Table of contents
1. Introduction
OpenGate Containers es el módulo encargado de gestionar las conexiones VoIP de un entorno OpenGate, así como la configuración de extensiones, trunks, etc. En esta guía, se explica cómo realizar una instalación rápida. Consulte previamente la guía de instalación de Presence para más información acerca de los distintos módulos y arquitecturas.
2. Installation
2.1. Prerequisites
To complete a successful installation and ensure a proper operation as described in this guide, the following must be met:
Have a “host” machine with a recent version of Docker Engine and Docker Compose installed.
The “host” machine must have the network properly configured.
In case of a Master node configured with a SIP Registrar, two IPs are required.
The “host” machine should not execute other services which may clash with the ports used in your services.
Exception: The Master node should have an MTA installed, such as “postfix” to send emails from mailboxes.
When a “SMTP relay" server is being used, it must be configured as detailed in this /wiki/spaces/PRSPS/pages/177045505.
The “host” machine must not limit the connection to your services through a firewall.
Seguir la guía Instalación de Rocky Linux 9 y Docker
2.2. General installation process
There are different types of environments which require different services to be started (Master, Node, WebRTC, and combinations of these), and therefore a help script is provided that automates the following steps: Creating the docker-compose.yml
and .env
files, creating the secrets, connecting to the registry and pulling the images. This script can be launched directly using the following command:
bash -c "$(curl -s ftps://OpenGate_Update:Op3nG3t3@ftp.emea.enghouseinteractive.com/install.sh )" MODE [-norecording]
Replace MODE with one of the following:
master: Installs postgresql, ssh-server, webservices, kamailio and asterisk.
masterwebrtc: Same as master, but adds freeswitch to use as WebRTC Gateway.
masteronlywebrtc: Does not include kamailio, which allows you to use it in environments with a single IP with WebRTC phones. However, no Agent/SIP user extensions can be registered.
node: Installs asterisk and ssh-server.
nodewebrtc: Same as node, but adds freeswitch to use as WebRTC Gateway.
webrtc: Installs freeswitch and ssh-server.
turn: Installs coturn server.
El parámetro opcional -norecording
configura un entorno sin integración con Presence Recording, esto elimina la necesidad de configurar una carpeta compartida para las grabaciones.
2.3. Información técnica adicional
Más información en el documento: Additional technical OpenGate Containers information
3. Instalación de OpenGate Master
Ejecutamos el comando de instalación indicando el modo master.
bash -c "$(curl -s ftps://OpenGate_Update:Op3nG3t3@ftp.emea.enghouseinteractive.com/install.sh )" master
Tras ejecutar este comando automáticamente conectará al “registry” y obtendrá las imágenes.
Al finalizar, the following screen will prompt you to configure the environments in the.env
file, and will also show the instructions to create secrets. Something like this:
Please edit .env file with the appropriate values. Current .env contents: TZ=Europe/Madrid SSH_USERNAME=opengate DATA_BINDADDR=10.X.X.X VOICE_BINDADDR=10.X.X.X SIP_REGISTRAR_IP=10.X.X.X # DB_NAME MUST be opengate (hardcoded at OpenGate Proxy) DB_NAME=opengate DB_USER=opengaterw RECORDING_SHARE=//X.X.X.X/recording RECORDING_SHARE_USER=Administrator RECORDING_SHARE_PASSWORD=PASSWORD RECORDING_MOUNT_POINT=/recordings # set to true to restore from a backup RESTORE_MODE=false Generate the secrets using the following commands and instructions: - DB password: echo "MYPASSWORD" > secrets/db_password.txt - SSH Key: ssh-keygen -f secrets/ssh_key - TLS certificates (generate self-signed): openssl req -x509 -nodes -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 3650 or copy your own to the apropriate files: cat key.pem cert.pem > secrets/asterisk.pem When done, start the environment by executing: docker compose up -d
Edita el fichero .env
usando tu editor preferido y modifica las siguientes líneas:
DATA_BINDADDR: introduce la IP de la red de datos.
VOICE_BINDADDR: introduce la IP de la red de voz. Si no hay separación de voz y datos, introduce la misma en ambas variables.
SIP_REGISTRAR_IP: la IP asociada al SIP Registrar. No puede coincidir con las anteriores. Asegúrate de configurar dos IPs en el sistema.
RECORDING_SHARE, RECORDING_SHARE_USER y RECORDING_SHARE_PASSWORD: definen los parámetros de la carpeta compartida de grabaciones.
Ejecuta los pasos mencionados para crear los secrets:
Sustituye MYPASSWORD por la contraseña que quieras:
echo "MYPASSWORD" > secrets/db_password.txt
Esta contraseña y el valor de la variable DB_USER (opengaterw por defecto) deben coincidir con lo configurado en OpenGate Proxy Server configuration.
Genera las claves SSH:
ssh-keygen -f secrets/ssh_key
Genera unos certificados autofirmados si no tienes unos propios:
openssl req -x509 -nodes -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 3650
Y concatena los dos ficheros resultantes en uno sólo en la ruta correspondiente:
cat key.pem cert.pem > secrets/asterisk.pem
Finally, start with the command below:
docker compose up -d
4. Instalación de OpenGate Node
Ejecutamos el comando de instalación indicando el modo node.
bash -c "$(curl -s ftps://OpenGate_Update:Op3nG3t3@ftp.emea.enghouseinteractive.com/install.sh )" node
Tras ejecutar este comando automáticamente conectará al “registry” y obtendrá las imágenes.
Al finalizar, a screen will prompt you to configure the environments in the.env
file, and will also show the instructions to create secrets.
Edita el fichero .env
usando tu editor preferido y modifica las siguientes líneas:
DATA_BINDADDR: introduce la IP de la red de datos.
VOICE_BINDADDR: introduce la IP de la red de voz. Si no hay separación de voz y datos, introduce la misma en ambas variables.
RECORDING_SHARE, RECORDING_SHARE_USER y RECORDING_SHARE_PASSWORD: definen los parámetros de la carpeta compartida de grabaciones.
Ejecuta los pasos mencionados para crear los secrets:
Copia la clave pública SSH que has generado en el master.
A mano con un cliente SFTP/SCP gráfico, o ejecutando en el nodo:
scp opengate@MASTERIP:secrets/ssh_key.pub secrets/ssh_key.pub
Donde opengate es el usuario que has configurado en sistema operativo de la máquina del Master, y MASTERIP es su IP. Tendrás que introducir correctamente la contraseña del usuario opengate de la máquina Master cuando lo solicite.
Genera unos certificados autofirmados si no tienes unos propios:
openssl req -x509 -nodes -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 3650
Y concaténalos en uno sólo en la ruta correspondiente:
cat key.pem cert.pem > secrets/asterisk.pem
4. Instalación de OpenGate WebRTC Gateway
Ejecutamos el comando de instalación indicando el modo webrtc.
bash -c "$(curl -s ftps://OpenGate_Update:Op3nG3t3@ftp.emea.enghouseinteractive.com/install.sh )" webrtc
Tras ejecutar este comando automáticamente conectará al “registry” y obtendrá las imágenes.
Al finalizar, a screen will prompt you to configure the environments in the.env
file, and will also show the instructions to create secrets.
Edita el fichero .env
usando tu editor preferido y modifica las siguientes líneas:
WSS_BINDADDR: introduce la IP de la red DMZ (si no tienes separación entre DMZ y red Privada, introduce la IP de la red Privada).
WSS_EXTERNAL_IP: introduce la IP pública del sistema.
Ejecuta los pasos mencionados para crear los secrets:
Copia la clave pública SSH que has generado en el master.
A mano con un cliente SFTP/SCP gráfico, o ejecutando en el nodo:
scp opengate@MASTERIP:secrets/ssh_key.pub secrets/ssh_key.pub
Donde opengate es el usuario que has configurado en sistema operativo de la máquina del Master, y MASTERIP es su IP. Tendrás que introducir correctamente la contraseña del usuario opengate de la máquina Master cuando lo solicite.
Genera unos certificados autofirmados si no tienes unos propios:
openssl req -x509 -nodes -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 3650
Y concatena los dos ficheros resultantes en uno sólo en la ruta correspondiente:
cat key.pem cert.pem > secrets/freeswitch.pem
4. Update
Edit the
docker-compose.yml
file and check tags from all images.Tags pointing to
:latest
will automatically download the latest version.Alternatively, indicate a specific release (example:
release-01
). Check https://enghouseglobal.atlassian.net/wiki/spaces/PSRN.
Run the following commands to update and start the environment again:
docker compose pull docker compose up -d
The above commands will cause that containers with changes (and also depending containers) to restart.
Once the environment is up and running, old images can be cleared using docker image prune
.
5. Restoring from backup
This restore process may be used for backup copies of versions 11.0 to 13.0 in order to migrate an environment previously installed from the old softappliance with CentOS 7.
Edit the
.env
file in the Master node to set the variableRESTORE_MODE=true
.Stop Presence OpenGate Proxy Server and any other applications that may be using the database. Apply the changes using the following command:
docker compose up -d
.Wait for the environment to get started again. Then, access the Master node IP from a web browser.
Load the backup copy and follow the steps.
If the restore process is performed using a backup copy generated with another database user (e.g., for 12.3 or 13.0 updates), you may expect many changes related to permissions in the above first step.
When all the steps are completed, edit the
.env
file in the Master node. Set the variableRESTORE_MODE=false
and apply using the following command:docker compose up -d
.
6. IMPORTANT
Certain technical details are important to keep in mind:
You MUST NOT change the database username once the environment has been started for the first time. The PostgreSQL official container creates the database for the user specified in the first boot. If you subsequently change that user, the database will not start successfully.
Docker compose does not update the configuration of CIFS volumes (such as the recordings volume of Presence Recording). If you wish to modify this configuration once the volume has been created, you must first stop the environment, then delete the volume using the following command:
docker compose down; docker volume rm VOLUME_NAME
.If you make a change that results in the creation of a new container (e.g. a change to the image, one environment variable or volume), then the previous trace logs will be lost.
Realice una copia si lo considera necesario. Ejemplo, copia de las últimas 48 horas:
docker compose logs -t --since 48h | gzip -c > 48hlogs.gz
.
In case of a core dump in a service that is running in a container, the kernel configuration of the host machine is inherited, which means that this configuration will be saved in the host as specified. For Rocky Linux 9, these are stored in
/var/lib/systemd/coredumps
.
6.1. Changing the mount directory of recordings
Because of the change made to set absolute paths, it is important to update the configuration of Presence Recording Server so that the new absolute paths will be used as shown below: