packages (openssl/openssl-devel) otherwise python's openssl package is not supported if [[ "$(openssl version 2>/dev/null | awk '{print $2}')" != "1.1.1w" ]]; then @@ -50,7 +47,7 @@ function install() { ( cd ${SRC_DIR}/openssl && ./Configure --prefix=/usr linux-$(uname -m) && - make -j $NRPOC && + make -j $NPROC && make -j $NPROC install ) if (( $? != 0 )); then @@ -100,14 +97,27 @@ function install() { userdel kamailio &>/dev/null; groupdel kamailio &>/dev/null useradd --system --user-group --shell /bin/false --comment "Kamailio SIP Proxy" kamailio -# KAM_VERSION_FULL=$( -# curl -s "https://rpm.kamailio.org/centos/${RHEL_BASE_VER}/${KAM_VERSION_DOTTED}/listing" 2>/dev/null | -# tail -n -1 -# ) - yum install -y yum-utils && - yum-config-manager --add-repo https://rpm.kamailio.org/centos/kamailio.repo && - yum-config-manager --disable 'kamailio*' >/dev/null && - yum-config-manager --enable "kamailio-$KAM_VERSION_DOTTED" >/dev/null && + # TODO: fix upstream kamailio.repo file + #yum install -y yum-utils && + #yum-config-manager --add-repo https://rpm.kamailio.org/centos/kamailio.repo && + #yum-config-manager --disable 'kamailio*' >/dev/null && + #yum-config-manager --enable "kamailio-$KAM_VERSION_DOTTED" >/dev/null && + + # Add the Kamailio repos to yum + (cat << EOF +[kamailio] +name=Kamailio +baseurl=https://rpm.kamailio.org/centos/${RHEL_BASE_VER}/${KAM_MINOR_VERSION}/${KAM_VERSION}/\$basearch/ +enabled=1 +metadata_expire=30d +gpgcheck=1 +repo_gpgcheck=0 +gpgkey=https://rpm.kamailio.org/rpm-pub.key +type=rpm +EOF + ) > /etc/yum.repos.d/kamailio.repo + yum makecache -y + yum install -y kamailio kamailio-ldap kamailio-mysql kamailio-sipdump kamailio-websocket kamailio-postgresql kamailio-debuginfo \ kamailio-xmpp kamailio-unixodbc kamailio-utils kamailio-tls kamailio-presence kamailio-outbound kamailio-gzcompress \ kamailio-http_async_client kamailio-dmq_userloc kamailio-jansson kamailio-json kamailio-uuid kamailio-sctp @@ -118,7 +128,6 @@ function install() { fi # get info about the kamailio install for later use in script - KAM_VERSION_FULL=$(kamailio -v 2>/dev/null | grep '^version:' | awk '{print $3}') KAM_MODULES_DIR=$(find /usr/lib{32,64,}/{i386*/*,i386*/kamailio/*,x86_64*/*,x86_64*/kamailio/*,*} -name drouting.so -printf '%h' -quit 2>/dev/null) # make sure run dir exists @@ -241,12 +250,12 @@ EOF ## compile and install STIR/SHAKEN module ## reuse repo if it exists and matches version we want to install if [[ -d ${SRC_DIR}/kamailio ]]; then - if [[ "$(getGitTagFromShallowRepo ${SRC_DIR}/kamailio)" != "${KAM_VERSION_FULL}" ]]; then + if [[ "$(getGitTagFromShallowRepo ${SRC_DIR}/kamailio)" != "${KAM_VERSION}" ]]; then rm -rf ${SRC_DIR}/kamailio - git clone --depth 1 -c advice.detachedHead=false -b ${KAM_VERSION_FULL} https://github.com/kamailio/kamailio.git ${SRC_DIR}/kamailio + git clone --depth 1 -c advice.detachedHead=false -b ${KAM_VERSION} https://github.com/kamailio/kamailio.git ${SRC_DIR}/kamailio fi else - git clone --depth 1 -c advice.detachedHead=false -b ${KAM_VERSION_FULL} https://github.com/kamailio/kamailio.git ${SRC_DIR}/kamailio + git clone --depth 1 -c advice.detachedHead=false -b ${KAM_VERSION} https://github.com/kamailio/kamailio.git ${SRC_DIR}/kamailio fi ( cd ${SRC_DIR}/kamailio/src/modules/stirshaken && diff --git a/kamailio/centos/8.sh b/kamailio/centos/8.sh index a3e4d7c4..7742f5d3 100755 --- a/kamailio/centos/8.sh +++ b/kamailio/centos/8.sh @@ -9,7 +9,9 @@ if [[ "$DSIP_LIB_IMPORTED" != "1" ]]; then fi function install() { - local KAM_VERSION_DOTTED RHEL_BASE_VER NPROC + local KAM_MINOR_VERSION=$(perl -pe 's%^([0-9])\.([0-9]).*$%\1.\2%' <<<"$KAM_VERSION") + local RHEL_BASE_VER=$(rpm -E %{rhel}) + local NPROC=$(nproc) # Install Dependencies dnf groupinstall -y 'Development Tools' && @@ -37,22 +39,31 @@ function install() { printwarn 'Could not install kernel modules for SCTP support. Continuing installation...' fi - KAM_VERSION_DOTTED=$(perl -pe 's%([0-9])([0-9])%\1.\2%' <<<"$KAM_VERSION") - RHEL_BASE_VER=$(rpm -E %{rhel}) - NPROC=$(nproc) - # sometimes locks aren't properly removed (this seems to happen often on VM's) rm -f /etc/passwd.lock /etc/shadow.lock /etc/group.lock /etc/gshadow.lock &>/dev/null userdel kamailio &>/dev/null; groupdel kamailio &>/dev/null useradd --system --user-group --shell /bin/false --comment "Kamailio SIP Proxy" kamailio -# KAM_VERSION_FULL=$( -# curl -s "https://rpm.kamailio.org/centos/${RHEL_BASE_VER}/${KAM_VERSION_DOTTED}/listing" 2>/dev/null | -# tail -n -1 -# ) - dnf config-manager -y --add-repo https://rpm.kamailio.org/centos/kamailio.repo && - dnf config-manager --disable 'kamailio*' && - dnf config-manager --enable "kamailio-$KAM_VERSION_DOTTED" && + # TODO: fix upstream kamailio.repo file + #dnf config-manager -y --add-repo https://rpm.kamailio.org/centos/kamailio.repo && + #dnf config-manager --disable 'kamailio*' && + #dnf config-manager --enable "kamailio-$KAM_VERSION_DOTTED" && + + # Add the Kamailio repos to yum + (cat << EOF +[kamailio] +name=Kamailio +baseurl=https://rpm.kamailio.org/centos/${RHEL_BASE_VER}/${KAM_MINOR_VERSION}/${KAM_VERSION}/\$basearch/ +enabled=1 +metadata_expire=30d +gpgcheck=1 +repo_gpgcheck=0 +gpgkey=https://rpm.kamailio.org/rpm-pub.key +type=rpm +EOF + ) > /etc/yum.repos.d/kamailio.repo + yum makecache -y + dnf install -y kamailio kamailio-ldap kamailio-mysql kamailio-sipdump kamailio-websocket kamailio-postgresql kamailio-debuginfo \ kamailio-xmpp kamailio-unixodbc kamailio-utils kamailio-tls kamailio-presence kamailio-outbound kamailio-gzcompress \ kamailio-http_async_client kamailio-dmq_userloc kamailio-jansson kamailio-json kamailio-uuid kamailio-sctp @@ -63,7 +74,6 @@ function install() { fi # get info about the kamailio install for later use in script - KAM_VERSION_FULL=$(kamailio -v 2>/dev/null | grep '^version:' | awk '{print $3}') KAM_MODULES_DIR=$(find /usr/lib{32,64,}/{i386*/*,i386*/kamailio/*,x86_64*/*,x86_64*/kamailio/*,*} -name drouting.so -printf '%h' -quit 2>/dev/null) # make sure run dir exists @@ -184,12 +194,12 @@ EOF ## compile and install STIR/SHAKEN module ## reuse repo if it exists and matches version we want to install if [[ -d ${SRC_DIR}/kamailio ]]; then - if [[ "$(getGitTagFromShallowRepo ${SRC_DIR}/kamailio)" != "${KAM_VERSION_FULL}" ]]; then + if [[ "$(getGitTagFromShallowRepo ${SRC_DIR}/kamailio)" != "${KAM_VERSION}" ]]; then rm -rf ${SRC_DIR}/kamailio - git clone --depth 1 -c advice.detachedHead=false -b ${KAM_VERSION_FULL} https://github.com/kamailio/kamailio.git ${SRC_DIR}/kamailio + git clone --depth 1 -c advice.detachedHead=false -b ${KAM_VERSION} https://github.com/kamailio/kamailio.git ${SRC_DIR}/kamailio fi else - git clone --depth 1 -c advice.detachedHead=false -b ${KAM_VERSION_FULL} https://github.com/kamailio/kamailio.git ${SRC_DIR}/kamailio + git clone --depth 1 -c advice.detachedHead=false -b ${KAM_VERSION} https://github.com/kamailio/kamailio.git ${SRC_DIR}/kamailio fi ( cd ${SRC_DIR}/kamailio/src/modules/stirshaken && diff --git a/kamailio/centos/9.sh b/kamailio/centos/9.sh index 48b8db82..4f980a94 100755 --- a/kamailio/centos/9.sh +++ b/kamailio/centos/9.sh @@ -9,7 +9,9 @@ if [[ "$DSIP_LIB_IMPORTED" != "1" ]]; then fi function install() { - local KAM_VERSION_DOTTED RHEL_BASE_VER NPROC + local KAM_MINOR_VERSION=$(perl -pe 's%^([0-9])\.([0-9]).*$%\1.\2%' <<<"$KAM_VERSION") + local RHEL_BASE_VER=$(rpm -E %{rhel}) + local NPROC=$(nproc) # Install Dependencies dnf groupinstall -y 'core' && @@ -39,22 +41,32 @@ function install() { printwarn 'Could not install kernel modules for SCTP support. Continuing installation...' fi - KAM_VERSION_DOTTED=$(perl -pe 's%([0-9])([0-9])%\1.\2%' <<<"$KAM_VERSION") - RHEL_BASE_VER=$(rpm -E %{rhel}) - NPROC=$(nproc) - # sometimes locks aren't properly removed (this seems to happen often on VM's) rm -f /etc/passwd.lock /etc/shadow.lock /etc/group.lock /etc/gshadow.lock &>/dev/null userdel kamailio &>/dev/null; groupdel kamailio &>/dev/null useradd --system --user-group --shell /bin/false --comment "Kamailio SIP Proxy" kamailio -# KAM_VERSION_FULL=$( -# curl -s "https://rpm.kamailio.org/centos/${RHEL_BASE_VER}/${KAM_VERSION_DOTTED}/listing" 2>/dev/null | -# tail -n -1 -# ) - dnf config-manager -y --add-repo https://rpm.kamailio.org/centos/kamailio.repo && - dnf config-manager --disable 'kamailio*' && - dnf config-manager --enable "kamailio-$KAM_VERSION_DOTTED" && + # TODO: fix upstream kamailio.repo file + #dnf config-manager -y --add-repo https://rpm.kamailio.org/centos/kamailio.repo && + #dnf config-manager --disable 'kamailio*' && + #dnf config-manager --enable "kamailio-$KAM_VERSION_DOTTED" && + + # Add the Kamailio repos to yum + (cat << EOF +[kamailio] +name=Kamailio +baseurl=https://rpm.kamailio.org/centos/${RHEL_BASE_VER}/${KAM_MINOR_VERSION}/${KAM_VERSION}/\$basearch/ +enabled=1 +metadata_expire=30d +gpgcheck=1 +repo_gpgcheck=0 +gpgkey=https://rpm.kamailio.org/rpm-pub.key +type=rpm +EOF + ) > /etc/yum.repos.d/kamailio.repo + + dnf clean -y metadata + dnf makecache -y dnf install -y kamailio kamailio-ldap kamailio-mysql kamailio-sipdump kamailio-websocket kamailio-postgresql kamailio-debuginfo \ kamailio-xmpp kamailio-unixodbc kamailio-utils kamailio-tls kamailio-presence kamailio-outbound kamailio-gzcompress \ kamailio-http_async_client kamailio-dmq_userloc kamailio-jansson kamailio-json kamailio-uuid kamailio-sctp @@ -65,7 +77,6 @@ function install() { fi # get info about the kamailio install for later use in script - KAM_VERSION_FULL=$(kamailio -v 2>/dev/null | grep '^version:' | awk '{print $3}') KAM_MODULES_DIR=$(find /usr/lib{32,64,}/{i386*/*,i386*/kamailio/*,x86_64*/*,x86_64*/kamailio/*,*} -name drouting.so -printf '%h' -quit 2>/dev/null) # make sure run dir exists @@ -186,12 +197,12 @@ EOF ## compile and install STIR/SHAKEN module ## reuse repo if it exists and matches version we want to install if [[ -d ${SRC_DIR}/kamailio ]]; then - if [[ "$(getGitTagFromShallowRepo ${SRC_DIR}/kamailio)" != "${KAM_VERSION_FULL}" ]]; then + if [[ "$(getGitTagFromShallowRepo ${SRC_DIR}/kamailio)" != "${KAM_VERSION}" ]]; then rm -rf ${SRC_DIR}/kamailio - git clone --depth 1 -c advice.detachedHead=false -b ${KAM_VERSION_FULL} https://github.com/kamailio/kamailio.git ${SRC_DIR}/kamailio + git clone --depth 1 -c advice.detachedHead=false -b ${KAM_VERSION} https://github.com/kamailio/kamailio.git ${SRC_DIR}/kamailio fi else - git clone --depth 1 -c advice.detachedHead=false -b ${KAM_VERSION_FULL} https://github.com/kamailio/kamailio.git ${SRC_DIR}/kamailio + git clone --depth 1 -c advice.detachedHead=false -b ${KAM_VERSION} https://github.com/kamailio/kamailio.git ${SRC_DIR}/kamailio fi ( cd ${SRC_DIR}/kamailio/src/modules/stirshaken && diff --git a/kamailio/debian/10.sh b/kamailio/debian/10.sh index 8e3b561c..fc6f2481 100755 --- a/kamailio/debian/10.sh +++ b/kamailio/debian/10.sh @@ -52,8 +52,8 @@ function install { mkdir -p /etc/apt/sources.list.d (cat << EOF # kamailio repo's -deb http://deb.kamailio.org/kamailio${KAM_VERSION} buster main -#deb-src http://deb.kamailio.org/kamailio${KAM_VERSION} buster main +deb https://deb-archive.kamailio.org/repos/kamailio-${KAM_VERSION} buster main +#deb-src https://deb-archive.kamailio.org/repos/kamailio-${KAM_VERSION} buster main EOF ) > ${KAM_SOURCES_LIST} @@ -61,13 +61,13 @@ EOF mkdir -p /etc/apt/preferences.d (cat << 'EOF' Package: * -Pin: origin deb.kamailio.org +Pin: origin deb-archive.kamailio.org Pin-Priority: 1000 EOF ) > ${KAM_PREFS_CONF} # Add Key for Kamailio Repo - wget -O- http://deb.kamailio.org/kamailiodebkey.gpg | apt-key add - + wget -O- https://deb-archive.kamailio.org/kamailiodebkey.gpg | apt-key add - # Update repo sources cache apt-get update -y @@ -99,7 +99,6 @@ EOF fi # get info about the kamailio install for later use in script - KAM_VERSION_FULL=$(kamailio -v 2>/dev/null | grep '^version:' | awk '{print $3}') KAM_MODULES_DIR=$(find /usr/lib{32,64,}/{i386*/*,i386*/kamailio/*,x86_64*/*,x86_64*/kamailio/*,*} -name drouting.so -printf '%h' -quit 2>/dev/null) # create kamailio defaults config @@ -227,12 +226,12 @@ EOF ## compile and install STIR/SHAKEN module ## reuse repo if it exists and matches version we want to install if [[ -d ${SRC_DIR}/kamailio ]]; then - if [[ "$(getGitTagFromShallowRepo ${SRC_DIR}/kamailio)" != "${KAM_VERSION_FULL}" ]]; then + if [[ "$(getGitTagFromShallowRepo ${SRC_DIR}/kamailio)" != "${KAM_VERSION}" ]]; then rm -rf ${SRC_DIR}/kamailio - git clone --depth 1 -c advice.detachedHead=false -b ${KAM_VERSION_FULL} https://github.com/kamailio/kamailio.git ${SRC_DIR}/kamailio + git clone --depth 1 -c advice.detachedHead=false -b ${KAM_VERSION} https://github.com/kamailio/kamailio.git ${SRC_DIR}/kamailio fi else - git clone --depth 1 -c advice.detachedHead=false -b ${KAM_VERSION_FULL} https://github.com/kamailio/kamailio.git ${SRC_DIR}/kamailio + git clone --depth 1 -c advice.detachedHead=false -b ${KAM_VERSION} https://github.com/kamailio/kamailio.git ${SRC_DIR}/kamailio fi ( cd ${SRC_DIR}/kamailio/src/modules/stirshaken && diff --git a/kamailio/debian/11.sh b/kamailio/debian/11.sh index 17809bc3..dbb384d9 100755 --- a/kamailio/debian/11.sh +++ b/kamailio/debian/11.sh @@ -50,8 +50,8 @@ function install() { mkdir -p /etc/apt/sources.list.d (cat << EOF # kamailio repo's -deb http://deb.kamailio.org/kamailio${KAM_VERSION} bullseye main -#deb-src http://deb.kamailio.org/kamailio${KAM_VERSION} bullseye main +deb https://deb-archive.kamailio.org/repos/kamailio-${KAM_VERSION} bullseye main +#deb-src https://deb-archive.kamailio.org/repos/kamailio-${KAM_VERSION} bullseye main EOF ) > ${KAM_SOURCES_LIST} @@ -59,13 +59,13 @@ EOF mkdir -p /etc/apt/preferences.d (cat << 'EOF' Package: * -Pin: origin deb.kamailio.org +Pin: origin deb-archive.kamailio.org Pin-Priority: 1000 EOF ) > ${KAM_PREFS_CONF} # Add Key for Kamailio Repo - wget -O- http://deb.kamailio.org/kamailiodebkey.gpg | apt-key add - + wget -O- https://deb-archive.kamailio.org/kamailiodebkey.gpg | apt-key add - # Update repo sources cache apt-get update -y @@ -76,7 +76,6 @@ EOF kamailio-json-modules kamailio-sctp-modules # get info about the kamailio install for later use in script - KAM_VERSION_FULL=$(kamailio -v 2>/dev/null | grep '^version:' | awk '{print $3}') KAM_MODULES_DIR=$(find /usr/lib{32,64,}/{i386*/*,i386*/kamailio/*,x86_64*/*,x86_64*/kamailio/*,*} -name drouting.so -printf '%h' -quit 2>/dev/null) # create kamailio defaults config @@ -204,12 +203,12 @@ EOF ## compile and install STIR/SHAKEN module ## reuse repo if it exists and matches version we want to install if [[ -d ${SRC_DIR}/kamailio ]]; then - if [[ "$(getGitTagFromShallowRepo ${SRC_DIR}/kamailio)" != "${KAM_VERSION_FULL}" ]]; then + if [[ "$(getGitTagFromShallowRepo ${SRC_DIR}/kamailio)" != "${KAM_VERSION}" ]]; then rm -rf ${SRC_DIR}/kamailio - git clone --depth 1 -c advice.detachedHead=false -b ${KAM_VERSION_FULL} https://github.com/kamailio/kamailio.git ${SRC_DIR}/kamailio + git clone --depth 1 -c advice.detachedHead=false -b ${KAM_VERSION} https://github.com/kamailio/kamailio.git ${SRC_DIR}/kamailio fi else - git clone --depth 1 -c advice.detachedHead=false -b ${KAM_VERSION_FULL} https://github.com/kamailio/kamailio.git ${SRC_DIR}/kamailio + git clone --depth 1 -c advice.detachedHead=false -b ${KAM_VERSION} https://github.com/kamailio/kamailio.git ${SRC_DIR}/kamailio fi ( cd ${SRC_DIR}/kamailio/src/modules/stirshaken && diff --git a/kamailio/debian/12.sh b/kamailio/debian/12.sh index ed82bea5..5bf0b36d 100755 --- a/kamailio/debian/12.sh +++ b/kamailio/debian/12.sh @@ -41,8 +41,8 @@ function install() { mkdir -p /etc/apt/sources.list.d (cat << EOF # kamailio repo's -deb http://deb.kamailio.org/kamailio${KAM_VERSION} bookworm main -#deb-src http://deb.kamailio.org/kamailio${KAM_VERSION} bookworm main +deb https://deb-archive.kamailio.org/repos/kamailio-${KAM_VERSION} bookworm main +#deb-src https://deb-archive.kamailio.org/repos/kamailio-${KAM_VERSION} bookworm main EOF ) > ${KAM_SOURCES_LIST} @@ -50,13 +50,13 @@ EOF mkdir -p /etc/apt/preferences.d (cat << 'EOF' Package: * -Pin: origin deb.kamailio.org +Pin: origin deb-archive.kamailio.org Pin-Priority: 1000 EOF ) > ${KAM_PREFS_CONF} # Add Key for Kamailio Repo - wget -O- http://deb.kamailio.org/kamailiodebkey.gpg | apt-key add - + curl -s https://deb.kamailio.org/kamailiodebkey.gpg | gpg --dearmor >/etc/apt/trusted.gpg.d/kamailiodebkey.gpg # Update repo sources cache apt-get update -y @@ -68,7 +68,6 @@ EOF kamailio-json-modules kamailio-sctp-modules # get info about the kamailio install for later use in script - KAM_VERSION_FULL=$(kamailio -v 2>/dev/null | grep '^version:' | awk '{print $3}') KAM_MODULES_DIR=$(find /usr/lib{32,64,}/{i386*/*,i386*/kamailio/*,x86_64*/*,x86_64*/kamailio/*,*} -name drouting.so -printf '%h' -quit 2>/dev/null) # create kamailio defaults config @@ -213,12 +212,12 @@ EOF ## compile and install STIR/SHAKEN module ## reuse repo if it exists and matches version we want to install if [[ -d ${SRC_DIR}/kamailio ]]; then - if [[ "$(getGitTagFromShallowRepo ${SRC_DIR}/kamailio)" != "${KAM_VERSION_FULL}" ]]; then + if [[ "$(getGitTagFromShallowRepo ${SRC_DIR}/kamailio)" != "${KAM_VERSION}" ]]; then rm -rf ${SRC_DIR}/kamailio - git clone --depth 1 -c advice.detachedHead=false -b ${KAM_VERSION_FULL} https://github.com/kamailio/kamailio.git ${SRC_DIR}/kamailio + git clone --depth 1 -c advice.detachedHead=false -b ${KAM_VERSION} https://github.com/kamailio/kamailio.git ${SRC_DIR}/kamailio fi else - git clone --depth 1 -c advice.detachedHead=false -b ${KAM_VERSION_FULL} https://github.com/kamailio/kamailio.git ${SRC_DIR}/kamailio + git clone --depth 1 -c advice.detachedHead=false -b ${KAM_VERSION} https://github.com/kamailio/kamailio.git ${SRC_DIR}/kamailio fi ( cd ${SRC_DIR}/kamailio/src/modules/stirshaken && diff --git a/kamailio/debian/9.sh b/kamailio/debian/9.sh index e7e4f166..d6fbca8f 100755 --- a/kamailio/debian/9.sh +++ b/kamailio/debian/9.sh @@ -44,8 +44,8 @@ function install { mkdir -p /etc/apt/sources.list.d (cat << EOF # kamailio repo's -deb http://deb.kamailio.org/kamailio${KAM_VERSION} stretch main -#deb-src http://deb.kamailio.org/kamailio${KAM_VERSION} stretch main +deb https://deb-archive.kamailio.org/repos/kamailio-${KAM_VERSION} stretch main +#deb-src https://deb-archive.kamailio.org/repos/kamailio-${KAM_VERSION} stretch main EOF ) > ${KAM_SOURCES_LIST} @@ -53,13 +53,13 @@ EOF mkdir -p /etc/apt/preferences.d (cat << 'EOF' Package: * -Pin: origin deb.kamailio.org +Pin: origin deb-archive.kamailio.org Pin-Priority: 1000 EOF ) > ${KAM_PREFS_CONF} # Add Key for Kamailio Repo - wget -O- http://deb.kamailio.org/kamailiodebkey.gpg | apt-key add - + wget -O- https://deb-archive.kamailio.org/kamailiodebkey.gpg | apt-key add - # Update repo sources cache apt-get update -y @@ -69,7 +69,6 @@ EOF kamailio-websocket-modules kamailio-presence-modules kamailio-json-modules # get info about the kamailio install for later use in script - KAM_VERSION_FULL=$(kamailio -v 2>/dev/null | grep '^version:' | awk '{print $3}') KAM_MODULES_DIR=$(find /usr/lib{32,64,}/{i386*/*,i386*/kamailio/*,x86_64*/*,x86_64*/kamailio/*,*} -name drouting.so -printf '%h' -quit 2>/dev/null) # create kamailio defaults config @@ -106,21 +105,6 @@ INSTALL_DBUID_TABLES=yes EOF ) > ${SYSTEM_KAMAILIO_CONFIG_DIR}/kamctlrc - # fix bug in kamilio v5.3.4 installer - if [[ "$KAM_VERSION_FULL" == "5.3.4" ]]; then - (cat << 'EOF' -CREATE TABLE `secfilter` ( -`id` INT(10) UNSIGNED AUTO_INCREMENT PRIMARY KEY NOT NULL, -`action` SMALLINT DEFAULT 0 NOT NULL, -`type` SMALLINT DEFAULT 0 NOT NULL, -`data` VARCHAR(64) DEFAULT "" NOT NULL -); -CREATE INDEX secfilter_idx ON secfilter (`action`, `type`, `data`); -INSERT INTO version (table_name, table_version) values ("secfilter","1"); -EOF - ) > /usr/share/kamailio/mysql/secfilter-create.sql - fi - # Execute 'kamdbctl create' to create the Kamailio database schema kamdbctl create || { printerr 'Failed creating kamailio database' @@ -166,12 +150,12 @@ EOF # setup dSIPRouter module for kamailio ## reuse repo if it exists and matches version we want to install if [[ -d ${SRC_DIR}/kamailio ]]; then - if [[ "$(getGitTagFromShallowRepo ${SRC_DIR}/kamailio)" != "${KAM_VERSION_FULL}" ]]; then + if [[ "$(getGitTagFromShallowRepo ${SRC_DIR}/kamailio)" != "${KAM_VERSION}" ]]; then rm -rf ${SRC_DIR}/kamailio - git clone --depth 1 -c advice.detachedHead=false -b ${KAM_VERSION_FULL} https://github.com/kamailio/kamailio.git ${SRC_DIR}/kamailio + git clone --depth 1 -c advice.detachedHead=false -b ${KAM_VERSION} https://github.com/kamailio/kamailio.git ${SRC_DIR}/kamailio fi else - git clone --depth 1 -c advice.detachedHead=false -b ${KAM_VERSION_FULL} https://github.com/kamailio/kamailio.git ${SRC_DIR}/kamailio + git clone --depth 1 -c advice.detachedHead=false -b ${KAM_VERSION} https://github.com/kamailio/kamailio.git ${SRC_DIR}/kamailio fi # setup STIR/SHAKEN module for kamailio diff --git a/kamailio/modules/dsiprouter/README.md b/kamailio/modules/dsiprouter/README.md index c8ae88ea..7029024b 100644 --- a/kamailio/modules/dsiprouter/README.md +++ b/kamailio/modules/dsiprouter/README.md @@ -8,9 +8,9 @@ ### clone your kamailio version's branch: ``` -KAM_VERSION_FULL=$(kamailio -v 2>/dev/null | grep '^version:' | awk '{print $3}' | sed -e 's/\([0-9]\.[0-9]\)\.[0-9]/\1/') +KAM_VERSIONL=$(kamailio -v 2>/dev/null | grep '^version:' | awk '{print $3}' | sed -e 's/\([0-9]\.[0-9]\)\.[0-9]/\1/') rm -rf /tmp/kamailio 2>/dev/null -git clone --depth 1 -c advice.detachedHead=false -b ${KAM_VERSION_FULL} https://github.com/kamailio/kamailio.git /tmp/kamailio +git clone --depth 1 -c advice.detachedHead=false -b ${KAM_VERSION} https://github.com/kamailio/kamailio.git /tmp/kamailio ``` ### copy to src dir and compile: diff --git a/kamailio/rhel/8.sh b/kamailio/rhel/8.sh index f703e26e..8d9f02e9 100755 --- a/kamailio/rhel/8.sh +++ b/kamailio/rhel/8.sh @@ -9,7 +9,9 @@ if [[ "$DSIP_LIB_IMPORTED" != "1" ]]; then fi function install() { - local KAM_VERSION_DOTTED=$(perl -pe 's%([0-9])([0-9])%\1.\2%' <<<"$KAM_VERSION") + local KAM_MINOR_VERSION=$(perl -pe 's%^([0-9])\.([0-9]).*$%\1.\2%' <<<"$KAM_VERSION") + local RHEL_BASE_VER=$(rpm -E %{rhel}) + local NPROC=$(nproc) local OS_ARCH=$(uname -m) # Install Dependencies @@ -52,7 +54,7 @@ function install() { (cat << EOF [kamailio] name=Kamailio -baseurl=https://rpm.kamailio.org/rhel/${DISTRO_MAJOR_VER}/${KAM_VERSION_DOTTED}/${KAM_VERSION_DOTTED}/${OS_ARCH}/ +baseurl=https://rpm.kamailio.org/centos/${RHEL_BASE_VER}/${KAM_MINOR_VERSION}/${KAM_VERSION}/\$basearch/ enabled=1 metadata_expire=30d gpgcheck=1 @@ -78,7 +80,6 @@ EOF fi # get info about the kamailio install for later use in script - KAM_VERSION_FULL=$(kamailio -v 2>/dev/null | grep '^version:' | awk '{print $3}') KAM_MODULES_DIR=$(find /usr/lib{32,64,}/{i386*/*,i386*/kamailio/*,x86_64*/*,x86_64*/kamailio/*,*} -name drouting.so -printf '%h' -quit 2>/dev/null) # create kamailio defaults config @@ -201,12 +202,12 @@ EOF ## compile and install STIR/SHAKEN module ## reuse repo if it exists and matches version we want to install if [[ -d ${SRC_DIR}/kamailio ]]; then - if [[ "$(getGitTagFromShallowRepo ${SRC_DIR}/kamailio)" != "${KAM_VERSION_FULL}" ]]; then + if [[ "$(getGitTagFromShallowRepo ${SRC_DIR}/kamailio)" != "${KAM_VERSION}" ]]; then rm -rf ${SRC_DIR}/kamailio - git clone --depth 1 -c advice.detachedHead=false -b ${KAM_VERSION_FULL} https://github.com/kamailio/kamailio.git ${SRC_DIR}/kamailio + git clone --depth 1 -c advice.detachedHead=false -b ${KAM_VERSION} https://github.com/kamailio/kamailio.git ${SRC_DIR}/kamailio fi else - git clone --depth 1 -c advice.detachedHead=false -b ${KAM_VERSION_FULL} https://github.com/kamailio/kamailio.git ${SRC_DIR}/kamailio + git clone --depth 1 -c advice.detachedHead=false -b ${KAM_VERSION} https://github.com/kamailio/kamailio.git ${SRC_DIR}/kamailio fi ( cd ${SRC_DIR}/kamailio/src/modules/stirshaken && diff --git a/kamailio/rhel/9.sh b/kamailio/rhel/9.sh new file mode 100755 index 00000000..4f980a94 --- /dev/null +++ b/kamailio/rhel/9.sh @@ -0,0 +1,276 @@ +#!/usr/bin/env bash + +# Debug this script if in debug mode +(( $DEBUG == 1 )) && set -x + +# Import dsip_lib utility / shared functions if not already +if [[ "$DSIP_LIB_IMPORTED" != "1" ]]; then + . ${DSIP_PROJECT_DIR}/dsiprouter/dsip_lib.sh +fi + +function install() { + local KAM_MINOR_VERSION=$(perl -pe 's%^([0-9])\.([0-9]).*$%\1.\2%' <<<"$KAM_VERSION") + local RHEL_BASE_VER=$(rpm -E %{rhel}) + local NPROC=$(nproc) + + # Install Dependencies + dnf groupinstall -y 'core' && + dnf groupinstall -y 'base' && + dnf groupinstall -y 'Development Tools' && + dnf install -y epel-release dnf-plugins-core && + dnf install -y git curl perl firewalld logrotate rsyslog certbot cmake libuuid-devel \ + libcurl-devel libjwt-devel libatomic openssl-devel policycoreutils-python-utils + + if (( $? != 0 )); then + printerr 'Failed installing required packages' + return 1 + fi + + dnf install -y kernel-modules-extra-$(uname -r) || { + printwarn 'could not install kernel modules for current kernel' + echo 'upgrading kernel and installing new modules' + printwarn 'you will need to reboot the machine for changes to take effect' + dnf install -y kernel-modules-extra + } + + if (( $? == 0 )); then + echo 'sctp' >/etc/modules-load.d/sctp.conf + sed -i -re 's%^blacklist sctp%#blacklist sctp%g' /etc/modprobe.d/* + modprobe sctp + else + printwarn 'Could not install kernel modules for SCTP support. Continuing installation...' + fi + + # sometimes locks aren't properly removed (this seems to happen often on VM's) + rm -f /etc/passwd.lock /etc/shadow.lock /etc/group.lock /etc/gshadow.lock &>/dev/null + userdel kamailio &>/dev/null; groupdel kamailio &>/dev/null + useradd --system --user-group --shell /bin/false --comment "Kamailio SIP Proxy" kamailio + + # TODO: fix upstream kamailio.repo file + #dnf config-manager -y --add-repo https://rpm.kamailio.org/centos/kamailio.repo && + #dnf config-manager --disable 'kamailio*' && + #dnf config-manager --enable "kamailio-$KAM_VERSION_DOTTED" && + + # Add the Kamailio repos to yum + (cat << EOF +[kamailio] +name=Kamailio +baseurl=https://rpm.kamailio.org/centos/${RHEL_BASE_VER}/${KAM_MINOR_VERSION}/${KAM_VERSION}/\$basearch/ +enabled=1 +metadata_expire=30d +gpgcheck=1 +repo_gpgcheck=0 +gpgkey=https://rpm.kamailio.org/rpm-pub.key +type=rpm +EOF + ) > /etc/yum.repos.d/kamailio.repo + + dnf clean -y metadata + dnf makecache -y + dnf install -y kamailio kamailio-ldap kamailio-mysql kamailio-sipdump kamailio-websocket kamailio-postgresql kamailio-debuginfo \ + kamailio-xmpp kamailio-unixodbc kamailio-utils kamailio-tls kamailio-presence kamailio-outbound kamailio-gzcompress \ + kamailio-http_async_client kamailio-dmq_userloc kamailio-jansson kamailio-json kamailio-uuid kamailio-sctp + + if (( $? != 0 )); then + printerr 'Failed installing kamailio packages' + return 1 + fi + + # get info about the kamailio install for later use in script + KAM_MODULES_DIR=$(find /usr/lib{32,64,}/{i386*/*,i386*/kamailio/*,x86_64*/*,x86_64*/kamailio/*,*} -name drouting.so -printf '%h' -quit 2>/dev/null) + + # make sure run dir exists + mkdir -p /var/run/kamailio + chown -R kamailio:kamailio /var/run/kamailio + + # create kamailio defaults config + cp -f ${DSIP_PROJECT_DIR}/kamailio/systemd/kamailio.conf /etc/default/kamailio.conf + + touch /etc/tmpfiles.d/kamailio.conf + echo "d /run/kamailio 0750 kamailio users" > /etc/tmpfiles.d/kamailio.conf + + # Configure Kamailio and Required Database Modules + mkdir -p ${SYSTEM_KAMAILIO_CONFIG_DIR} ${BACKUPS_DIR}/kamailio + mv -f ${SYSTEM_KAMAILIO_CONFIG_DIR}/kamctlrc ${BACKUPS_DIR}/kamailio/kamctlrc.$(date +%Y%m%d_%H%M%S) + if [[ -z "${ROOT_DB_PASS-unset}" ]]; then + local ROOTPW_SETTING="DBROOTPWSKIP=yes" + else + local ROOTPW_SETTING="DBROOTPW=\"${ROOT_DB_PASS}\"" + fi + + # TODO: we should set STORE_PLAINTEXT_PW to 0, this is not default but would need tested + cat <${SYSTEM_KAMAILIO_CONFIG_DIR}/kamctlrc +DBENGINE=MYSQL +DBHOST="${KAM_DB_HOST}" +DBPORT="${KAM_DB_PORT}" +DBNAME="${KAM_DB_NAME}" +DBROUSER="${KAM_DB_USER}" +DBROPW="${KAM_DB_PASS}" +DBRWUSER="${KAM_DB_USER}" +DBRWPW="${KAM_DB_PASS}" +DBROOTUSER="${ROOT_DB_USER}" +${ROOTPW_SETTING} +CHARSET=utf8 +INSTALL_EXTRA_TABLES=yes +INSTALL_PRESENCE_TABLES=yes +INSTALL_DBUID_TABLES=yes +#STORE_PLAINTEXT_PW=0 +EOF + + # Execute 'kamdbctl create' to create the Kamailio database schema + kamdbctl create + + # give kamailio permissions in SELINUX + semanage port -a -t sip_port_t -p udp ${KAM_SIP_PORT} || semanage port -m -t sip_port_t -p udp ${KAM_SIP_PORT} + semanage port -a -t sip_port_t -p tcp ${KAM_SIP_PORT} || semanage port -m -t sip_port_t -p tcp ${KAM_SIP_PORT} + semanage port -a -t sip_port_t -p tcp ${KAM_SIPS_PORT} || semanage port -m -t sip_port_t -p tcp ${KAM_SIPS_PORT} + semanage port -a -t sip_port_t -p tcp ${KAM_WSS_PORT} || semanage port -m -t sip_port_t -p tcp ${KAM_WSS_PORT} + semanage port -a -t sip_port_t -p udp ${KAM_DMQ_PORT} || semanage port -m -t sip_port_t -p udp ${KAM_DMQ_PORT} + + # Start firewalld + systemctl enable firewalld + systemctl start firewalld + + # Setup firewall rules + firewall-cmd --zone=public --add-port=${KAM_SIP_PORT}/udp --permanent + firewall-cmd --zone=public --add-port=${KAM_SIP_PORT}/tcp --permanent + firewall-cmd --zone=public --add-port=${KAM_SIPS_PORT}/tcp --permanent + firewall-cmd --zone=public --add-port=${KAM_WSS_PORT}/tcp --permanent + firewall-cmd --zone=public --add-port=${KAM_DMQ_PORT}/udp --permanent + firewall-cmd --reload + + # Configure Kamailio systemd service + cp -f ${DSIP_PROJECT_DIR}/kamailio/systemd/kamailio-v2.service /lib/systemd/system/kamailio.service + chmod 644 /lib/systemd/system/kamailio.service + systemctl daemon-reload + systemctl enable kamailio + + # Configure rsyslog defaults + if ! grep -q 'dSIPRouter rsyslog.conf' /etc/rsyslog.conf 2>/dev/null; then + cp -f ${DSIP_PROJECT_DIR}/resources/syslog/rsyslog.conf /etc/rsyslog.conf + fi + + # Setup kamailio Logging + cp -f ${DSIP_PROJECT_DIR}/resources/syslog/kamailio.conf /etc/rsyslog.d/kamailio.conf + touch /var/log/kamailio.log + systemctl restart rsyslog + + # Setup logrotate + cp -f ${DSIP_PROJECT_DIR}/resources/logrotate/kamailio /etc/logrotate.d/kamailio + + # Setup Kamailio to use the CA cert's that are shipped with the OS + mkdir -p ${DSIP_SYSTEM_CONFIG_DIR}/certs/stirshaken + ln -s /etc/ssl/certs/ca-bundle.crt ${DSIP_SSL_CA} + updateCACertsDir + + # setup STIR/SHAKEN module for kamailio + ## compile and install libks + if [[ ! -d ${SRC_DIR}/libks ]]; then + git clone --single-branch -c advice.detachedHead=false https://github.com/signalwire/libks -b v1.8.3 ${SRC_DIR}/libks + fi + ( + cd ${SRC_DIR}/libks && + cmake -DCMAKE_BUILD_TYPE=Release . && + make -j $NPROC CFLAGS='-Wno-deprecated-declarations' && + make -j $NPROC install + ) || { + printerr 'Failed to compile and install libks' + return 1 + } + + ## compile and install libstirshaken + if [[ ! -d ${SRC_DIR}/libstirshaken ]]; then + git clone --depth 1 -c advice.detachedHead=false https://github.com/signalwire/libstirshaken ${SRC_DIR}/libstirshaken + fi + ( + cd ${SRC_DIR}/libstirshaken && + ./bootstrap.sh && + ./configure --prefix=/usr --libdir=/usr/lib64 && + make -j $NPROC CFLAGS='-Wno-deprecated-declarations' && + make -j $NPROC install && + ldconfig + ) || { + printerr 'Failed to compile and install libstirshaken' + return 1 + } + + ## compile and install STIR/SHAKEN module + ## reuse repo if it exists and matches version we want to install + if [[ -d ${SRC_DIR}/kamailio ]]; then + if [[ "$(getGitTagFromShallowRepo ${SRC_DIR}/kamailio)" != "${KAM_VERSION}" ]]; then + rm -rf ${SRC_DIR}/kamailio + git clone --depth 1 -c advice.detachedHead=false -b ${KAM_VERSION} https://github.com/kamailio/kamailio.git ${SRC_DIR}/kamailio + fi + else + git clone --depth 1 -c advice.detachedHead=false -b ${KAM_VERSION} https://github.com/kamailio/kamailio.git ${SRC_DIR}/kamailio + fi + ( + cd ${SRC_DIR}/kamailio/src/modules/stirshaken && + make -j $NPROC + ) && + cp -f ${SRC_DIR}/kamailio/src/modules/stirshaken/stirshaken.so ${KAM_MODULES_DIR}/ || { + printerr 'Failed to compile and install STIR/SHAKEN module' + return 1 + } + + # patch uac module to support reload_delta + # TODO: commit upstream (https://github.com/kamailio/kamailio.git) + ( + cd ${SRC_DIR}/kamailio/src/modules/uac && + patch -p4 -N <${DSIP_PROJECT_DIR}/kamailio/uac.patch + (( $? > 1 )) && exit 1 + make -j $NPROC && + cp -f ${SRC_DIR}/kamailio/src/modules/uac/uac.so ${KAM_MODULES_DIR}/ + ) || { + printerr 'Failed to patch uac module' + return 1 + } + + return 0 +} + +function uninstall { + # Stop servers + systemctl stop kamailio + systemctl disable kamailio + + # Backup kamailio configuration directory + mv -f ${SYSTEM_KAMAILIO_CONFIG_DIR} ${SYSTEM_KAMAILIO_CONFIG_DIR}.bak.$(date +%Y%m%d_%H%M%S) + + # Uninstall Kamailio modules + dnf remove -y kamailio\* + + # remove our selinux changes + semanage port -D -t sip_port_t -p udp + semanage port -D -t sip_port_t -p tcp + semanage port -D -t rabbitmq_port_t -p udp + + # Remove firewall rules that was created by us: + firewall-cmd --zone=public --remove-port=${KAM_SIP_PORT}/udp --permanent + firewall-cmd --zone=public --remove-port=${KAM_SIP_PORT}/tcp --permanent + firewall-cmd --zone=public --remove-port=${KAM_SIPS_PORT}/tcp --permanent + firewall-cmd --zone=public --remove-port=${KAM_WSS_PORT}/tcp --permanent + firewall-cmd --zone=public --remove-port=${KAM_DMQ_PORT}/udp --permanent + firewall-cmd --reload + + # Remove kamailio Logging + rm -f /etc/rsyslog.d/kamailio.conf + + # Remove logrotate settings + rm -f /etc/logrotate.d/kamailio + + return 0 +} + +case "$1" in + install) + install && exit 0 || exit 1 + ;; + uninstall) + uninstall && exit 0 || exit 1 + ;; + *) + printerr "Usage: $0 [install | uninstall]" + exit 1 + ;; +esac diff --git a/kamailio/rocky/8.sh b/kamailio/rocky/8.sh index 3b1b7ff0..c737ef76 100755 --- a/kamailio/rocky/8.sh +++ b/kamailio/rocky/8.sh @@ -9,20 +9,28 @@ if [[ "$DSIP_LIB_IMPORTED" != "1" ]]; then fi function install() { - local KAM_VERSION_DOTTED=$(perl -pe 's%([0-9])([0-9])%\1.\2%' <<<"$KAM_VERSION") + local KAM_MINOR_VERSION=$(perl -pe 's%^([0-9])\.([0-9]).*$%\1.\2%' <<<"$KAM_VERSION") local RHEL_BASE_VER=$(rpm -E %{rhel}) + local NPROC=$(nproc) # Install Dependencies - yum groupinstall --setopt=group_package_types=mandatory,default,optional -y 'core' - yum groupinstall --setopt=group_package_types=mandatory,default,optional -y 'base' - yum groupinstall --setopt=group_package_types=mandatory,default,optional -y 'Development Tools' - yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm - yum install -y psmisc curl wget sed gawk vim perl firewalld uuid-devel openssl-devel - yum install -y logrotate rsyslog python3 python3-virtualenv policycoreutils-python-utils - - yum remove -y *certbot* - python3 -m venv /opt/certbot/ - /opt/certbot/bin/pip install --upgrade pip + dnf config-manager --enable -y powertools && + dnf install -y epel-release && + dnf groupinstall --setopt=group_package_types=mandatory,default,optional -y 'core' && + dnf groupinstall --setopt=group_package_types=mandatory,default,optional -y 'base' && + dnf groupinstall --setopt=group_package_types=mandatory,default,optional -y 'Development Tools' && + dnf install -y psmisc curl wget sed gawk vim perl firewalld logrotate rsyslog \ + uuid openssl-devel libuuid-devel libjwt-devel libatomic bzip2-devel libffi-devel libcurl-devel \ + python3.11 python3.11-pip policycoreutils-python-utils + + if (( $? != 0 )); then + printerr 'Failed installing required packages' + exit 1 + fi + + # we need a newer version of certbot than the distro repos offer + dnf remove -y *certbot* + python3 -m venv --upgrade-deps /opt/certbot/ /opt/certbot/bin/pip install certbot ln -sf /opt/certbot/bin/certbot /usr/bin/certbot @@ -42,7 +50,6 @@ function install() { fi # create kamailio user and group - mkdir -p /var/run/kamailio # sometimes locks aren't properly removed (this seems to happen often on VM's) rm -f /etc/passwd.lock /etc/shadow.lock /etc/group.lock /etc/gshadow.lock useradd --system --user-group --shell /bin/false --comment "Kamailio SIP Proxy" kamailio @@ -52,7 +59,7 @@ function install() { (cat << EOF [kamailio] name=Kamailio -baseurl=https://rpm.kamailio.org/rhel/${RHEL_BASE_VER}/${KAM_VERSION_DOTTED}/${KAM_VERSION_DOTTED}/\$basearch/ +baseurl=https://rpm.kamailio.org/centos/${RHEL_BASE_VER}/${KAM_MINOR_VERSION}/${KAM_VERSION}/\$basearch/ enabled=1 metadata_expire=30d gpgcheck=1 @@ -62,8 +69,9 @@ type=rpm EOF ) > /etc/yum.repos.d/kamailio.repo - yum makecache -y - yum install -y kamailio kamailio-ldap kamailio-mysql kamailio-sipdump kamailio-websocket \ + dnf clean -y metadata + dnf makecache -y + dnf install -y kamailio kamailio-ldap kamailio-mysql kamailio-sipdump kamailio-websocket \ kamailio-postgresql kamailio-debuginfo kamailio-xmpp kamailio-unixodbc kamailio-utils kamailio-tls \ kamailio-presence kamailio-outbound kamailio-gzcompress kamailio-http_async_client kamailio-dmq_userloc \ kamailio-sctp @@ -78,7 +86,6 @@ EOF fi # get info about the kamailio install for later use in script - KAM_VERSION_FULL=$(kamailio -v 2>/dev/null | grep '^version:' | awk '{print $3}') KAM_MODULES_DIR=$(find /usr/lib{32,64,}/{i386*/*,i386*/kamailio/*,x86_64*/*,x86_64*/kamailio/*,*} -name drouting.so -printf '%h' -quit 2>/dev/null) touch /etc/tmpfiles.d/kamailio.conf @@ -203,12 +210,12 @@ EOF ## compile and install STIR/SHAKEN module ## reuse repo if it exists and matches version we want to install if [[ -d ${SRC_DIR}/kamailio ]]; then - if [[ "$(getGitTagFromShallowRepo ${SRC_DIR}/kamailio)" != "${KAM_VERSION_FULL}" ]]; then + if [[ "$(getGitTagFromShallowRepo ${SRC_DIR}/kamailio)" != "${KAM_VERSION}" ]]; then rm -rf ${SRC_DIR}/kamailio - git clone --depth 1 -c advice.detachedHead=false -b ${KAM_VERSION_FULL} https://github.com/kamailio/kamailio.git ${SRC_DIR}/kamailio + git clone --depth 1 -c advice.detachedHead=false -b ${KAM_VERSION} https://github.com/kamailio/kamailio.git ${SRC_DIR}/kamailio fi else - git clone --depth 1 -c advice.detachedHead=false -b ${KAM_VERSION_FULL} https://github.com/kamailio/kamailio.git ${SRC_DIR}/kamailio + git clone --depth 1 -c advice.detachedHead=false -b ${KAM_VERSION} https://github.com/kamailio/kamailio.git ${SRC_DIR}/kamailio fi ( cd ${SRC_DIR}/kamailio/src/modules/stirshaken && diff --git a/kamailio/rocky/9.sh b/kamailio/rocky/9.sh new file mode 100755 index 00000000..4f980a94 --- /dev/null +++ b/kamailio/rocky/9.sh @@ -0,0 +1,276 @@ +#!/usr/bin/env bash + +# Debug this script if in debug mode +(( $DEBUG == 1 )) && set -x + +# Import dsip_lib utility / shared functions if not already +if [[ "$DSIP_LIB_IMPORTED" != "1" ]]; then + . ${DSIP_PROJECT_DIR}/dsiprouter/dsip_lib.sh +fi + +function install() { + local KAM_MINOR_VERSION=$(perl -pe 's%^([0-9])\.([0-9]).*$%\1.\2%' <<<"$KAM_VERSION") + local RHEL_BASE_VER=$(rpm -E %{rhel}) + local NPROC=$(nproc) + + # Install Dependencies + dnf groupinstall -y 'core' && + dnf groupinstall -y 'base' && + dnf groupinstall -y 'Development Tools' && + dnf install -y epel-release dnf-plugins-core && + dnf install -y git curl perl firewalld logrotate rsyslog certbot cmake libuuid-devel \ + libcurl-devel libjwt-devel libatomic openssl-devel policycoreutils-python-utils + + if (( $? != 0 )); then + printerr 'Failed installing required packages' + return 1 + fi + + dnf install -y kernel-modules-extra-$(uname -r) || { + printwarn 'could not install kernel modules for current kernel' + echo 'upgrading kernel and installing new modules' + printwarn 'you will need to reboot the machine for changes to take effect' + dnf install -y kernel-modules-extra + } + + if (( $? == 0 )); then + echo 'sctp' >/etc/modules-load.d/sctp.conf + sed -i -re 's%^blacklist sctp%#blacklist sctp%g' /etc/modprobe.d/* + modprobe sctp + else + printwarn 'Could not install kernel modules for SCTP support. Continuing installation...' + fi + + # sometimes locks aren't properly removed (this seems to happen often on VM's) + rm -f /etc/passwd.lock /etc/shadow.lock /etc/group.lock /etc/gshadow.lock &>/dev/null + userdel kamailio &>/dev/null; groupdel kamailio &>/dev/null + useradd --system --user-group --shell /bin/false --comment "Kamailio SIP Proxy" kamailio + + # TODO: fix upstream kamailio.repo file + #dnf config-manager -y --add-repo https://rpm.kamailio.org/centos/kamailio.repo && + #dnf config-manager --disable 'kamailio*' && + #dnf config-manager --enable "kamailio-$KAM_VERSION_DOTTED" && + + # Add the Kamailio repos to yum + (cat << EOF +[kamailio] +name=Kamailio +baseurl=https://rpm.kamailio.org/centos/${RHEL_BASE_VER}/${KAM_MINOR_VERSION}/${KAM_VERSION}/\$basearch/ +enabled=1 +metadata_expire=30d +gpgcheck=1 +repo_gpgcheck=0 +gpgkey=https://rpm.kamailio.org/rpm-pub.key +type=rpm +EOF + ) > /etc/yum.repos.d/kamailio.repo + + dnf clean -y metadata + dnf makecache -y + dnf install -y kamailio kamailio-ldap kamailio-mysql kamailio-sipdump kamailio-websocket kamailio-postgresql kamailio-debuginfo \ + kamailio-xmpp kamailio-unixodbc kamailio-utils kamailio-tls kamailio-presence kamailio-outbound kamailio-gzcompress \ + kamailio-http_async_client kamailio-dmq_userloc kamailio-jansson kamailio-json kamailio-uuid kamailio-sctp + + if (( $? != 0 )); then + printerr 'Failed installing kamailio packages' + return 1 + fi + + # get info about the kamailio install for later use in script + KAM_MODULES_DIR=$(find /usr/lib{32,64,}/{i386*/*,i386*/kamailio/*,x86_64*/*,x86_64*/kamailio/*,*} -name drouting.so -printf '%h' -quit 2>/dev/null) + + # make sure run dir exists + mkdir -p /var/run/kamailio + chown -R kamailio:kamailio /var/run/kamailio + + # create kamailio defaults config + cp -f ${DSIP_PROJECT_DIR}/kamailio/systemd/kamailio.conf /etc/default/kamailio.conf + + touch /etc/tmpfiles.d/kamailio.conf + echo "d /run/kamailio 0750 kamailio users" > /etc/tmpfiles.d/kamailio.conf + + # Configure Kamailio and Required Database Modules + mkdir -p ${SYSTEM_KAMAILIO_CONFIG_DIR} ${BACKUPS_DIR}/kamailio + mv -f ${SYSTEM_KAMAILIO_CONFIG_DIR}/kamctlrc ${BACKUPS_DIR}/kamailio/kamctlrc.$(date +%Y%m%d_%H%M%S) + if [[ -z "${ROOT_DB_PASS-unset}" ]]; then + local ROOTPW_SETTING="DBROOTPWSKIP=yes" + else + local ROOTPW_SETTING="DBROOTPW=\"${ROOT_DB_PASS}\"" + fi + + # TODO: we should set STORE_PLAINTEXT_PW to 0, this is not default but would need tested + cat <${SYSTEM_KAMAILIO_CONFIG_DIR}/kamctlrc +DBENGINE=MYSQL +DBHOST="${KAM_DB_HOST}" +DBPORT="${KAM_DB_PORT}" +DBNAME="${KAM_DB_NAME}" +DBROUSER="${KAM_DB_USER}" +DBROPW="${KAM_DB_PASS}" +DBRWUSER="${KAM_DB_USER}" +DBRWPW="${KAM_DB_PASS}" +DBROOTUSER="${ROOT_DB_USER}" +${ROOTPW_SETTING} +CHARSET=utf8 +INSTALL_EXTRA_TABLES=yes +INSTALL_PRESENCE_TABLES=yes +INSTALL_DBUID_TABLES=yes +#STORE_PLAINTEXT_PW=0 +EOF + + # Execute 'kamdbctl create' to create the Kamailio database schema + kamdbctl create + + # give kamailio permissions in SELINUX + semanage port -a -t sip_port_t -p udp ${KAM_SIP_PORT} || semanage port -m -t sip_port_t -p udp ${KAM_SIP_PORT} + semanage port -a -t sip_port_t -p tcp ${KAM_SIP_PORT} || semanage port -m -t sip_port_t -p tcp ${KAM_SIP_PORT} + semanage port -a -t sip_port_t -p tcp ${KAM_SIPS_PORT} || semanage port -m -t sip_port_t -p tcp ${KAM_SIPS_PORT} + semanage port -a -t sip_port_t -p tcp ${KAM_WSS_PORT} || semanage port -m -t sip_port_t -p tcp ${KAM_WSS_PORT} + semanage port -a -t sip_port_t -p udp ${KAM_DMQ_PORT} || semanage port -m -t sip_port_t -p udp ${KAM_DMQ_PORT} + + # Start firewalld + systemctl enable firewalld + systemctl start firewalld + + # Setup firewall rules + firewall-cmd --zone=public --add-port=${KAM_SIP_PORT}/udp --permanent + firewall-cmd --zone=public --add-port=${KAM_SIP_PORT}/tcp --permanent + firewall-cmd --zone=public --add-port=${KAM_SIPS_PORT}/tcp --permanent + firewall-cmd --zone=public --add-port=${KAM_WSS_PORT}/tcp --permanent + firewall-cmd --zone=public --add-port=${KAM_DMQ_PORT}/udp --permanent + firewall-cmd --reload + + # Configure Kamailio systemd service + cp -f ${DSIP_PROJECT_DIR}/kamailio/systemd/kamailio-v2.service /lib/systemd/system/kamailio.service + chmod 644 /lib/systemd/system/kamailio.service + systemctl daemon-reload + systemctl enable kamailio + + # Configure rsyslog defaults + if ! grep -q 'dSIPRouter rsyslog.conf' /etc/rsyslog.conf 2>/dev/null; then + cp -f ${DSIP_PROJECT_DIR}/resources/syslog/rsyslog.conf /etc/rsyslog.conf + fi + + # Setup kamailio Logging + cp -f ${DSIP_PROJECT_DIR}/resources/syslog/kamailio.conf /etc/rsyslog.d/kamailio.conf + touch /var/log/kamailio.log + systemctl restart rsyslog + + # Setup logrotate + cp -f ${DSIP_PROJECT_DIR}/resources/logrotate/kamailio /etc/logrotate.d/kamailio + + # Setup Kamailio to use the CA cert's that are shipped with the OS + mkdir -p ${DSIP_SYSTEM_CONFIG_DIR}/certs/stirshaken + ln -s /etc/ssl/certs/ca-bundle.crt ${DSIP_SSL_CA} + updateCACertsDir + + # setup STIR/SHAKEN module for kamailio + ## compile and install libks + if [[ ! -d ${SRC_DIR}/libks ]]; then + git clone --single-branch -c advice.detachedHead=false https://github.com/signalwire/libks -b v1.8.3 ${SRC_DIR}/libks + fi + ( + cd ${SRC_DIR}/libks && + cmake -DCMAKE_BUILD_TYPE=Release . && + make -j $NPROC CFLAGS='-Wno-deprecated-declarations' && + make -j $NPROC install + ) || { + printerr 'Failed to compile and install libks' + return 1 + } + + ## compile and install libstirshaken + if [[ ! -d ${SRC_DIR}/libstirshaken ]]; then + git clone --depth 1 -c advice.detachedHead=false https://github.com/signalwire/libstirshaken ${SRC_DIR}/libstirshaken + fi + ( + cd ${SRC_DIR}/libstirshaken && + ./bootstrap.sh && + ./configure --prefix=/usr --libdir=/usr/lib64 && + make -j $NPROC CFLAGS='-Wno-deprecated-declarations' && + make -j $NPROC install && + ldconfig + ) || { + printerr 'Failed to compile and install libstirshaken' + return 1 + } + + ## compile and install STIR/SHAKEN module + ## reuse repo if it exists and matches version we want to install + if [[ -d ${SRC_DIR}/kamailio ]]; then + if [[ "$(getGitTagFromShallowRepo ${SRC_DIR}/kamailio)" != "${KAM_VERSION}" ]]; then + rm -rf ${SRC_DIR}/kamailio + git clone --depth 1 -c advice.detachedHead=false -b ${KAM_VERSION} https://github.com/kamailio/kamailio.git ${SRC_DIR}/kamailio + fi + else + git clone --depth 1 -c advice.detachedHead=false -b ${KAM_VERSION} https://github.com/kamailio/kamailio.git ${SRC_DIR}/kamailio + fi + ( + cd ${SRC_DIR}/kamailio/src/modules/stirshaken && + make -j $NPROC + ) && + cp -f ${SRC_DIR}/kamailio/src/modules/stirshaken/stirshaken.so ${KAM_MODULES_DIR}/ || { + printerr 'Failed to compile and install STIR/SHAKEN module' + return 1 + } + + # patch uac module to support reload_delta + # TODO: commit upstream (https://github.com/kamailio/kamailio.git) + ( + cd ${SRC_DIR}/kamailio/src/modules/uac && + patch -p4 -N <${DSIP_PROJECT_DIR}/kamailio/uac.patch + (( $? > 1 )) && exit 1 + make -j $NPROC && + cp -f ${SRC_DIR}/kamailio/src/modules/uac/uac.so ${KAM_MODULES_DIR}/ + ) || { + printerr 'Failed to patch uac module' + return 1 + } + + return 0 +} + +function uninstall { + # Stop servers + systemctl stop kamailio + systemctl disable kamailio + + # Backup kamailio configuration directory + mv -f ${SYSTEM_KAMAILIO_CONFIG_DIR} ${SYSTEM_KAMAILIO_CONFIG_DIR}.bak.$(date +%Y%m%d_%H%M%S) + + # Uninstall Kamailio modules + dnf remove -y kamailio\* + + # remove our selinux changes + semanage port -D -t sip_port_t -p udp + semanage port -D -t sip_port_t -p tcp + semanage port -D -t rabbitmq_port_t -p udp + + # Remove firewall rules that was created by us: + firewall-cmd --zone=public --remove-port=${KAM_SIP_PORT}/udp --permanent + firewall-cmd --zone=public --remove-port=${KAM_SIP_PORT}/tcp --permanent + firewall-cmd --zone=public --remove-port=${KAM_SIPS_PORT}/tcp --permanent + firewall-cmd --zone=public --remove-port=${KAM_WSS_PORT}/tcp --permanent + firewall-cmd --zone=public --remove-port=${KAM_DMQ_PORT}/udp --permanent + firewall-cmd --reload + + # Remove kamailio Logging + rm -f /etc/rsyslog.d/kamailio.conf + + # Remove logrotate settings + rm -f /etc/logrotate.d/kamailio + + return 0 +} + +case "$1" in + install) + install && exit 0 || exit 1 + ;; + uninstall) + uninstall && exit 0 || exit 1 + ;; + *) + printerr "Usage: $0 [install | uninstall]" + exit 1 + ;; +esac diff --git a/kamailio/ubuntu/20.sh b/kamailio/ubuntu/20.sh index d67ffc5b..0e33f42f 100755 --- a/kamailio/ubuntu/20.sh +++ b/kamailio/ubuntu/20.sh @@ -11,6 +11,7 @@ fi function install() { local KAM_SOURCES_LIST="/etc/apt/sources.list.d/kamailio.list" local KAM_PREFS_CONF="/etc/apt/preferences.d/kamailio.pref" + local NPROC=$(nproc) # nf_tables is the default fw on ubuntu but it has too many bugs at this time # instead we will use legacy iptables until these issues are ironed out @@ -21,6 +22,30 @@ function install() { apt-get install -y curl wget sed gawk vim perl uuid-dev libssl-dev logrotate rsyslog firewalld \ python3 libcurl4-openssl-dev libjansson-dev cmake python3-venv + if (( $? != 0 )); then + printerr 'Failed installing required packages' + exit 1 + fi + + ## compile and install openssl v1.1.1 (workaround for amazon linux repo conflicts) + ## we must overwrite system packages (openssl/openssl-devel) otherwise python's openssl package is not supported + if [[ "$(openssl version 2>/dev/null | awk '{print $2}')" != "1.1.1w" ]]; then + if [[ ! -d ${SRC_DIR}/openssl ]]; then + ( cd ${SRC_DIR} && + curl -sL https://www.openssl.org/source/openssl-1.1.1w.tar.gz 2>/dev/null | + tar -xzf - --transform 's%openssl-1.1.1w%openssl%'; ) + fi + ( + cd ${SRC_DIR}/openssl && + ./Configure --prefix=/usr linux-$(uname -m) && + make -j $NPROC && + make -j $NPROC install + ) || { + printerr 'Failed to compile openssl' + return 1 + } + fi + # we need a newer version of certbot than the distro repos offer apt-get remove -y *certbot* python3 -m venv /opt/certbot/ @@ -40,8 +65,8 @@ function install() { mkdir -p /etc/apt/sources.list.d (cat << EOF # kamailio repo's -deb http://deb.kamailio.org/kamailio${KAM_VERSION} focal main -#deb-src http://deb.kamailio.org/kamailio${KAM_VERSION} focal main +deb https://deb-archive.kamailio.org/repos/kamailio-${KAM_VERSION} focal main +#deb-src https://deb-archive.kamailio.org/repos/kamailio-${KAM_VERSION} focal main EOF ) > ${KAM_SOURCES_LIST} @@ -49,13 +74,13 @@ EOF mkdir -p /etc/apt/preferences.d (cat << 'EOF' Package: * -Pin: origin deb.kamailio.org +Pin: origin deb-archive.kamailio.org Pin-Priority: 1000 EOF ) > ${KAM_PREFS_CONF} # Add Key for Kamailio Repo - wget -O- http://deb.kamailio.org/kamailiodebkey.gpg | apt-key add - + wget -O- https://deb-archive.kamailio.org/kamailiodebkey.gpg | apt-key add - # Update repo sources cache apt-get update -y @@ -65,7 +90,6 @@ EOF kamailio-presence-modules kamailio-json-modules # get info about the kamailio install for later use in script - KAM_VERSION_FULL=$(kamailio -v 2>/dev/null | grep '^version:' | awk '{print $3}') KAM_MODULES_DIR=$(find /usr/lib{32,64,}/{i386*/*,i386*/kamailio/*,x86_64*/*,x86_64*/kamailio/*,*} -name drouting.so -printf '%h' -quit 2>/dev/null) # create kamailio defaults config @@ -95,6 +119,7 @@ DBRWPW="${KAM_DB_PASS}" DBROOTUSER="${ROOT_DB_USER}" ${ROOTPW_SETTING} CHARSET=utf8 +EXTRA_MODULES="imc cpl siptrace domainpolicy carrierroute drouting userblocklist htable purple uac pipelimit mtree sca mohqueue rtpproxy rtpengine secfilter" INSTALL_EXTRA_TABLES=yes INSTALL_PRESENCE_TABLES=yes INSTALL_DBUID_TABLES=yes @@ -102,21 +127,6 @@ INSTALL_DBUID_TABLES=yes EOF ) > ${SYSTEM_KAMAILIO_CONFIG_DIR}/kamctlrc - # fix bug in kamilio v5.3.4 installer - if [[ "$KAM_VERSION_FULL" == "5.3.4" ]]; then - (cat << 'EOF' -CREATE TABLE `secfilter` ( -`id` INT(10) UNSIGNED AUTO_INCREMENT PRIMARY KEY NOT NULL, -`action` SMALLINT DEFAULT 0 NOT NULL, -`type` SMALLINT DEFAULT 0 NOT NULL, -`data` VARCHAR(64) DEFAULT "" NOT NULL -); -CREATE INDEX secfilter_idx ON secfilter (`action`, `type`, `data`); -INSERT INTO version (table_name, table_version) values ("secfilter","1"); -EOF - ) > /usr/share/kamailio/mysql/secfilter-create.sql - fi - # Execute 'kamdbctl create' to create the Kamailio database schema kamdbctl create @@ -162,31 +172,35 @@ EOF ln -s /etc/ssl/certs/ca-certificates.crt ${DSIP_SSL_CA} updateCACertsDir - # setup dSIPRouter module for kamailio - ## reuse repo if it exists and matches version we want to install - if [[ -d ${SRC_DIR}/kamailio ]]; then - if [[ "$(getGitTagFromShallowRepo ${SRC_DIR}/kamailio)" != "${KAM_VERSION_FULL}" ]]; then - rm -rf ${SRC_DIR}/kamailio - git clone --depth 1 -c advice.detachedHead=false -b ${KAM_VERSION_FULL} https://github.com/kamailio/kamailio.git ${SRC_DIR}/kamailio - fi - else - git clone --depth 1 -c advice.detachedHead=false -b ${KAM_VERSION_FULL} https://github.com/kamailio/kamailio.git ${SRC_DIR}/kamailio - fi - # setup STIR/SHAKEN module for kamailio - ## compile and install libjwt + ## compile and install libjwt (version in repos is too old) if [[ ! -d ${SRC_DIR}/libjwt ]]; then git clone --depth 1 -c advice.detachedHead=false https://github.com/benmcollins/libjwt.git ${SRC_DIR}/libjwt fi - ( cd ${SRC_DIR}/libjwt && autoreconf -i && ./configure --prefix=/usr && make && make install; exit $?; ) || - { printerr 'Failed to compile and install libjwt'; return 1; } + ( + cd ${SRC_DIR}/libjwt && + autoreconf -i && + ./configure --prefix=/usr && + make -j $NPROC && + make -j $NPROC install + ) || { + printerr 'Failed to compile and install libjwt' + return 1 + } ## compile and install libks if [[ ! -d ${SRC_DIR}/libks ]]; then git clone --single-branch -c advice.detachedHead=false https://github.com/signalwire/libks -b v1.8.3 ${SRC_DIR}/libks fi - ( cd ${SRC_DIR}/libks && cmake -DCMAKE_INSTALL_PREFIX=/usr . && make install; exit $?; ) || - { printerr 'Failed to compile and install libks'; return 1; } + ( + cd ${SRC_DIR}/libks && + cmake -DCMAKE_INSTALL_PREFIX=/usr -DCMAKE_BUILD_TYPE=Release . && + make -j $NPROC && + make -j $NPROC install + ) || { + printerr 'Failed to compile and install libks' + return 1 + } ## compile and install libstirshaken if [[ ! -d ${SRC_DIR}/libstirshaken ]]; then @@ -197,9 +211,36 @@ EOF ) || { printerr 'Failed to compile and install libstirshaken'; return 1; } ## compile and install STIR/SHAKEN module - ( cd ${SRC_DIR}/kamailio/src/modules/stirshaken && make; exit $?; ) && - cp -f ${SRC_DIR}/kamailio/src/modules/stirshaken/stirshaken.so ${KAM_MODULES_DIR}/ || - { printerr 'Failed to compile and install STIR/SHAKEN module'; return 1; } + ## reuse repo if it exists and matches version we want to install + if [[ -d ${SRC_DIR}/kamailio ]]; then + if [[ "$(getGitTagFromShallowRepo ${SRC_DIR}/kamailio)" != "${KAM_VERSION}" ]]; then + rm -rf ${SRC_DIR}/kamailio + git clone --depth 1 -c advice.detachedHead=false -b ${KAM_VERSION} https://github.com/kamailio/kamailio.git ${SRC_DIR}/kamailio + fi + else + git clone --depth 1 -c advice.detachedHead=false -b ${KAM_VERSION} https://github.com/kamailio/kamailio.git ${SRC_DIR}/kamailio + fi + ( + cd ${SRC_DIR}/kamailio/src/modules/stirshaken && + make -j $NPROC + ) && + cp -f ${SRC_DIR}/kamailio/src/modules/stirshaken/stirshaken.so ${KAM_MODULES_DIR}/ || { + printerr 'Failed to compile and install STIR/SHAKEN module' + return 1 + } + + # patch uac module to support reload_delta + # TODO: commit upstream (https://github.com/kamailio/kamailio.git) + ( + cd ${SRC_DIR}/kamailio/src/modules/uac && + patch -p4 -N <${DSIP_PROJECT_DIR}/kamailio/uac.patch + (( $? > 1 )) && exit 1 + make -j $NPROC && + cp -f ${SRC_DIR}/kamailio/src/modules/uac/uac.so ${KAM_MODULES_DIR}/ + ) || { + printerr 'Failed to patch uac module' + return 1 + } return 0 } diff --git a/kamailio/ubuntu/22.sh b/kamailio/ubuntu/22.sh index d2b8cae5..6e3e8e34 100755 --- a/kamailio/ubuntu/22.sh +++ b/kamailio/ubuntu/22.sh @@ -11,6 +11,7 @@ fi function install() { local KAM_SOURCES_LIST="/etc/apt/sources.list.d/kamailio.list" local KAM_PREFS_CONF="/etc/apt/preferences.d/kamailio.pref" + local NPROC=$(nproc) # nf_tables is the default fw on ubuntu but it has too many bugs at this time # instead we will use legacy iptables until these issues are ironed out @@ -21,6 +22,30 @@ function install() { apt-get install -y curl wget sed gawk vim perl uuid-dev libssl-dev logrotate rsyslog \ libcurl4-openssl-dev libjansson-dev cmake firewalld python3 python3-venv + if (( $? != 0 )); then + printerr 'Failed installing required packages' + exit 1 + fi + + ## compile and install openssl v1.1.1 (workaround for amazon linux repo conflicts) + ## we must overwrite system packages (openssl/openssl-devel) otherwise python's openssl package is not supported + if [[ "$(openssl version 2>/dev/null | awk '{print $2}')" != "1.1.1w" ]]; then + if [[ ! -d ${SRC_DIR}/openssl ]]; then + ( cd ${SRC_DIR} && + curl -sL https://www.openssl.org/source/openssl-1.1.1w.tar.gz 2>/dev/null | + tar -xzf - --transform 's%openssl-1.1.1w%openssl%'; ) + fi + ( + cd ${SRC_DIR}/openssl && + ./Configure --prefix=/usr linux-$(uname -m) && + make -j $NPROC && + make -j $NPROC install + ) || { + printerr 'Failed to compile openssl' + return 1 + } + fi + # we need a newer version of certbot than the distro repos offer apt-get remove -y *certbot* python3 -m venv /opt/certbot/ @@ -37,12 +62,11 @@ function install() { chown -R kamailio:kamailio /var/run/kamailio # add repo sources to apt - # TODO: note that kamailio has only published a DEB for bookworm (debian upstream), not jammmy (ubuntu downstream) mkdir -p /etc/apt/sources.list.d (cat << EOF # kamailio repo's -deb http://deb.kamailio.org/kamailio${KAM_VERSION} bookworm main -#deb-src http://deb.kamailio.org/kamailio${KAM_VERSION} bookworm main +deb https://deb-archive.kamailio.org/repos/kamailio-${KAM_VERSION} jammy main +#deb-src https://deb-archive.kamailio.org/repos/kamailio-${KAM_VERSION} jammy main EOF ) > ${KAM_SOURCES_LIST} @@ -50,13 +74,13 @@ EOF mkdir -p /etc/apt/preferences.d (cat << 'EOF' Package: * -Pin: origin deb.kamailio.org +Pin: origin deb-archive.kamailio.org Pin-Priority: 1000 EOF ) > ${KAM_PREFS_CONF} # Add Key for Kamailio Repo - wget -O- http://deb.kamailio.org/kamailiodebkey.gpg | apt-key add - + wget -O- https://deb-archive.kamailio.org/kamailiodebkey.gpg | apt-key add - # Update repo sources cache apt-get update -y @@ -66,7 +90,6 @@ EOF kamailio-websocket-modules kamailio-presence-modules kamailio-json-modules kamailio-sctp-modules # get info about the kamailio install for later use in script - KAM_VERSION_FULL=$(kamailio -v 2>/dev/null | grep '^version:' | awk '{print $3}') KAM_MODULES_DIR=$(find /usr/lib{32,64,}/{i386*/*,i386*/kamailio/*,x86_64*/*,x86_64*/kamailio/*,*} -name drouting.so -printf '%h' -quit 2>/dev/null) # create kamailio defaults config @@ -96,6 +119,7 @@ DBRWPW="${KAM_DB_PASS}" DBROOTUSER="${ROOT_DB_USER}" ${ROOTPW_SETTING} CHARSET=utf8 +EXTRA_MODULES="imc cpl siptrace domainpolicy carrierroute drouting userblocklist htable purple uac pipelimit mtree sca mohqueue rtpproxy rtpengine secfilter" INSTALL_EXTRA_TABLES=yes INSTALL_PRESENCE_TABLES=yes INSTALL_DBUID_TABLES=yes @@ -103,21 +127,6 @@ INSTALL_DBUID_TABLES=yes EOF ) > ${SYSTEM_KAMAILIO_CONFIG_DIR}/kamctlrc - # fix bug in kamilio v5.3.4 installer - if [[ "$KAM_VERSION_FULL" == "5.3.4" ]]; then - (cat << 'EOF' -CREATE TABLE `secfilter` ( -`id` INT(10) UNSIGNED AUTO_INCREMENT PRIMARY KEY NOT NULL, -`action` SMALLINT DEFAULT 0 NOT NULL, -`type` SMALLINT DEFAULT 0 NOT NULL, -`data` VARCHAR(64) DEFAULT "" NOT NULL -); -CREATE INDEX secfilter_idx ON secfilter (`action`, `type`, `data`); -INSERT INTO version (table_name, table_version) values ("secfilter","1"); -EOF - ) > /usr/share/kamailio/mysql/secfilter-create.sql - fi - # Execute 'kamdbctl create' to create the Kamailio database schema kamdbctl create @@ -197,28 +206,19 @@ EOF if [[ ! -d ${SRC_DIR}/libstirshaken ]]; then git clone --depth 1 -c advice.detachedHead=false https://github.com/signalwire/libstirshaken ${SRC_DIR}/libstirshaken fi - ( - # TODO: commit updates to upstream to fix EVP_PKEY_cmp being deprecated - cd ${SRC_DIR}/libstirshaken && - ./bootstrap.sh && - ./configure --prefix=/usr && - make -j $NPROC CFLAGS='-Wno-deprecated-declarations' && - make -j $NPROC install && - ldconfig - ) || { - printerr 'Failed to compile and install libstirshaken' - return 1 - } + ( cd ${SRC_DIR}/libstirshaken && ./bootstrap.sh && ./configure --prefix=/usr && + make && make install && ldconfig; exit $?; + ) || { printerr 'Failed to compile and install libstirshaken'; return 1; } ## compile and install STIR/SHAKEN module ## reuse repo if it exists and matches version we want to install if [[ -d ${SRC_DIR}/kamailio ]]; then - if [[ "$(getGitTagFromShallowRepo ${SRC_DIR}/kamailio)" != "${KAM_VERSION_FULL}" ]]; then + if [[ "$(getGitTagFromShallowRepo ${SRC_DIR}/kamailio)" != "${KAM_VERSION}" ]]; then rm -rf ${SRC_DIR}/kamailio - git clone --depth 1 -c advice.detachedHead=false -b ${KAM_VERSION_FULL} https://github.com/kamailio/kamailio.git ${SRC_DIR}/kamailio + git clone --depth 1 -c advice.detachedHead=false -b ${KAM_VERSION} https://github.com/kamailio/kamailio.git ${SRC_DIR}/kamailio fi else - git clone --depth 1 -c advice.detachedHead=false -b ${KAM_VERSION_FULL} https://github.com/kamailio/kamailio.git ${SRC_DIR}/kamailio + git clone --depth 1 -c advice.detachedHead=false -b ${KAM_VERSION} https://github.com/kamailio/kamailio.git ${SRC_DIR}/kamailio fi ( cd ${SRC_DIR}/kamailio/src/modules/stirshaken && diff --git a/kamailio/ubuntu/24.sh b/kamailio/ubuntu/24.sh new file mode 100755 index 00000000..578c98eb --- /dev/null +++ b/kamailio/ubuntu/24.sh @@ -0,0 +1,300 @@ +#!/usr/bin/env bash + +# Debug this script if in debug mode +(( $DEBUG == 1 )) && set -x + +# Import dsip_lib utility / shared functions if not already +if [[ "$DSIP_LIB_IMPORTED" != "1" ]]; then + . ${DSIP_PROJECT_DIR}/dsiprouter/dsip_lib.sh +fi + +function install() { + local KAM_DEBMINOR_VERSION=$(perl -pe 's%^([0-9])\.([0-9]).*$%\1\2%' <<<"$KAM_VERSION") + local KAM_SOURCES_LIST="/etc/apt/sources.list.d/kamailio.list" + local KAM_PREFS_CONF="/etc/apt/preferences.d/kamailio.pref" + local NPROC=$(nproc) + + # Install Dependencies + apt install -y curl wget sed gawk vim perl uuid-dev libssl-dev logrotate rsyslog \ + libcurl4-openssl-dev libjansson-dev cmake firewalld python3 python3-venv + + if (( $? != 0 )); then + printerr 'Failed installing required packages' + exit 1 + fi + + # we need a newer version of certbot than the distro repos offer + apt remove -y *certbot* + python3 -m venv /opt/certbot/ + /opt/certbot/bin/pip install --upgrade pip + /opt/certbot/bin/pip install certbot + ln -sf /opt/certbot/bin/certbot /usr/bin/certbot + + # create kamailio user and group + mkdir -p /var/run/kamailio + # sometimes locks aren't properly removed (this seems to happen often on VM's) + rm -f /etc/passwd.lock /etc/shadow.lock /etc/group.lock /etc/gshadow.lock &>/dev/null + userdel kamailio &>/dev/null; groupdel kamailio &>/dev/null + useradd --system --user-group --shell /bin/false --comment "Kamailio SIP Proxy" kamailio + chown -R kamailio:kamailio /var/run/kamailio + + # add repo sources to apt + mkdir -p /etc/apt/sources.list.d + # TODO: noble not available in the archive repos + (cat << EOF +# kamailio repo's +deb https://deb.kamailio.org/kamailio${KAM_DEBMINOR_VERSION} noble main +#deb-src https://deb-archive.kamailio.org/kamailio${KAM_DEBMINOR_VERSION} noble main +EOF + ) > ${KAM_SOURCES_LIST} + + # give higher precedence to packages from kamailio repo + mkdir -p /etc/apt/preferences.d + (cat << 'EOF' +Package: * +Pin: origin deb.kamailio.org +Pin-Priority: 1000 +EOF + ) > ${KAM_PREFS_CONF} + + # Add Key for Kamailio Repo + curl -s https://deb.kamailio.org/kamailiodebkey.gpg | gpg --dearmor >/etc/apt/trusted.gpg.d/kamailiodebkey.gpg + + # Update repo sources cache + apt update -y + + # Install Kamailio packages + apt install -y kamailio kamailio-mysql-modules kamailio-extra-modules \ + kamailio-tls-modules kamailio-websocket-modules kamailio-presence-modules \ + kamailio-json-modules kamailio-sctp-modules + + if (( $? != 0 )); then + printerr 'Failed installing kamailio packages' + exit 1 + fi + + # get info about the kamailio install for later use in script + KAM_MODULES_DIR=$(find /usr/lib{32,64,}/{i386*/*,i386*/kamailio/*,x86_64*/*,x86_64*/kamailio/*,*} -name drouting.so -printf '%h' -quit 2>/dev/null) + + # create kamailio defaults config + cp -f ${DSIP_PROJECT_DIR}/kamailio/systemd/kamailio.conf /etc/default/kamailio.conf + # create kamailio tmp files + echo "d /run/kamailio 0750 kamailio kamailio" > /etc/tmpfiles.d/kamailio.conf + + # Configure Kamailio and Required Database Modules + mkdir -p ${SYSTEM_KAMAILIO_CONFIG_DIR} ${BACKUPS_DIR}/kamailio + mv -f ${SYSTEM_KAMAILIO_CONFIG_DIR}/kamctlrc ${BACKUPS_DIR}/kamailio/kamctlrc.$(date +%Y%m%d_%H%M%S) + if [[ -z "${ROOT_DB_PASS-unset}" ]]; then + local ROOTPW_SETTING="DBROOTPWSKIP=yes" + else + local ROOTPW_SETTING="DBROOTPW=\"${ROOT_DB_PASS}\"" + fi + + # TODO: we should set STORE_PLAINTEXT_PW to 0, this is not default but would need tested + (cat << EOF +DBENGINE=MYSQL +DBHOST="${KAM_DB_HOST}" +DBPORT="${KAM_DB_PORT}" +DBNAME="${KAM_DB_NAME}" +DBROUSER="${KAM_DB_USER}" +DBROPW="${KAM_DB_PASS}" +DBRWUSER="${KAM_DB_USER}" +DBRWPW="${KAM_DB_PASS}" +DBROOTUSER="${ROOT_DB_USER}" +${ROOTPW_SETTING} +CHARSET=utf8 +EXTRA_MODULES="imc cpl siptrace domainpolicy carrierroute drouting userblocklist htable purple uac pipelimit mtree sca mohqueue rtpproxy rtpengine secfilter" +INSTALL_EXTRA_TABLES=yes +INSTALL_PRESENCE_TABLES=yes +INSTALL_DBUID_TABLES=yes +#STORE_PLAINTEXT_PW=0 +EOF + ) > ${SYSTEM_KAMAILIO_CONFIG_DIR}/kamctlrc + + # in mariadb ver >= 10.6.1 --port= now defaults to transport=tcp + # we want socket connections for root as default so apply our patch to kamdbctl + # TODO: commit upstream (https://github.com/kamailio/kamailio.git) + ( + cd /usr/lib/x86_64-linux-gnu/kamailio/kamctl && + patch -p3 -N <${DSIP_PROJECT_DIR}/kamailio/kamdbctl.patch + ) + if (( $? > 1 )); then + printerr 'Failed patching kamdbctl' + return 1 + fi + + # Execute 'kamdbctl create' to create the Kamailio database schema + kamdbctl create || { + printerr 'Failed creating kamailio database' + return 1 + } + + # Enable and start firewalld if not already running + systemctl enable firewalld + systemctl start firewalld + + # Setup firewall rules + firewall-cmd --zone=public --add-port=${KAM_SIP_PORT}/udp --permanent + firewall-cmd --zone=public --add-port=${KAM_SIP_PORT}/tcp --permanent + firewall-cmd --zone=public --add-port=${KAM_SIPS_PORT}/tcp --permanent + firewall-cmd --zone=public --add-port=${KAM_WSS_PORT}/tcp --permanent + firewall-cmd --zone=public --add-port=${KAM_DMQ_PORT}/udp --permanent + firewall-cmd --zone=public --add-port=22/tcp --permanent + firewall-cmd --reload + + # Configure Kamailio systemd service + cp -f ${DSIP_PROJECT_DIR}/kamailio/systemd/kamailio-v2.service /lib/systemd/system/kamailio.service + chmod 644 /lib/systemd/system/kamailio.service + systemctl daemon-reload + systemctl enable kamailio + + # Enable Kamailio for system startup + systemctl enable kamailio + + # Configure rsyslog defaults + if ! grep -q 'dSIPRouter rsyslog.conf' /etc/rsyslog.conf 2>/dev/null; then + cp -f ${DSIP_PROJECT_DIR}/resources/syslog/rsyslog.conf /etc/rsyslog.conf + fi + + # Setup kamailio Logging + cp -f ${DSIP_PROJECT_DIR}/resources/syslog/kamailio.conf /etc/rsyslog.d/kamailio.conf + touch /var/log/kamailio.log + systemctl restart rsyslog + + # Setup logrotate + cp -f ${DSIP_PROJECT_DIR}/resources/logrotate/kamailio /etc/logrotate.d/kamailio + + # Setup Kamailio to use the CA cert's that are shipped with the OS + mkdir -p ${DSIP_SYSTEM_CONFIG_DIR}/certs/stirshaken + ln -s /etc/ssl/certs/ca-certificates.crt ${DSIP_SSL_CA} + updateCACertsDir + + # setup STIR/SHAKEN module for kamailio + ## compile and install libjwt (version in repos is too old) + if [[ ! -d ${SRC_DIR}/libjwt ]]; then + git clone --depth 1 -c advice.detachedHead=false https://github.com/benmcollins/libjwt.git ${SRC_DIR}/libjwt + fi + ( + cd ${SRC_DIR}/libjwt && + autoreconf -i && + ./configure --prefix=/usr && + make -j $NPROC && + make -j $NPROC install + ) || { + printerr 'Failed to compile and install libjwt' + return 1 + } + + ## compile and install libks + if [[ ! -d ${SRC_DIR}/libks ]]; then + git clone --single-branch -c advice.detachedHead=false https://github.com/signalwire/libks -b v1.8.3 ${SRC_DIR}/libks + fi + ( + cd ${SRC_DIR}/libks && + cmake -DCMAKE_INSTALL_PREFIX=/usr -DCMAKE_BUILD_TYPE=Release . && + make -j $NPROC && + make -j $NPROC install + ) || { + printerr 'Failed to compile and install libks' + return 1 + } + + ## compile and install libstirshaken + if [[ ! -d ${SRC_DIR}/libstirshaken ]]; then + git clone --depth 1 -c advice.detachedHead=false https://github.com/signalwire/libstirshaken ${SRC_DIR}/libstirshaken + fi + ( + cd ${SRC_DIR}/libstirshaken && + ./bootstrap.sh && + ./configure --prefix=/usr && + make -j $NPROC CFLAGS='-Wno-deprecated-declarations' && + make -j $NPROC install && + ldconfig + exit $? + ) || { + printerr 'Failed to compile and install libstirshaken' + return 1 + } + + ## compile and install STIR/SHAKEN module + ## reuse repo if it exists and matches version we want to install + if [[ -d ${SRC_DIR}/kamailio ]]; then + if [[ "$(getGitTagFromShallowRepo ${SRC_DIR}/kamailio)" != "${KAM_VERSION}" ]]; then + rm -rf ${SRC_DIR}/kamailio + git clone --depth 1 -c advice.detachedHead=false -b ${KAM_VERSION} https://github.com/kamailio/kamailio.git ${SRC_DIR}/kamailio + fi + else + git clone --depth 1 -c advice.detachedHead=false -b ${KAM_VERSION} https://github.com/kamailio/kamailio.git ${SRC_DIR}/kamailio + fi + ( + cd ${SRC_DIR}/kamailio/src/modules/stirshaken && + make -j $NPROC + ) && + cp -f ${SRC_DIR}/kamailio/src/modules/stirshaken/stirshaken.so ${KAM_MODULES_DIR}/ || { + printerr 'Failed to compile and install STIR/SHAKEN module' + return 1 + } + + # patch uac module to support reload_delta + # TODO: commit upstream (https://github.com/kamailio/kamailio.git) + ( + cd ${SRC_DIR}/kamailio/src/modules/uac && + patch -p4 -N <${DSIP_PROJECT_DIR}/kamailio/uac.patch + (( $? > 1 )) && exit 1 + make -j $NPROC && + cp -f ${SRC_DIR}/kamailio/src/modules/uac/uac.so ${KAM_MODULES_DIR}/ + ) || { + printerr 'Failed to patch uac module' + return 1 + } + + return 0 +} + +function uninstall() { + # Stop and disable services + systemctl stop kamailio + systemctl disable kamailio + + # Backup kamailio configuration directory + cp -rf ${SYSTEM_KAMAILIO_CONFIG_DIR}/. ${BACKUPS_DIR}/kamailio/ + rm -rf ${SYSTEM_KAMAILIO_CONFIG_DIR} + + # Uninstall Stirshaken Required Packages + ( cd ${SRC_DIR}/libjwt; make uninstall; exit $?; ) && rm -rf ${SRC_DIR}/libjwt + ( cd ${SRC_DIR}/libks; make uninstall; exit $?; ) && rm -rf ${SRC_DIR}/libks + ( cd ${SRC_DIR}/libstirshaken; make uninstall;exit $?; ) && rm -rf ${SRC_DIR}/libstirshaken + rm -rf ${SRC_DIR}/kamailio + + # Uninstall Kamailio modules + apt-get -y remove --purge kamailio\* + + # Remove firewall rules that was created by us: + firewall-cmd --zone=public --remove-port=${KAM_SIP_PORT}/udp --permanent + firewall-cmd --zone=public --remove-port=${KAM_SIP_PORT}/tcp --permanent + firewall-cmd --zone=public --remove-port=${KAM_SIPS_PORT}/tcp --permanent + firewall-cmd --zone=public --remove-port=${KAM_WSS_PORT}/tcp --permanent + firewall-cmd --zone=public --remove-port=${KAM_DMQ_PORT}/udp --permanent + firewall-cmd --reload + + # Remove kamailio Logging + rm -f /etc/rsyslog.d/kamailio.conf + + # Remove logrotate settings + rm -f /etc/logrotate.d/kamailio + + return 0 +} + +case "$1" in + install) + install && exit 0 || exit 1 + ;; + uninstall) + uninstall && exit 0 || exit 1 + ;; + *) + printerr "Usage: $0 [install | uninstall]" + exit 1 + ;; +esac diff --git a/mysql/almalinux/9.sh b/mysql/almalinux/9.sh new file mode 100755 index 00000000..444b1949 --- /dev/null +++ b/mysql/almalinux/9.sh @@ -0,0 +1,86 @@ +#!/usr/bin/env bash + +# Debug this script if in debug mode +(( $DEBUG == 1 )) && set -x + +# Import dsip_lib utility / shared functions if not already +if [[ "$DSIP_LIB_IMPORTED" != "1" ]]; then + . ${DSIP_PROJECT_DIR}/dsiprouter/dsip_lib.sh +fi + +function install() { + # create mysql user and group + # sometimes locks aren't properly removed (this seems to happen often on VM's) + rm -f /etc/passwd.lock /etc/shadow.lock /etc/group.lock /etc/gshadow.lock &>/dev/null + userdel mysql &>/dev/null; groupdel mysql &>/dev/null + useradd --system --user-group --shell /bin/false --comment "Mysql Database Server" mysql + + # install mysql packages + dnf install -y mariadb mariadb-server && + + if (( $? != 0 )); then + printerr 'Failed installing mariadb packages' + return 1 + fi + + # Setup mysql config locations in a reliable manner + rm -f ~/.my.cnf 2>/dev/null + ln -snf /usr/share/mariadb /usr/share/mysql + ln -snf /var/log/mariadb /var/log/mysql + mkdir -p /var/run/mariadb /var/lib/mysql + chown -R mysql:mysql /var/run/mariadb/ /var/lib/mysql/ /var/log/mysql/ /usr/share/mysql/ /var/lib/mysql + + # allow symlinks in mariadb service + sed -i 's/symbolic-links=0/#symbolic-links=0/' /etc/my.cnf + + # if db is remote don't run local service + reconfigureMysqlSystemdService + + # TODO: selinux/apparmor permissions for mysql + # firewall rules (cluster install needs remote access) + # configure galera replication (cluster install) + # configure group replication (cluster install) + + # TODO: configure mysql to redirect error_log to syslog (as our other services do) + # https://mariadb.com/kb/en/systemd/#configuring-mariadb-to-write-the-error-log-to-syslog + + # TODO: configure logrotate to rotate syslog logs from mysql + + return 0 +} + +function uninstall { + # Backup mysql / mariadb + mv -f /var/lib/mysql /var/lib/mysql.bak.$(date +%Y%m%d_%H%M%S) + + # remove mysql unit files we created + rm -rf /etc/systemd/system/mariadb.service.d/ + rm -f /etc/systemd/system/mariadb.service 2>/dev/null + systemctl daemon-reload + + # Uninstall mysql / Mariadb packages + dnf remove -y mariadb\* + rm -rf /etc/my.cnf*; rm -f /etc/my.cnf*; rm -f ~/*my.cnf + + # TODO: remove selinux/apparmor rules + + # TODO: remove mysql firewall rules + + # TODO: remove mysql syslog config + + # TODO: remove mysql logrotate config + + return 0 +} + +case "$1" in + uninstall|remove) + uninstall + ;; + install) + install + ;; + *) + printerr "usage $0 [install | uninstall]" + ;; +esac diff --git a/mysql/rhel/9.sh b/mysql/rhel/9.sh new file mode 100755 index 00000000..444b1949 --- /dev/null +++ b/mysql/rhel/9.sh @@ -0,0 +1,86 @@ +#!/usr/bin/env bash + +# Debug this script if in debug mode +(( $DEBUG == 1 )) && set -x + +# Import dsip_lib utility / shared functions if not already +if [[ "$DSIP_LIB_IMPORTED" != "1" ]]; then + . ${DSIP_PROJECT_DIR}/dsiprouter/dsip_lib.sh +fi + +function install() { + # create mysql user and group + # sometimes locks aren't properly removed (this seems to happen often on VM's) + rm -f /etc/passwd.lock /etc/shadow.lock /etc/group.lock /etc/gshadow.lock &>/dev/null + userdel mysql &>/dev/null; groupdel mysql &>/dev/null + useradd --system --user-group --shell /bin/false --comment "Mysql Database Server" mysql + + # install mysql packages + dnf install -y mariadb mariadb-server && + + if (( $? != 0 )); then + printerr 'Failed installing mariadb packages' + return 1 + fi + + # Setup mysql config locations in a reliable manner + rm -f ~/.my.cnf 2>/dev/null + ln -snf /usr/share/mariadb /usr/share/mysql + ln -snf /var/log/mariadb /var/log/mysql + mkdir -p /var/run/mariadb /var/lib/mysql + chown -R mysql:mysql /var/run/mariadb/ /var/lib/mysql/ /var/log/mysql/ /usr/share/mysql/ /var/lib/mysql + + # allow symlinks in mariadb service + sed -i 's/symbolic-links=0/#symbolic-links=0/' /etc/my.cnf + + # if db is remote don't run local service + reconfigureMysqlSystemdService + + # TODO: selinux/apparmor permissions for mysql + # firewall rules (cluster install needs remote access) + # configure galera replication (cluster install) + # configure group replication (cluster install) + + # TODO: configure mysql to redirect error_log to syslog (as our other services do) + # https://mariadb.com/kb/en/systemd/#configuring-mariadb-to-write-the-error-log-to-syslog + + # TODO: configure logrotate to rotate syslog logs from mysql + + return 0 +} + +function uninstall { + # Backup mysql / mariadb + mv -f /var/lib/mysql /var/lib/mysql.bak.$(date +%Y%m%d_%H%M%S) + + # remove mysql unit files we created + rm -rf /etc/systemd/system/mariadb.service.d/ + rm -f /etc/systemd/system/mariadb.service 2>/dev/null + systemctl daemon-reload + + # Uninstall mysql / Mariadb packages + dnf remove -y mariadb\* + rm -rf /etc/my.cnf*; rm -f /etc/my.cnf*; rm -f ~/*my.cnf + + # TODO: remove selinux/apparmor rules + + # TODO: remove mysql firewall rules + + # TODO: remove mysql syslog config + + # TODO: remove mysql logrotate config + + return 0 +} + +case "$1" in + uninstall|remove) + uninstall + ;; + install) + install + ;; + *) + printerr "usage $0 [install | uninstall]" + ;; +esac diff --git a/mysql/rocky/9.sh b/mysql/rocky/9.sh new file mode 100755 index 00000000..444b1949 --- /dev/null +++ b/mysql/rocky/9.sh @@ -0,0 +1,86 @@ +#!/usr/bin/env bash + +# Debug this script if in debug mode +(( $DEBUG == 1 )) && set -x + +# Import dsip_lib utility / shared functions if not already +if [[ "$DSIP_LIB_IMPORTED" != "1" ]]; then + . ${DSIP_PROJECT_DIR}/dsiprouter/dsip_lib.sh +fi + +function install() { + # create mysql user and group + # sometimes locks aren't properly removed (this seems to happen often on VM's) + rm -f /etc/passwd.lock /etc/shadow.lock /etc/group.lock /etc/gshadow.lock &>/dev/null + userdel mysql &>/dev/null; groupdel mysql &>/dev/null + useradd --system --user-group --shell /bin/false --comment "Mysql Database Server" mysql + + # install mysql packages + dnf install -y mariadb mariadb-server && + + if (( $? != 0 )); then + printerr 'Failed installing mariadb packages' + return 1 + fi + + # Setup mysql config locations in a reliable manner + rm -f ~/.my.cnf 2>/dev/null + ln -snf /usr/share/mariadb /usr/share/mysql + ln -snf /var/log/mariadb /var/log/mysql + mkdir -p /var/run/mariadb /var/lib/mysql + chown -R mysql:mysql /var/run/mariadb/ /var/lib/mysql/ /var/log/mysql/ /usr/share/mysql/ /var/lib/mysql + + # allow symlinks in mariadb service + sed -i 's/symbolic-links=0/#symbolic-links=0/' /etc/my.cnf + + # if db is remote don't run local service + reconfigureMysqlSystemdService + + # TODO: selinux/apparmor permissions for mysql + # firewall rules (cluster install needs remote access) + # configure galera replication (cluster install) + # configure group replication (cluster install) + + # TODO: configure mysql to redirect error_log to syslog (as our other services do) + # https://mariadb.com/kb/en/systemd/#configuring-mariadb-to-write-the-error-log-to-syslog + + # TODO: configure logrotate to rotate syslog logs from mysql + + return 0 +} + +function uninstall { + # Backup mysql / mariadb + mv -f /var/lib/mysql /var/lib/mysql.bak.$(date +%Y%m%d_%H%M%S) + + # remove mysql unit files we created + rm -rf /etc/systemd/system/mariadb.service.d/ + rm -f /etc/systemd/system/mariadb.service 2>/dev/null + systemctl daemon-reload + + # Uninstall mysql / Mariadb packages + dnf remove -y mariadb\* + rm -rf /etc/my.cnf*; rm -f /etc/my.cnf*; rm -f ~/*my.cnf + + # TODO: remove selinux/apparmor rules + + # TODO: remove mysql firewall rules + + # TODO: remove mysql syslog config + + # TODO: remove mysql logrotate config + + return 0 +} + +case "$1" in + uninstall|remove) + uninstall + ;; + install) + install + ;; + *) + printerr "usage $0 [install | uninstall]" + ;; +esac diff --git a/mysql/ubuntu/24.sh b/mysql/ubuntu/24.sh new file mode 100755 index 00000000..523bb038 --- /dev/null +++ b/mysql/ubuntu/24.sh @@ -0,0 +1,79 @@ +#!/usr/bin/env bash + +# Debug this script if in debug mode +(( $DEBUG == 1 )) && set -x + +# Import dsip_lib utility / shared functions if not already +if [[ "$DSIP_LIB_IMPORTED" != "1" ]]; then + . ${DSIP_PROJECT_DIR}/dsiprouter/dsip_lib.sh +fi + +function install { + # create mysql user and group + # sometimes locks aren't properly removed (this seems to happen often on VM's) + rm -f /etc/passwd.lock /etc/shadow.lock /etc/group.lock /etc/gshadow.lock &>/dev/null + userdel mysql &>/dev/null; groupdel mysql &>/dev/null + useradd --system --user-group --shell /bin/false --comment "Mysql Database Server" mysql + + # install mysql packages + apt-get install -y mariadb-server mariadb-client + + # Make sure no extra configs present on fresh install + rm -f ~/.my.cnf + + # setup aliases and if db is remote replace with dummy service file + reconfigureMysqlSystemdService + + # TODO: selinux/apparmor permissions for mysql + # firewall rules (cluster install needs remote access) + # configure galera replication (cluster install) + # configure group replication (cluster install) + + # TODO: configure mysql to redirect error_log to syslog (as our other services do) + # https://mariadb.com/kb/en/systemd/#configuring-mariadb-to-write-the-error-log-to-syslog + + # TODO: configure logrotate to rotate syslog logs from mysql + + return 0 +} + +function uninstall { + # Stop and disable services + systemctl stop mariadb + systemctl disable mariadb + + # Backup mysql / mariadb + mv -f /var/lib/mysql /var/lib/mysql.bak.$(date +%Y%m%d_%H%M%S) + + # remove mysql unit files we created + rm -rf /etc/systemd/system/mariadb.service.d/ + rm -f /etc/systemd/system/mariadb.service 2>/dev/null + systemctl daemon-reload + + # Uninstall mysql / mariadb packages + apt-get -y remove --purge mysql\* + apt-get -y remove --purge mariadb\* + rm -rf /etc/my.cnf*; rm -f /etc/my.cnf*; rm -f ~/*my.cnf + + # TODO: remove selinux/apparmor rules + + # TODO: remove mysql firewall rules + + # TODO: remove mysql syslog config + + # TODO: remove mysql logrotate config + + return 0 +} + +case "$1" in + uninstall|remove) + uninstall + ;; + install) + install + ;; + *) + printerr "usage $0 [install | uninstall]" + ;; +esac diff --git a/nginx/almalinux/9.sh b/nginx/almalinux/9.sh new file mode 100755 index 00000000..a7ae099a --- /dev/null +++ b/nginx/almalinux/9.sh @@ -0,0 +1,116 @@ +#!/usr/bin/env bash + +# Debug this script if in debug mode +(( $DEBUG == 1 )) && set -x + +# Import dsip_lib utility / shared functions if not already +if [[ "$DSIP_LIB_IMPORTED" != "1" ]]; then + . ${DSIP_PROJECT_DIR}/dsiprouter/dsip_lib.sh +fi + +function install() { + # create nginx user and group + # sometimes locks aren't properly removed (this seems to happen often on VM's) + rm -f /etc/passwd.lock /etc/shadow.lock /etc/group.lock /etc/gshadow.lock &>/dev/null + userdel nginx &>/dev/null; groupdel nginx &>/dev/null + useradd --system --user-group --shell /bin/false --comment "nginx HTTP Service Provider" nginx + + dnf install -y nginx + + if (( $? != 0 )); then + printerr 'failed installing nginx packages' + return 1 + fi + + # setup runtime directorys for nginx + mkdir -p /run/nginx + chown -R nginx:nginx /run/nginx + + # give nginx permissions in SELINUX + semanage port -a -t http_port_t -p tcp ${DSIP_PORT} || + semanage port -m -t http_port_t -p tcp ${DSIP_PORT} + # NOTE: /var/run is required here due to the aliasing in the fcontexts + #semanage fcontext -a -t httpd_var_run_t '/var/run/dsiprouter/dsiprouter\.sock' + # TODO: this is a workaround, this the "wrong" way to do it + # we need to figure out why the fcontexts are not applying by default to new files + # and possibly (preferably) create our own type with those specific permissions + # for example a new type dsiprouter_run_t labeled on '/var/run/dsiprouter/.+' + ( + if semodule -l | grep -q 'dsiprouter'; then + semodule -r dsiprouter + fi + cd /tmp && + checkmodule -M -m -o dsiprouter.mod ${DSIP_PROJECT_DIR}/nginx/selinux/centos.te && + semodule_package -o dsiprouter.pp -m dsiprouter.mod && + semodule -i dsiprouter.pp + ) + if (( $? != 0 )); then + printerr 'failed updating selinux permissions' + return 1 + fi + + # Configure nginx + # determine available TLS protocols (try using highest available) + OPENSSL_VER=$(openssl version 2>/dev/null | awk '{print $2}' | perl -pe 's%([0-9])\.([0-9]).([0-9]).*%\1\2\3%') + if (( ${OPENSSL_VER} < 101 )); then + TLS_PROTOCOLS="TLSv1" + elif (( ${OPENSSL_VER} < 111 )); then + TLS_PROTOCOLS="TLSv1.1 TLSv1.2" + else + TLS_PROTOCOLS="TLSv1.2 TLSv1.3" + fi + mkdir -p /etc/nginx/sites-enabled /etc/nginx/sites-available /etc/nginx/nginx.conf.d/ + # remove the defaults + rm -f /etc/nginx/sites-enabled/* /etc/nginx/sites-available/* /etc/nginx/nginx.conf.d/* + # setup our own nginx configs + perl -e "\$tls_protocols='${TLS_PROTOCOLS}';" \ + -pe 's%TLS_PROTOCOLS%${tls_protocols}%g;' \ + ${DSIP_PROJECT_DIR}/nginx/configs/nginx.conf >/etc/nginx/nginx.conf + + # configure nginx systemd service + cp -f ${DSIP_PROJECT_DIR}/nginx/systemd/nginx-stop.sh /usr/sbin/nginx-stop + cp -f ${DSIP_PROJECT_DIR}/nginx/systemd/nginx-v2.service /lib/systemd/system/nginx.service + cp -f ${DSIP_PROJECT_DIR}/nginx/systemd/nginx-watcher-v2.service /lib/systemd/system/nginx-watcher.service + perl -p \ + -e "s%PathChanged\=.*%PathChanged=${DSIP_CERTS_DIR}/%;" \ + ${DSIP_PROJECT_DIR}/nginx/systemd/nginx-watcher.path >/lib/systemd/system/nginx-watcher.path + chmod 644 /lib/systemd/system/nginx.service + chmod 644 /lib/systemd/system/nginx-watcher.service + chmod 644 /lib/systemd/system/nginx-watcher.path + systemctl daemon-reload + systemctl enable nginx + + return 0 +} + +function uninstall() { + # stop nginx and remove nginx package + systemctl stop nginx + systemctl disable nginx + dnf remove -y nginx + + # remove nginx systemd service + rm -f /usr/sbin/nginx-stop + rm -f /lib/systemd/system/nginx.service + rm -f /lib/systemd/system/nginx-watcher.service + rm -f /lib/systemd/system/nginx-watcher.path + systemctl daemon-reload + + # remove SELINUX permissions + semanage port -d -t http_port_t -p tcp ${DSIP_PORT} + + return 0 +} + +case "$1" in + uninstall) + uninstall && exit 0 || exit 1 + ;; + install) + install && exit 0 || exit 1 + ;; + *) + printerr "usage $0 [install | uninstall]" + exit 1 + ;; +esac diff --git a/nginx/rhel/9.sh b/nginx/rhel/9.sh new file mode 100755 index 00000000..a7ae099a --- /dev/null +++ b/nginx/rhel/9.sh @@ -0,0 +1,116 @@ +#!/usr/bin/env bash + +# Debug this script if in debug mode +(( $DEBUG == 1 )) && set -x + +# Import dsip_lib utility / shared functions if not already +if [[ "$DSIP_LIB_IMPORTED" != "1" ]]; then + . ${DSIP_PROJECT_DIR}/dsiprouter/dsip_lib.sh +fi + +function install() { + # create nginx user and group + # sometimes locks aren't properly removed (this seems to happen often on VM's) + rm -f /etc/passwd.lock /etc/shadow.lock /etc/group.lock /etc/gshadow.lock &>/dev/null + userdel nginx &>/dev/null; groupdel nginx &>/dev/null + useradd --system --user-group --shell /bin/false --comment "nginx HTTP Service Provider" nginx + + dnf install -y nginx + + if (( $? != 0 )); then + printerr 'failed installing nginx packages' + return 1 + fi + + # setup runtime directorys for nginx + mkdir -p /run/nginx + chown -R nginx:nginx /run/nginx + + # give nginx permissions in SELINUX + semanage port -a -t http_port_t -p tcp ${DSIP_PORT} || + semanage port -m -t http_port_t -p tcp ${DSIP_PORT} + # NOTE: /var/run is required here due to the aliasing in the fcontexts + #semanage fcontext -a -t httpd_var_run_t '/var/run/dsiprouter/dsiprouter\.sock' + # TODO: this is a workaround, this the "wrong" way to do it + # we need to figure out why the fcontexts are not applying by default to new files + # and possibly (preferably) create our own type with those specific permissions + # for example a new type dsiprouter_run_t labeled on '/var/run/dsiprouter/.+' + ( + if semodule -l | grep -q 'dsiprouter'; then + semodule -r dsiprouter + fi + cd /tmp && + checkmodule -M -m -o dsiprouter.mod ${DSIP_PROJECT_DIR}/nginx/selinux/centos.te && + semodule_package -o dsiprouter.pp -m dsiprouter.mod && + semodule -i dsiprouter.pp + ) + if (( $? != 0 )); then + printerr 'failed updating selinux permissions' + return 1 + fi + + # Configure nginx + # determine available TLS protocols (try using highest available) + OPENSSL_VER=$(openssl version 2>/dev/null | awk '{print $2}' | perl -pe 's%([0-9])\.([0-9]).([0-9]).*%\1\2\3%') + if (( ${OPENSSL_VER} < 101 )); then + TLS_PROTOCOLS="TLSv1" + elif (( ${OPENSSL_VER} < 111 )); then + TLS_PROTOCOLS="TLSv1.1 TLSv1.2" + else + TLS_PROTOCOLS="TLSv1.2 TLSv1.3" + fi + mkdir -p /etc/nginx/sites-enabled /etc/nginx/sites-available /etc/nginx/nginx.conf.d/ + # remove the defaults + rm -f /etc/nginx/sites-enabled/* /etc/nginx/sites-available/* /etc/nginx/nginx.conf.d/* + # setup our own nginx configs + perl -e "\$tls_protocols='${TLS_PROTOCOLS}';" \ + -pe 's%TLS_PROTOCOLS%${tls_protocols}%g;' \ + ${DSIP_PROJECT_DIR}/nginx/configs/nginx.conf >/etc/nginx/nginx.conf + + # configure nginx systemd service + cp -f ${DSIP_PROJECT_DIR}/nginx/systemd/nginx-stop.sh /usr/sbin/nginx-stop + cp -f ${DSIP_PROJECT_DIR}/nginx/systemd/nginx-v2.service /lib/systemd/system/nginx.service + cp -f ${DSIP_PROJECT_DIR}/nginx/systemd/nginx-watcher-v2.service /lib/systemd/system/nginx-watcher.service + perl -p \ + -e "s%PathChanged\=.*%PathChanged=${DSIP_CERTS_DIR}/%;" \ + ${DSIP_PROJECT_DIR}/nginx/systemd/nginx-watcher.path >/lib/systemd/system/nginx-watcher.path + chmod 644 /lib/systemd/system/nginx.service + chmod 644 /lib/systemd/system/nginx-watcher.service + chmod 644 /lib/systemd/system/nginx-watcher.path + systemctl daemon-reload + systemctl enable nginx + + return 0 +} + +function uninstall() { + # stop nginx and remove nginx package + systemctl stop nginx + systemctl disable nginx + dnf remove -y nginx + + # remove nginx systemd service + rm -f /usr/sbin/nginx-stop + rm -f /lib/systemd/system/nginx.service + rm -f /lib/systemd/system/nginx-watcher.service + rm -f /lib/systemd/system/nginx-watcher.path + systemctl daemon-reload + + # remove SELINUX permissions + semanage port -d -t http_port_t -p tcp ${DSIP_PORT} + + return 0 +} + +case "$1" in + uninstall) + uninstall && exit 0 || exit 1 + ;; + install) + install && exit 0 || exit 1 + ;; + *) + printerr "usage $0 [install | uninstall]" + exit 1 + ;; +esac diff --git a/nginx/rocky/9.sh b/nginx/rocky/9.sh new file mode 100755 index 00000000..a7ae099a --- /dev/null +++ b/nginx/rocky/9.sh @@ -0,0 +1,116 @@ +#!/usr/bin/env bash + +# Debug this script if in debug mode +(( $DEBUG == 1 )) && set -x + +# Import dsip_lib utility / shared functions if not already +if [[ "$DSIP_LIB_IMPORTED" != "1" ]]; then + . ${DSIP_PROJECT_DIR}/dsiprouter/dsip_lib.sh +fi + +function install() { + # create nginx user and group + # sometimes locks aren't properly removed (this seems to happen often on VM's) + rm -f /etc/passwd.lock /etc/shadow.lock /etc/group.lock /etc/gshadow.lock &>/dev/null + userdel nginx &>/dev/null; groupdel nginx &>/dev/null + useradd --system --user-group --shell /bin/false --comment "nginx HTTP Service Provider" nginx + + dnf install -y nginx + + if (( $? != 0 )); then + printerr 'failed installing nginx packages' + return 1 + fi + + # setup runtime directorys for nginx + mkdir -p /run/nginx + chown -R nginx:nginx /run/nginx + + # give nginx permissions in SELINUX + semanage port -a -t http_port_t -p tcp ${DSIP_PORT} || + semanage port -m -t http_port_t -p tcp ${DSIP_PORT} + # NOTE: /var/run is required here due to the aliasing in the fcontexts + #semanage fcontext -a -t httpd_var_run_t '/var/run/dsiprouter/dsiprouter\.sock' + # TODO: this is a workaround, this the "wrong" way to do it + # we need to figure out why the fcontexts are not applying by default to new files + # and possibly (preferably) create our own type with those specific permissions + # for example a new type dsiprouter_run_t labeled on '/var/run/dsiprouter/.+' + ( + if semodule -l | grep -q 'dsiprouter'; then + semodule -r dsiprouter + fi + cd /tmp && + checkmodule -M -m -o dsiprouter.mod ${DSIP_PROJECT_DIR}/nginx/selinux/centos.te && + semodule_package -o dsiprouter.pp -m dsiprouter.mod && + semodule -i dsiprouter.pp + ) + if (( $? != 0 )); then + printerr 'failed updating selinux permissions' + return 1 + fi + + # Configure nginx + # determine available TLS protocols (try using highest available) + OPENSSL_VER=$(openssl version 2>/dev/null | awk '{print $2}' | perl -pe 's%([0-9])\.([0-9]).([0-9]).*%\1\2\3%') + if (( ${OPENSSL_VER} < 101 )); then + TLS_PROTOCOLS="TLSv1" + elif (( ${OPENSSL_VER} < 111 )); then + TLS_PROTOCOLS="TLSv1.1 TLSv1.2" + else + TLS_PROTOCOLS="TLSv1.2 TLSv1.3" + fi + mkdir -p /etc/nginx/sites-enabled /etc/nginx/sites-available /etc/nginx/nginx.conf.d/ + # remove the defaults + rm -f /etc/nginx/sites-enabled/* /etc/nginx/sites-available/* /etc/nginx/nginx.conf.d/* + # setup our own nginx configs + perl -e "\$tls_protocols='${TLS_PROTOCOLS}';" \ + -pe 's%TLS_PROTOCOLS%${tls_protocols}%g;' \ + ${DSIP_PROJECT_DIR}/nginx/configs/nginx.conf >/etc/nginx/nginx.conf + + # configure nginx systemd service + cp -f ${DSIP_PROJECT_DIR}/nginx/systemd/nginx-stop.sh /usr/sbin/nginx-stop + cp -f ${DSIP_PROJECT_DIR}/nginx/systemd/nginx-v2.service /lib/systemd/system/nginx.service + cp -f ${DSIP_PROJECT_DIR}/nginx/systemd/nginx-watcher-v2.service /lib/systemd/system/nginx-watcher.service + perl -p \ + -e "s%PathChanged\=.*%PathChanged=${DSIP_CERTS_DIR}/%;" \ + ${DSIP_PROJECT_DIR}/nginx/systemd/nginx-watcher.path >/lib/systemd/system/nginx-watcher.path + chmod 644 /lib/systemd/system/nginx.service + chmod 644 /lib/systemd/system/nginx-watcher.service + chmod 644 /lib/systemd/system/nginx-watcher.path + systemctl daemon-reload + systemctl enable nginx + + return 0 +} + +function uninstall() { + # stop nginx and remove nginx package + systemctl stop nginx + systemctl disable nginx + dnf remove -y nginx + + # remove nginx systemd service + rm -f /usr/sbin/nginx-stop + rm -f /lib/systemd/system/nginx.service + rm -f /lib/systemd/system/nginx-watcher.service + rm -f /lib/systemd/system/nginx-watcher.path + systemctl daemon-reload + + # remove SELINUX permissions + semanage port -d -t http_port_t -p tcp ${DSIP_PORT} + + return 0 +} + +case "$1" in + uninstall) + uninstall && exit 0 || exit 1 + ;; + install) + install && exit 0 || exit 1 + ;; + *) + printerr "usage $0 [install | uninstall]" + exit 1 + ;; +esac diff --git a/nginx/ubuntu/24.sh b/nginx/ubuntu/24.sh new file mode 100755 index 00000000..4e737be9 --- /dev/null +++ b/nginx/ubuntu/24.sh @@ -0,0 +1,89 @@ +#!/usr/bin/env bash + +# Debug this script if in debug mode +(( $DEBUG == 1 )) && set -x + +# Import dsip_lib utility / shared functions if not already +if [[ "$DSIP_LIB_IMPORTED" != "1" ]]; then + . ${DSIP_PROJECT_DIR}/dsiprouter/dsip_lib.sh +fi + +function install() { + # create nginx user and group + # sometimes locks aren't properly removed (this seems to happen often on VM's) + rm -f /etc/passwd.lock /etc/shadow.lock /etc/group.lock /etc/gshadow.lock &>/dev/null + userdel nginx &>/dev/null; groupdel nginx &>/dev/null + useradd --system --user-group --shell /bin/false --comment "nginx HTTP Service Provider" nginx + + # Install dependencies for dSIPRouter + apt-get install -y nginx + + if (( $? != 0 )); then + return 1 + fi + + # setup runtime directorys for nginx + mkdir -p /run/nginx + chown -R nginx:nginx /run/nginx + + # Configure nginx + # determine available TLS protocols (try using highest available) + OPENSSL_VER=$(openssl version 2>/dev/null | awk '{print $2}' | perl -pe 's%([0-9])\.([0-9]).([0-9]).*%\1\2\3%') + if (( ${OPENSSL_VER} < 101 )); then + TLS_PROTOCOLS="TLSv1" + elif (( ${OPENSSL_VER} < 111 )); then + TLS_PROTOCOLS="TLSv1.1 TLSv1.2" + else + TLS_PROTOCOLS="TLSv1.2 TLSv1.3" + fi + mkdir -p /etc/nginx/sites-enabled /etc/nginx/sites-available /etc/nginx/nginx.conf.d/ + # remove the defaults + rm -f /etc/nginx/sites-enabled/* /etc/nginx/sites-available/* /etc/nginx/nginx.conf.d/* + # setup our own nginx configs + perl -e "\$tls_protocols='${TLS_PROTOCOLS}';" \ + -pe 's%TLS_PROTOCOLS%${tls_protocols}%g;' \ + ${DSIP_PROJECT_DIR}/nginx/configs/nginx.conf >/etc/nginx/nginx.conf + + # configure nginx systemd service + cp -f ${DSIP_PROJECT_DIR}/nginx/systemd/nginx-stop.sh /usr/sbin/nginx-stop + cp -f ${DSIP_PROJECT_DIR}/nginx/systemd/nginx-v2.service /lib/systemd/system/nginx.service + cp -f ${DSIP_PROJECT_DIR}/nginx/systemd/nginx-watcher-v2.service /lib/systemd/system/nginx-watcher.service + perl -p \ + -e "s%PathChanged\=.*%PathChanged=${DSIP_CERTS_DIR}/%;" \ + ${DSIP_PROJECT_DIR}/nginx/systemd/nginx-watcher.path >/lib/systemd/system/nginx-watcher.path + chmod 644 /lib/systemd/system/nginx.service + chmod 644 /lib/systemd/system/nginx-watcher.service + chmod 644 /lib/systemd/system/nginx-watcher.path + systemctl daemon-reload + systemctl enable nginx + + return 0 +} + +function uninstall() { + # stop nginx and remove nginx package + systemctl stop nginx + systemctl disable nginx + apt-get remove -y nginx + + # remove nginx systemd service + rm -f /usr/sbin/nginx-stop + rm -f /lib/systemd/system/nginx.service + rm -f /lib/systemd/system/nginx-watcher.service + rm -f /lib/systemd/system/nginx-watcher.path + systemctl daemon-reload + + return 0 +} + +case "$1" in + uninstall) + uninstall && exit 0 || exit 1 + ;; + install) + install && exit 0 || exit 1 + ;; + *) + printerr "usage $0 [install | uninstall]" + ;; +esac diff --git a/resources/apt/debian/10/official-releases.pref b/resources/apt/debian/10/official-releases.pref new file mode 100644 index 00000000..50489bc7 --- /dev/null +++ b/resources/apt/debian/10/official-releases.pref @@ -0,0 +1,72 @@ +## default priory assignments +# priority 1 +# versions coming from archives which in their Release files are marked as "NotAutomatic: yes", +# but not as "ButAutomaticUpgrades: yes" like the Debian experimental archive. +# +# priority 100 +# a version that is already installed (if any) and to the versions coming from archives which, +# in their Release files are marked as "NotAutomatic: yes" and "ButAutomaticUpgrades: yes", +# like the Debian backports archive since squeeze-backports. +# +# priority 500 +# versions that do not belong to the target release. +# +# priority 990 +# versions that belong to the target release. +# +## interpretation of priority (P) +# P >= 1000 +# causes a version to be installed even if this constitutes a downgrade of the package +# +# 990 <= P < 1000 +# causes a version to be installed even if it does not come from the target release, unless the installed version is more recent +# +# 500 <= P < 990 +# causes a version to be installed unless there is a version available belonging to the target release or the installed version is more recent +# +# 100 <= P < 500 +# causes a version to be installed unless there is a version available belonging to some other distribution or the installed version is more recent +# +# 0 < P < 100 +# causes a version to be installed only if there is no installed version of the package +# +# P < 0 +# prevents the version from being installed +# +# P = 0 +# has undefined behaviour (do not use it) +# + +#------------------------------------------------------------------- +# priority for debian 10 (buster) release packages +#------------------------------------------------------------------- +Package: * +Pin: release o=Debian,n=buster +Pin-Priority: 990 + +Package: * +Pin: release o=Debian,n=buster-updates +Pin-Priority: 990 + +Package: * +Pin: release o=Debian,n=buster-backports +Pin-Priority: 990 + +#------------------------------------------------------------------- +# priority for debian 11 (bullseye) release packages +#------------------------------------------------------------------- +Package: * +Pin: release o=Debian,n=bullseye +Pin-Priority: 500 + +Package: * +Pin: release o=Debian,n=bullseye-updates +Pin-Priority: 500 + +Package: * +Pin: release o=Debian,n=bullseye-security +Pin-Priority: 500 + +Package: * +Pin: release o=Debian,n=bullseye-backports +Pin-Priority: 500 diff --git a/resources/apt/debian/11/official-releases.pref b/resources/apt/debian/11/official-releases.pref new file mode 100644 index 00000000..b4c60367 --- /dev/null +++ b/resources/apt/debian/11/official-releases.pref @@ -0,0 +1,57 @@ +## default priory assignments +# priority 1 +# versions coming from archives which in their Release files are marked as "NotAutomatic: yes", +# but not as "ButAutomaticUpgrades: yes" like the Debian experimental archive. +# +# priority 100 +# a version that is already installed (if any) and to the versions coming from archives which, +# in their Release files are marked as "NotAutomatic: yes" and "ButAutomaticUpgrades: yes", +# like the Debian backports archive since squeeze-backports. +# +# priority 500 +# versions that do not belong to the target release. +# +# priority 990 +# versions that belong to the target release. +# +## interpretation of priority (P) +# P >= 1000 +# causes a version to be installed even if this constitutes a downgrade of the package +# +# 990 <= P < 1000 +# causes a version to be installed even if it does not come from the target release, unless the installed version is more recent +# +# 500 <= P < 990 +# causes a version to be installed unless there is a version available belonging to the target release or the installed version is more recent +# +# 100 <= P < 500 +# causes a version to be installed unless there is a version available belonging to some other distribution or the installed version is more recent +# +# 0 < P < 100 +# causes a version to be installed only if there is no installed version of the package +# +# P < 0 +# prevents the version from being installed +# +# P = 0 +# has undefined behaviour (do not use it) +# + +#------------------------------------------------------------------- +# priority for debian 11 (bullseye) release packages +#------------------------------------------------------------------- +Package: * +Pin: release o=Debian,n=bullseye +Pin-Priority: 990 + +Package: * +Pin: release o=Debian,n=bullseye-updates +Pin-Priority: 990 + +Package: * +Pin: release o=Debian,n=bullseye-security +Pin-Priority: 990 + +Package: * +Pin: release o=Debian,n=bullseye-backports +Pin-Priority: 990 diff --git a/resources/apt/debian/12/official-releases.pref b/resources/apt/debian/12/official-releases.pref new file mode 100644 index 00000000..27ae7399 --- /dev/null +++ b/resources/apt/debian/12/official-releases.pref @@ -0,0 +1,57 @@ +## default priory assignments +# priority 1 +# versions coming from archives which in their Release files are marked as "NotAutomatic: yes", +# but not as "ButAutomaticUpgrades: yes" like the Debian experimental archive. +# +# priority 100 +# a version that is already installed (if any) and to the versions coming from archives which, +# in their Release files are marked as "NotAutomatic: yes" and "ButAutomaticUpgrades: yes", +# like the Debian backports archive since squeeze-backports. +# +# priority 500 +# versions that do not belong to the target release. +# +# priority 990 +# versions that belong to the target release. +# +## interpretation of priority (P) +# P >= 1000 +# causes a version to be installed even if this constitutes a downgrade of the package +# +# 990 <= P < 1000 +# causes a version to be installed even if it does not come from the target release, unless the installed version is more recent +# +# 500 <= P < 990 +# causes a version to be installed unless there is a version available belonging to the target release or the installed version is more recent +# +# 100 <= P < 500 +# causes a version to be installed unless there is a version available belonging to some other distribution or the installed version is more recent +# +# 0 < P < 100 +# causes a version to be installed only if there is no installed version of the package +# +# P < 0 +# prevents the version from being installed +# +# P = 0 +# has undefined behaviour (do not use it) +# + +#------------------------------------------------------------------- +# priority for debian 12 (bookworm) release packages +#------------------------------------------------------------------- +Package: * +Pin: release o=Debian,n=bookworm +Pin-Priority: 990 + +Package: * +Pin: release o=Debian,n=bookworm-updates +Pin-Priority: 990 + +Package: * +Pin: release o=Debian,n=bookworm-security +Pin-Priority: 990 + +Package: * +Pin: release o=Debian,n=bookworm-backports +Pin-Priority: 990 diff --git a/resources/apt/debian/8/official-releases.list b/resources/apt/debian/8/official-releases.list deleted file mode 100644 index 0c1eda59..00000000 --- a/resources/apt/debian/8/official-releases.list +++ /dev/null @@ -1,11 +0,0 @@ -#------------------------------------------------------------------- -# packages from debian 8 (jessie) release -#------------------------------------------------------------------- -deb http://deb.debian.org/debian/ jessie main contrib non-free -#deb-src http://deb.debian.org/debian/ jessie main contrib non-free - -deb http://deb.debian.org/debian/ jessie-updates main contrib non-free -#deb-src http://deb.debian.org/debian/ jessie-updates main contrib non-free - -deb http://deb.debian.org/debian-security jessie/updates main -#deb-src http://deb.debian.org/debian-security jessie/updates main diff --git a/resources/apt/debian/official-releases.pref b/resources/apt/debian/9/official-releases.pref similarity index 73% rename from resources/apt/debian/official-releases.pref rename to resources/apt/debian/9/official-releases.pref index edfd2e58..9aafaf81 100644 --- a/resources/apt/debian/official-releases.pref +++ b/resources/apt/debian/9/official-releases.pref @@ -42,65 +42,46 @@ #------------------------------------------------------------------- Package: * Pin: release o=Debian,n=stretch -Pin-Priority: $APT_STRETCH_PRIORITY +Pin-Priority: 990 Package: * Pin: release o=Debian,n=stretch-updates -Pin-Priority: $APT_STRETCH_PRIORITY +Pin-Priority: 990 Package: * Pin: release o=Debian,n=stretch-backports -Pin-Priority: $APT_STRETCH_PRIORITY +Pin-Priority: 990 #------------------------------------------------------------------- # priority for debian 10 (buster) release packages #------------------------------------------------------------------- Package: * Pin: release o=Debian,n=buster -Pin-Priority: $APT_BUSTER_PRIORITY +Pin-Priority: 500 Package: * Pin: release o=Debian,n=buster-updates -Pin-Priority: $APT_BUSTER_PRIORITY +Pin-Priority: 500 Package: * Pin: release o=Debian,n=buster-backports -Pin-Priority: $APT_BUSTER_PRIORITY +Pin-Priority: 500 #------------------------------------------------------------------- # priority for debian 11 (bullseye) release packages #------------------------------------------------------------------- Package: * Pin: release o=Debian,n=bullseye -Pin-Priority: $APT_BULLSEYE_PRIORITY +Pin-Priority: 100 Package: * Pin: release o=Debian,n=bullseye-updates -Pin-Priority: $APT_BULLSEYE_PRIORITY +Pin-Priority: 100 Package: * Pin: release o=Debian,n=bullseye-security -Pin-Priority: $APT_BULLSEYE_PRIORITY +Pin-Priority: 100 Package: * Pin: release o=Debian,n=bullseye-backports -Pin-Priority: $APT_BULLSEYE_PRIORITY - -#------------------------------------------------------------------- -# priority for debian 12 (bookworm) release packages -#------------------------------------------------------------------- -Package: * -Pin: release o=Debian,n=bookworm -Pin-Priority: $APT_BOOKWORM_PRIORITY - -Package: * -Pin: release o=Debian,n=bookworm-updates -Pin-Priority: $APT_BOOKWORM_PRIORITY - -Package: * -Pin: release o=Debian,n=bookworm-security -Pin-Priority: $APT_BOOKWORM_PRIORITY - -Package: * -Pin: release o=Debian,n=bookworm-backports -Pin-Priority: $APT_BOOKWORM_PRIORITY +Pin-Priority: 100 diff --git a/resources/apt/ubuntu/official-releases.pref b/resources/apt/ubuntu/20.04/official-releases.pref similarity index 80% rename from resources/apt/ubuntu/official-releases.pref rename to resources/apt/ubuntu/20.04/official-releases.pref index 8a62168e..7a229397 100644 --- a/resources/apt/ubuntu/official-releases.pref +++ b/resources/apt/ubuntu/20.04/official-releases.pref @@ -42,19 +42,8 @@ #------------------------------------------------------------------- Package: * Pin: release o=Ubuntu,n=focal -Pin-Priority: $APT_FOCAL_PRIORITY +Pin-Priority: 990 Package: * Pin: release o=Ubuntu,a=focal -Pin-Priority: $APT_FOCAL_PRIORITY - -#------------------------------------------------------------------- -# priority for ubuntu 22.04 (jammy) release packages -#------------------------------------------------------------------- -Package: * -Pin: release o=Ubuntu,n=jammy -Pin-Priority: $APT_JAMMY_PRIORITY - -Package: * -Pin: release o=Ubuntu,a=jammy -Pin-Priority: $APT_JAMMY_PRIORITY +Pin-Priority: 990 diff --git a/resources/apt/ubuntu/22.04/official-releases.pref b/resources/apt/ubuntu/22.04/official-releases.pref new file mode 100644 index 00000000..543b16e6 --- /dev/null +++ b/resources/apt/ubuntu/22.04/official-releases.pref @@ -0,0 +1,49 @@ +## default priory assignments +# priority 1 +# versions coming from archives which in their Release files are marked as "NotAutomatic: yes", +# but not as "ButAutomaticUpgrades: yes" like the Ubuntu experimental archive. +# +# priority 100 +# a version that is already installed (if any) and to the versions coming from archives which, +# in their Release files are marked as "NotAutomatic: yes" and "ButAutomaticUpgrades: yes", +# like the Ubuntu backports archive since squeeze-backports. +# +# priority 500 +# versions that do not belong to the target release. +# +# priority 990 +# versions that belong to the target release. +# +## interpretation of priority (P) +# P >= 1000 +# causes a version to be installed even if this constitutes a downgrade of the package +# +# 990 <= P < 1000 +# causes a version to be installed even if it does not come from the target release, unless the installed version is more recent +# +# 500 <= P < 990 +# causes a version to be installed unless there is a version available belonging to the target release or the installed version is more recent +# +# 100 <= P < 500 +# causes a version to be installed unless there is a version available belonging to some other distribution or the installed version is more recent +# +# 0 < P < 100 +# causes a version to be installed only if there is no installed version of the package +# +# P < 0 +# prevents the version from being installed +# +# P = 0 +# has undefined behaviour (do not use it) +# + +#------------------------------------------------------------------- +# priority for ubuntu 22.04 (jammy) release packages +#------------------------------------------------------------------- +Package: * +Pin: release o=Ubuntu,n=jammy +Pin-Priority: 990 + +Package: * +Pin: release o=Ubuntu,a=jammy +Pin-Priority: 990 diff --git a/resources/apt/ubuntu/24.04/official-releases.list b/resources/apt/ubuntu/24.04/official-releases.list new file mode 100644 index 00000000..e9673f65 --- /dev/null +++ b/resources/apt/ubuntu/24.04/official-releases.list @@ -0,0 +1,17 @@ +#------------------------------------------------------------------- +# packages from ubuntu 24.04 (noble) release +#------------------------------------------------------------------- +deb https://nyc.mirrors.clouvider.net/ubuntu/ noble main restricted universe multiverse +#deb-src https://nyc.mirrors.clouvider.net/ubuntu/ noble main restricted universe multiverse + +deb https://nyc.mirrors.clouvider.net/ubuntu/ noble-security main restricted universe multiverse +#deb-src https://nyc.mirrors.clouvider.net/ubuntu/ noble-security main restricted universe multiverse + +deb https://nyc.mirrors.clouvider.net/ubuntu/ noble-updates main restricted universe multiverse +#deb-src https://nyc.mirrors.clouvider.net/ubuntu/ noble-updates main restricted universe multiverse + +deb https://nyc.mirrors.clouvider.net/ubuntu/ noble-backports main restricted universe multiverse +#deb-src https://nyc.mirrors.clouvider.net/ubuntu/ noble-backports main restricted universe multiverse + +#deb https://nyc.mirrors.clouvider.net/ubuntu/ noble-proposed main restricted universe multiverse +#deb-src https://nyc.mirrors.clouvider.net/ubuntu/ noble-proposed main restricted universe multiverse diff --git a/resources/apt/ubuntu/24.04/official-releases.pref b/resources/apt/ubuntu/24.04/official-releases.pref new file mode 100644 index 00000000..d7ec10cc --- /dev/null +++ b/resources/apt/ubuntu/24.04/official-releases.pref @@ -0,0 +1,49 @@ +## default priory assignments +# priority 1 +# versions coming from archives which in their Release files are marked as "NotAutomatic: yes", +# but not as "ButAutomaticUpgrades: yes" like the Ubuntu experimental archive. +# +# priority 100 +# a version that is already installed (if any) and to the versions coming from archives which, +# in their Release files are marked as "NotAutomatic: yes" and "ButAutomaticUpgrades: yes", +# like the Ubuntu backports archive since squeeze-backports. +# +# priority 500 +# versions that do not belong to the target release. +# +# priority 990 +# versions that belong to the target release. +# +## interpretation of priority (P) +# P >= 1000 +# causes a version to be installed even if this constitutes a downgrade of the package +# +# 990 <= P < 1000 +# causes a version to be installed even if it does not come from the target release, unless the installed version is more recent +# +# 500 <= P < 990 +# causes a version to be installed unless there is a version available belonging to the target release or the installed version is more recent +# +# 100 <= P < 500 +# causes a version to be installed unless there is a version available belonging to some other distribution or the installed version is more recent +# +# 0 < P < 100 +# causes a version to be installed only if there is no installed version of the package +# +# P < 0 +# prevents the version from being installed +# +# P = 0 +# has undefined behaviour (do not use it) +# + +#------------------------------------------------------------------- +# priority for ubuntu 24.04 (noble) release packages +#------------------------------------------------------------------- +Package: * +Pin: release o=Ubuntu,n=noble +Pin-Priority: 990 + +Package: * +Pin: release o=Ubuntu,a=noble +Pin-Priority: 990 diff --git a/rtpengine/almalinux/install.sh b/rtpengine/almalinux/install.sh index e47a8980..2b818b49 100755 --- a/rtpengine/almalinux/install.sh +++ b/rtpengine/almalinux/install.sh @@ -10,19 +10,16 @@ if [[ "$DSIP_LIB_IMPORTED" != "1" ]]; then . ${DSIP_PROJECT_DIR}/dsiprouter/dsip_lib.sh fi -# search for RPM using external APIs mirrors and archives -# not guaranteed to find an RPM, outputs empty string if search fails +# search for RPM using almalinux vault repos +# not guaranteed to find an RPM, returns 1 if not found # arguments: # $1 == rpm to search for # options: -# -a -# --arch= -# -d -# --distro= -# -f -# --filter= -function rpmSearch() { - local RPM_SEARCH="" DISTRO_FILTER="" ARCH_FILTER="" GREP_FILTER="" SEARCH_RESULTS="" +# -af +# -rf +# -dm +function vaultSearch() { + local RPM_SEARCH DISTRO_MAJVER ARCH_FILTER REPO_FILTER SEARCH_RESULTS VERSIONS_TO_SEARCH SEARCH_URL while (( $# > 0 )); do # last arg is user and database @@ -33,88 +30,60 @@ function rpmSearch() { fi case "$1" in - -a) + -af) shift ARCH_FILTER="$1" shift ;; - --arch=*) - ARCH_FILTER="$(echo "$1" | cut -d '=' -f 2)" + -rf) shift - ;; - -d) - shift - DISTRO_FILTER="$1" - shift - ;; - --distro=*) - DISTRO_FILTER="$(echo "$1" | cut -d '=' -f 2)" + REPO_FILTER="$1" shift ;; - -f) - shift - GREP_FILTER="$1" + -dm) shift - ;; - --filter=*) - GREP_FILTER="$(echo "$1" | cut -d '=' -f 2)" + DISTRO_MAJVER="$1" shift ;; esac done - # if grep filter not set it defaults to rpm search - if [[ -z "$GREP_FILTER" ]]; then - GREP_FILTER="${RPM_SEARCH}" - fi - - # grab the results of the search using an API on rpmfind.net - SEARCH_RESULTS=$( - curl -sL "https://www.rpmfind.net/linux/rpm2html/search.php?query=${RPM_SEARCH}&system=${DISTRO_FILTER}&arch=${ARCH_FILTER}" 2>/dev/null | - perl -e "\$rpmfind_base_url='https://rpmfind.net'; \$rpm_search='${RPM_SEARCH}'; @matches=(); " -0777 -e \ - '$html = do { local $/; }; - @matches = ($html =~ m%(?<=\)%g); - foreach my $match (@matches) { print "${rpmfind_base_url}${match}\n"; }' 2>/dev/null | - grep -m 1 "${GREP_FILTER}" - ) + VERSIONS_TO_SEARCH=($( + curl -s https://raw.repo.almalinux.org/vault/ | + perl -e "\$distro_majver='$DISTRO_MAJVER'; @matches=();" -0777 -e ' + $html = do { local $/; }; + @matches = ($html =~ m%(?<=\)%g); + foreach my $match (@matches) { print "${match}\n"; } + ' 2>/dev/null + )) + + for VAULT_VER in ${VERSIONS_TO_SEARCH[@]}; do + SEARCH_URL="https://repo.almalinux.org/vault/${VAULT_VER}/${REPO_FILTER}/${ARCH_FILTER}/os/Packages/${RPM_SEARCH}.rpm" + if (( $(curl -s -I -w "%{http_code}" -o /dev/null "$SEARCH_URL") == 200 )); then + echo "$SEARCH_URL" + return 0 + fi + done - if [[ -n "$SEARCH_RESULTS" ]]; then - echo "$SEARCH_RESULTS" - fi + return 1 } # try installing in the following order: # 1: headers from repos -# 2: headers from rpmfind.net (updates branch) -# 3: headers from rpmfind.net (os branch) -# 4: headers from linuxsoft.cern.ch (updates branch) -# 5: headers from linuxsoft.cern.ch (os branch) +# 2: headers from vault repos function installKernelDevHeaders { - local DISTRO_VER="$DISTRO_VER" + local DISTRO_MAJVER="$DISTRO_MAJVER" local OS_ARCH="$OS_ARCH" local OS_KERNEL="$OS_KERNEL" + local KERN_DEV KERN_HDR - if (( ${DISTRO_VER} >= 8 )); then - dnf install -y kernel-devel-${OS_KERNEL} kernel-headers-${OS_KERNEL} || - dnf install -y https://rpmfind.net/linux/centos/${DISTRO_VER}/updates/${OS_ARCH}/Packages/kernel-devel-${OS_KERNEL}.rpm \ - https://rpmfind.net/linux/centos/${DISTRO_VER}/updates/${OS_ARCH}/Packages/kernel-headers-${OS_KERNEL}.rpm || - dnf install -y https://rpmfind.net/linux/centos/${DISTRO_VER}/os/${OS_ARCH}/Packages/kernel-devel-${OS_KERNEL}.rpm \ - https://rpmfind.net/linux/centos/${DISTRO_VER}/os/${OS_ARCH}/Packages/kernel-headers-${OS_KERNEL}.rpm || - dnf install -y https://linuxsoft.cern.ch/cern/centos/${DISTRO_VER}/updates/${OS_ARCH}/Packages/kernel-devel-${OS_KERNEL}.rpm \ - https://linuxsoft.cern.ch/cern/centos/${DISTRO_VER}/updates/${OS_ARCH}/Packages/kernel-headers-${OS_KERNEL}.rpm || - dnf install -y https://linuxsoft.cern.ch/cern/centos/${DISTRO_VER}/os/${OS_ARCH}/Packages/kernel-devel-${OS_KERNEL}.rpm \ - https://linuxsoft.cern.ch/cern/centos/${DISTRO_VER}/os/${OS_ARCH}/Packages/kernel-headers-${OS_KERNEL}.rpm - else - yum install -y kernel-devel-${OS_KERNEL} kernel-headers-${OS_KERNEL} || - yum install -y https://rpmfind.net/linux/centos/${DISTRO_VER}/updates/${OS_ARCH}/Packages/kernel-devel-${OS_KERNEL}.rpm \ - https://rpmfind.net/linux/centos/${DISTRO_VER}/updates/${OS_ARCH}/Packages/kernel-headers-${OS_KERNEL}.rpm || - yum install -y https://rpmfind.net/linux/centos/${DISTRO_VER}/os/${OS_ARCH}/Packages/kernel-devel-${OS_KERNEL}.rpm \ - https://rpmfind.net/linux/centos/${DISTRO_VER}/os/${OS_ARCH}/Packages/kernel-headers-${OS_KERNEL}.rpm || - yum install -y https://linuxsoft.cern.ch/cern/centos/${DISTRO_VER}/updates/${OS_ARCH}/Packages/kernel-devel-${OS_KERNEL}.rpm \ - https://linuxsoft.cern.ch/cern/centos/${DISTRO_VER}/updates/${OS_ARCH}/Packages/kernel-headers-${OS_KERNEL}.rpm || - yum install -y https://linuxsoft.cern.ch/cern/centos/${DISTRO_VER}/os/${OS_ARCH}/Packages/kernel-devel-${OS_KERNEL}.rpm \ - https://linuxsoft.cern.ch/cern/centos/${DISTRO_VER}/os/${OS_ARCH}/Packages/kernel-headers-${OS_KERNEL}.rpm - fi + dnf install -y kernel-devel-${OS_KERNEL} kernel-headers-${OS_KERNEL} || { + KERN_DEV=$(vaultSearch -af $OS_ARCH -dm $DISTRO_MAJVER -rf BaseOS "kernel-devel-${OS_KERNEL}") || return 1 + KERN_HDR=$(vaultSearch -af $OS_ARCH -dm $DISTRO_MAJVER -rf BaseOS "kernel-headers-${OS_KERNEL}") || return 1 + + dnf install -y "$KERN_DEV" && + dnf install -y "$KERN_HDR" + } } # compile and install rtpengine from RPM's @@ -124,24 +93,26 @@ function install { local OS_ARCH=$(uname -m) local OS_KERNEL=$(uname -r) local RHEL_BASE_VER=$(rpm -E %{rhel}) - local DISTRO_VER="$(cat /etc/redhat-release | cut -d ' ' -f 4)" + local DISTRO_VER=$(source /etc/os-release; echo "$VERSION_ID") + local DISTRO_MAJVER=$(cut -d '.' -f 1 <<<"$DISTRO_VER") local NPROC=$(nproc) # Install required libraries - yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm - yum-config-manager -y --add-repo https://negativo17.org/repos/epel-multimedia.repo - sed -i 's|$releasever|'"${RHEL_BASE_VER}|g" /etc/yum.repos.d/epel-multimedia.repo - rpm --import http://li.nux.ro/download/nux/RPM-GPG-KEY-nux.ro - rpm -Uh http://li.nux.ro/download/nux/dextop/el7/${OS_ARCH}/nux-dextop-release-0-5.el7.nux.noarch.rpm - - yum install -y gcc glib2 glib2-devel zlib zlib-devel openssl openssl-devel pcre pcre-devel libcurl libcurl-devel \ + dnf install -y almalinux-release-devel && + if (( ${DISTRO_MAJVER} == 9 )); then + dnf config-manager -y --set-enabled crb + elif (( ${DISTRO_MAJVER} == 8 )); then + dnf config-manager -y --set-enabled powertools + fi && + dnf install -y epel-release distribution-gpg-keys && + rpmkeys --import /usr/share/distribution-gpg-keys/rpmfusion/RPM-GPG-KEY-rpmfusion-free-el-${RHEL_BASE_VER} && + dnf --setopt=localpkg_gpgcheck=1 install -y https://mirrors.rpmfusion.org/free/el/rpmfusion-free-release-${RHEL_BASE_VER}.noarch.rpm && + dnf install -y jq curl gcc glib2 glib2-devel zlib zlib-devel openssl openssl-devel pcre pcre-devel libcurl libcurl-devel \ xmlrpc-c xmlrpc-c-devel libpcap libpcap-devel hiredis hiredis-devel json-glib json-glib-devel libevent libevent-devel \ - iptables iptables-devel xmlrpc-c-devel gperf system-lsb redhat-rpm-config rpm-build pkgconfig \ - freetype-devel fontconfig-devel libxml2-devel nc dkms logrotate rsyslog perl perl-IPC-Cmd spandsp-devel bc libwebsockets-devel \ - gperf gperftools gperftools-devel gperftools-libs gzip mariadb-devel perl-Config-Tiny spandsp \ - $(rpmSearch -d centos -a x86_64 -f el7 librabbitmq) $(rpmSearch -d centos -a x86_64 -f el7 librabbitmq-devel) \ - libbluray-devel libavcodec-devel libavformat-devel libavutil-devel libswresample-devel libavfilter-devel ffmpeg ffmpeg-devel \ - libjpeg-turbo-devel mosquitto-devel && + iptables iptables-devel xmlrpc-c-devel gperf redhat-rpm-config rpm-build pkgconfig spandsp-devel pandoc \ + freetype-devel fontconfig-devel libxml2-devel nc dkms logrotate rsyslog perl perl-IPC-Cmd bc libwebsockets-devel \ + gperf gperftools gperftools-devel gperftools-libs gzip mariadb-devel perl-Config-Tiny spandsp librabbitmq librabbitmq-devel \ + ffmpeg ffmpeg-devel libjpeg-turbo-devel mosquitto-devel opus-devel gcc-toolset-14 && installKernelDevHeaders if (( $? != 0 )); then @@ -165,7 +136,7 @@ function install { ( cd ${SRC_DIR}/curl && ./configure --prefix=/usr --libdir=/usr/lib64 --with-ssl && - make -j $NRPOC && + make -j $NPROC && make -j $NPROC install && ldconfig ) @@ -201,6 +172,7 @@ function install { rm -rf ${RPM_BUILD_ROOT} 2>/dev/null mkdir -p ${RPM_BUILD_ROOT}/SOURCES && ( + source scl_source enable gcc-toolset-14 && cd ${SRC_DIR} && tar -czf ${RPM_BUILD_ROOT}/SOURCES/ngcp-rtpengine-${RTPENGINE_RPM_VER}.tar.gz \ --transform="s%^rtpengine%ngcp-rtpengine-$RTPENGINE_RPM_VER%g" rtpengine/ && @@ -213,15 +185,9 @@ function install { systemctl mask ngcp-rtpengine-daemon.service # install the RPM's - if (( ${DISTRO_VER} >= 8 )); then - dnf install -y ${RPM_BUILD_ROOT}/RPMS/${OS_ARCH}/ngcp-rtpengine-${RTPENGINE_RPM_VER}*.rpm \ - ${RPM_BUILD_ROOT}/RPMS/noarch/ngcp-rtpengine-dkms-${RTPENGINE_RPM_VER}*.rpm \ - ${RPM_BUILD_ROOT}/RPMS/${OS_ARCH}/ngcp-rtpengine-kernel-${RTPENGINE_RPM_VER}*.rpm - else - yum localinstall -y ${RPM_BUILD_ROOT}/RPMS/${OS_ARCH}/ngcp-rtpengine-${RTPENGINE_RPM_VER}*.rpm \ - ${RPM_BUILD_ROOT}/RPMS/noarch/ngcp-rtpengine-dkms-${RTPENGINE_RPM_VER}*.rpm \ - ${RPM_BUILD_ROOT}/RPMS/${OS_ARCH}/ngcp-rtpengine-kernel-${RTPENGINE_RPM_VER}*.rpm - fi + dnf install -y ${RPM_BUILD_ROOT}/RPMS/${OS_ARCH}/ngcp-rtpengine-${RTPENGINE_RPM_VER}*.rpm \ + ${RPM_BUILD_ROOT}/RPMS/noarch/ngcp-rtpengine-dkms-${RTPENGINE_RPM_VER}*.rpm \ + ${RPM_BUILD_ROOT}/RPMS/${OS_ARCH}/ngcp-rtpengine-kernel-${RTPENGINE_RPM_VER}*.rpm ) if (( $? != 0 )); then @@ -245,14 +211,6 @@ function install { systemctl enable firewalld systemctl start firewalld - if (( $? != 0 )) && (( ${DISTRO_VER} == 7 )); then - # fix for bug: https://bugzilla.redhat.com/show_bug.cgi?id=1575845 - systemctl restart dbus - systemctl restart firewalld - # fix for ensuing bug: https://bugzilla.redhat.com/show_bug.cgi?id=1372925 - systemctl restart systemd-logind - fi - # give rtpengine permissions in selinux semanage port -a -t rtp_media_port_t -p udp ${RTP_PORT_MIN}-${RTP_PORT_MAX} || semanage port -m -t rtp_media_port_t -p udp ${RTP_PORT_MIN}-${RTP_PORT_MAX} @@ -273,11 +231,7 @@ function install { echo "d /run/rtpengine/rtpengine.pid 0755 rtpengine rtpengine - -" > /etc/tmpfiles.d/rtpengine.conf # Reconfigure systemd service files - if (( ${DISTRO_VER} > 7 )); then - cp -f ${DSIP_PROJECT_DIR}/rtpengine/systemd/rtpengine-v3.service /lib/systemd/system/rtpengine.service - else - cp -f ${DSIP_PROJECT_DIR}/rtpengine/systemd/rtpengine-v2.service /lib/systemd/system/rtpengine.service - fi + cp -f ${DSIP_PROJECT_DIR}/rtpengine/systemd/rtpengine-v3.service /lib/systemd/system/rtpengine.service chmod 644 /lib/systemd/system/rtpengine.service systemctl daemon-reload systemctl enable rtpengine diff --git a/rtpengine/amzn/install.sh b/rtpengine/amzn/install.sh index ca7e199c..cdbe8c05 100755 --- a/rtpengine/amzn/install.sh +++ b/rtpengine/amzn/install.sh @@ -135,7 +135,7 @@ function install { ( cd ${SRC_DIR}/openssl && ./Configure --prefix=/usr linux-$(uname -m) && - make -j $NRPOC && + make -j $NPROC && make -j $NPROC install ) || { printerr 'Failed to compile openssl' diff --git a/rtpengine/centos/install.sh b/rtpengine/centos/install.sh index f920fb15..3d346e64 100755 --- a/rtpengine/centos/install.sh +++ b/rtpengine/centos/install.sh @@ -177,7 +177,7 @@ function install { ( cd ${SRC_DIR}/curl && ./configure --prefix=/usr --libdir=/usr/lib64 --with-ssl && - make -j $NRPOC && + make -j $NPROC && make -j $NPROC install && ldconfig ) diff --git a/rtpengine/debian/install.sh b/rtpengine/debian/install.sh index a9196d57..23a8fbf0 100755 --- a/rtpengine/debian/install.sh +++ b/rtpengine/debian/install.sh @@ -181,8 +181,12 @@ function install { systemctl mask ngcp-rtpengine-daemon.service apt-get install -y ../ngcp-rtpengine-daemon_*${RTPENGINE_VER}*.deb ../ngcp-rtpengine-iptables_*${RTPENGINE_VER}*.deb \ - ../ngcp-rtpengine-kernel-dkms_*${RTPENGINE_VER}*.deb ../ngcp-rtpengine-utils_*${RTPENGINE_VER}*.deb - exit $? + ../ngcp-rtpengine-kernel-dkms_*${RTPENGINE_VER}*.deb ../ngcp-rtpengine-utils_*${RTPENGINE_VER}*.deb || exit 1 + + systemctl unmask ngcp-rtpengine-daemon.service + systemctl disable ngcp-rtpengine-daemon.service + + exit 0 ) if (( $? != 0 )); then @@ -229,6 +233,7 @@ function install { echo "d /var/run/rtpengine.pid 0755 rtpengine rtpengine - -" > /etc/tmpfiles.d/rtpengine.conf # Reconfigure systemd service files + rm -f /lib/systemd/system/rtpengine*.service cp -f ${DSIP_PROJECT_DIR}/rtpengine/systemd/rtpengine-v3.service /lib/systemd/system/rtpengine.service chmod 644 /lib/systemd/system/rtpengine.service systemctl daemon-reload diff --git a/rtpengine/rhel/install.sh b/rtpengine/rhel/install.sh index 27d48c17..f8a0459a 100755 --- a/rtpengine/rhel/install.sh +++ b/rtpengine/rhel/install.sh @@ -49,7 +49,7 @@ function install { ( cd ${SRC_DIR}/curl && ./configure --prefix=/usr --libdir=/usr/lib64 --with-ssl && - make -j $NRPOC && + make -j $NPROC && make -j $NPROC install && ldconfig ) diff --git a/rtpengine/rocky/install.sh b/rtpengine/rocky/install.sh index d6c6ddf5..fece2ab8 100755 --- a/rtpengine/rocky/install.sh +++ b/rtpengine/rocky/install.sh @@ -10,19 +10,16 @@ if [[ "$DSIP_LIB_IMPORTED" != "1" ]]; then . ${DSIP_PROJECT_DIR}/dsiprouter/dsip_lib.sh fi -# search for RPM using external APIs mirrors and archives -# not guaranteed to find an RPM, outputs empty string if search fails +# search for RPM using rocky linux vault repos +# not guaranteed to find an RPM, returns 1 if not found # arguments: # $1 == rpm to search for # options: -# -a -# --arch= -# -d -# --distro= -# -f -# --filter= -function rpmSearch() { - local RPM_SEARCH="" DISTRO_FILTER="" ARCH_FILTER="" GREP_FILTER="" SEARCH_RESULTS="" +# -af +# -rf +# -dm +function vaultSearch() { + local RPM_SEARCH DISTRO_MAJVER ARCH_FILTER REPO_FILTER SEARCH_RESULTS VERSIONS_TO_SEARCH SEARCH_URL PKG_LETTER while (( $# > 0 )); do # last arg is user and database @@ -33,88 +30,62 @@ function rpmSearch() { fi case "$1" in - -a) + -af) shift ARCH_FILTER="$1" shift ;; - --arch=*) - ARCH_FILTER="$(echo "$1" | cut -d '=' -f 2)" + -rf) shift - ;; - -d) - shift - DISTRO_FILTER="$1" - shift - ;; - --distro=*) - DISTRO_FILTER="$(echo "$1" | cut -d '=' -f 2)" + REPO_FILTER="$1" shift ;; - -f) - shift - GREP_FILTER="$1" + -dm) shift - ;; - --filter=*) - GREP_FILTER="$(echo "$1" | cut -d '=' -f 2)" + DISTRO_MAJVER="$1" shift ;; esac done - # if grep filter not set it defaults to rpm search - if [[ -z "$GREP_FILTER" ]]; then - GREP_FILTER="${RPM_SEARCH}" - fi - - # grab the results of the search using an API on rpmfind.net - SEARCH_RESULTS=$( - curl -sL "https://www.rpmfind.net/linux/rpm2html/search.php?query=${RPM_SEARCH}&system=${DISTRO_FILTER}&arch=${ARCH_FILTER}" 2>/dev/null | - perl -e "\$rpmfind_base_url='https://rpmfind.net'; \$rpm_search='${RPM_SEARCH}'; @matches=(); " -0777 -e \ - '$html = do { local $/; }; - @matches = ($html =~ m%(?<=\)%g); - foreach my $match (@matches) { print "${rpmfind_base_url}${match}\n"; }' 2>/dev/null | - grep -m 1 "${GREP_FILTER}" - ) + PKG_LETTER=$(tolower "${RPM_SEARCH:0:1}") + + VERSIONS_TO_SEARCH=($( + curl -s https://dl.rockylinux.org/vault/rocky/ | + perl -e "\$distro_majver='$DISTRO_MAJVER'; @matches=();" -0777 -e ' + $html = do { local $/; }; + @matches = ($html =~ m%(?<=\)%g); + foreach my $match (@matches) { print "${match}\n"; } + ' 2>/dev/null + )) + + for VAULT_VER in ${VERSIONS_TO_SEARCH[@]}; do + SEARCH_URL="https://dl.rockylinux.org/vault/rocky/${VAULT_VER}/${REPO_FILTER}/${ARCH_FILTER}/os/Packages/${PKG_LETTER}/${RPM_SEARCH}.rpm" + if (( $(curl -s -I -w "%{http_code}" -o /dev/null "$SEARCH_URL") == 200 )); then + echo "$SEARCH_URL" + return 0 + fi + done - if [[ -n "$SEARCH_RESULTS" ]]; then - echo "$SEARCH_RESULTS" - fi + return 1 } # try installing in the following order: # 1: headers from repos -# 2: headers from rpmfind.net (updates branch) -# 3: headers from rpmfind.net (os branch) -# 4: headers from linuxsoft.cern.ch (updates branch) -# 5: headers from linuxsoft.cern.ch (os branch) +# 2: headers from vault repos function installKernelDevHeaders { - local DISTRO_VER="$DISTRO_VER" + local DISTRO_MAJVER="$DISTRO_MAJVER" local OS_ARCH="$OS_ARCH" local OS_KERNEL="$OS_KERNEL" + local KERN_DEV KERN_HDR - if (( ${DISTRO_VER} >= 8 )); then - dnf install -y kernel-devel-${OS_KERNEL} kernel-headers-${OS_KERNEL} || - dnf install -y https://rpmfind.net/linux/centos/${DISTRO_VER}/updates/${OS_ARCH}/Packages/kernel-devel-${OS_KERNEL}.rpm \ - https://rpmfind.net/linux/centos/${DISTRO_VER}/updates/${OS_ARCH}/Packages/kernel-headers-${OS_KERNEL}.rpm || - dnf install -y https://rpmfind.net/linux/centos/${DISTRO_VER}/os/${OS_ARCH}/Packages/kernel-devel-${OS_KERNEL}.rpm \ - https://rpmfind.net/linux/centos/${DISTRO_VER}/os/${OS_ARCH}/Packages/kernel-headers-${OS_KERNEL}.rpm || - dnf install -y https://linuxsoft.cern.ch/cern/centos/${DISTRO_VER}/updates/${OS_ARCH}/Packages/kernel-devel-${OS_KERNEL}.rpm \ - https://linuxsoft.cern.ch/cern/centos/${DISTRO_VER}/updates/${OS_ARCH}/Packages/kernel-headers-${OS_KERNEL}.rpm || - dnf install -y https://linuxsoft.cern.ch/cern/centos/${DISTRO_VER}/os/${OS_ARCH}/Packages/kernel-devel-${OS_KERNEL}.rpm \ - https://linuxsoft.cern.ch/cern/centos/${DISTRO_VER}/os/${OS_ARCH}/Packages/kernel-headers-${OS_KERNEL}.rpm - else - yum install -y kernel-devel-${OS_KERNEL} kernel-headers-${OS_KERNEL} || - yum install -y https://rpmfind.net/linux/centos/${DISTRO_VER}/updates/${OS_ARCH}/Packages/kernel-devel-${OS_KERNEL}.rpm \ - https://rpmfind.net/linux/centos/${DISTRO_VER}/updates/${OS_ARCH}/Packages/kernel-headers-${OS_KERNEL}.rpm || - yum install -y https://rpmfind.net/linux/centos/${DISTRO_VER}/os/${OS_ARCH}/Packages/kernel-devel-${OS_KERNEL}.rpm \ - https://rpmfind.net/linux/centos/${DISTRO_VER}/os/${OS_ARCH}/Packages/kernel-headers-${OS_KERNEL}.rpm || - yum install -y https://linuxsoft.cern.ch/cern/centos/${DISTRO_VER}/updates/${OS_ARCH}/Packages/kernel-devel-${OS_KERNEL}.rpm \ - https://linuxsoft.cern.ch/cern/centos/${DISTRO_VER}/updates/${OS_ARCH}/Packages/kernel-headers-${OS_KERNEL}.rpm || - yum install -y https://linuxsoft.cern.ch/cern/centos/${DISTRO_VER}/os/${OS_ARCH}/Packages/kernel-devel-${OS_KERNEL}.rpm \ - https://linuxsoft.cern.ch/cern/centos/${DISTRO_VER}/os/${OS_ARCH}/Packages/kernel-headers-${OS_KERNEL}.rpm - fi + dnf install -y kernel-devel-${OS_KERNEL} kernel-headers-${OS_KERNEL} || { + KERN_DEV=$(vaultSearch -af $OS_ARCH -dm $DISTRO_MAJVER -rf BaseOS "kernel-devel-${OS_KERNEL}") || return 1 + KERN_HDR=$(vaultSearch -af $OS_ARCH -dm $DISTRO_MAJVER -rf BaseOS "kernel-headers-${OS_KERNEL}") || return 1 + + dnf install -y "$KERN_DEV" && + dnf install -y "$KERN_HDR" + } } # compile and install rtpengine from RPM's @@ -124,29 +95,31 @@ function install { local OS_ARCH=$(uname -m) local OS_KERNEL=$(uname -r) local RHEL_BASE_VER=$(rpm -E %{rhel}) - local DISTRO_VER="$(cat /etc/redhat-release | cut -d ' ' -f 4)" + local DISTRO_VER=$(source /etc/os-release; echo "$VERSION_ID") + local DISTRO_MAJVER=$(cut -d '.' -f 1 <<<"$DISTRO_VER") local NPROC=$(nproc) # Install required libraries - yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm - yum-config-manager -y --add-repo https://negativo17.org/repos/epel-multimedia.repo - sed -i 's|$releasever|'"${RHEL_BASE_VER}|g" /etc/yum.repos.d/epel-multimedia.repo - rpm --import http://li.nux.ro/download/nux/RPM-GPG-KEY-nux.ro - rpm -Uh http://li.nux.ro/download/nux/dextop/el7/${OS_ARCH}/nux-dextop-release-0-5.el7.nux.noarch.rpm - - yum install -y gcc glib2 glib2-devel zlib zlib-devel openssl openssl-devel pcre pcre-devel libcurl libcurl-devel \ + dnf config-manager --enable -y devel && + if (( ${DISTRO_MAJVER} == 9 )); then + dnf config-manager -y --set-enabled crb + elif (( ${DISTRO_MAJVER} == 8 )); then + dnf config-manager -y --set-enabled powertools + fi && + dnf install -y epel-release distribution-gpg-keys && + rpmkeys --import /usr/share/distribution-gpg-keys/rpmfusion/RPM-GPG-KEY-rpmfusion-free-el-${RHEL_BASE_VER} && + dnf --setopt=localpkg_gpgcheck=1 install -y https://mirrors.rpmfusion.org/free/el/rpmfusion-free-release-${RHEL_BASE_VER}.noarch.rpm && + dnf install -y jq curl gcc glib2 glib2-devel zlib zlib-devel openssl openssl-devel pcre pcre-devel libcurl libcurl-devel \ xmlrpc-c xmlrpc-c-devel libpcap libpcap-devel hiredis hiredis-devel json-glib json-glib-devel libevent libevent-devel \ - iptables iptables-devel xmlrpc-c-devel gperf system-lsb redhat-rpm-config rpm-build pkgconfig \ - freetype-devel fontconfig-devel libxml2-devel nc dkms logrotate rsyslog perl perl-IPC-Cmd spandsp-devel bc libwebsockets-devel \ - gperf gperftools gperftools-devel gperftools-libs gzip mariadb-devel perl-Config-Tiny spandsp \ - $(rpmSearch -d centos -a x86_64 -f el7 librabbitmq) $(rpmSearch -d centos -a x86_64 -f el7 librabbitmq-devel) \ - libbluray-devel libavcodec-devel libavformat-devel libavutil-devel libswresample-devel libavfilter-devel ffmpeg ffmpeg-devel \ - libjpeg-turbo-devel mosquitto-devel && + iptables iptables-devel xmlrpc-c-devel gperf redhat-rpm-config rpm-build pkgconfig spandsp-devel pandoc \ + freetype-devel fontconfig-devel libxml2-devel nc dkms logrotate rsyslog perl perl-IPC-Cmd bc libwebsockets-devel \ + gperf gperftools gperftools-devel gperftools-libs gzip mariadb-devel perl-Config-Tiny spandsp librabbitmq librabbitmq-devel \ + ffmpeg ffmpeg-devel libjpeg-turbo-devel mosquitto-devel opus-devel gcc-toolset-14 && installKernelDevHeaders if (( $? != 0 )); then printerr "Problem with installing the required libraries for RTPEngine" - exit 1 + return 1 fi BUILD_KERN_VERSIONS=$(joinwith '' ',' '' $(rpm -q kernel-headers | sed 's/kernel-headers-//g')) @@ -165,7 +138,7 @@ function install { ( cd ${SRC_DIR}/curl && ./configure --prefix=/usr --libdir=/usr/lib64 --with-ssl && - make -j $NRPOC && + make -j $NPROC && make -j $NPROC install && ldconfig ) @@ -201,6 +174,7 @@ function install { rm -rf ${RPM_BUILD_ROOT} 2>/dev/null mkdir -p ${RPM_BUILD_ROOT}/SOURCES && ( + source scl_source enable gcc-toolset-14 && cd ${SRC_DIR} && tar -czf ${RPM_BUILD_ROOT}/SOURCES/ngcp-rtpengine-${RTPENGINE_RPM_VER}.tar.gz \ --transform="s%^rtpengine%ngcp-rtpengine-$RTPENGINE_RPM_VER%g" rtpengine/ && @@ -213,15 +187,9 @@ function install { systemctl mask ngcp-rtpengine-daemon.service # install the RPM's - if (( ${DISTRO_VER} >= 8 )); then - dnf install -y ${RPM_BUILD_ROOT}/RPMS/${OS_ARCH}/ngcp-rtpengine-${RTPENGINE_RPM_VER}*.rpm \ - ${RPM_BUILD_ROOT}/RPMS/noarch/ngcp-rtpengine-dkms-${RTPENGINE_RPM_VER}*.rpm \ - ${RPM_BUILD_ROOT}/RPMS/${OS_ARCH}/ngcp-rtpengine-kernel-${RTPENGINE_RPM_VER}*.rpm - else - yum localinstall -y ${RPM_BUILD_ROOT}/RPMS/${OS_ARCH}/ngcp-rtpengine-${RTPENGINE_RPM_VER}*.rpm \ - ${RPM_BUILD_ROOT}/RPMS/noarch/ngcp-rtpengine-dkms-${RTPENGINE_RPM_VER}*.rpm \ - ${RPM_BUILD_ROOT}/RPMS/${OS_ARCH}/ngcp-rtpengine-kernel-${RTPENGINE_RPM_VER}*.rpm - fi + dnf install -y ${RPM_BUILD_ROOT}/RPMS/${OS_ARCH}/ngcp-rtpengine-${RTPENGINE_RPM_VER}*.rpm \ + ${RPM_BUILD_ROOT}/RPMS/noarch/ngcp-rtpengine-dkms-${RTPENGINE_RPM_VER}*.rpm \ + ${RPM_BUILD_ROOT}/RPMS/${OS_ARCH}/ngcp-rtpengine-kernel-${RTPENGINE_RPM_VER}*.rpm ) if (( $? != 0 )); then @@ -245,14 +213,6 @@ function install { systemctl enable firewalld systemctl start firewalld - if (( $? != 0 )) && (( ${DISTRO_VER} == 7 )); then - # fix for bug: https://bugzilla.redhat.com/show_bug.cgi?id=1575845 - systemctl restart dbus - systemctl restart firewalld - # fix for ensuing bug: https://bugzilla.redhat.com/show_bug.cgi?id=1372925 - systemctl restart systemd-logind - fi - # give rtpengine permissions in selinux semanage port -a -t rtp_media_port_t -p udp ${RTP_PORT_MIN}-${RTP_PORT_MAX} || semanage port -m -t rtp_media_port_t -p udp ${RTP_PORT_MIN}-${RTP_PORT_MAX} @@ -273,11 +233,7 @@ function install { echo "d /run/rtpengine/rtpengine.pid 0755 rtpengine rtpengine - -" > /etc/tmpfiles.d/rtpengine.conf # Reconfigure systemd service files - if (( ${DISTRO_VER} > 7 )); then - cp -f ${DSIP_PROJECT_DIR}/rtpengine/systemd/rtpengine-v3.service /lib/systemd/system/rtpengine.service - else - cp -f ${DSIP_PROJECT_DIR}/rtpengine/systemd/rtpengine-v2.service /lib/systemd/system/rtpengine.service - fi + cp -f ${DSIP_PROJECT_DIR}/rtpengine/systemd/rtpengine-v3.service /lib/systemd/system/rtpengine.service chmod 644 /lib/systemd/system/rtpengine.service systemctl daemon-reload systemctl enable rtpengine diff --git a/rtpengine/ubuntu/install.sh b/rtpengine/ubuntu/install.sh index 661f7b72..81092117 100755 --- a/rtpengine/ubuntu/install.sh +++ b/rtpengine/ubuntu/install.sh @@ -10,61 +10,139 @@ if [[ "$DSIP_LIB_IMPORTED" != "1" ]]; then . ${DSIP_PROJECT_DIR}/dsiprouter/dsip_lib.sh fi +function debSearch() { + local DEB_SEARCH="$1" SEARCH_URL + + # search security.ubuntu.com for package + SEARCH_URL="http://security.ubuntu.com/ubuntu/pool/main/l/linux/${DEB_SEARCH}.deb" + if [[ $(curl -sL -I -w "%{http_code}" "$SEARCH_URL" -o /dev/null) == "200" ]]; then + echo "$SEARCH_URL" + return 0 + fi + + # search archive.ubuntu.com for package + SEARCH_URL="http://archive.ubuntu.com/ubuntu/pool/main/l/linux/${DEB_SEARCH}.deb" + if [[ $(curl -sL -I -w "%{http_code}" "$SEARCH_URL" -o /dev/null) == "200" ]]; then + echo "$SEARCH_URL" + return 0 + fi + + # nowhere else we trust to search + return 1 +} + +function aptInstallKernelHeadersFromURI() { + local RET=0 + local KERN_HDR_URI="$1" KERN_HDR_DEB=$(basename "$1") + local KERN_HDR_COMMON_URI="" KERN_HDR_COMMON_DEB="" + + ( + # download the .deb file + cd /tmp/ + curl -sLO --retry 3 "$KERN_HDR_URI" + + # install dependent common headers + KERN_HDR_COMMON_URI=$( + debSearch $( + dpkg --info "$KERN_HDR_DEB" 2>/dev/null | + grep 'Depends:' | + cut -d ':' -f 2 | + tr ',' '\n' | + grep -oP 'linux-headers-.*-common' + ) + ) && + KERN_HDR_COMMON_DEB=$(basename "$KERN_HDR_COMMON_URI") && + curl -sLO --retry 3 "$KERN_HDR_COMMON_URI" && { + apt-get install -y ./${KERN_HDR_COMMON_DEB} + RET=$((RET + $?)) + apt-get install -y -f + rm -f "$KERN_HDR_COMMON_DEB" + } + + # install the kernel headers + apt-get install -y ./${KERN_HDR_DEB} + RET=$((RET + $?)) + rm -f "$KERN_HDR_DEB" + exit $RET + ) + + return $? +} + +# prints $1 if not virtual or the package that provides $1 if virtual +function resolveAptVirtualPkg() { + apt-cache search "^$1\$" | awk '{print $1}' +} + +# when run from root of a debian repo finds the package dependencies +function getDebDependencies() { + local TMP DISCRETE_PKGS CONDITIONAL_PKGS RESULT_PKGS=() + + TMP=$( + dpkg-checkbuilddeps 2>&1 | + awk -F 'Unmet build dependencies: ' '{print $2}' | + perl -pe 's% \(.*?\)%%g' + ) + DISCRETE_PKGS=$(perl -pe 's%[^ ]+ \| [^ ]+%%g' <<<"$TMP") + CONDITIONAL_PKGS=$( + grep -oP '[^ ]+ \| [^ ]+' <<<"$TMP" | ( + while IFS= read -r LINE; do + PKG=$(resolveAptVirtualPkg $(awk -F ' | ' '{print $1}' <<<"$LINE")) + if [[ -n "$(apt-cache search $PKG 2>/dev/null)" ]]; then + echo "$PKG" + else + PKG=$(resolveAptVirtualPkg $(awk -F ' | ' '{print $2}' <<<"$LINE")) + [[ -n "$(apt-cache search $PKG 2>/dev/null)" ]] && echo "$PKG" + fi + done + ) + ) + + for PKG in $DISCRETE_PKGS; do + RESULT_PKGS+=( $(resolveAptVirtualPkg "$PKG") ) + done + for PKG in $CONDITIONAL_PKGS; do + RESULT_PKGS+=( "$PKG" ) + done + + echo ${RESULT_PKGS[@]} +} + function install { - # Install required libraries - apt-get install -y logrotate rsyslog - apt-get install -y firewalld - apt-get install -y debhelper - apt-get install -y iptables-dev - apt-get install -y libcurl4-openssl-dev - apt-get install -y libpcre3-dev libxmlrpc-core-c3-dev - apt-get install -y markdown - apt-get install -y libglib2.0-dev - apt-get install -y libavcodec-dev - apt-get install -y libevent-dev - apt-get install -y libhiredis-dev - apt-get install -y libjson-glib-dev libpcap0.8-dev libpcap-dev libssl-dev - apt-get install -y libavfilter-dev - apt-get install -y libavformat-dev - apt-get install -y libmysqlclient-dev - apt-get install -y libmariadbclient-dev - apt-get install -y default-libmysqlclient-dev - apt-get install -y libmariadbd-dev - apt-get install -y module-assistant - apt-get install -y dkms - apt-get install -y unzip - apt-get install -y libavresample-dev - apt-get install -y linux-headers-$(uname -r) - apt-get install -y gperf libbencode-perl libcrypt-openssl-rsa-perl libcrypt-rijndael-perl libdigest-crc-perl libdigest-hmac-perl \ - libio-multiplex-perl libio-socket-inet6-perl libnet-interface-perl libsocket6-perl libspandsp-dev libsystemd-dev libwebsockets-dev - - # try upgrading debhelper with backports if lower ver than 10 - CURRENT_VERSION=$(dpkg -s debhelper 2>/dev/null | grep Version | sed -rn 's|[^0-9\.]*([0-9]).*|\1|mp') - if (( ${CURRENT_VERSION:-0} < 10 )); then - CODENAME=$(cat /etc/os-release | grep '^VERSION_CODENAME=' | cut -d '=' -f 2) - BACKPORT_REPO="${CODENAME}-backports" - apt-get install -y -t ${BACKPORT_REPO} debhelper - - # if current backports fail (again aws repo's are not very reliable) try and older repo - if [ $? -ne 0 ]; then - printf '%s\n%s\n' \ - "deb http://archive.ubuntu.com/debian-archive/ubuntu/ ${CODENAME}-backports main" \ - "deb-src http://archive.debian.org/debian-archive/ubuntu/ ${CODENAME}-backports main" \ - > /etc/apt/sources.list.d/tmp-backports.list - apt-get -o Acquire::Check-Valid-Until=false update -y - - apt-get -o Acquire::Check-Valid-Until=false install -y -t ${BACKPORT_REPO} debhelper - rm -f /etc/apt/sources.list.d/tmp-backports.list - fi + local MISSING_PKGS + local NPROC=$(nproc) + + # Install required packages and remove conflicting packages + { dpkg -l ufw &>/dev/null && apt-get remove -y ufw || :; } && + apt-get install -y git perl logrotate rsyslog firewalld dpkg-dev + + if (( $? != 0 )); then + printerr "Problem with installing the required libraries for RTPEngine" + return 1 + fi - # pin debhelper package to stay on backports repo - printf '%s\n%s\n%s\n' \ - "Package: debhelper" \ - "Pin: release n=${BACKPORT_REPO}" \ - "Pin-Priority: 750" > /etc/apt/preferences.d/debhelper + # try installing kernel dev headers in the following order: + # 1: headers from security.ubuntu.com + # 2: headers from archive.ubuntu.com + # NOTE: headers should be installed for all kernels on the system + # but we do not want to support ancient kernel dependencies + ( + RET=0 + for OS_KERNEL in $(ls /lib/modules/ 2>/dev/null); do + apt-get install -y linux-headers-${OS_KERNEL} || + aptInstallKernelHeadersFromURI $(debSearch linux-headers-${OS_KERNEL}) + RET=$((RET+$?)) + done + exit $RET + ) + + # require kernel module + if (( $? != 0 )); then + printerr "Problems occurred installing one or more kernel headers" + return 1 fi - ## compile and install RTPEngine as a DEB package + ## compile and install RTPEngine as a DEB package ## reuse repo if it exists and matches version we want to install if [[ -d ${SRC_DIR}/rtpengine ]]; then if [[ "$(getGitTagFromShallowRepo ${SRC_DIR}/rtpengine)" != "${RTPENGINE_VER}" ]]; then @@ -98,8 +176,12 @@ function install { systemctl mask ngcp-rtpengine-daemon.service apt-get install -y ../ngcp-rtpengine-daemon_*${RTPENGINE_VER}*.deb ../ngcp-rtpengine-iptables_*${RTPENGINE_VER}*.deb \ - ../ngcp-rtpengine-kernel-dkms_*${RTPENGINE_VER}*.deb ../ngcp-rtpengine-utils_*${RTPENGINE_VER}*.deb - exit $? + ../ngcp-rtpengine-kernel-dkms_*${RTPENGINE_VER}*.deb ../ngcp-rtpengine-utils_*${RTPENGINE_VER}*.deb || exit 1 + + systemctl unmask ngcp-rtpengine-daemon.service + systemctl disable ngcp-rtpengine-daemon.service + + exit 0 ) if (( $? != 0 )); then @@ -107,15 +189,6 @@ function install { return 1 fi - # make sure RTPEngine kernel module configured - # skip this check for older versions as we allow userspace forwarding - if (( ${DISTRO_VER} > 10 )); then - if [[ -z "$(find /lib/modules/${OS_KERNEL}/ -name 'xt_RTPENGINE.ko' 2>/dev/null)" ]]; then - printerr "Problem installing RTPEngine kernel module" - return 1 - fi - fi - # ensure config dirs exist mkdir -p /run/rtpengine ${SYSTEM_RTPENGINE_CONFIG_DIR} chown -R rtpengine:rtpengine /run/rtpengine @@ -146,7 +219,8 @@ function install { echo "d /var/run/rtpengine.pid 0755 rtpengine rtpengine - -" > /etc/tmpfiles.d/rtpengine.conf # Reconfigure systemd service files - cp -f ${DSIP_PROJECT_DIR}/rtpengine/systemd/rtpengine-v2.service /lib/systemd/system/rtpengine.service + rm -f /lib/systemd/system/rtpengine*.service + cp -f ${DSIP_PROJECT_DIR}/rtpengine/systemd/rtpengine-v3.service /lib/systemd/system/rtpengine.service chmod 644 /lib/systemd/system/rtpengine.service systemctl daemon-reload systemctl enable rtpengine