The document discusses using deployment tools like Ansible to automate configuration management. Previously, manual deployment and patching occurred every two weeks. Ansible can enable continuous deployment, automatic testing and rollback, and remove the need for specialized knowledge. It works by triggering Jenkins when code is pushed, building packages, running Ansible scripts to install packages, configure systems, run tests, and rollback if needed. Templates allow host-specific configurations. Ansible can perform tasks across multiple systems and be used to automate common administration tasks.

1. Superpowers
of deployment Tools
Jöran Vinzens
linkedin.com/in/jvinzens
@vinzens81

2. Jöran Vinzens
linkedin.com/in/jvinzens @vinzens81
4 years ago….
● Manual deployment
● Patchday every 2 weeks at the end of each sprint
● Manual testing
● Usually we forgot something
● different codebase dev - production

3. Jöran Vinzens
linkedin.com/in/jvinzens @vinzens81
And then, there is ansible & co.
● started with backend businesslogic
● frontend website
● VoIP components
● network infrastructure

4. Jöran Vinzens
linkedin.com/in/jvinzens @vinzens81
Initial Idea
● continuous deployment
● no need to know the setup
● enable everybody instead of stakeholder only
● automatic tests
● secure rollout
● automatic rollback

5. Jöran Vinzens
linkedin.com/in/jvinzens @vinzens81
Components involved
Jenkins

6. Jöran Vinzens
linkedin.com/in/jvinzens @vinzens81
How does it work?
push code

7. Jöran Vinzens
linkedin.com/in/jvinzens @vinzens81
How does it work?
Jenkins
github trigger Jenkins Step 1:
- build debian package

8. Jöran Vinzens
linkedin.com/in/jvinzens @vinzens81
How does it work?
Jenkins step 2:
- run ansible script
Jenkins

9. Jöran Vinzens
linkedin.com/in/jvinzens @vinzens81
How does it work?
Ansible script
- check already installed package version
- install new package
- install config
- reload of systems
- tests
- roll back old package

10. Jöran Vinzens
linkedin.com/in/jvinzens @vinzens81
How does it work?
template
files
environment
data

11. Jöran Vinzens
linkedin.com/in/jvinzens @vinzens81
VoIP is not your average service

12. Jöran Vinzens
linkedin.com/in/jvinzens @vinzens81
● restarting
● real time communication
● ongoing sessions
● retransmits
● UDP/TCP services
● loadbalancer
● big config files
● lots of different components
VoIP is not your average service

13. Jöran Vinzens
linkedin.com/in/jvinzens @vinzens81
VoIP is not your average service

14. Jöran Vinzens
linkedin.com/in/jvinzens @vinzens81
what we did:
- several iterations
- lots of different systems
- lot of mistakes
the best we know so far:
- install code by debian package management
- create config by ansible (host- / group-specific)
VoIP is not your average service

15. Jöran Vinzens
linkedin.com/in/jvinzens @vinzens81
separate "code" from config

16. Jöran Vinzens
linkedin.com/in/jvinzens @vinzens81
separate "code" from config
What is code?
codelike config is code!
- extensions.conf
- kamailio.cfg (route definitions)

17. Jöran Vinzens
linkedin.com/in/jvinzens @vinzens81
separate "code" from config
What is code?
- AMI
- AGI
- ARI

18. Jöran Vinzens
linkedin.com/in/jvinzens @vinzens81
separate "code" from config
But why?
put code into package
- enable rollback
- keep config simple
- keep track of logic changes
- separation makes "dev = production" possible

19. Jöran Vinzens
linkedin.com/in/jvinzens @vinzens81
separate "code" from config
what about kamailio.cfg? It’s both!
Config:
#!KAMAILIO
debug=2
fork=yes
log_stderror=no
listen=udp:10.0.1.1
#!define FOO
Loadmodule “tm.so”
Code:
route{
if (method=="INVITE") {
stuff;
exit;
}
}

20. Jöran Vinzens
linkedin.com/in/jvinzens @vinzens81
separate "code" from config
what about kamailio.cfg? Or, is it?
route{
if (src_ip == 211.1.7.6) {
exit;
}
}

21. Jöran Vinzens
linkedin.com/in/jvinzens @vinzens81
separate "code" from config
what about kamailio.cfg? Or, is it?
Modified config:
modparam("pv", "varset", "ip=s:211.1.7.6")
route{
if (src_ip == $var(ip)) {
exit;
}
}

22. Jöran Vinzens
linkedin.com/in/jvinzens @vinzens81
separate "code" from config
how does it come together?

23. Jöran Vinzens
linkedin.com/in/jvinzens @vinzens81
kamailio.cfg kamailio_header.cfg
…
systemD
DB entries
DEB package ansible
running config
separate "code" from config

24. Jöran Vinzens
linkedin.com/in/jvinzens @vinzens81
separate "code" from config
new config Style:
Config:
#!KAMAILIO
debug=2
fork=yes
log_stderror=no
listen=udp:10.0.1.1
#!define FOO
Loadmodule “tm.so”
modparam("pv", "varset",
"ip=s:211.1.7.6")
debian Package:
include_file
"/etc/kamailio/kamailio_header.cfg"
route{
if (method=="INVITE") {
stuff;
exit;
}
}

25. Jöran Vinzens
linkedin.com/in/jvinzens @vinzens81
Ansible, deploy config!

26. Jöran Vinzens
linkedin.com/in/jvinzens @vinzens81
Ansible, deploy config!
---
- hosts: asterisk
remote_user: root
become: yes
become_method: sudo
serial: 1
roles:
- install_config
asterisk.yml
[asterisk]
host1.domain.com
host2.domain.com
host3.domain.com
inventory

27. Jöran Vinzens
linkedin.com/in/jvinzens @vinzens81
Ansible, deploy config!
Playbook
- role 1
- role 2
Environment
group:
- Host 1
- Host 2
Groupvars
Hostvars
Hostvars

28. Jöran Vinzens
linkedin.com/in/jvinzens @vinzens81
Ansible, deploy config! copy file
---
- name: Copy files
copy:
src: {{ hostname }}_sip.conf
dest: /etc/asterisk/sip.conf
owner: asterisk
group: asterisk
mode: 775
role/install_config/tasks/main.yml

29. Jöran Vinzens
linkedin.com/in/jvinzens @vinzens81
Ansible, deploy config! template
---
- name: use a template
template:
src: sip.conf.j2
dest: /etc/a/sip.conf
owner: asterisk
group: asterisk
mode: 0644
role/install_config/tasks/main.yml
[general]
bindport={{ service_port }}
bindaddr={{ service_ip }}
role/install_config/templates/sip.conf.j2

30. Jöran Vinzens
linkedin.com/in/jvinzens @vinzens81
service_port: 5060
group_vars/asterisk
[general]
bindport={{ service_port }}
bindaddr={{ service_ip }}
role/install_config/templates/sip.conf.j2
service_ip: 1.2.3.4
host_vars/host1.domain.com
service_ip: 1.2.3.5
host_vars/host2.domain.com
Ansible, deploy config! template

31. Jöran Vinzens
linkedin.com/in/jvinzens @vinzens81
Ansible, deploy config! useful asterisk tools
- name: Reload asterisk dialplan
command: "asterisk -rx 'dialplan reload'"
- name: Reload asterisk sip
command: "asterisk -rx 'sip reload'"
- name: Restart Asterisk when empty
command: "asterisk -rx 'core restart when convenient'"
shell commands

32. Jöran Vinzens
linkedin.com/in/jvinzens @vinzens81
Ansible, deploy! task on other hosts
TASK TASK TASK TASK

33. Jöran Vinzens
linkedin.com/in/jvinzens @vinzens81
Ansible, deploy! task on other hosts
TASK TASK
TASK

34. Jöran Vinzens
linkedin.com/in/jvinzens @vinzens81
Ansible, deploy! task on other hosts
- name: Disable Dispatcher for Host
command:
"kamcmd dispatcher.set_state d 1 sip:{{ service_ip }}:{{ service_port }}"
delegate_to: dispatcher1.domain.com
- name: do other stuff
delegate to

35. Jöran Vinzens
linkedin.com/in/jvinzens @vinzens81
how to start?
start where you are!

36. Jöran Vinzens
linkedin.com/in/jvinzens @vinzens81
how to start?
start where you are!
automate all manual steps as they are

37. Jöran Vinzens
linkedin.com/in/jvinzens @vinzens81
how to start?
● jenkins
● github trigger
● build packages
● ...

38. Jöran Vinzens
linkedin.com/in/jvinzens @vinzens81
how to start?
● jenkins
● github trigger
● build packages
● ...

39. Jöran Vinzens
linkedin.com/in/jvinzens @vinzens81
how to start?
● jenkins
● github trigger
● build packages
● ...
all you need is ansible:
#> ansible-playbook -i inventory asterisk.yml -s -K

40. Jöran Vinzens
linkedin.com/in/jvinzens @vinzens81
how to start?
● ssh to server
● git pull
● copy files
● trigger scripts
● restart/reload service

41. Jöran Vinzens
linkedin.com/in/jvinzens @vinzens81
how to start?
---
- file: path=/tmp/config state=absent
- command: /bin/bash -c "git clone config git@host:repo /tmp"
- command: ./script
args:
chdir: /tmp/config
- file: path=/tmp/config state=absent
- service: name=daemon state=started
most basic playbook

42. Jöran Vinzens
linkedin.com/in/jvinzens @vinzens81
Things you can do with ansible:

43. Jöran Vinzens
linkedin.com/in/jvinzens @vinzens81
Things you can do with ansible:
create and check mysql access
- name: make sure mysql user for GW exists
mysql_user:
name: "{{ db_user }}"
password: "{{ db_pass }}"
host: "{{ ansible_default_ipv4.address }}"
priv: "{{ db_name }}.*:SELECT,EXECUTE"
state: present
config_file: "~/.cnf"
delegate_to: "{{ db_host }}"

44. Jöran Vinzens
linkedin.com/in/jvinzens @vinzens81
Things you can do with ansible:
create and check mysql access
- name: check database connection
shell: echo select 1 | mysql -h{{ db_host }} -u{{ db_user }} -p{{ db_pass
}} {{ db_name }}
register: db_checkresult
- name: fail if connection is not successful
fail:
msg: "Failed to connect to database, exiting here"
when:
- db_checkresult.stdout_lines[1] != '1'

45. Jöran Vinzens
linkedin.com/in/jvinzens @vinzens81
Things you can do with ansible:
enter host into dispatcher set
- name: Write dispatcher to database
shell: echo insert ignore into dispatcher
(setid,destination,flags,priority,attrs,description) values ({{
dispatcherset_id }},"sip:{{ service_ip }}:5060",1,0,"","") | mysql {{
dn_name }}
delegate_to: "db.sip.com"

46. Jöran Vinzens
linkedin.com/in/jvinzens @vinzens81
Things you can do with ansible:
enter host into dispatcher set
- name: reload dispatcher set in Kamailio Loadbalancer(s)
command: /usr/sbin/kamcmd -s /tmp/kamailio_ctl dispatcher.reload
delegate_to: "loadbalancer.sip.com"

47. Jöran Vinzens
linkedin.com/in/jvinzens @vinzens81
Things you can do with ansible:
enter host into dispatcher set
- name: check for dispatcher state
shell: /usr/sbin/kamcmd -s /tmp/kamailio_ctl dispatcher.list | grep -A2 {{
localip }} |grep FLAGS
delegate_to: "loadbalancer.sip.com"
register: dispatcherlist

48. Jöran Vinzens
linkedin.com/in/jvinzens @vinzens81
Things you can do with ansible:
enter host into dispatcher set
- name: Check for kamailio dispatcher.list
fail:
msg: "Gateway is not ready, yet. Check firewall and IP!"
when: "'IP' in '{{ item[0].stdout }}'"
with_items:
- [ "{{ dispatcherlist.results }}" ]

49. Jöran Vinzens
linkedin.com/in/jvinzens @vinzens81
Lessons learned
avoid non testable stuff
● extensions.conf
● kamailio.cfg
use ARI / AGI / AMI for asterisk
use LUA for kamailio

50. Jöran Vinzens
linkedin.com/in/jvinzens @vinzens81
Lessons learned
make kamailio restart save
● Write htable into DB
● Save location into DB
● Use DMQ
● Avoid dialog tracking
● Avoid stateful instances

51. Jöran Vinzens
linkedin.com/in/jvinzens @vinzens81
numbers and statistics core routing engine
33 commits a week
8 commits a day
every commit into
production
mostly by customer support

52. Jöran Vinzens
linkedin.com/in/jvinzens @vinzens81
numbers and statistics asterisk config
21 commits a week
9 commits a day
nearly every commit into
production

53. Jöran Vinzens
linkedin.com/in/jvinzens @vinzens81
numbers and statistics kamailio config
11 machines
86 instances of kamailio
~11 min

54. Jöran Vinzens
linkedin.com/in/jvinzens @vinzens81
numbers and statistics kamailio config
11 machines
1111 tasks performed

55. Jöran Vinzens
linkedin.com/in/jvinzens @vinzens81
numbers and statistics asterisk config
~15 min
47 machines

56. Jöran Vinzens
linkedin.com/in/jvinzens @vinzens81
links for more information
http://sipg.at/ansible-network
http://sipg.at/ansible-sample
http://sipg.at/ansible-talk

57. Jöran Vinzens
linkedin.com/in/jvinzens @vinzens81
Questions