Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

Table of contents

1. Introduction

OpenGate Containers es el módulo encargado de gestionar las conexiones VoIP de un entorno OpenGate, así como la configuración de extensiones, trunks, etc. En esta guía, se explica cómo realizar una instalación rápida. Consulte previamente la guía de instalación de Presence para más información acerca de los distintos módulos y arquitecturas.

2. Installation

2.1. Prerequisites

To complete a successful installation and ensure a proper operation as described in this guide, the following must be met:

  • Have a “host” machine with a recent version of Docker Engine and Docker Compose installed.

  • The “host” machine must have the network properly configured.

    • In case of a Master node configured with a SIP Registrar, two IPs are required.

  • The “host” machine should not execute other services which may clash with the ports used in your services.

    • Exception: The Master node should have an MTA installed, such as “postfix” to send emails from mailboxes.

    • When a “SMTP relay" server is being used, it must be configured as detailed in this /wiki/spaces/PRSPS/pages/177045505.

  • The “host” machine must not limit the connection to your services through a firewall.

Seguir la guía Instalación de Rocky Linux 9 y Docker

2.2. General installation process

There are different types of environments which require different services to be started (Master, Node, WebRTC, and combinations of these), and therefore a help script is provided that automates the following steps: Creating the docker-compose.yml and .env files, creating the secrets, connecting to the registry and pulling the images. This script can be launched directly using the following command:

bash -c "$(curl -s ftps://OpenGate_Update:Op3nG3t3@ftp.emea.enghouseinteractive.com/install.sh )" MODE [-norecording]

Replace MODE with one of the following:

  • master: Installs postgresql, ssh-server, webservices, kamailio and asterisk.

  • masterwebrtc: Same as master, but adds freeswitch to use as WebRTC Gateway.

  • masteronlywebrtc: Does not include kamailio, which allows you to use it in environments with a single IP with WebRTC phones. However, no Agent/SIP user extensions can be registered.

  • node: Installs asterisk and ssh-server.

  • nodewebrtc: Same as node, but adds freeswitch to use as WebRTC Gateway.

  • webrtc: Installs freeswitch and ssh-server.

  • turn: Installs coturn server.

El parámetro opcional -norecording configura un entorno sin integración con Presence Recording, esto elimina la necesidad de configurar una carpeta compartida para las grabaciones.

2.3. Información técnica adicional

Más información en el documento: Additional technical OpenGate Containers information

3. Instalación de OpenGate Master

Ejecutamos el comando de instalación indicando el modo master.

bash -c "$(curl -s ftps://OpenGate_Update:Op3nG3t3@ftp.emea.enghouseinteractive.com/install.sh )" master

Tras ejecutar este comando automáticamente conectará al “registry” y obtendrá las imágenes.

image-20240919-144048.png

Al finalizar, the following screen will prompt you to configure the environments in the.env file, and will also show the instructions to create secrets. Something like this:

Please edit .env file with the appropriate values. Current .env contents:
TZ=Europe/Madrid
SSH_USERNAME=opengate
DATA_BINDADDR=10.X.X.X
VOICE_BINDADDR=10.X.X.X
SIP_REGISTRAR_IP=10.X.X.X
# DB_NAME MUST be opengate (hardcoded at OpenGate Proxy)
DB_NAME=opengate
DB_USER=opengaterw
RECORDING_SHARE=//X.X.X.X/recording
RECORDING_SHARE_USER=Administrator
RECORDING_SHARE_PASSWORD=PASSWORD
RECORDING_MOUNT_POINT=/recordings
# set to true to restore from a backup
RESTORE_MODE=false

Generate the secrets using the following commands and instructions:
 - DB password: echo "MYPASSWORD" > secrets/db_password.txt
 - SSH Key: ssh-keygen -f secrets/ssh_key
 - TLS certificates (generate self-signed): openssl req -x509 -nodes -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 3650
    or copy your own to the apropriate files:
      cat key.pem cert.pem > secrets/asterisk.pem

When done, start the environment by executing:  docker compose up -d

Edita el fichero .env usando tu editor preferido y modifica las siguientes líneas:

  • DATA_BINDADDR: introduce la IP de la red de datos.

  • VOICE_BINDADDR: introduce la IP de la red de voz. Si no hay separación de voz y datos, introduce la misma en ambas variables.

  • SIP_REGISTRAR_IP: la IP asociada al SIP Registrar. No puede coincidir con las anteriores. Asegúrate de configurar dos IPs en el sistema.

  • RECORDING_SHARE, RECORDING_SHARE_USER y RECORDING_SHARE_PASSWORD: definen los parámetros de la carpeta compartida de grabaciones.

Ejecuta los pasos mencionados para crear los secrets:

  • Sustituye MYPASSWORD por la contraseña que quieras:

    echo "MYPASSWORD" > secrets/db_password.txt

    (warning) Esta contraseña y el valor de la variable DB_USER (opengaterw por defecto) deben coincidir con lo configurado en OpenGate Proxy Server configuration.

  • Genera las claves SSH:

    ssh-keygen -f secrets/ssh_key
  • Genera unos certificados autofirmados si no tienes unos propios:

    openssl req -x509 -nodes -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 3650
    • Y concatena los dos ficheros resultantes en uno sólo en la ruta correspondiente:

      cat key.pem cert.pem > secrets/asterisk.pem

Finally, start with the command below:

docker compose up -d

4. Instalación de OpenGate Node

Ejecutamos el comando de instalación indicando el modo node.

bash -c "$(curl -s ftps://OpenGate_Update:Op3nG3t3@ftp.emea.enghouseinteractive.com/install.sh )" node

Tras ejecutar este comando automáticamente conectará al “registry” y obtendrá las imágenes.

Al finalizar, a screen will prompt you to configure the environments in the.env file, and will also show the instructions to create secrets.

Edita el fichero .env usando tu editor preferido y modifica las siguientes líneas:

  • DATA_BINDADDR: introduce la IP de la red de datos.

  • VOICE_BINDADDR: introduce la IP de la red de voz. Si no hay separación de voz y datos, introduce la misma en ambas variables.

  • RECORDING_SHARE, RECORDING_SHARE_USER y RECORDING_SHARE_PASSWORD: definen los parámetros de la carpeta compartida de grabaciones.

Ejecuta los pasos mencionados para crear los secrets:

  • Copia la clave pública SSH que has generado en el master.

    • A mano con un cliente SFTP/SCP gráfico, o ejecutando en el nodo:

      scp opengate@MASTERIP:secrets/ssh_key.pub secrets/ssh_key.pub

      Donde opengate es el usuario que has configurado en sistema operativo de la máquina del Master, y MASTERIP es su IP. Tendrás que introducir correctamente la contraseña del usuario opengate de la máquina Master cuando lo solicite.

  • Genera unos certificados autofirmados si no tienes unos propios:

    openssl req -x509 -nodes -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 3650
    • Y concaténalos en uno sólo en la ruta correspondiente:

      cat key.pem cert.pem > secrets/asterisk.pem

4. Instalación de OpenGate WebRTC Gateway

Ejecutamos el comando de instalación indicando el modo webrtc.

bash -c "$(curl -s ftps://OpenGate_Update:Op3nG3t3@ftp.emea.enghouseinteractive.com/install.sh )" webrtc

Tras ejecutar este comando automáticamente conectará al “registry” y obtendrá las imágenes.

Al finalizar, a screen will prompt you to configure the environments in the.env file, and will also show the instructions to create secrets.

Edita el fichero .env usando tu editor preferido y modifica las siguientes líneas:

  • WSS_BINDADDR: introduce la IP de la red DMZ (si no tienes separación entre DMZ y red Privada, introduce la IP de la red Privada).

  • WSS_EXTERNAL_IP: introduce la IP pública del sistema.

Ejecuta los pasos mencionados para crear los secrets:

  • Copia la clave pública SSH que has generado en el master.

    • A mano con un cliente SFTP/SCP gráfico, o ejecutando en el nodo:

      scp opengate@MASTERIP:secrets/ssh_key.pub secrets/ssh_key.pub

      Donde opengate es el usuario que has configurado en sistema operativo de la máquina del Master, y MASTERIP es su IP. Tendrás que introducir correctamente la contraseña del usuario opengate de la máquina Master cuando lo solicite.

  • Genera unos certificados autofirmados si no tienes unos propios:

    openssl req -x509 -nodes -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 3650
    • Y concatena los dos ficheros resultantes en uno sólo en la ruta correspondiente:

      cat key.pem cert.pem > secrets/freeswitch.pem

4. Update

  1. Edit the docker-compose.yml file and check tags from all images.

    1. Tags pointing to :latest will automatically download the latest version.

    2. Alternatively, indicate a specific release (example: release-01). Check https://enghouseglobal.atlassian.net/wiki/spaces/PSRN.

  2. Run the following commands to update and start the environment again:

    docker compose pull
    docker compose up -d
  3. The above commands will cause that containers with changes (and also depending containers) to restart.

Once the environment is up and running, old images can be cleared using docker image prune.

5. Restoring from backup

This restore process may be used for backup copies of versions 11.0 to 13.0 in order to migrate an environment previously installed from the old softappliance with CentOS 7.

  1. Edit the .env file in the Master node to set the variable RESTORE_MODE=true.

  2. Stop Presence OpenGate Proxy Server and any other applications that may be using the database. Apply the changes using the following command: docker compose up -d.

  3. Wait for the environment to get started again. Then, access the Master node IP from a web browser.

    1. Load the backup copy and follow the steps.

    2. If the restore process is performed using a backup copy generated with another database user (e.g., for 12.3 or 13.0 updates), you may expect many changes related to permissions in the above first step.

  4. When all the steps are completed, edit the .env file in the Master node. Set the variable RESTORE_MODE=false and apply using the following command: docker compose up -d.

6. IMPORTANT

Certain technical details are important to keep in mind:

  • You MUST NOT change the database username once the environment has been started for the first time. The PostgreSQL official container creates the database for the user specified in the first boot. If you subsequently change that user, the database will not start successfully.

  • Docker compose does not update the configuration of CIFS volumes (such as the recordings volume of Presence Recording). If you wish to modify this configuration once the volume has been created, you must first stop the environment, then delete the volume using the following command: docker compose down; docker volume rm VOLUME_NAME.

  • If you make a change that results in the creation of a new container (e.g. a change to the image, one environment variable or volume), then the previous trace logs will be lost.

    • Realice una copia si lo considera necesario. Ejemplo, copia de las últimas 48 horas: docker compose logs -t --since 48h | gzip -c > 48hlogs.gz.

  • In case of a core dump in a service that is running in a container, the kernel configuration of the host machine is inherited, which means that this configuration will be saved in the host as specified. For Rocky Linux 9, these are stored in /var/lib/systemd/coredumps.

6.1. Changing the mount directory of recordings

Because of the change made to set absolute paths, it is important to update the configuration of Presence Recording Server so that the new absolute paths will be used as shown below:

image-20240619-092709.png

  • No labels