(A guide by the Open Telecom Foundation)
This guide is dedicated to Installing Kazoo on the AWS EC2 servers. It will be broken into 3 parts, Getting an EC2 instance using the Centos AMI up and running, ssh into EC2 instance on the linux command line, installing and configuring Kazoo on the EC2 instance.
Once you have a AWS account set up, install AWS CLI on your machine, this guide assumes you have a private/public keyset ready to use
(HINT : ssh-keygen).
# for macOS users
brew install awscli
After install, run
aws configure
Enter your credentials as prompted
Upload your public key to the AWS console
aws ec2 import-key-pair --key-name otf_kazoo_key --public-key-material file://~/.ssh/id_rsa.pub
Output:
{
"KeyName": "my-key",
"KeyFingerprint": "1f:51:ae:28:bf:89:e9:d8:1f:25:5d:37:2d:7d:b8:ca"
}
aws ec2 create-security-group --group-name otf_kazoo_sg1 --description OTF_kazoo-Security_group
Output:
{
"GroupId": "sg-0c880c0a90352eca7"
}
NOTE : otf_kazoo_sg1 : This is the name of the security group that will be used throughout
# change count to the number of instances you want, but one will suffice for deploying kazoo
aws ec2 run-instances --image-id ami-e1496384 --count 1 --instance-type t2.large --key-name otf_kazoo_key --security-groups otf_kazoo_sg1
for tcp add all the following ports
aws ec2 authorize-security-group-ingress --group-name otf_kazoo_sg1 --protocol tcp --port 22 --cidr 0.0.0.0/0
aws ec2 authorize-security-group-ingress --group-name otf_kazoo_sg1 --protocol tcp --port 8000 --cidr 0.0.0.0/0
aws ec2 authorize-security-group-ingress --group-name otf_kazoo_sg1 --protocol tcp --port 8443 --cidr 0.0.0.0/0
aws ec2 authorize-security-group-ingress --group-name otf_kazoo_sg1 --protocol tcp --port 1111 --cidr 0.0.0.0/0
aws ec2 authorize-security-group-ingress --group-name otf_kazoo_sg1 --protocol tcp --port 2222 --cidr 0.0.0.0/0
aws ec2 authorize-security-group-ingress --group-name otf_kazoo_sg1 --protocol tcp --port 443 --cidr 0.0.0.0/0
aws ec2 authorize-security-group-ingress --group-name otf_kazoo_sg1 --protocol tcp --port 5060 --cidr 0.0.0.0/0
aws ec2 authorize-security-group-ingress --group-name otf_kazoo_sg1 --protocol tcp --port 7000 --cidr 0.0.0.0/0
for udp add the following ports
aws ec2 authorize-security-group-ingress --group-name otf_kazoo_sg1 --protocol udp --port 7000 --cidr 0.0.0.0/0
aws ec2 authorize-security-group-ingress --group-name otf_kazoo_sg1 --protocol udp --port 10000-40000 --cidr 0.0.0.0/0
aws ec2 authorize-security-group-ingress --group-name otf_kazoo_sg1 --protocol udp --port 5060 --cidr 0.0.0.0/0
aws ec2 authorize-security-group-ingress --group-name otf_kazoo_sg1 --protocol icmp --port all --cidr 0.0.0.0/0
Get the public IP of the instance
Replace 'instance-id' with the instance ID from your AWS console
aws ec2 describe-instances --instance-ids 'instance-id' --query 'Reservations[].Instances[].PublicDnsName'
Using Results from the terminal which should look like this
[
"ec2-3-17-74-39.us-east-2.compute.amazonaws.com"
]
ssh to your instance
ssh -i pathTo-myPrivateKEy.pem root@ec2-3-17-74-39.us-east-2.compute.amazonaws.com
FQDN Check
Make sure both hostname and hostname -f both return the fully qualified domain name, otherwise the procedure will fail.
Check status
sestatus
If not disabled, disable Selinux and reboot
Disable Selinux
sed -i 's/\(^SELINUX=\).*/\SELINUX=disabled/' /etc/selinux/config
reboot
Disable Firewall
systemctl disable firewalld
systemctl disable iptables
systemctl stop firewalld
systemctl stop iptables
NOTE: Make sure to reinstall the Firewall at the end.
Set Timezone
yum install ntp
systemctl enable ntpd
systemctl start ntpd
timedatectl set-timezone UTC
Pre-requirements
yum -y update
yum -y install net-tools wget gdb yum-utils bash-completion epel-release
Install the necessary RPM repositories for the latest stable release for Kazoo
cd /usr/src
wget --no-check-certificate \
copy link to console
rpm -Uvh 2600hz-release-4.2-0.el7.centos.noarch.rpm
yum-config-manager --disable 2600hz-experimental
yum-config-manager --disable 2600hz-staging
yum-config-manager --enable 2600hz-stable
Now run the following step by step, should take less than 15 minutes to install and update
Install
yum -y install kazoo-bigcouch kazoo-haproxy kazoo-rabbitmq kazoo-freeswitch kazoo-kamailio kazoo-applications kazoo-application-* monster-ui* httpd
Enable
systemctl enable kazoo-bigcouch kazoo-haproxy kazoo-rabbitmq kazoo-freeswitch kazoo-kamailio kazoo-applications kazoo-ecallmgr httpd
Restart
systemctl restart kazoo-bigcouch kazoo-haproxy kazoo-rabbitmq kazoo-freeswitch kazoo-kamailio kazoo-applications kazoo-ecallmgr httpd
# haproxy has no Server at this point, seeing the following message is ok
"proxy bigcouch-mgr has no server available!"
/usr/sbin/chkconfig kamailio off
To ensure the database creation was completed
curl localhost:15984/_all_dbs | python -mjson.tool | wc -l
The Lower left number should be 26
sup kazoo_media_maintenance import_prompts /opt/kazoo/sounds/en/us/
# Create master account. Account name, realm and password can be changed afterwards via Monster UI.
sup crossbar_maintenance create_account master master.local superadmin somepassword
# use this information to log into monster-ui
master - account name
master.local - domain
superadmin - user
somepassword - password
serverIP=$(ifconfig | sed -En 's/127.0.0.*//;s/.*inet (addr:)?(([0-9]*\.){3}[0-9]*).*/\2/p')
serverFQDN=$(hostname)
sed -i "s/127\.0\.0\.1/$serverIP/g" /etc/kazoo/kamailio/local.cfg
sed -i "s/kamailio\.2600hz\.com/$serverFQDN/g" /etc/kazoo/kamailio/local.cfg
sed -i "s/localhost/$serverIP/" /var/www/html/monster-ui/js/config.js
systemctl restart kazoo-kamailio
Check ecallmgr node is connected to freeswitch
sup -n ecallmgr ecallmgr_maintenance add_fs_node freeswitch@$serverFQDN
# seeing the following error is expected and should not alarm you
{error,node_exists}
The following command is run twice because it doesn't seem to always stick the first time. Add Kamailio to ACL so that Freeswitch allows the traffic
sup -n ecallmgr ecallmgr_maintenance allow_sbc kamailio1 $serverIP
sup -n ecallmgr ecallmgr_maintenance allow_sbc kamailio1 $serverIP
Replace serverIP:8000/v2 with x.x.x.x:8000/v2
x.x.x.x being your pubic IP from AWS EC2 instance.
This is because, while creating the $serverIP, AWS uses the internal IP and not the public one, this causes problem while loading the apps from monster-ui.
sup crossbar_maintenance init_apps /var/www/html/monster-ui/apps http://$serverIP:8000/v2
# Pay extra attention while running this command, it is crucial that the
**httpd/conf.d/monster-ui.conf file get the right $serverFQDN.**
echo "<VirtualHost *:80>
DocumentRoot \"/var/www/html/monster-ui\"
ServerName $serverFQDN
</VirtualHost>
" > /etc/httpd/conf.d/monster-ui.conf
check if http got the right IP
cat /etc/httpd/conf.d/monster-ui.conf`
# You should be able to see your internal ip address next to ServerName
echo "<VirtualHost *:80>
DocumentRoot \"/var/www/html/monster-ui\"
ServerName **YOUR-INTERNAL AWS IP SHOULD BE HERE!**
</VirtualHost>
" > /etc/httpd/conf.d/monster-ui.conf
systemctl reload httpd
reboot
# After reboot, run the following test to make sure all configurations stuck. Almost 90% of the errors happen here!
Check that Freeswitch is connected to ecallmgr.
fs_cli -x 'erlang status'
**output**
Running mod_kazoo v1.4.0-1
Listening for new Erlang connections on 0.0.0.0:8031 with cookie change_me
Registered as Erlang node freeswitch@ip-172-31-9-68.us-east-2.compute.internal, visible as freeswitch
Connected to:
ecallmgr@ip-172-31-9-68.us-east-2.compute.internal (172.31.9.68:8031) up 0 years, 1 days, 3 hours, 59 minutes, 19 seconds
This might take a few minutes after reboot
Check that Kamailio IP is in ACL.
sup -n ecallmgr ecallmgr_maintenance acl_summary
output
| Name | CIDR | List | Type | Authorizing Type | ID |
|---|---|---|---|---|---|
| kamailio1 | 172.31.9.68/32 | authoritative | allow | system_config | |
| kamailio@kamailio.2600hz.com | 0.0.0.0/32 | authoritative | allow | system_config |
*172.31.9.68/32 should be your internal AWS IP
** edit the $serverIP and paste it manually from your AWS EC2 instance. ONLY do this if kamailio is not listed!!**
sup -n ecallmgr ecallmgr_maintenance allow_sbc kamailio1 $serverIP
sup -n ecallmgr ecallmgr_maintenance allow_sbc kamailio1 $serverIP
Check that Freeswitch is in configuration
sup -n ecallmgr ecallmgr_maintenance get_fs_nodes
**Output**
freeswitch@ip-172-31-9-68.us-east-2.compute.internal
Check Erlang nodes
epmd -names
# Should result in:
epmd: up and running on port 4369 with data:
name kazoo-rabbitmq at port 25672
name freeswitch at port 8031
name kazoo_apps at port 11502
name ecallmgr at port 11501
name bigcouch at port 11500
# Check overall system status
# You should see 3 nodes listed as shown at Check status. Kazoo Apps, Kamailio, and Ecallmgr.
# The Freeswitch media server should be listed under Ecallmgr node.
# Freeswitch IP on port 11000 with (AP) status should be listed beside Dispatcher 1 under Kamailio node.`
kazoo-applications status
Output
kazoo-applications status
Node : kazoo_apps@somedomain.local
md5 : jFoOSYRl8EM8hPzqzjSIEw
Version : 4.1.41 - 18
Memory Usage : 76.44MB
Processes : 1682
Ports : 20
Zone : local
Broker : amqp://127.0.0.1:5672
Globals : local (4)
Node Info : kz_amqp_pool: 150/0/0 (ready)
WhApps : blackhole(5m45s) callflow(5m45s) cdr(5m45s) conference(5m45s)
crossbar(5m44s) fax(5m36s) hangups(5m16s) media_mgr(5m16s)
milliwatt(5m16s) omnipresence(5m16s) pivot(5m16s) registrar(5m16s)
reorder(5m16s) stepswitch(5m16s) sysconf(5m45s) tasks(5m16s)
teletype(4m13s) trunkstore(4m11s) webhooks(4m11s)
Node : kamailio@somedomain.local
Version : 5.0.3
Memory Usage : 15.27MB
Zone : local
Broker : amqp://127.0.0.1:5672
WhApps : kamailio(6m2s)
Roles : Dispatcher Presence Registrar
Dispatcher 1 : sip:serverIP:11000 (AP)
Subscribers :
Subscriptions :
Presentities : presence (0) dialog (0) message-summary (0)
Registrations : 0
Node : ecallmgr@somedomain.local
md5 : 9hsLTuppG8oNQRSGmU6cwA
Version : 4.1.41 - 18
Memory Usage : 49.67MB
Processes : 1134
Ports : 28
Zone : local
Broker : amqp://127.0.0.1:5672
Globals : remote (4)
Node Info : kz_amqp_pool: 150/0/0 (ready)
WhApps : ecallmgr(5m45s)
Channels : 0
Registrations : 0
Media Servers : freeswitch@somedomain.local (5m39s)
Firewall
systemctl enable firewalld
systemctl restart firewalld
firewall-cmd --permanent --zone=public --add-service={http,https}
firewall-cmd --permanent --zone=public --add-port={8000,8443}/tcp
firewall-cmd --permanent --zone=public --add-port={5060,7000}/tcp
firewall-cmd --permanent --zone=public --add-port={5060,7000}/udp
firewall-cmd --permanent --zone=public --add-port=16384-32768/udp
#Administrator access. Replace x.x.x.x with the public IP address of your admin computer.
firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="x.x.x.x" accept'
firewall-cmd --reload
This is the Kazoo Supervisor, allows accessing Erlang from the Command line
# View top level list of commands using bash completion
sup [TAB][TAB]
# To view next level down with autocomplete (using ecallmgr_maintenance as an example)
sup ecallmgr_m[TAB][TAB][TAB]
# Create a file listing all sup commands
mkdir /usr/doc
/opt/kazoo/lib/sup*/priv/build-autocomplete.escript \
/etc/bash_completion.d/sup.bash /opt/kazoo > /usr/doc/sup_commands
# View the file
cat /usr/doc/sup_commands
At this point, Kazoo should be up and running on your EC2 instance. Now we will configure Kazoo for EC2 instance. We need to manually change some variables, especially IPs so that Kamailio can communicate effectively with freeSWITCH
# Install nano
yum install nano
# If you prefer vim then
yum install vim
Then Edit the files as follows
nano /etc/kazoo/freeswitch/sip_profiles/sipinterface_1.xml
# TODO : Using a text editor of your choice (vim/nano) edit the sipinterface_1.xml file as follows**
Set <param name="ext-rtp-ip" value="auto"/> to
<param name="ext-rtp-ip" value="x.x.x.x."/>
(x.x.x.x is the external IP given by AWS EC2)
Set <param name="local-network-acl" value="localnet.auto"/> to
<param name="local-network-acl" value="NOPE"/>
# “NOPE” doesn't matter, just not localnet.auto
**Setting the “ext-rtp-ip” to your public IP enables kamailio to configure FreeSWITCH
**By setting "local-network-acl" to “NOPE” ensures that FreeSWITCH sends the SIP packets to the right IP address
Finally : Edit the local.cfg file
nano /etc/kazoo/kamailio/local.cfg
listen=UDP_SIP advertise x.x.x.x:5060
listen=TCP_SIP advertise x.x.x.x:5060
(where x.x.x.x is your public AWS address.)
[This ensures that FreeSWITCH can send the ACK message to the right address
over the right IP and avoids losing connection during calls]
If Firewall was not installed
yum install firewalld
systemctl enable firewalld
systemctl status firewalld
Source: PowerPBX Kazoo V4 Single Server Install