add support for building on gcp

google-deployment-manager/gcp-jambonz-mini-config.yaml

@@ -0,0 +1,6 @@
+imports:
+- path: gcp-jambonz-mini.jinja
+
+resources:
+- name: jambonz-mini
+  type: gcp-jambonz-mini.jinja

google-deployment-manager/gcp-jambonz-mini.jinja

@@ -0,0 +1,180 @@
+{% set image = "packer-1680730500" %}
+{% set region = "us-central1" %}
+{% set zone = "us-central1-b" %}
+{% set instanceType = "e2-medium" %}
+{% set dnsName = "jambonz.me" %}
+{% set jaegerUsername = "admin" %}
+{% set jaegerPassword = "JambonzR0ck$" %}
+{% set projectName = env["project"] %}
+{% set uuid = env["current_time"] %}
+
+resources:
+- name: jambonz-static-ip-{{ uuid }}
+  type: gcp-types/compute-v1:addresses
+  properties:
+    region: {{ region }}
+    name: jambonz-mini-static-ip
+
+- name: jambonz-mini-firewall-rule-{{ uuid }}
+  type: compute.v1.firewall
+  properties:
+    targetTags:
+    - jambonz-mini-{{ uuid }}
+    network: https://www.googleapis.com/compute/v1/projects/{{ projectName }}/global/networks/default
+    sourceRanges: 
+    - 0.0.0.0/0
+    allowed: 
+    - IPProtocol: tcp 
+      ports: 
+      - "22"
+      - "80"
+      - "443"
+      - "3020"
+      - "5060"
+      - "5061"
+      - "8443"
+    - IPProtocol: udp 
+      ports: 
+      - "5060"
+
+- name: jambonz-mini-{{ uuid }}
+  type: compute.v1.instance
+  properties:
+    tags:
+      items:
+      - jambonz-mini-{{ uuid }}
+    zone: {{ zone }}
+    machineType: https://www.googleapis.com/compute/v1/projects/{{ projectName }}/zones/{{ zone }}/machineTypes/{{ instanceType }}
+    disks:
+    - deviceName: boot
+      type: PERSISTENT 
+      boot: true
+      autodelete: true
+      initializeParams:
+        sourceImage: https://www.googleapis.com/compute/v1/projects/{{ projectName }}/global/images/{{ image }}
+    networkInterfaces:
+    - network: https://www.googleapis.com/compute/v1/projects/{{ projectName }}/global/networks/default
+      accessConfigs:
+      - name: External NAT 
+        type: ONE_TO_ONE_NAT 
+        natIP: $(ref.jambonz-static-ip-{{ uuid }}.address)
+    metadata:
+      items:
+      - key: startup-script
+        value: |
+          #!/bin/bash -xe
+
+          DNS_NAME={{ dnsName }}
+          JAEGER_USERNAME={{ jaegerUsername }}
+          JAEGER_PASSWORD={{ jaegerPassword }}
+
+{% raw %}
+          # get instance metadata
+          PRIVATE_IPV4="$(curl -s -H "Metadata-Flavor: Google" http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip)" 
+          PUBLIC_IPV4="$(curl -s -H "Metadata-Flavor: Google" http://metadata/computeMetadata/v1/instance/network-interfaces/0/access-configs/0/external-ip)" 
+          INSTANCE_ID="$(curl -s -H "Metadata-Flavor: Google" http://metadata.google.internal/computeMetadata/v1/instance/name)"
+
+          # replace ip addresses in the ecosystem.config.js file
+          sudo sed -i -e "s/\(.*\)PRIVATE_IP\(.*\)/\1$PRIVATE_IPV4\2/g" /home/admin/apps/ecosystem.config.js 
+          sudo sed -i -e "s/\(.*\)--JAMBONES_API_BASE_URL--\(.*\)/\1http:\/\/$PUBLIC_IPV4\/v1\2/g" /home/admin/apps/ecosystem.config.js 
+          
+          # set initial admin password to admin
+          JAMBONES_MYSQL_USER=admin JAMBONES_MYSQL_PASSWORD=JambonzR0ck$ JAMBONES_MYSQL_DATABASE=jambones JAMBONES_MYSQL_HOST=127.0.0.1 /home/admin/apps/jambonz-api-server/db/reset_admin_password.js
+
+          # replace JWT_SECRET
+          uuid=$(uuidgen)
+          sudo sed -i -e "s/\(.*\)JWT-SECRET-GOES_HERE\(.*\)/\1$uuid\2/g" /home/admin/apps/ecosystem.config.js 
+
+          #Add BasicAuth password for Jaeger
+          sudo htpasswd -b -c /etc/nginx/.htpasswd $JAEGER_USERNAME "$JAEGER_PASSWORD"
+          
+          # configure webapp
+          if [[ -z $DNS_NAME ]]; then
+            # portals will be accessed by IP address of server
+            echo "VITE_API_BASE_URL=http://$PUBLIC_IPV4/api/v1" > /home/admin/apps/jambonz-webapp/.env 
+            API_BASE_URL=http://$PUBLIC_IPV4/api/v1 TAG="<script>window.JAMBONZ = { API_BASE_URL: '$API_BASE_URL'};</script>"
+            sed -i -e "\@</head>@i\ $TAG" /home/admin/apps/jambonz-webapp/dist/index.html
+          else
+            # portals will be accessed by DNS name
+            echo "VITE_API_BASE_URL=http://$DNS_NAME/api/v1" > /home/admin/apps/jambonz-webapp/.env 
+            API_BASE_URL=http://$DNS_NAME/api/v1 TAG="<script>window.JAMBONZ = { API_BASE_URL: '$API_BASE_URL'};</script>"
+            sed -i -e "\@</head>@i\ $TAG" /home/admin/apps/jambonz-webapp/dist/index.html
+          
+            sudo cat << EOF > /etc/nginx/sites-available/default 
+            server {
+                listen 80;
+                server_name $DNS_NAME;
+                location /api/ {
+                    rewrite ^/api/(.*)$ /\$1 break;
+                    proxy_pass http://localhost:3002;
+                    proxy_set_header Host \$host;
+                }
+                location / {
+                    proxy_pass http://localhost:3001;
+                    proxy_set_header Host \$host;
+                }
+            }
+            server {
+              listen 80;
+              server_name api.$DNS_NAME; 
+              location / {
+                proxy_pass http://localhost:3002; 
+                proxy_set_header Host \$host;
+              }
+            }
+            server {
+              listen 80;
+              server_name grafana.$DNS_NAME; 
+              location / {
+                proxy_pass http://localhost:3010; 
+                proxy_http_version 1.1;
+                proxy_set_header Upgrade \$http_upgrade;
+                proxy_set_header Connection 'upgrade';
+                proxy_set_header Host \$host;
+                proxy_cache_bypass \$http_upgrade;
+              }
+            }
+            server {
+              listen 80;
+              server_name homer.$DNS_NAME; 
+              location / {
+                proxy_pass http://localhost:9080; 
+                proxy_http_version 1.1;
+                proxy_set_header Upgrade \$http_upgrade;
+                proxy_set_header Connection 'upgrade';
+                proxy_set_header Host \$host;
+                proxy_cache_bypass \$http_upgrade;
+              }
+            }
+            server {
+              listen 80;
+              server_name jaeger.$DNS_NAME; 
+              location / {
+                proxy_pass http://localhost:16686; 
+                proxy_http_version 1.1;
+                proxy_set_header Upgrade \$http_upgrade;
+                proxy_set_header Connection 'upgrade';
+                proxy_set_header Host \$host;
+                proxy_cache_bypass \$http_upgrade;
+                auth_basic "Secured Endpoint";
+                auth_basic_user_file /etc/nginx/.htpasswd;
+              }
+            }
+          EOF
+          
+            sudo systemctl restart nginx
+          fi
+          
+          # restart heplify-server
+          sudo systemctl restart heplify-server
+
+          sudo -u admin bash -c "pm2 restart /home/admin/apps/ecosystem.config.js" 
+          sudo -u admin bash -c "pm2 save"
+          sudo env PATH=$PATH:/usr/bin /usr/lib/node_modules/pm2/bin/pm2 startup systemd -u admin --hp /home/admin
+
+          # get an apiban key
+          APIBANKEY=$(curl -X POST -u jambonz:1a074994242182a9e0b67eae93978826 -d "{\"client\": \"$uuid\"}" -s https://apiban.org/sponsor/newkey | jq -r '.ApiKey')
+          sudo sed -i -e "s/API-KEY-HERE/$APIBANKEY/g" /usr/local/bin/apiban/config.json
+          sudo /usr/local/bin/apiban/apiban-iptables-client FULL
+
+{% endraw %}

packer/jambonz-mini/files/rtpengine.gcp.service

@@ -0,0 +1,48 @@
+
+[Unit]
+Description=rtpengine
+After=syslog.target network.target local-fs.target
+
+[Service]
+; service
+Type=forking
+Environment="LD_LIBRARY_PATH=/usr/local/lib/"
+ExecStartPre=/bin/sh -c 'systemctl set-environment LOCAL_IP=`curl -s -H "Metadata-Flavor: Google" http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip`'
+ExecStartPre=/bin/sh -c 'systemctl set-environment PUBLIC_IP=`curl -s -H "Metadata-Flavor: Google" http://metadata/computeMetadata/v1/instance/network-interfaces/0/access-configs/0/external-ip`'
+ExecStartPre=echo 'del 42' > /proc/rtpengine/control
+ExecStart=/usr/local/bin/rtpengine \
+--interface private/${LOCAL_IP} \
+--interface public/${LOCAL_IP}!${PUBLIC_IP} \
+--listen-ng=22222 \
+--listen-http=8080 \
+--listen-udp=12222 \
+--dtmf-log-dest=127.0.0.1:22223 \
+--listen-cli=127.0.0.1:9900 \
+--table=42 \
+--pidfile /run/rtpengine.pid \
+--port-min 40000 \
+--port-max 60000 \
+--recording-dir /var/spool/recording \
+--recording-method proc \
+--log-level 5 \
+--delete-delay 0
+PIDFile=/run/rtpengine.pid
+TimeoutSec=15s
+Restart=always
+; exec
+User=root
+Group=daemon
+LimitCORE=infinity
+LimitNOFILE=100000
+LimitNPROC=60000
+;LimitSTACK=240
+LimitRTPRIO=infinity
+LimitRTTIME=7000000
+IOSchedulingClass=realtime
+IOSchedulingPriority=2
+CPUSchedulingPolicy=rr
+CPUSchedulingPriority=89
+UMask=0007
+
+[Install]
+WantedBy=multi-user.target

packer/jambonz-mini/gcp-template.json

@@ -1,8 +1,9 @@
 {
   "variables": {
+    "cloud_provider": "gcp",
     "region": "us-east-1",
     "ssh_username": "admin",
-    "ami_description": "jambonz all-in-one AMI", 
+    "ami_description": "jambonz-mini (all-in-one server)", 
     "instance_type": "c2-standard-4",
     "drachtio_version": "v0.8.21",
     "jambonz_version": "v0.8.2",
@@ -23,18 +24,21 @@
     "mediaserver_name" : "jambonz",
     "preferred_codec_list" : "PCMU,PCMA,OPUS,G722",
     "project_id": "drachtio-cpaas",
-    "image_family": "debian-11-bullseye-v20230306",
-    "image_zone": "us-east1-b"
+    "source_image_family": "debian-11",
+    "source_image_project_id": "debian-cloud",
+    "image_zone": "us-central1-c"
   },
   "builders": [
     {
       "type": "googlecompute",
       "project_id": "{{user `project_id`}}",
-      "source_image": "{{user `image_family`}}",
+      "source_image_family": "{{user `source_image_family`}}",
+      "source_image_project_id": "{{user `source_image_project_id`}}",
       "ssh_username": "{{user `ssh_username`}}",
       "zone": "{{user `image_zone`}}",
       "machine_type": "{{user `instance_type`}}",
-      "disk_size": "60"
+      "image_description": "{{user `ami_description`}}",
+      "disk_size": "80"
     }
   ],
   "provisioners": [
@@ -79,7 +83,12 @@
     },
     {
       "type": "shell",
-      "execute_command": "chmod +x {{ .Path }}; sudo '{{ .Path }}' {{user `drachtio_version`}} GCP",
+      "execute_command": "chmod +x {{ .Path }}; sudo '{{ .Path }}' {{user `rtp_engine_version`}} {{user `cloud_provider`}}",
+      "script": "scripts/install_rtpengine.sh"
+    },
+    {
+      "type": "shell",
+      "execute_command": "chmod +x {{ .Path }}; sudo '{{ .Path }}' {{user `drachtio_version`}} {{user `cloud_provider`}}",
       "script": "scripts/install_drachtio.sh"
     },
     {
@@ -91,11 +100,6 @@
       ],
       "script": "scripts/install_freeswitch.sh"
     },
-    {
-      "type": "shell",
-      "execute_command": "chmod +x {{ .Path }}; sudo '{{ .Path }}' {{user `rtp_engine_version`}}",
-      "script": "scripts/install_rtpengine.sh"
-    },
     {
       "type": "shell",
       "script": "scripts/install_nodejs.sh"

packer/jambonz-mini/scripts/install_drachtio.sh

@@ -10,10 +10,12 @@ cd drachtio-server
 git submodule update --init --recursive
 ./autogen.sh && mkdir -p build && cd $_ && ../configure --enable-tcmalloc=yes CPPFLAGS='-DNDEBUG -g -O2' && make -j 4 && sudo make install
 
-if [ "$2" = "GCP" ]; then 
-  sudo mv /tmp/gcp-drachtio.service /etc/systemd/system/drachtio.service
-  sudo mv /tmp/gcp-drachtio-5070.service /etc/systemd/system/drachtio-5070.service
+if [ "$2" = "gcp" ]; then 
+  echo "installing drachtio for gcp"
+  sudo mv /tmp/drachtio.gcp.service /etc/systemd/system/drachtio.service
+  sudo mv /tmp/drachtio-5070.gcp.service /etc/systemd/system/drachtio-5070.service
 else
+  echo "installing drachtio for aws"
   sudo mv /tmp/drachtio.service /etc/systemd/system
   sudo mv /tmp/drachtio-5070.service /etc/systemd/system
 fi 
@@ -24,7 +26,6 @@ sudo chmod 644 /etc/systemd/system/drachtio.service
 sudo systemctl enable drachtio
 sudo systemctl restart drachtio
 sudo systemctl status drachtio.service
-sudo journalctl -xe
 
 sudo mv /tmp/drachtio-5070.conf.xml /etc
 sudo chmod 644 /etc/drachtio-5070.conf.xml

packer/jambonz-mini/scripts/install_rtpengine.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
 VERSION=$1
 
-echo "rtpengine version to install is ${VERSION}"
+echo "rtpengine version to install is ${VERSION}, cloud provider is $2"
 
 cd /usr/local/src
 git clone https://github.com/BelledonneCommunications/bcg729.git
@@ -33,9 +33,16 @@ EOF
 echo 'add 42' > /proc/rtpengine/control
 iptables -I INPUT -p udp --dport 40000:60000 -j RTPENGINE --id 42
 
+if [ "$2" = "gcp" ]; then 
+  echo "installing rtpengine for gcp"
+  sudo mv /tmp/rtpengine.gcp.service /etc/systemd/system/rtpengine.service
+else
+  echo "installing rtpengine for aws"
+  sudo mv /tmp/rtpengine.service /etc/systemd/system/rtpengine.service
+fi 
+
 cp /usr/local/src/rtpengine/daemon/rtpengine /usr/local/bin
 cp /usr/local/src/rtpengine/recording-daemon/rtpengine-recording /usr/local/bin/
-sudo mv /tmp/rtpengine.service /etc/systemd/system
 sudo mv /tmp/rtpengine-recording.service /etc/systemd/system
 sudo mv /tmp/rtpengine-recording.ini /etc/rtpengine-recording.ini
 sudo chmod 644 /etc/systemd/system/rtpengine.service

terraform/gcp/jambonz-mini/deployment.tf

@@ -0,0 +1,179 @@
+provider "google" {
+  project = var.project
+  region = var.region
+}
+
+resource "random_string" "uuid" {
+  length = 6
+  special = false
+  upper = false
+}
+
+resource "google_compute_address" "jambonz_static_ip" {
+  name = "jambonz-static-ip-${random_string.uuid.result}"
+  region = var.region
+}
+
+resource "google_compute_firewall" "jambonz_mini_firewall_rule" {
+  name = "jambonz-firewall-rule-${random_string.uuid.result}"
+
+  source_ranges = [
+    "0.0.0.0/0"
+  ]
+  target_tags = [
+    "jambonz-mini-${random_string.uuid.result}"
+  ]
+  network = "https://www.googleapis.com/compute/v1/projects/${var.project}/global/networks/default"
+  allow {
+    protocol = "tcp"
+    ports = ["22", "80", "443", "3020", "5060", "5061", "8443"]
+  }
+  allow {
+    protocol = "udp"
+    ports = ["5060"]
+  }
+}
+
+resource "google_compute_instance" "jambonz_mini" {
+  name = "jambonz-mini-${random_string.uuid.result}"
+  zone = var.zone
+  machine_type = var.instance_type
+  tags = [
+    "jambonz-mini-${random_string.uuid.result}"
+  ]
+  boot_disk {
+    device_name = "boot"
+    initialize_params {
+      image = "https://www.googleapis.com/compute/v1/projects/${var.project}/global/images/${var.image}"
+    }
+  }
+  network_interface {
+    network = "https://www.googleapis.com/compute/v1/projects/${var.project}/global/networks/default"
+    access_config {
+      nat_ip = google_compute_address.jambonz_static_ip.address
+    }
+  }
+  metadata = {
+    startup-script = <<-EOT
+#!/bin/bash -xe
+
+DNS_NAME="${var.dns_name}"
+JAEGER_USERNAME="${var.jaeger_username}"
+JAEGER_PASSWORD="${var.jaeger_password}"
+
+
+# get instance metadata
+PRIVATE_IPV4="$(curl -s -H "Metadata-Flavor: Google" http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip)" 
+PUBLIC_IPV4="$(curl -s -H "Metadata-Flavor: Google" http://metadata/computeMetadata/v1/instance/network-interfaces/0/access-configs/0/external-ip)" 
+INSTANCE_ID="$(curl -s -H "Metadata-Flavor: Google" http://metadata.google.internal/computeMetadata/v1/instance/name)"
+
+# replace ip addresses in the ecosystem.config.js file
+sudo sed -i -e "s/\(.*\)PRIVATE_IP\(.*\)/\1$PRIVATE_IPV4\2/g" /home/admin/apps/ecosystem.config.js 
+sudo sed -i -e "s/\(.*\)--JAMBONES_API_BASE_URL--\(.*\)/\1http:\/\/$PUBLIC_IPV4\/v1\2/g" /home/admin/apps/ecosystem.config.js 
+
+# set initial admin password to admin
+JAMBONES_MYSQL_USER=admin JAMBONES_MYSQL_PASSWORD=JambonzR0ck$ JAMBONES_MYSQL_DATABASE=jambones JAMBONES_MYSQL_HOST=127.0.0.1 /home/admin/apps/jambonz-api-server/db/reset_admin_password.js
+
+# replace JWT_SECRET
+uuid=$(uuidgen)
+sudo sed -i -e "s/\(.*\)JWT-SECRET-GOES_HERE\(.*\)/\1$uuid\2/g" /home/admin/apps/ecosystem.config.js 
+
+#Add BasicAuth password for Jaeger
+sudo htpasswd -b -c /etc/nginx/.htpasswd $JAEGER_USERNAME "$JAEGER_PASSWORD"
+
+# configure webapp
+if [[ -z $DNS_NAME ]]; then
+  # portals will be accessed by IP address of server
+  echo "VITE_API_BASE_URL=http://$PUBLIC_IPV4/api/v1" > /home/admin/apps/jambonz-webapp/.env 
+  API_BASE_URL=http://$PUBLIC_IPV4/api/v1 TAG="<script>window.JAMBONZ = { API_BASE_URL: '$API_BASE_URL'};</script>"
+  sed -i -e "\@</head>@i\ $TAG" /home/admin/apps/jambonz-webapp/dist/index.html
+else
+  # portals will be accessed by DNS name
+  echo "VITE_API_BASE_URL=http://$DNS_NAME/api/v1" > /home/admin/apps/jambonz-webapp/.env 
+  API_BASE_URL=http://$DNS_NAME/api/v1 TAG="<script>window.JAMBONZ = { API_BASE_URL: '$API_BASE_URL'};</script>"
+  sed -i -e "\@</head>@i\ $TAG" /home/admin/apps/jambonz-webapp/dist/index.html
+
+  sudo cat << EOF > /etc/nginx/sites-available/default 
+  server {
+      listen 80;
+      server_name $DNS_NAME;
+      location /api/ {
+          rewrite ^/api/(.*)$ /\$1 break;
+          proxy_pass http://localhost:3002;
+          proxy_set_header Host \$host;
+      }
+      location / {
+          proxy_pass http://localhost:3001;
+          proxy_set_header Host \$host;
+      }
+  }
+  server {
+    listen 80;
+    server_name api.$DNS_NAME; 
+    location / {
+      proxy_pass http://localhost:3002; 
+      proxy_set_header Host \$host;
+    }
+  }
+  server {
+    listen 80;
+    server_name grafana.$DNS_NAME; 
+    location / {
+      proxy_pass http://localhost:3010; 
+      proxy_http_version 1.1;
+      proxy_set_header Upgrade \$http_upgrade;
+      proxy_set_header Connection 'upgrade';
+      proxy_set_header Host \$host;
+      proxy_cache_bypass \$http_upgrade;
+    }
+  }
+  server {
+    listen 80;
+    server_name homer.$DNS_NAME; 
+    location / {
+      proxy_pass http://localhost:9080; 
+      proxy_http_version 1.1;
+      proxy_set_header Upgrade \$http_upgrade;
+      proxy_set_header Connection 'upgrade';
+      proxy_set_header Host \$host;
+      proxy_cache_bypass \$http_upgrade;
+    }
+  }
+  server {
+    listen 80;
+    server_name jaeger.$DNS_NAME; 
+    location / {
+      proxy_pass http://localhost:16686; 
+      proxy_http_version 1.1;
+      proxy_set_header Upgrade \$http_upgrade;
+      proxy_set_header Connection 'upgrade';
+      proxy_set_header Host \$host;
+      proxy_cache_bypass \$http_upgrade;
+      auth_basic "Secured Endpoint";
+      auth_basic_user_file /etc/nginx/.htpasswd;
+    }
+  }
+EOF
+
+  sudo systemctl restart nginx
+fi
+
+# restart heplify-server
+sudo systemctl restart heplify-server
+
+sudo -u admin bash -c "pm2 restart /home/admin/apps/ecosystem.config.js" 
+sudo -u admin bash -c "pm2 save"
+sudo env PATH=$PATH:/usr/bin /usr/lib/node_modules/pm2/bin/pm2 startup systemd -u admin --hp /home/admin
+
+# get an apiban key
+APIBANKEY=$(curl -X POST -u jambonz:1a074994242182a9e0b67eae93978826 -d "{\"client\": \"$uuid\"}" -s https://apiban.org/sponsor/newkey | jq -r '.ApiKey')
+sudo sed -i -e "s/API-KEY-HERE/$APIBANKEY/g" /usr/local/bin/apiban/config.json
+sudo /usr/local/bin/apiban/apiban-iptables-client FULL
+
+EOT
+  }
+
+  depends_on = [
+    google_compute_address.jambonz_static_ip
+  ]
+}

terraform/gcp/jambonz-mini/deployment.tfvars

@@ -0,0 +1,8 @@
+image = "packer-1680730500"
+region = "us-central1"
+zone = "us-central1-b"
+project = "drachtio-cpaas"
+dns_name = "jambonz.me"
+instance_type = "e2-medium"
+jaeger_username = "admin"
+jaeger_password = "JambonzR0ck$"

terraform/gcp/jambonz-mini/variables.tf

@@ -0,0 +1,24 @@
+variable "image" {
+  description = "the image to use for the boot disk"
+}
+variable "region" {
+  description = "the GCP region"
+}
+variable "zone" {
+  description = "the GCP zone"
+}
+variable "project" {
+  description = "the GCP project name"
+}
+variable "dns_name" {
+  description = "the domain you want to use for the portal"
+}
+variable "instance_type" {
+  description = "the VM instance type"
+}
+variable "jaeger_username" {
+  description = "the jaeager user"
+}
+variable "jaeger_password" {
+  description = "the jaeager password"
+}