add jambonz medium AWS deployment: sbc(sip+rtp), fs, web+monitoring (#61)

* add jambonz medium AWS deployment: sbc(sip+rtp), fs, web+monitoring

* fix terraform proxmox: correct calculation of private IP

* fixs for jambonz-medium

* spread sbc and fs across availability zones

packer/jambonz-feature-server/aws/scripts/install_os_tuning.sh

@@ -3,8 +3,7 @@ sudo sed -i '/# End of file/i *                hard       nofile          65535'
 sudo sed -i '/# End of file/i *                soft       nofile          65535'  /etc/security/limits.conf
 sudo sed -i '/# End of file/i root             hard       nofile          65535'  /etc/security/limits.conf
 sudo sed -i '/# End of file/i root             soft       nofile          65535'  /etc/security/limits.conf
-sudo sed -i s/#DefaultLimitNOFILE=/DefaultLimitNOFILE=65535/g /etc/systemd/system.conf
-sudo sed -i s/#DefaultLimitNOFILE=/DefaultLimitNOFILE=65535/g /etc/systemd/user.conf
+sudo sed -i s/^#DefaultLimitNOFILE=.*$/DefaultLimitNOFILE=65535:65535/g /etc/systemd/system.conf
 
 sudo bash -c 'cat >> /etc/sysctl.conf << EOT
 net.core.rmem_max=26214400

packer/jambonz-feature-server/aws/template.json

@@ -5,7 +5,7 @@
     "ami_description": "jambonz feature server",
     "instance_type": "t2.xlarge",
     "drachtio_version": "v0.8.22",
-    "jambonz_version": "v0.8.4-1",
+    "jambonz_version": "v0.8.4-4",
     "ami_base_image_arch": "amd64",
     "ami_base_image_owner": "136693071363",
     "install_telegraf": "yes",
@@ -81,11 +81,6 @@
       "type": "shell",
       "script": "scripts/install_os_tuning.sh"
     },
-    {
-      "type": "shell",
-      "execute_command": "chmod +x {{ .Path }}; sudo '{{ .Path }}' {{user `install_cloudwatch`}}",
-      "script": "scripts/install_cloudwatch.sh"
-    },
     {
       "type": "shell",
       "environment_vars": [
@@ -95,6 +90,11 @@
       ],
       "script": "scripts/install_freeswitch.sh"
     },
+    {
+      "type": "shell",
+      "execute_command": "chmod +x {{ .Path }}; sudo '{{ .Path }}' {{user `install_cloudwatch`}}",
+      "script": "scripts/install_cloudwatch.sh"
+    },
     {
       "type": "shell",
       "script": "scripts/install_nodejs.sh"
@@ -131,6 +131,7 @@
         "sudo apt-get -y install iptables-persistent",
         "sudo rm -Rf /tmp/*",
         "sudo rm /root/.ssh/authorized_keys",
+        "sudo rm /home/admin/.ssh/known_hosts",
         "sudo rm /home/admin/.ssh/authorized_keys"
       ]
     }

packer/jambonz-mini/aws/scripts/install_os_tuning.sh

@@ -3,8 +3,7 @@ sudo sed -i '/# End of file/i *                hard       nofile          65535'
 sudo sed -i '/# End of file/i *                soft       nofile          65535'  /etc/security/limits.conf
 sudo sed -i '/# End of file/i root             hard       nofile          65535'  /etc/security/limits.conf
 sudo sed -i '/# End of file/i root             soft       nofile          65535'  /etc/security/limits.conf
-sudo sed -i s/#DefaultLimitNOFILE=/DefaultLimitNOFILE=65535/g /etc/systemd/system.conf
-sudo sed -i s/#DefaultLimitNOFILE=/DefaultLimitNOFILE=65535/g /etc/systemd/user.conf
+sudo sed -i s/^#DefaultLimitNOFILE=.*$/DefaultLimitNOFILE=65535:65535/g /etc/systemd/system.conf
 
 sudo bash -c 'cat >> /etc/sysctl.conf << EOT
 net.core.rmem_max=26214400

packer/jambonz-mini/aws/template.json

@@ -5,7 +5,7 @@
     "ami_description": "jambonz all-in-one AMI", 
     "instance_type": "c6in.xlarge",
     "drachtio_version": "v0.8.22",
-    "jambonz_version": "v0.8.4-3",
+    "jambonz_version": "v0.8.4-4",
     "jambonz_user": "admin",
     "jambonz_password": "JambonzR0ck$",
     "install_telegraf": "yes",

packer/jambonz-mini/gcp/scripts/install_os_tuning.sh

@@ -3,8 +3,7 @@ sudo sed -i '/# End of file/i *                hard       nofile          65535'
 sudo sed -i '/# End of file/i *                soft       nofile          65535'  /etc/security/limits.conf
 sudo sed -i '/# End of file/i root             hard       nofile          65535'  /etc/security/limits.conf
 sudo sed -i '/# End of file/i root             soft       nofile          65535'  /etc/security/limits.conf
-sudo sed -i s/#DefaultLimitNOFILE=/DefaultLimitNOFILE=65535/g /etc/systemd/system.conf
-sudo sed -i s/#DefaultLimitNOFILE=/DefaultLimitNOFILE=65535/g /etc/systemd/user.conf
+sudo sed -i s/^#DefaultLimitNOFILE=.*$/DefaultLimitNOFILE=65535:65535/g /etc/systemd/system.conf
 
 sudo bash -c 'cat >> /etc/sysctl.conf << EOT
 net.core.rmem_max=26214400

packer/jambonz-mini/gcp/template.json

@@ -9,7 +9,7 @@
     "ami_description": "jambonz-mini (all-in-one server)", 
     "instance_type": "c2-standard-4",
     "drachtio_version": "v0.8.22",
-    "jambonz_version": "v0.8.4-3",
+    "jambonz_version": "v0.8.4-4",
     "jambonz_user": "admin",
     "jambonz_password": "JambonzR0ck$",
     "install_telegraf": "yes",

packer/jambonz-mini/proxmox/scripts/install_os_tuning.sh

@@ -3,8 +3,7 @@ sudo sed -i '/# End of file/i *                hard       nofile          65535'
 sudo sed -i '/# End of file/i *                soft       nofile          65535'  /etc/security/limits.conf
 sudo sed -i '/# End of file/i root             hard       nofile          65535'  /etc/security/limits.conf
 sudo sed -i '/# End of file/i root             soft       nofile          65535'  /etc/security/limits.conf
-sudo sed -i s/#DefaultLimitNOFILE=/DefaultLimitNOFILE=65535/g /etc/systemd/system.conf
-sudo sed -i s/#DefaultLimitNOFILE=/DefaultLimitNOFILE=65535/g /etc/systemd/user.conf
+sudo sed -i s/^#DefaultLimitNOFILE=.*$/DefaultLimitNOFILE=65535:65535/g /etc/systemd/system.conf
 
 sudo bash -c 'cat >> /etc/sysctl.conf << EOT
 net.core.rmem_max=26214400

packer/jambonz-mini/proxmox/template.json

@@ -16,7 +16,7 @@
     "proxmox_ip_private": "{{user `proxmox_ip_private`}}",
     "proxmox_gateway": "{{user `proxmox_gateway`}}",
     "drachtio_version": "v0.8.22",
-    "jambonz_version": "v0.8.4-3",
+    "jambonz_version": "v0.8.4-4",
     "jambonz_user": "admin",
     "jambonz_password": "JambonzR0ck$",
     "install_telegraf": "yes",

packer/jambonz-monitoring/aws/files/jaeger-query.service

@@ -7,7 +7,7 @@ Environment="SPAN_STORAGE_TYPE=cassandra"
 Environment="CASSANDRA_SERVERS=127.0.0.1"
 Environment="CASSANDRA_KEYSPACE=jaeger_v1_dc1"
 ExecStart=/usr/local/bin/jaeger-query --cassandra.keyspace=jaeger_v1_dc1 --cassandra.servers=127.0.0.1 --cassandra.username=jaeger --cassandra.password=JambonzR0ck$
-User=nobody
+User=admin
 Restart=on-failure
 
 [Install]

packer/jambonz-monitoring/aws/files/telegraf.conf

@@ -134,7 +134,7 @@
 
 # Configuration for sending metrics to InfluxDB
 [[outputs.influxdb]]
-  urls = ["http://influxdb:8086/"] # required
+  urls = ["http://127.0.0.1:8086/"] # required
   database = "telegraf" # required
   retention_policy = "autogen"
   write_consistency = "any"
@@ -142,7 +142,7 @@
   namedrop = ["hep*"]
 
 [[outputs.influxdb]]
-  urls = ["http://influxdb:8086/"] # required
+  urls = ["http://127.0.0.1:8086/"] # required
   database = "homer" # required
   retention_policy = ""
   write_consistency = "any"

packer/jambonz-monitoring/aws/scripts/install_os_tuning.sh

@@ -3,8 +3,7 @@ sudo sed -i '/# End of file/i *                hard       nofile          65535'
 sudo sed -i '/# End of file/i *                soft       nofile          65535'  /etc/security/limits.conf
 sudo sed -i '/# End of file/i root             hard       nofile          65535'  /etc/security/limits.conf
 sudo sed -i '/# End of file/i root             soft       nofile          65535'  /etc/security/limits.conf
-sudo sed -i s/#DefaultLimitNOFILE=/DefaultLimitNOFILE=65535/g /etc/systemd/system.conf
-sudo sed -i s/#DefaultLimitNOFILE=/DefaultLimitNOFILE=65535/g /etc/systemd/user.conf
+sudo sed -i s/^#DefaultLimitNOFILE=.*$/DefaultLimitNOFILE=65535:65535/g /etc/systemd/system.conf
 
 sudo bash -c 'cat >> /etc/sysctl.conf << EOT
 net.core.rmem_max=26214400

packer/jambonz-monitoring/aws/template.json

@@ -4,7 +4,7 @@
     "ssh_username": "admin",
     "ami_description": "jambonz monitoring server", 
     "instance_type": "t2.xlarge",
-    "jambonz_version": "v0.8.4-3",
+    "jambonz_version": "v0.8.4-4",
     "homer_user": "homer_user",
     "homer_password": "XcapJTqy11LnsYRtxXGPTYQkAnI",
     "install_influxdb":  "yes",

packer/jambonz-sbc-rtp/aws/files/rtpengine.service

@@ -19,7 +19,7 @@ ExecStart=/usr/local/bin/rtpengine \
 --dtmf-log-dest=127.0.0.1:22223 \
 --listen-cli=127.0.0.1:9900 \
 --table=42 \
---pidfile /var/run/rtpengine.pid \
+--pidfile /run/rtpengine.pid \
 --port-min 40000 \
 --port-max 60000 \
 --recording-dir /tmp \
@@ -27,7 +27,7 @@ ExecStart=/usr/local/bin/rtpengine \
 --recording-format eth \
 --log-level 5 \
 --delete-delay 0
-PIDFile=/var/run/rtpengine.pid
+PIDFile=/run/rtpengine.pid
 TimeoutSec=15s
 Restart=always
 ; exec

packer/jambonz-sbc-rtp/aws/scripts/install_os_tuning.sh

@@ -3,8 +3,7 @@ sudo sed -i '/# End of file/i *                hard       nofile          65535'
 sudo sed -i '/# End of file/i *                soft       nofile          65535'  /etc/security/limits.conf
 sudo sed -i '/# End of file/i root             hard       nofile          65535'  /etc/security/limits.conf
 sudo sed -i '/# End of file/i root             soft       nofile          65535'  /etc/security/limits.conf
-sudo sed -i s/#DefaultLimitNOFILE=/DefaultLimitNOFILE=65535/g /etc/systemd/system.conf
-sudo sed -i s/#DefaultLimitNOFILE=/DefaultLimitNOFILE=65535/g /etc/systemd/user.conf
+sudo sed -i s/^#DefaultLimitNOFILE=.*$/DefaultLimitNOFILE=65535:65535/g /etc/systemd/system.conf
 
 sudo bash -c 'cat >> /etc/sysctl.conf << EOT
 net.core.rmem_max=26214400

packer/jambonz-sbc-rtp/aws/template.json

@@ -4,7 +4,7 @@
     "ssh_username": "admin",
     "ami_description": "jambonz SBC RTP server", 
     "drachtio_version": "v0.8.22",
-    "jambonz_version": "v0.8.4-3",
+    "jambonz_version": "v0.8.4-4",
     "ami_base_image_arch": "amd64",
     "ami_base_image_owner": "136693071363",
     "instance_type": "t3.xlarge",

packer/jambonz-sbc-sip-rtp/README.md

@@ -1,61 +0,0 @@
-# packer-jambonz-sbc-sip-rtp
-
-**This packer script is deprecated.  If clustering, use separate amis for SBC-IP and SBC-RTP**
-
-A [packer](https://www.packer.io/) template to build an AMI containing everything needed to run the SBC functionality of jambonz,
-
-## Installing 
-
-```
-$  packer build -color=false template.json
-```
-
-### variables
-There are many variables that can be specified on the `packer build` command line; these are shown below with their default values.
-
-```
-"region": "us-east-1"
-```
-The region to create the AMI in
-
-```
-"ami_description": "jambonz SBC SIP+RTP+Webserver"
-```
-AMI description.
-
-```
-"instance_type": "t2.xlarge"
-```
-EC2 Instance type to use when building the AMI.
-
-
-```
-"drachtio_version": "v0.8.10"
-```
-drachtio tag or branch to build
-
-```
-
-```
-"rtp_engine_version": "mr9.3.1.8",
-```
-rtpengine version
-
-```
-"rtp_engine_min_port": "40000",
-"rtp_engine_max_port": "60000"
-```
-rtp port range for rtpengine
-
-```
-    "install_datadog": "no",
-```
-whether to install datadog (commercial) monitoring agent
-
-```
-    "install_telegraf": "yes",
-```
-whether to install telegraf (open source) monitoring agent
-
-
-

packer/jambonz-sbc-sip-rtp/aws/README.md

@@ -0,0 +1,113 @@
+# packer-jambonz-sbc-sip-rtp
+
+A [packer](https://www.packer.io/) template to build an AMI containing the jambonz SBC SIP and RTP functionality.  The base linux distro is Debian 11 (bullseye).
+
+## Installing 
+
+To build an amd64 image:
+
+```
+$  packer build -color=false template.json
+```
+
+To build an arm64 image:
+
+```
+$  packer build -color=false \
+--var="ami_base_image_arch=arm64" \
+--var="instance_type=t4g.xlarge" \
+template.json
+```
+
+### variables
+There are many variables that can be specified on the `packer build` command line; however defaults (which are shown below) are appropriate for building an "all in one" jambonz server, so you generally should not need to specify values.
+
+```
+"region": "us-east-1"
+```
+The region to create the AMI in
+
+```
+"ami_description": "EC2 AMI jambonz mini"
+```
+AMI description.
+
+```
+"instance_type": "t2.medium"
+```
+EC2 Instance type to use when building the AMI.
+
+```
+"install_drachtio": "true"
+```
+whether to install drachtio
+
+```
+"install_nodejs": "false",
+```
+whether to install Node.js
+
+```
+"install_rtpengine": "true",
+```
+whether to install rtpengine
+
+```
+"install_freeswitch": "true",
+```
+whether to install freeswitch
+
+```
+"install_drachtio_fail2ban": "true",
+```
+whether to install fail2ban with drachtio filter
+
+```
+"install_redis": "true",
+```
+whether to install redis
+
+```
+"drachtio_version": "v0.8.3"
+```
+drachtio tag or branch to build
+
+```
+"nodejs_version": "v10.16.2",
+```
+Node.js version to install
+
+```
+"freeswitch_bind_cloud_ip": "true"
+```
+If freeswitch is enabled, and cloud_provider is not none then this variable dictates whether freeswitch should bind its sip and rtp ports to the cloud public address (versus the local ipv4 address).
+
+```
+"mod_audio_fork_subprotocol": "audio.jambonz.org"
+```
+websocket subprotocol name used by freeswitch module mod_audio_fork
+
+```
+"mod_audio_fork_service_threads": "3",
+```
+number of libwebsocket service threads used by freeswitch module mod_audio_fork
+
+``
+"mod_audio_fork_buffer_secs": "2",
+```
+max number of seconds of audio to buffer by freeswitch module mod_audio_fork
+
+```
+"freeswitch_build_with_grpc:: "true"
+```
+whether to build support for google speech and text-to-speech services
+
+```
+"remove_source": "true"
+```
+whether to remove source build directories, or leave them on the instance
+
+```
+"cloud_provider": "aws"
+```
+Cloud provider the AMI will be built on.

packer/jambonz-sbc-sip-rtp/aws/files/20auto-upgrades

@@ -0,0 +1,2 @@
+APT::Periodic::Update-Package-Lists "0";
+APT::Periodic::Unattended-Upgrade "0";

packer/jambonz-sbc-sip-rtp/aws/files/auto-assign-elastic-ip.sh

@@ -0,0 +1,100 @@
+#!/bin/bash
+
+TIMEOUT=20
+PAUSE=5
+
+aws_get_instance_id() {
+	instance_id=$( (curl http://169.254.169.254/latest/meta-data/instance-id) )
+	if [ -n "$instance_id" ];	then return 0; else return 1; fi
+}
+
+aws_get_instance_region() {
+	instance_region=$(curl http://169.254.169.254/latest/meta-data/placement/availability-zone)
+	# region here needs the last character removed to work
+	instance_region=${instance_region::-1}
+	if [ -n "$instance_region" ];	then return 0; else return 1; fi
+}
+
+aws_get_instance_environment() {
+	instance_environment=$(aws ec2 describe-tags --region $instance_region --filters "Name=resource-id,Values=$1" "Name=key,Values=Environment" --query "Tags[*].Value" --output text)
+	if [ -n "$instance_environment" ]; then return 0; else return 1; fi
+}
+
+aws_get_unassigned_eips() {
+	local describe_addreses_response=$(aws ec2 describe-addresses --region $instance_region --filters "Name=tag:Environment,Values=$instance_environment" --query "Addresses[?AssociationId==null].AllocationId" --output text)
+	eips=(${describe_addreses_response///})
+	if [ -n "$describe_addreses_response" ]; then return 0; else return 1; fi
+}
+
+aws_get_details() {
+	if aws_get_instance_id;	then
+		echo "Instance ID: ${instance_id}."
+		if aws_get_instance_region;	then
+			echo "Instance Region: ${instance_region}."
+			if aws_get_instance_environment $instance_id;	then
+				echo "Instance Environment: ${instance_environment}."
+			else
+				echo "Failed to get Instance Environment. ${instance_environment}."
+				return 1
+			fi
+		else
+			echo "Failed to get Instance Region. ${instance_region}."
+			return 1
+		fi
+	else
+		echo "Failed to get Instance ID. ${instance_id}."
+		return 1
+	fi
+}
+
+attempt_to_assign_eip() {
+	local result;
+	local exit_code;
+  	result=$( (aws ec2 associate-address --region $instance_region --instance-id $instance_id --allocation-id $1 --no-allow-reassociation) 2>&1 )
+	exit_code=$?
+	if [ "$exit_code" -ne 0 ]; then
+		echo "Failed to assign Elastic IP [$1] to Instance [$instance_id]. ERROR: $result"
+	fi
+  return $exit_code
+}
+
+try_to_assign() {
+	local last_result;
+	for eip_id in "${eips[@]}"; do
+		echo "Attempting to assign Elastic IP to instance..."
+		if attempt_to_assign_eip $eip_id;  then
+			echo "Elastic IP successfully assigned to instance."
+			return 0
+		fi
+	done
+	return 1
+}
+
+main() {
+	echo "Assigning Elastic IP..."
+	local end_time=$((SECONDS+TIMEOUT))
+	echo "Timeout: ${end_time}"
+
+	if ! aws_get_details; then
+		exit 1
+	fi
+
+	while [ $SECONDS -lt $end_time ]; do
+		if aws_get_unassigned_eips && try_to_assign ${eips}; then
+			echo "Successfully assigned EIP."
+			exit 0
+		fi
+		echo "Failed to assign EIP. Pausing for $PAUSE seconds before retrying..."
+		sleep $PAUSE
+	done
+
+	echo "Failed to assign Elastic IP after $TIMEOUT seconds. Exiting."
+	exit 1
+}
+
+declare instance_id
+declare instance_region
+declare instance_environment
+declare eips
+
+main "$@"

packer/jambonz-sbc-sip-rtp/aws/files/cloudwatch-config.json

@@ -0,0 +1,55 @@
+{
+  "agent": {
+    "run_as_user": "root"
+  },
+  "logs": {
+    "logs_collected": {
+      "files": {
+        "collect_list": [
+          {
+            "file_path": "/home/admin/.pm2/logs/jambonz-feature-server.log",
+            "log_group_name": "jambonz-feature_server",
+            "log_stream_name": "feature-server {ip_address} {instance_id}",
+            "retention_in_days": 3
+          },
+          {
+            "file_path": "/home/admin/.pm2/logs/jambonz-sbc-inbound.log",
+            "log_group_name": "jambonz-sbc-sip-inbound",
+            "log_stream_name": "sbc-inbound {ip_address} {instance_id}",
+            "retention_in_days": 3
+          },
+          {
+            "file_path": "/home/admin/.pm2/logs/jambonz-sbc-outbound.log",
+            "log_group_name": "jambonz-sbc-sip",
+            "log_stream_name": "sbc-outbound {ip_address} {instance_id}",
+            "retention_in_days": 3
+          },
+          {
+            "file_path": "/home/admin/.pm2/logs/jambonz-sbc-sip-sidecar.log",
+            "log_group_name": "jambonz-sbc-sip-sidecar",
+            "log_stream_name": "sbc-sip-sidecar {ip_address} {instance_id}",
+            "retention_in_days": 3
+          },
+          {
+            "file_path": "/home/admin/.pm2/logs/jambonz-sbc-rtpengine-sidecar.log",
+            "log_group_name": "jambonz-sbc-rtpengine-sidecar",
+            "log_stream_name": "sbc-rtpengine-sidecar {ip_address} {instance_id}",
+            "retention_in_days": 3
+          },
+          {
+            "file_path": "/home/admin/.pm2/logs/jambonz-api-server.log",
+            "log_group_name": "jambonz-api-server",
+            "log_stream_name": "jambonz-api-server-{ip_address} {instance_id}",
+            "retention_in_days": 3
+          },
+          {
+            "file_path": "/var/log/syslog",
+            "log_group_name": "/var/log/syslog",
+            "log_stream_name": "syslog-{ip_address} {instance_id}",
+            "retention_in_days": 3
+          }
+        ]
+      }
+    }
+  }
+}

packer/jambonz-sbc-sip-rtp/aws/files/config.json

@@ -0,0 +1,6 @@
+{
+	"APIKEY":"API-KEY-HERE",
+	"LKID":"100",
+	"VERSION":"0.7",
+  "FLUSH":"200"
+}

packer/jambonz-sbc-sip-rtp/aws/files/drachtio.conf.xml

@@ -11,7 +11,7 @@
         <contacts>
         </contacts>
 
-        <udp-mtu>4096</udp-mtu>
+        <udp-mtu>8192</udp-mtu>
 
     </sip>
 
@@ -24,7 +24,7 @@
             <archive>/var/log/drachtio/archive</archive>
             <size>100</size>
             <maxSize>10000</maxSize>
-            <auto-flush>true</auto-flush>
+            <auto-flush>false</auto-flush>
         </file>
 
         <sofia-loglevel>3</sofia-loglevel>

packer/jambonz-sbc-sip-rtp/aws/files/drachtio.service

@@ -10,7 +10,8 @@ ExecStartPre=/bin/sh -c 'systemctl set-environment LOCAL_IP=`curl -s http://169.
 ExecStartPre=/bin/sh -c 'systemctl set-environment PUBLIC_IP=`curl -s http://169.254.169.254/latest/meta-data/public-ipv4`'
 ExecStart=/usr/local/bin/drachtio --daemon --contact sip:${LOCAL_IP};transport=udp --external-ip ${PUBLIC_IP} \
  --contact sip:${LOCAL_IP};transport=tcp \
- --address 0.0.0.0 --port 9022
+ --address 0.0.0.0 --port 9022 \
+ --prometheus-scrape-port 9090
 TimeoutSec=15s
 Restart=always
 ; exec

packer/jambonz-sbc-sip-rtp/aws/files/ecosystem.config.js

@@ -1,11 +1,11 @@
 module.exports = {
   apps : [
   {
-    name: 'jambonz-api-server',
-    cwd: '/home/admin/apps/jambonz-api-server',
+    name: 'jambonz-smpp-esme',
+    cwd: '/home/admin/apps/jambonz-smpp-esme',
     script: 'app.js',
-    out_file: '/home/admin/.pm2/logs/jambonz-api-server.log',
-    err_file: '/home/admin/.pm2/logs/jambonz-api-server.log',
+    out_file: '/home/admin/.pm2/logs/jambonz-smpp-esme.log',
+    err_file: '/home/admin/.pm2/logs/jambonz-smpp-esme.log',
     combine_logs: true,
     instance_var: 'INSTANCE_ID',
     exec_mode: 'fork',
@@ -15,6 +15,7 @@ module.exports = {
     max_memory_restart: '1G',
     env: {
       NODE_ENV: 'production',
+      AVOID_UDH: true,
       JAMBONES_MYSQL_HOST: '${JAMBONES_MYSQL_HOST}',
       JAMBONES_MYSQL_USER: '${JAMBONES_MYSQL_USER}',
       JAMBONES_MYSQL_PASSWORD: '${JAMBONES_MYSQL_PASSWORD}',
@@ -22,38 +23,9 @@ module.exports = {
       JAMBONES_MYSQL_CONNECTION_LIMIT: 10,
       JAMBONES_REDIS_HOST: '${JAMBONES_REDIS_HOST}',
       JAMBONES_REDIS_PORT: 6379,
-      JAMBONES_LOGLEVEL: 'info',
-      JAMBONE_API_VERSION: 'v1',
-      HTTP_PORT:  3000
-		},
-  },
-  {
-    name: 'sbc-options-handler',
-    cwd: '/home/admin/apps/sbc-options-handler',
-    script: 'app.js',
-    instance_var: 'INSTANCE_ID',
-    out_file: '/home/admin/.pm2/logs/jambonz-sbc-options-handler.log',
-    err_file: '/home/admin/.pm2/logs/jambonz-sbc-options-handler.log',
-    exec_mode: 'fork',
-    instances: 1,
-    autorestart: true,
-    watch: false,
-    max_memory_restart: '1G',
-    env: {
-      NODE_ENV: 'production',
+      JAMBONES_LOGLEVEL: 'debug',
       JAMBONES_CLUSTER_ID: '${JAMBONES_CLUSTER_ID}',
-      JAMBONES_LOGLEVEL: 'info',
-      DRACHTIO_HOST: '127.0.0.1',
-      DRACHTIO_PORT: 9022,
-      DRACHTIO_SECRET: 'cymru',
-      JAMBONES_REDIS_HOST: '${JAMBONES_REDIS_HOST}',
-      JAMBONES_REDIS_PORT: 6379,
-      ENABLE_METRICS: 1,
-      STATS_HOST: '127.0.0.1',
-      STATS_PORT: 8125,
-      STATS_PROTOCOL: 'tcp',
-      STATS_TELEGRAF: 1,
-      JAMBONES_NETWORK_CIDR: '${VPC_CIDR}',
+      HTTP_PORT: 3020
     }
   },
   {
@@ -78,12 +50,12 @@ module.exports = {
 		}
   },
   {
-    name: 'sbc-registrar',
+    name: 'sbc-sip-sidecar',
     cwd: '/home/admin/apps/sbc-registrar',
     script: 'app.js',
     instance_var: 'INSTANCE_ID',
-    out_file: '/home/admin/.pm2/logs/jambonz-sbc-registrar.log',
-    err_file: '/home/admin/.pm2/logs/jambonz-sbc-registrar.log',
+    out_file: '/home/admin/.pm2/logs/sbc-sip-sidecar.log',
+    err_file: '/home/admin/.pm2/logs/sbc-sip-sidecar.log',
     exec_mode: 'fork',
     instances: 1,
     autorestart: true,
@@ -91,7 +63,7 @@ module.exports = {
     max_memory_restart: '1G',
     env: {
       NODE_ENV: 'production',
-      ENABLE_METRICS: 0,
+      ENABLE_DATADOG_METRICS: 0,
       JAMBONES_LOGLEVEL: 'info',
       DRACHTIO_HOST: '127.0.0.1',
       DRACHTIO_PORT: 9022,
@@ -103,8 +75,32 @@ module.exports = {
       JAMBONES_MYSQL_CONNECTION_LIMIT: 10,
       JAMBONES_REDIS_HOST: '${JAMBONES_REDIS_HOST}',
       JAMBONES_REDIS_PORT: 6379,
+      JAMBONES_NETWORK_CIDR: '${VPC_CIDR}'
 		}
   },
+  {
+    name: 'sbc-rtpengine-sidecar',
+    cwd: '/home/admin/apps/sbc-rtpengine-sidecar',
+    script: 'app.js',
+    instance_var: 'INSTANCE_ID',
+    out_file: '/home/admin/.pm2/logs/jambonz-sbc-rtpengine-sidecar.log',
+    err_file: '/home/admin/.pm2/logs/jambonz-sbc-rtpengine-sidecar.log',
+    exec_mode: 'fork',
+    instances: 1,
+    autorestart: true,
+    watch: false,
+    max_memory_restart: '1G',
+    env: {
+      NODE_ENV: 'production',
+      LOGLEVEL: 'info',
+      DTMF_ONLY: true,
+      ENABLE_METRICS: 1,
+      STATS_HOST: '127.0.0.1',
+      STATS_PORT: 8125,
+      STATS_PROTOCOL: 'tcp',
+      STATS_TELEGRAF: 1
+    }
+  },
   {
     name: 'sbc-outbound',
     cwd: '/home/admin/apps/sbc-outbound',
@@ -121,10 +117,15 @@ module.exports = {
       NODE_ENV: 'production',
       JAMBONES_LOGLEVEL: 'info',
       JAMBONES_NETWORK_CIDR: '${VPC_CIDR}',
-      ENABLE_METRICS: 0,
+      JAMBONES_RTPENGINES: '127.0.0.1:22222',
+
+      ENABLE_DATADOG_METRICS: 0,
       DRACHTIO_HOST: '127.0.0.1',
       DRACHTIO_PORT: 9022,
       DRACHTIO_SECRET: 'cymru',
+      JAMBONES_TRACK_ACCOUNT_CALLS: 0,
+      JAMBONES_TRACK_SP_CALLS: 0,
+      JAMBONES_TRACK_APP_CALLS: 0,
       JAMBONES_RTPENGINES: '${JAMBONES_RTPENGINE_IPS}',
       JAMBONES_MYSQL_HOST: '${JAMBONES_MYSQL_HOST}',
       JAMBONES_MYSQL_USER: '${JAMBONES_MYSQL_USER}',
@@ -132,8 +133,7 @@ module.exports = {
       JAMBONES_MYSQL_DATABASE: 'jambones',
       JAMBONES_MYSQL_CONNECTION_LIMIT: 10,
       JAMBONES_REDIS_HOST: '${JAMBONES_REDIS_HOST}',
-      JAMBONES_REDIS_PORT: 6379,
-      MS_TEAMS_FQDN: '${MS_TEAMS_FQDN}'
+      JAMBONES_REDIS_PORT: 6379
 		}
   },
   {
@@ -152,7 +152,7 @@ module.exports = {
       NODE_ENV: 'production',
       JAMBONES_LOGLEVEL: 'info',
       JAMBONES_NETWORK_CIDR: '${VPC_CIDR}',
-      ENABLE_METRICS: 0,
+      ENABLE_DATADOG_METRICS: 0,
       DRACHTIO_HOST: '127.0.0.1',
       DRACHTIO_PORT: 9022,
       DRACHTIO_SECRET: 'cymru',
@@ -164,6 +164,9 @@ module.exports = {
       JAMBONES_MYSQL_CONNECTION_LIMIT: 10,
       JAMBONES_REDIS_HOST: '${JAMBONES_REDIS_HOST}',
       JAMBONES_REDIS_PORT: 6379,
+      JAMBONES_TRACK_ACCOUNT_CALLS: 0,
+      JAMBONES_TRACK_SP_CALLS: 0,
+      JAMBONES_TRACK_APP_CALLS: 0,
       JAMBONES_CLUSTER_ID: '${JAMBONES_CLUSTER_ID}',
       MS_TEAMS_SIP_PROXY_IPS: '52.114.148.0, 52.114.132.46, 52.114.75.24, 52.114.76.76, 52.114.7.24, 52.114.14.70'
 		}

packer/jambonz-sbc-sip-rtp/aws/files/rtpengine-recording.ini

@@ -0,0 +1,50 @@
+[rtpengine-recording]
+
+table = 42
+
+log-level = 5
+
+### number of worker threads (default 8)
+# num-threads = 16
+
+### where to forward to (unix socket)
+# forward-to = /run/rtpengine/sock
+
+### where to store recordings: file (default), db, both
+output-storage = file
+
+### format of stored recordings: wav (default), mp3
+# output-format = mp3
+# output-format = pcma
+output-format = wav
+
+### directory containing rtpengine metadata files
+spool-dir = /var/spool/recording
+
+### where to store media files to
+output-dir = /tmp/recordings
+
+### File name pattern to be used for recording files
+output-pattern = %Y%m%d%H00/rtpengine-%c-%t-M%S%u
+
+### resample all output audio
+resample-to = 8000
+
+### bits per second for MP3 encoding
+# mp3_bitrate = 24000
+
+### mix participating sources into a single output
+output-mixed = true
+
+### create one output file for each source
+# output-single = false
+
+### mix method: direct (mix input) channels (multi-channel)
+mix-method = direct
+
+### mysql configuration for db storage
+# mysql-host = localhost
+# mysql-port = 3306
+# mysql-user = rtpengine
+# mysql-pass = secret
+# mysql-db = rtpengine

packer/jambonz-sbc-sip-rtp/aws/files/rtpengine-recording.service

@@ -0,0 +1,29 @@
+
+[Unit]
+Description=rtpengine-recording
+After=syslog.target network.target local-fs.target
+
+[Service]
+; service
+Type=forking
+Environment="LD_LIBRARY_PATH=/usr/local/lib/"
+ExecStart=/usr/local/bin/rtpengine-recording --config-file=/etc/rtpengine-recording.ini
+TimeoutSec=15s
+Restart=always
+; exec
+User=root
+Group=daemon
+LimitCORE=infinity
+LimitNOFILE=100000
+LimitNPROC=60000
+;LimitSTACK=240
+LimitRTPRIO=infinity
+LimitRTTIME=7000000
+IOSchedulingClass=realtime
+IOSchedulingPriority=2
+CPUSchedulingPolicy=rr
+CPUSchedulingPriority=89
+UMask=0007
+
+[Install]
+WantedBy=multi-user.target

packer/jambonz-sbc-sip-rtp/aws/files/rtpengine.service

@@ -9,14 +9,17 @@ Type=forking
 Environment="LD_LIBRARY_PATH=/usr/local/lib/"
 ExecStartPre=/bin/sh -c 'systemctl set-environment LOCAL_IP=`curl -s http://169.254.169.254/latest/meta-data/local-ipv4`'
 ExecStartPre=/bin/sh -c 'systemctl set-environment PUBLIC_IP=`curl -s http://169.254.169.254/latest/meta-data/public-ipv4`'
+ExecStartPre=echo 'del 42' > /proc/rtpengine/control
 ExecStart=/usr/local/bin/rtpengine \
 --interface private/${LOCAL_IP} \
 --interface public/${LOCAL_IP}!${PUBLIC_IP} \
 --listen-ng=22222 \
 --listen-http=8080 \
 --listen-udp=12222 \
+--dtmf-log-dest=127.0.0.1:22223 \
 --listen-cli=127.0.0.1:9900 \
---pidfile /var/run/rtpengine.pid \
+--table=42 \
+--pidfile /run/rtpengine.pid \
 --port-min 40000 \
 --port-max 60000 \
 --recording-dir /tmp \
@@ -24,7 +27,7 @@ ExecStart=/usr/local/bin/rtpengine \
 --recording-format eth \
 --log-level 5 \
 --delete-delay 0
-PIDFile=/var/run/rtpengine.pid
+PIDFile=/run/rtpengine.pid
 TimeoutSec=15s
 Restart=always
 ; exec

packer/jambonz-sbc-sip-rtp/aws/files/telegraf.conf

@@ -16,7 +16,7 @@
 
 # Global tags can be specified here in key="value" format.
 [global_tags]
-  role = "rtp"
+  role = "sip"
   # dc = "us-east-1" # will tag all metrics with dc=us-east-1
   # rack = "1a"
   ## Environment variables can be used as tags, and throughout the config file
@@ -2298,7 +2298,6 @@
   ## Ignore mount points by filesystem type.
   #ignore_fs = ["tmpfs", "devtmpfs", "devfs", "iso9660", "overlay", "aufs", "squashfs"]
 
-
 # Read metrics about disk IO by device
 [[inputs.diskio]]
   ## By default, telegraf will gather stats for all devices including

packer/jambonz-sbc-sip-rtp/aws/scripts/install_apiban.sh

@@ -1,15 +1,10 @@
 #!/bin/bash
-INSTANCE_ID=$1
 cd /usr/local/src/
 git clone https://github.com/palner/apiban.git
 sudo mkdir /usr/local/bin/apiban && sudo chmod 0755 /usr/local/bin/apiban
 sudo cp -r /usr/local/src/apiban/clients/go/apiban-iptables-client /usr/local/bin/apiban && sudo chmod +x /usr/local/bin/apiban/apiban-iptables-client
 sudo cp /tmp/config.json /usr/local/bin/apiban/config.json
 sudo chmod 0644 /usr/local/bin/apiban/config.json
-APIBANKEY=$(curl -X POST -d "{\"uuid\": \"${INSTANCE_ID}\"}" -s https://apiban.org/api/newuser/drachito/add | jq -r '.ApiKey')
-sudo sed -i -e "s/API-KEY-HERE/${APIBANKEY}/g" /usr/local/bin/apiban/config.json
 sudo cp /tmp/apiban.logrotate /etc/logrotate.d/apiban-client
 sudo chmod 0644 /etc/logrotate.d/apiban-client
-cd /usr/local/bin/apiban/
-sudo ./apiban-iptables-client FULL
 echo "*/4 * * * * root cd /usr/local/bin/apiban && ./apiban-iptables-client >/dev/null 2>&1" | sudo tee -a /etc/crontab

packer/jambonz-sbc-sip-rtp/aws/scripts/install_app.sh

@@ -0,0 +1,27 @@
+#!/bin/bash
+VERSION=$1
+
+cd /home/admin
+mkdir -p apps
+cp /tmp/ecosystem.config.js apps
+cd apps
+
+cd /home/admin/apps/sbc-inbound && npm ci --unsafe-perm
+cd /home/admin/apps/sbc-outbound && npm ci --unsafe-perm
+cd /home/admin/apps/sbc-call-router && npm ci --unsafe-perm
+cd /home/admin/apps/sbc-sip-sidecar && npm ci --unsafe-perm
+cd /home/admin/apps/sbc-rtpengine-sidecar && npm ci --unsafe-perm
+cd /home/admin/apps/jambonz-smpp-esme && npm ci --unsafe-perm
+
+sudo npm install -g pino-pretty pm2 pm2-logrotate gulp grunt
+
+sudo -u admin bash -c "pm2 install pm2-logrotate"
+sudo -u admin bash -c "pm2 set pm2-logrotate:max_size 1G"
+sudo -u admin bash -c "pm2 set pm2-logrotate:retain 5"
+sudo -u admin bash -c "pm2 set pm2-logrotate:compress true"
+
+sudo chown -R admin:admin  /home/admin/apps
+
+sudo snap install core
+sudo snap install --classic certbot
+sudo ln -s /snap/bin/certbot /usr/bin/certbot

packer/jambonz-sbc-sip-rtp/aws/scripts/install_cloudwatch.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+
+if [ "$1" == "yes" ]; then 
+
+#install cloudwatch
+sudo wget https://s3.amazonaws.com/amazoncloudwatch-agent/debian/amd64/latest/amazon-cloudwatch-agent.deb -O /home/admin/amazon-cloudwatch-agent.deb
+sudo dpkg -i -E /home/admin/amazon-cloudwatch-agent.deb
+sudo rm -rf /home/admin/amazon-cloudwatch-agent.deb
+
+# install config file for jambonz
+sudo cp -r /tmp/cloudwatch-config.json /opt/aws/amazon-cloudwatch-agent/bin/config.json
+
+fi

packer/jambonz-sbc-sip-rtp/aws/scripts/install_datadog.sh

@@ -0,0 +1,6 @@
+#!/bin/bash
+if [ "$DD_INSTALL" == "yes" ] && [ "$DD_KEY" != "" ]; then
+  echo installing datadog...
+
+  DD_INSTALL_ONLY=true DD_API_KEY=${DD_KEY} bash -c "$(curl -L https://raw.githubusercontent.com/DataDog/datadog-agent/master/cmd/agent/install_script.sh)"
+fi

packer/jambonz-sbc-sip-rtp/aws/scripts/install_drachtio.sh

@@ -8,9 +8,13 @@ cd /usr/local/src
 git clone https://github.com/davehorton/drachtio-server.git -b ${VERSION}
 cd drachtio-server
 git submodule update --init --recursive
-./autogen.sh && mkdir -p build && cd $_ && ../configure CPPFLAGS='-DNDEBUG' && make && sudo make install
+./autogen.sh && mkdir -p build && cd $_ && ../configure --enable-tcmalloc=yes CPPFLAGS='-DNDEBUG -O2 -g' && make && sudo make install
 sudo mv /tmp/drachtio.conf.xml /etc
 sudo mv /tmp/drachtio.service /etc/systemd/system
 sudo chmod 644 /etc/drachtio.conf.xml
 sudo chmod 644 /etc/systemd/system/drachtio.service
 sudo systemctl enable drachtio
+
+
+sudo cp /tmp/auto-assign-elastic-ip.sh /usr/local/bin
+sudo chmod +x /usr/local/bin/auto-assign-elastic-ip.sh

packer/jambonz-sbc-sip-rtp/aws/scripts/install_fail2ban.sh

@@ -0,0 +1,31 @@
+#!/bin/bash
+
+sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
+sudo bash -c "cat >> /etc/fail2ban/jail.local" << EOF
+
+
+[drachtio-tcp]
+maxretry = 1
+bantime = 86400
+enabled  = true
+filter   = drachtio
+port     = 5060
+protocol = tcp
+logpath  = /var/log/drachtio/drachtio.log
+
+[drachtio-udp]
+maxretry = 1
+bantime = 86400
+enabled  = true
+filter   = drachtio
+port     = 5060
+protocol = udp
+logpath  = /var/log/drachtio/drachtio.log
+
+EOF
+
+sudo cp /tmp/drachtio-fail2ban.conf /etc/fail2ban/filter.d/drachtio.conf
+sudo chmod 0644 /etc/fail2ban/filter.d/drachtio.conf
+
+sudo systemctl enable fail2ban
+sudo systemctl restart fail2ban

packer/jambonz-sbc-sip-rtp/aws/scripts/install_nodejs.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+curl -sL https://deb.nodesource.com/setup_18.x | sudo bash - && sudo apt-get install -y nodejs
+sudo npm install -g npm@latest
+node -v
+npm -v
+sudo ls -lrt /root/.npm/
+sudo ls -lrt /root/.npm/_logs
+sudo ls -lrt /root/.npm/_cacache
+sudo chmod -R a+wx /root
+sudo chown -R 1000:1000 /root/.npm
+ls -lrt /root/.npm/
+ls -lrt /root/.npm/_logs
+ls -lrt /root/.npm/_cacache

packer/jambonz-sbc-sip-rtp/aws/scripts/install_os_tuning.sh

@@ -0,0 +1,16 @@
+#!/bin/bash
+sudo sed -i '/# End of file/i *                hard       nofile          65535'  /etc/security/limits.conf
+sudo sed -i '/# End of file/i *                soft       nofile          65535'  /etc/security/limits.conf
+sudo sed -i '/# End of file/i root             hard       nofile          65535'  /etc/security/limits.conf
+sudo sed -i '/# End of file/i root             soft       nofile          65535'  /etc/security/limits.conf
+sudo sed -i s/^#DefaultLimitNOFILE=.*$/DefaultLimitNOFILE=65535:65535/g /etc/systemd/system.conf
+
+sudo bash -c 'cat >> /etc/sysctl.conf << EOT
+net.core.rmem_max=26214400
+net.core.rmem_default=26214400
+vm.swappiness=0
+vm.dirty_expire_centisecs=200
+vm.dirty_writeback_centisecs=100
+EOT'
+
+sudo cp /tmp/20auto-upgrades /etc/apt/apt.conf.d/20auto-upgrades

packer/jambonz-sbc-sip-rtp/aws/scripts/install_rtpengine.sh

@@ -0,0 +1,49 @@
+#!/bin/bash
+VERSION=$1
+
+echo "rtpengine version to install is ${VERSION}"
+
+cd /usr/local/src
+git clone https://github.com/BelledonneCommunications/bcg729.git
+cd bcg729
+cmake . -DCMAKE_INSTALL_PREFIX=/usr && make && sudo make install chdir=/usr/local/src/bcg729
+cd /usr/local/src
+
+git clone https://github.com/warmcat/libwebsockets.git -b v3.2.3
+cd /usr/local/src/libwebsockets
+sudo mkdir -p build && cd build && sudo cmake .. -DCMAKE_BUILD_TYPE=RelWithDebInfo && sudo make && sudo make install
+
+cd /usr/local/src
+git clone https://github.com/sipwise/rtpengine.git -b ${VERSION}
+cd rtpengine
+make with_transcoding=yes with_iptables_option=yes with-kernel
+
+# copy iptables extension into place
+cp ./iptables-extension/libxt_RTPENGINE.so `pkg-config xtables --variable=xtlibdir`
+
+# install kernel module
+mkdir /lib/modules/`uname -r`/updates/
+cp ./kernel-module/xt_RTPENGINE.ko /lib/modules/`uname -r`/updates
+depmod -a
+modprobe xt_RTPENGINE
+cat << EOF >> /etc/modules
+xt_RTPENGINE
+EOF
+
+echo 'add 42' > /proc/rtpengine/control
+iptables -I INPUT -p udp --dport 40000:60000 -j RTPENGINE --id 42
+
+cp /usr/local/src/rtpengine/daemon/rtpengine /usr/local/bin
+cp /usr/local/src/rtpengine/recording-daemon/rtpengine-recording /usr/local/bin/
+sudo mv /tmp/rtpengine.service /etc/systemd/system
+sudo mv /tmp/rtpengine-recording.service /etc/systemd/system
+sudo mv /tmp/rtpengine-recording.ini /etc/rtpengine-recording.ini
+sudo chmod 644 /etc/systemd/system/rtpengine.service
+sudo chmod 644 /etc/systemd/system/rtpengine-recording.service
+sudo chmod 644 /etc/rtpengine-recording.ini
+mkdir -p /var/spool/recording
+mkdir -p /recording
+sudo systemctl enable rtpengine
+sudo systemctl enable rtpengine-recording
+sudo systemctl start rtpengine
+sudo systemctl start rtpengine-recording

packer/jambonz-sbc-sip-rtp/aws/scripts/install_telegraf.sh

@@ -0,0 +1,21 @@
+#!/bin/bash
+
+if [ "$1" == "yes" ]; then 
+
+INFLUXDB_IP=$2
+
+cd /tmp
+wget -q https://repos.influxdata.com/influxdata-archive_compat.key
+gpg --with-fingerprint --show-keys ./influxdata-archive_compat.key
+cat influxdata-archive_compat.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/influxdata-archive_compat.gpg > /dev/null
+echo 'deb [signed-by=/etc/apt/trusted.gpg.d/influxdata-archive_compat.gpg] https://repos.influxdata.com/debian stable main' | sudo tee /etc/apt/sources.list.d/influxdata.list
+
+sudo apt-get update 
+sudo apt-get install -y telegraf
+
+sudo cp /tmp/telegraf.conf /etc/telegraf/telegraf.conf
+
+sudo systemctl enable telegraf
+sudo systemctl start telegraf
+
+fi

packer/jambonz-sbc-sip-rtp/aws/template.json

@@ -2,17 +2,19 @@
   "variables": {
     "region": "us-east-1",
     "ssh_username": "admin",
-    "ami_description": "jambonz SBC SIP+RTP+Webserver+monitoring", 
-    "drachtio_version": "v0.8.20",
-    "jambonz_version": "v0.7.6",
-    "install_influxdb":  "yes",
-    "install_homer":  "yes",
-    "homer_user": "homer_user",
-    "homer_password": "XcapJTqy11LnsYRtxXGPTYQkAnI",
-    "instance_type": "t2.xlarge",
-    "rtp_engine_version": "mr10.5.1.3",
+    "ami_description": "jambonz SBC SIP+RTP", 
+    "instance_type": "t3.xlarge",
+    "drachtio_version": "v0.8.22",
+    "jambonz_version": "v0.8.4-4",
+    "ami_base_image_arch": "amd64",
+    "ami_base_image_owner": "136693071363",
+    "rtp_engine_version": "mr11.3.1.8",
     "rtp_engine_min_port": "40000",
-    "rtp_engine_max_port": "60000"
+    "rtp_engine_max_port": "60000",
+    "install_datadog": "no",
+    "datadog_key" : "",
+    "install_cloudwatch":  "yes",
+    "install_telegraf": "yes"
   },
   "builders": [{
     "type": "amazon-ebs",
@@ -20,15 +22,15 @@
     "source_ami_filter": {
       "filters": {
         "virtualization-type": "hvm",
-        "name": "debian-10-amd64-*",
+        "name": "debian-11-{{user `ami_base_image_arch`}}-*",
         "root-device-type": "ebs"
       },
-      "owners": ["136693071363"],
+      "owners": ["{{user `ami_base_image_owner`}}"],
       "most_recent": true
     },
     "instance_type": "{{user `instance_type`}}",
     "ssh_username": "{{user `ssh_username`}}",
-    "ami_name": "jambonz-sbc-sip-rtp-{{user `jambonz_version`}}-{{isotime |clean_resource_name }}",
+    "ami_name": "jambonz-sbc-sip-rtp-{{user `jambonz_version`}}-{{user `ami_base_image_arch`}}-{{isotime |clean_resource_name }}",
     "ami_description": "{{user `ami_description`}}",
     "launch_block_device_mappings": [
       {
@@ -38,11 +40,6 @@
         "delete_on_termination": true
       }
     ],
-    "security_group_filter": {
-      "filters": {
-        "tag:Class": "packer"
-      }
-    },
     "tags": {
       "Name": "jambonz-sbc-sip-rtp"
     },
@@ -56,25 +53,28 @@
       "inline": [
         "while [ ! -f /var/lib/cloud/instance/boot-finished ]; do echo 'Waiting for cloud-init...'; sleep 1; done",
         "sudo apt-get update",
-        "sudo apt-get -y install lsof python lsof gcc g++ make cmake build-essential git autoconf automake default-mysql-client redis-tools \\",
+        "sudo apt-get remove --auto-remove nftables",
+        "sudo apt-get purge nftables",
+        "sudo apt-get -y install python gcc g++ make cmake build-essential git autoconf automake default-mysql-client redis-tools \\",
         "jq curl telnet libtool libtool-bin libssl-dev libcurl4-openssl-dev libz-dev systemd-coredump liblz4-tool \\",
-        "iptables-dev libavformat-dev liblua5.1-0-dev libavfilter-dev libavcodec-dev libswresample-dev \\",
-        "libevent-dev libpcap-dev libxmlrpc-core-c3-dev markdown libjson-glib-dev lsb-release libtcmalloc-minimal4 \\",
-        "libhiredis-dev gperf libspandsp-dev default-libmysqlclient-dev htop dnsutils gdb certbot python-certbot-nginx \\",
+        "libxtables-dev libip6tc-dev libip4tc-dev  libiptc-dev linux-headers-$(uname -r) libavformat-dev liblua5.1-0-dev libavfilter-dev libavcodec-dev libswresample-dev \\",
+        "libevent-dev libpcap-dev libxmlrpc-core-c3-dev markdown libjson-glib-dev lsb-release \\",
+        "libhiredis-dev gperf libspandsp-dev default-libmysqlclient-dev htop dnsutils gdb libtcmalloc-minimal4 \\",
         "gnupg2 wget pkg-config ca-certificates libjpeg-dev libsqlite3-dev libpcre3-dev libldns-dev \\",
-        "libspeex-dev libspeexdsp-dev libedit-dev libtiff-dev yasm valgrind libswscale-dev haveged \\",
-        "libopus-dev libsndfile-dev libshout3-dev libmpg123-dev libmp3lame-dev libopusfile-dev fail2ban",
+        "libspeex-dev libspeexdsp-dev libedit-dev libtiff-dev yasm valgrind libswscale-dev haveged snapd \\",
+        "libopus-dev libsndfile-dev libshout3-dev libmpg123-dev libmp3lame-dev libopusfile-dev fail2ban libgoogle-perftools-dev",
         "sudo chmod a+w /usr/local/src",
         "ssh-keyscan github.com >> ~/.ssh/known_hosts",
         "mkdir ~/apps",
         "cd ~/apps",
-        "git clone https://github.com/jambonz/sbc-options-handler.git",
+        "git config --global advice.detachedHead false",
+        "git clone https://github.com/jambonz/sbc-sip-sidecar.git -b {{user `jambonz_version`}}",
+        "git clone https://github.com/jambonz/sbc-rtpengine-sidecar.git -b {{user `jambonz_version`}}",
         "git clone https://github.com/jambonz/sbc-outbound.git -b {{user `jambonz_version`}}",
         "git clone https://github.com/jambonz/sbc-inbound.git -b {{user `jambonz_version`}}",
-        "git clone https://github.com/jambonz/sbc-registrar.git -b {{user `jambonz_version`}}",
-        "git clone https://github.com/jambonz/sbc-call-router.git -b {{user `jambonz_version`}}",
-        "git clone https://github.com/jambonz/jambonz-api-server.git -b {{user `jambonz_version`}}",
-        "git clone https://github.com/jambonz/jambonz-webapp.git -b {{user `jambonz_version`}}"
+        "git clone https://github.com/jambonz/jambonz-smpp-esme.git -b {{user `jambonz_version`}}",
+        "git clone https://github.com/jambonz/sbc-call-router.git  -b {{user `jambonz_version`}}",
+        "sudo find / -name authorized_keys | sudo xargs -0 -r rm -Rf"
       ]
     },
     {
@@ -82,19 +82,6 @@
       "source": "files/",
       "destination": "/tmp"
     },
-    {
-      "type": "shell",
-      "script": "scripts/install_chrony.sh"
-    },
-    {
-      "type": "shell",
-      "execute_command": "chmod +x {{ .Path }}; sudo '{{ .Path }}' {{user `install_homer`}} {{user `homer_user`}} {{user `homer_password`}}",
-      "script": "scripts/install_postgresql.sh"
-    },
-    {
-      "type": "shell",
-      "script": "scripts/install_telegraf.sh"
-    },
     {
       "type": "shell",
       "execute_command": "chmod +x {{ .Path }}; sudo '{{ .Path }}' {{build `ID`}}",
@@ -102,12 +89,31 @@
     },
     {
       "type": "shell",
-      "script": "scripts/install_nginx.sh"
+      "execute_command": "chmod +x {{ .Path }}; sudo '{{ .Path }}' {{user `rtp_engine_version`}}",
+      "script": "scripts/install_rtpengine.sh"
     },
     {
       "type": "shell",
-      "execute_command": "chmod +x {{ .Path }}; sudo '{{ .Path }}' {{user `rtp_engine_version`}}",
-      "script": "scripts/install_rtpengine.sh"
+      "script": "scripts/install_os_tuning.sh"
+    },
+    {
+      "type": "shell",
+      "execute_command": "chmod +x {{ .Path }}; sudo '{{ .Path }}' {{user `install_cloudwatch`}}",
+      "script": "scripts/install_cloudwatch.sh"
+    },
+    {
+      "type": "shell",
+      "environment_vars": [
+        "DD_KEY={{user `datadog_key`}}",
+        "DD_INSTALL={{user `install_datadog`}}"
+      ],
+      "execute_command": "chmod +x {{ .Path }}; sudo '{{ .Path }}'",
+      "script": "scripts/install_datadog.sh"
+    },
+    {
+      "type": "shell",
+      "execute_command": "chmod +x {{ .Path }}; sudo '{{ .Path }}' {{user `install_telegraf`}}",
+      "script": "scripts/install_telegraf.sh"
     },
     {
       "type": "shell",
@@ -118,27 +124,6 @@
       "execute_command": "chmod +x {{ .Path }}; sudo '{{ .Path }}' {{user `drachtio_version`}}",
       "script": "scripts/install_drachtio.sh"
     },
-    {
-      "type": "shell",
-      "script": "scripts/install_fail2ban.sh"
-    },
-    {
-      "type": "shell",
-      "script": "scripts/install_telegraf.sh"
-    },
-    {
-      "type": "shell",
-      "execute_command": "chmod +x {{ .Path }}; sudo '{{ .Path }}' {{user `install_homer`}} {{user `homer_user`}} {{user `homer_password`}}",
-      "script": "scripts/install_homer.sh"
-    },
-    {
-      "type": "shell",
-      "script": "scripts/install_influxdb.sh"
-    },
-    {
-      "type": "shell",
-      "script": "scripts/install_grafana.sh"
-    },
     {
       "type": "shell",
       "execute_command": "chmod +x {{ .Path }}; sudo '{{ .Path }}' {{user `jambonz_version`}}",
@@ -147,8 +132,12 @@
     {
       "type": "shell",
       "inline": [
+        "echo iptables-persistent iptables-persistent/autosave_v4 boolean true | sudo debconf-set-selections",
+        "echo iptables-persistent iptables-persistent/autosave_v6 boolean true | sudo debconf-set-selections",
+        "sudo apt-get -y install iptables-persistent",
         "sudo rm -Rf /tmp/*",
         "sudo rm /root/.ssh/authorized_keys",
+        "sudo rm /home/admin/.ssh/known_hosts",
         "sudo rm /home/admin/.ssh/authorized_keys"
       ]
     }

packer/jambonz-sbc-sip-rtp/files/config.json

@@ -1,5 +0,0 @@
-{
-	"APIKEY":"API-KEY-HERE",
-	"LKID":"0",
-	"VERSION":"0.3"
-}

packer/jambonz-sbc-sip-rtp/files/nginx.api

@@ -1,12 +0,0 @@
-server {
-  listen 80;
-  server_name api.your_domain.com;  # enter the app sub-domain that you setup in 11
-  location / {
-    proxy_pass http://localhost:3000; # point the reverse proxy to the api server on port 3000
-    proxy_http_version 1.1;
-    proxy_set_header Upgrade $http_upgrade;
-    proxy_set_header Connection 'upgrade';
-    proxy_set_header Host $host;
-    proxy_cache_bypass $http_upgrade;
-  }
-}

packer/jambonz-sbc-sip-rtp/files/nginx.grafana

@@ -1,12 +0,0 @@
-server {
-  listen 80;
-  server_name grafana.your_domain.com; 
-  location / {
-    proxy_pass http://localhost:3000; 
-    proxy_http_version 1.1;
-    proxy_set_header Upgrade $http_upgrade;
-    proxy_set_header Connection 'upgrade';
-    proxy_set_header Host $host;
-    proxy_cache_bypass $http_upgrade;
-  }
-}

packer/jambonz-sbc-sip-rtp/files/nginx.homer

@@ -1,12 +0,0 @@
-server {
-  listen 80;
-  server_name homer.your_domain.com; 
-  location / {
-    proxy_pass http://localhost:9080; 
-    proxy_http_version 1.1;
-    proxy_set_header Upgrade $http_upgrade;
-    proxy_set_header Connection 'upgrade';
-    proxy_set_header Host $host;
-    proxy_cache_bypass $http_upgrade;
-  }
-}

packer/jambonz-sbc-sip-rtp/files/vimrc.local

@@ -1,5 +0,0 @@
-source /usr/share/vim/vim80/defaults.vim
-let skip_defaults_vim = 1
-if has('mouse')
-  set mouse=r
-endif

packer/jambonz-sbc-sip-rtp/scripts/install_app.sh

@@ -1,22 +0,0 @@
-#!/bin/bash
-VERSION=$1
-
-cd /home/admin
-cp /tmp/ecosystem.config.js apps
-cd apps
-
-cd /home/admin/apps/sbc-options-handler && sudo npm install --unsafe-perm
-cd /home/admin/apps/sbc-inbound && sudo npm install --unsafe-perm
-cd /home/admin/apps/sbc-outbound && sudo npm install --unsafe-perm
-cd /home/admin/apps/sbc-registrar && sudo npm install --unsafe-perm
-cd /home/admin/apps/sbc-call-router && sudo npm install --unsafe-perm
-cd /home/admin/apps/jambonz-api-server && sudo npm install --unsafe-perm
-cd /ho
-sudo npm install -g pino-pretty pm2 pm2-logrotate gulp grunt
-
-sudo -u admin bash -c "pm2 install pm2-logrotate"
-sudo -u admin bash -c "pm2 set pm2-logrotate:max_size 1G"
-sudo -u admin bash -c "pm2 set pm2-logrotate:retain 5"
-sudo -u admin bash -c "pm2 set pm2-logrotate:compress true"
-
-sudo chown -R admin:admin  /home/admin/apps

packer/jambonz-sbc-sip-rtp/scripts/install_datadog.sh

@@ -1,6 +0,0 @@
-#!/bin/bash
-if [ "$1" == "yes" ]; then 
-
-DD_INSTALL_ONLY=true DD_API_KEY=your-dd-key-here bash -c "$(curl -L https://raw.githubusercontent.com/DataDog/datadog-agent/master/cmd/agent/install_script.sh)"
-
-fi

packer/jambonz-sbc-sip-rtp/scripts/install_influxdb.sh

@@ -1,8 +0,0 @@
-#!/bin/bash
-sudo apt-get install -y apt-transport-https
-curl -sL https://repos.influxdata.com/influxdb.key | sudo apt-key add -
-echo "deb https://repos.influxdata.com/debian stretch stable" | sudo tee /etc/apt/sources.list.d/influxdb.list
-sudo apt-get update 
-sudo apt-get install -y influxdb
-sudo systemctl enable influxdb
-sudo systemctl start influxdb

packer/jambonz-sbc-sip-rtp/scripts/install_nginx.sh

@@ -1,14 +0,0 @@
-#!/bin/bash
-
-echo "installing nginx"
-
-sudo apt-get install -y nginx
-
-cd /etc/nginx/sites-available
-sudo mv /tmp/nginx.default default
-
-sudo systemctl enable nginx
-sudo systemctl restart nginx
-
-sudo systemctl status nginx
-sudo journalctl -xe

packer/jambonz-sbc-sip-rtp/scripts/install_nodejs.sh

@@ -1,3 +0,0 @@
-#!/bin/bash
-curl -sL https://deb.nodesource.com/setup_14.x | sudo bash - && sudo apt-get install -y nodejs
-sudo npm install -g pino-pretty pm2 pm2-logrotate

packer/jambonz-sbc-sip-rtp/scripts/install_rtpengine.sh

@@ -1,24 +0,0 @@
-#!/bin/bash
-VERSION=$1
-
-echo "rtpengine version to install is ${VERSION}"
-
-cd /usr/local/src
-git clone https://github.com/BelledonneCommunications/bcg729.git
-cd bcg729
-cmake . -DCMAKE_INSTALL_PREFIX=/usr && make && sudo make install chdir=/usr/local/src/bcg729
-cd /usr/local/src
-
-git clone https://github.com/warmcat/libwebsockets.git -b v3.2.3
-cd /usr/local/src/libwebsockets
-sudo mkdir -p build && cd build && sudo cmake .. -DCMAKE_BUILD_TYPE=RelWithDebInfo && sudo make && sudo make install
-
-cd /usr/local/src
-git clone https://github.com/sipwise/rtpengine.git -b ${VERSION}
-cd rtpengine/daemon
-make with_transcoding=yes
-cp /usr/local/src/rtpengine/daemon/rtpengine /usr/local/bin
-sudo mv /tmp/rtpengine.service /etc/systemd/system
-sudo chmod 644 /etc/systemd/system/rtpengine.service
-sudo systemctl enable rtpengine
-sudo systemctl start rtpengine

packer/jambonz-sbc-sip-rtp/scripts/install_telegraf.sh

@@ -1,11 +0,0 @@
-#!/bin/bash
-echo installing telegraf..
-curl -sL https://repos.influxdata.com/influxdb.key | sudo apt-key add -
-echo "deb https://repos.influxdata.com/debian stretch stable" | sudo tee /etc/apt/sources.list.d/influxdb.list
-sudo apt-get update 
-sudo apt-get install -y telegraf
-
-sudo cp /tmp/telegraf.conf /etc/telegraf/telegraf.conf
-
-sudo systemctl enable telegraf
-sudo systemctl start telegraf

packer/jambonz-sbc-sip/aws/scripts/install_os_tuning.sh

@@ -3,8 +3,7 @@ sudo sed -i '/# End of file/i *                hard       nofile          65535'
 sudo sed -i '/# End of file/i *                soft       nofile          65535'  /etc/security/limits.conf
 sudo sed -i '/# End of file/i root             hard       nofile          65535'  /etc/security/limits.conf
 sudo sed -i '/# End of file/i root             soft       nofile          65535'  /etc/security/limits.conf
-sudo sed -i s/#DefaultLimitNOFILE=/DefaultLimitNOFILE=65535/g /etc/systemd/system.conf
-sudo sed -i s/#DefaultLimitNOFILE=/DefaultLimitNOFILE=65535/g /etc/systemd/user.conf
+sudo sed -i s/^#DefaultLimitNOFILE=.*$/DefaultLimitNOFILE=65535:65535/g /etc/systemd/system.conf
 
 sudo bash -c 'cat >> /etc/sysctl.conf << EOT
 net.core.rmem_max=26214400

packer/jambonz-sbc-sip/aws/template.json

@@ -5,7 +5,7 @@
     "ami_description": "jambonz SBC SIP", 
     "instance_type": "t3.xlarge",
     "drachtio_version": "v0.8.22",
-    "jambonz_version": "v0.8.4-3",
+    "jambonz_version": "v0.8.4-4",
     "ami_base_image_arch": "amd64",
     "ami_base_image_owner": "136693071363",
     "install_datadog": "no",

packer/jambonz-web-server-and-monitoring-server/aws/README.md

@@ -0,0 +1,102 @@
+# packer-jambonz-mini
+
+A [packer](https://www.packer.io/) template to build an AMI containing everything needed to run jambonz on a single EC2 instance.  The base linux distro is Debian 11 (bullseye).
+
+## Installing 
+
+```
+$  packer build -color=false template.json
+```
+
+### variables
+There are many variables that can be specified on the `packer build` command line; however defaults (which are shown below) are appropriate for building an "all in one" jambonz server, so you generally should not need to specify values.
+
+```
+"region": "us-east-1"
+```
+The region to create the AMI in
+
+```
+"ami_description": "EC2 AMI jambonz mini"
+```
+AMI description.
+
+```
+"instance_type": "t2.medium"
+```
+EC2 Instance type to use when building the AMI.
+
+```
+"install_drachtio": "true"
+```
+whether to install drachtio
+
+```
+"install_nodejs": "false",
+```
+whether to install Node.js
+
+```
+"install_rtpengine": "true",
+```
+whether to install rtpengine
+
+```
+"install_freeswitch": "true",
+```
+whether to install freeswitch
+
+```
+"install_drachtio_fail2ban": "true",
+```
+whether to install fail2ban with drachtio filter
+
+```
+"install_redis": "true",
+```
+whether to install redis
+
+```
+"drachtio_version": "v0.8.3"
+```
+drachtio tag or branch to build
+
+```
+"nodejs_version": "v10.16.2",
+```
+Node.js version to install
+
+```
+"freeswitch_bind_cloud_ip": "true"
+```
+If freeswitch is enabled, and cloud_provider is not none then this variable dictates whether freeswitch should bind its sip and rtp ports to the cloud public address (versus the local ipv4 address).
+
+```
+"mod_audio_fork_subprotocol": "audio.jambonz.org"
+```
+websocket subprotocol name used by freeswitch module mod_audio_fork
+
+```
+"mod_audio_fork_service_threads": "3",
+```
+number of libwebsocket service threads used by freeswitch module mod_audio_fork
+
+``
+"mod_audio_fork_buffer_secs": "2",
+```
+max number of seconds of audio to buffer by freeswitch module mod_audio_fork
+
+```
+"freeswitch_build_with_grpc:: "true"
+```
+whether to build support for google speech and text-to-speech services
+
+```
+"remove_source": "true"
+```
+whether to remove source build directories, or leave them on the instance
+
+```
+"cloud_provider": "aws"
+```
+Cloud provider the AMI will be built on.

packer/jambonz-web-server-and-monitoring-server/aws/files/20auto-upgrades

@@ -0,0 +1,2 @@
+APT::Periodic::Update-Package-Lists "0";
+APT::Periodic::Unattended-Upgrade "0";

packer/jambonz-web-server-and-monitoring-server/aws/files/auto-assign-elastic-ip.sh

@@ -0,0 +1,100 @@
+#!/bin/bash
+
+TIMEOUT=20
+PAUSE=5
+
+aws_get_instance_id() {
+	instance_id=$( (curl http://169.254.169.254/latest/meta-data/instance-id) )
+	if [ -n "$instance_id" ];	then return 0; else return 1; fi
+}
+
+aws_get_instance_region() {
+	instance_region=$(curl http://169.254.169.254/latest/meta-data/placement/availability-zone)
+	# region here needs the last character removed to work
+	instance_region=${instance_region::-1}
+	if [ -n "$instance_region" ];	then return 0; else return 1; fi
+}
+
+aws_get_instance_environment() {
+	instance_environment=$(aws ec2 describe-tags --region $instance_region --filters "Name=resource-id,Values=$1" "Name=key,Values=Environment" --query "Tags[*].Value" --output text)
+	if [ -n "$instance_environment" ]; then return 0; else return 1; fi
+}
+
+aws_get_unassigned_eips() {
+	local describe_addreses_response=$(aws ec2 describe-addresses --region $instance_region --filters "Name=tag:Environment,Values=$instance_environment" --query "Addresses[?AssociationId==null].AllocationId" --output text)
+	eips=(${describe_addreses_response///})
+	if [ -n "$describe_addreses_response" ]; then return 0; else return 1; fi
+}
+
+aws_get_details() {
+	if aws_get_instance_id;	then
+		echo "Instance ID: ${instance_id}."
+		if aws_get_instance_region;	then
+			echo "Instance Region: ${instance_region}."
+			if aws_get_instance_environment $instance_id;	then
+				echo "Instance Environment: ${instance_environment}."
+			else
+				echo "Failed to get Instance Environment. ${instance_environment}."
+				return 1
+			fi
+		else
+			echo "Failed to get Instance Region. ${instance_region}."
+			return 1
+		fi
+	else
+		echo "Failed to get Instance ID. ${instance_id}."
+		return 1
+	fi
+}
+
+attempt_to_assign_eip() {
+	local result;
+	local exit_code;
+  	result=$( (aws ec2 associate-address --region $instance_region --instance-id $instance_id --allocation-id $1 --no-allow-reassociation) 2>&1 )
+	exit_code=$?
+	if [ "$exit_code" -ne 0 ]; then
+		echo "Failed to assign Elastic IP [$1] to Instance [$instance_id]. ERROR: $result"
+	fi
+  return $exit_code
+}
+
+try_to_assign() {
+	local last_result;
+	for eip_id in "${eips[@]}"; do
+		echo "Attempting to assign Elastic IP to instance..."
+		if attempt_to_assign_eip $eip_id;  then
+			echo "Elastic IP successfully assigned to instance."
+			return 0
+		fi
+	done
+	return 1
+}
+
+main() {
+	echo "Assigning Elastic IP..."
+	local end_time=$((SECONDS+TIMEOUT))
+	echo "Timeout: ${end_time}"
+
+	if ! aws_get_details; then
+		exit 1
+	fi
+
+	while [ $SECONDS -lt $end_time ]; do
+		if aws_get_unassigned_eips && try_to_assign ${eips}; then
+			echo "Successfully assigned EIP."
+			exit 0
+		fi
+		echo "Failed to assign EIP. Pausing for $PAUSE seconds before retrying..."
+		sleep $PAUSE
+	done
+
+	echo "Failed to assign Elastic IP after $TIMEOUT seconds. Exiting."
+	exit 1
+}
+
+declare instance_id
+declare instance_region
+declare instance_environment
+declare eips
+
+main "$@"

packer/jambonz-web-server-and-monitoring-server/aws/files/cassandra.service

@@ -0,0 +1,16 @@
+[Unit]
+Description=Cassandra
+After=network.target
+
+[Service]
+User=admin
+Group=admin
+ExecStart=/usr/local/cassandra/bin/cassandra -f
+ExecStop=/usr/local/cassandra/bin/nodetool drain
+Type=simple
+Restart=always
+RestartSec=5
+LimitNOFILE=32000
+
+[Install]
+WantedBy=multi-user.target

packer/jambonz-web-server-and-monitoring-server/aws/files/cloudwatch-config.json

@@ -0,0 +1,49 @@
+{
+  "agent": {
+    "run_as_user": "root"
+  },
+  "logs": {
+    "logs_collected": {
+      "files": {
+        "collect_list": [
+          {
+            "file_path": "/home/admin/.pm2/logs/jambonz-feature-server.log",
+            "log_group_name": "jambonz-feature_server",
+            "log_stream_name": "feature-server {ip_address} {instance_id}",
+            "retention_in_days": 3
+          },
+          {
+            "file_path": "/home/admin/.pm2/logs/jambonz-sbc-inbound.log",
+            "log_group_name": "jambonz-sbc-sip-inbound",
+            "log_stream_name": "sbc-inbound {ip_address} {instance_id}",
+            "retention_in_days": 3
+          },
+          {
+            "file_path": "/home/admin/.pm2/logs/jambonz-sbc-outbound.log",
+            "log_group_name": "jambonz-sbc-sip",
+            "log_stream_name": "sbc-outbound {ip_address} {instance_id}",
+            "retention_in_days": 3
+          },
+          {
+            "file_path": "/home/admin/.pm2/logs/jambonz-sbc-sip-sidecar.log",
+            "log_group_name": "jambonz-sbc-sip-sidecar",
+            "log_stream_name": "sbc-sip-sidecar {ip_address} {instance_id}",
+            "retention_in_days": 3
+          },
+          {
+            "file_path": "/home/admin/.pm2/logs/jambonz-api-server.log",
+            "log_group_name": "jambonz-api-server",
+            "log_stream_name": "jambonz-api-server-{ip_address} {instance_id}",
+            "retention_in_days": 3
+          },
+          {
+            "file_path": "/var/log/syslog",
+            "log_group_name": "/var/log/syslog",
+            "log_stream_name": "syslog-{ip_address} {instance_id}",
+            "retention_in_days": 3
+          }
+        ]
+      }
+    }
+  }
+}

packer/jambonz-web-server-and-monitoring-server/aws/files/ecosystem.config.js

@@ -0,0 +1,20 @@
+module.exports = {
+  apps : [
+   {
+       name: 'node-red',
+       cwd: '/home/admin/apps/node-red',
+       script: 'packages/node_modules/node-red/red.js',
+       out_file: '/home/admin/.pm2/logs/node-red.log',
+       err_file: '/home/admin/.pm2/logs/node-red.log',
+       combine_logs: true,
+       instance_var: 'INSTANCE_ID',
+       exec_mode: 'fork',
+       instances: 1,
+       autorestart: true,
+       watch: false,
+       max_memory_restart: '1G',
+       env: {
+       },
+   }
+   ]
+};

packer/jambonz-web-server-and-monitoring-server/aws/files/grafana-dashboard-default.yaml

@@ -3,6 +3,7 @@ apiVersion: 1
 providers:
   - name: Default
     type: file
+    allowUiUpdates: true
     folder: 'jambonz'
     options:
       path: /var/lib/grafana/dashboards

packer/jambonz-web-server-and-monitoring-server/aws/files/grafana-dashboard-servers.json

@@ -17,7 +17,7 @@
   "gnetId": 5955,
   "graphTooltip": 1,
   "id": 4,
-  "iteration": 1604669735342,
+  "iteration": 1639950297319,
   "links": [],
   "panels": [
     {
@@ -1390,7 +1390,7 @@
         "alertThreshold": true
       },
       "percentage": false,
-      "pluginVersion": "7.3.1",
+      "pluginVersion": "7.4.0",
       "pointradius": 5,
       "points": false,
       "renderer": "flot",
@@ -1538,7 +1538,7 @@
         "alertThreshold": true
       },
       "percentage": false,
-      "pluginVersion": "7.3.1",
+      "pluginVersion": "7.4.0",
       "pointradius": 5,
       "points": false,
       "renderer": "flot",
@@ -1677,7 +1677,7 @@
         "alertThreshold": true
       },
       "percentage": false,
-      "pluginVersion": "7.3.1",
+      "pluginVersion": "7.4.0",
       "pointradius": 5,
       "points": false,
       "renderer": "flot",
@@ -1817,7 +1817,7 @@
         "alertThreshold": true
       },
       "percentage": false,
-      "pluginVersion": "7.3.1",
+      "pluginVersion": "7.4.0",
       "pointradius": 5,
       "points": false,
       "renderer": "flot",
@@ -1966,7 +1966,7 @@
         "alertThreshold": true
       },
       "percentage": false,
-      "pluginVersion": "7.3.1",
+      "pluginVersion": "7.4.0",
       "pointradius": 5,
       "points": false,
       "renderer": "flot",
@@ -2108,7 +2108,7 @@
         "alertThreshold": true
       },
       "percentage": false,
-      "pluginVersion": "7.3.1",
+      "pluginVersion": "7.4.0",
       "pointradius": 5,
       "points": false,
       "renderer": "flot",
@@ -2261,7 +2261,7 @@
         "alertThreshold": true
       },
       "percentage": false,
-      "pluginVersion": "7.3.1",
+      "pluginVersion": "7.4.0",
       "pointradius": 5,
       "points": false,
       "renderer": "flot",
@@ -2414,7 +2414,7 @@
         "alertThreshold": true
       },
       "percentage": false,
-      "pluginVersion": "7.3.1",
+      "pluginVersion": "7.4.0",
       "pointradius": 5,
       "points": false,
       "renderer": "flot",
@@ -2567,7 +2567,7 @@
         "alertThreshold": true
       },
       "percentage": false,
-      "pluginVersion": "7.3.1",
+      "pluginVersion": "7.4.0",
       "pointradius": 5,
       "points": false,
       "renderer": "flot",
@@ -2725,7 +2725,7 @@
         "alertThreshold": true
       },
       "percentage": false,
-      "pluginVersion": "7.3.1",
+      "pluginVersion": "7.4.0",
       "pointradius": 5,
       "points": false,
       "renderer": "flot",
@@ -2873,7 +2873,7 @@
       "links": [],
       "nullPointMode": "connected",
       "percentage": false,
-      "pluginVersion": "7.3.1",
+      "pluginVersion": "7.4.0",
       "pointradius": 5,
       "points": false,
       "renderer": "flot",
@@ -3005,7 +3005,7 @@
       "links": [],
       "nullPointMode": "connected",
       "percentage": false,
-      "pluginVersion": "7.3.1",
+      "pluginVersion": "7.4.0",
       "pointradius": 5,
       "points": false,
       "renderer": "flot",
@@ -3139,7 +3139,7 @@
       "links": [],
       "nullPointMode": "connected",
       "percentage": false,
-      "pluginVersion": "7.3.1",
+      "pluginVersion": "7.4.0",
       "pointradius": 5,
       "points": false,
       "renderer": "flot",
@@ -3331,7 +3331,7 @@
       "links": [],
       "nullPointMode": "connected",
       "percentage": false,
-      "pluginVersion": "7.3.1",
+      "pluginVersion": "7.4.0",
       "pointradius": 5,
       "points": false,
       "renderer": "flot",
@@ -3523,7 +3523,7 @@
       "links": [],
       "nullPointMode": "connected",
       "percentage": false,
-      "pluginVersion": "7.3.1",
+      "pluginVersion": "7.4.0",
       "pointradius": 5,
       "points": false,
       "renderer": "flot",
@@ -3726,7 +3726,7 @@
       "links": [],
       "nullPointMode": "connected",
       "percentage": false,
-      "pluginVersion": "7.3.1",
+      "pluginVersion": "7.4.0",
       "pointradius": 5,
       "points": false,
       "renderer": "flot",
@@ -3916,7 +3916,7 @@
       "links": [],
       "nullPointMode": "connected",
       "percentage": false,
-      "pluginVersion": "7.3.1",
+      "pluginVersion": "7.4.0",
       "pointradius": 5,
       "points": false,
       "renderer": "flot",
@@ -4109,7 +4109,7 @@
       "links": [],
       "nullPointMode": "connected",
       "percentage": false,
-      "pluginVersion": "7.3.1",
+      "pluginVersion": "7.4.0",
       "pointradius": 5,
       "points": false,
       "renderer": "flot",
@@ -4247,7 +4247,7 @@
       "links": [],
       "nullPointMode": "connected",
       "percentage": false,
-      "pluginVersion": "7.3.1",
+      "pluginVersion": "7.4.0",
       "pointradius": 5,
       "points": false,
       "renderer": "flot",
@@ -4494,7 +4494,7 @@
       "links": [],
       "nullPointMode": "connected",
       "percentage": false,
-      "pluginVersion": "7.3.1",
+      "pluginVersion": "7.4.0",
       "pointradius": 5,
       "points": false,
       "renderer": "flot",
@@ -4680,7 +4680,7 @@
       "links": [],
       "nullPointMode": "connected",
       "percentage": false,
-      "pluginVersion": "7.3.1",
+      "pluginVersion": "7.4.0",
       "pointradius": 5,
       "points": false,
       "renderer": "flot",
@@ -4828,7 +4828,7 @@
     }
   ],
   "refresh": "5s",
-  "schemaVersion": 26,
+  "schemaVersion": 27,
   "style": "dark",
   "tags": [
     "influxdb",
@@ -4844,6 +4844,7 @@
           "value": "InfluxDB"
         },
         "datasource": "InfluxDB-Telegraf",
+        "description": null,
         "error": null,
         "hide": 0,
         "includeAll": false,
@@ -4863,14 +4864,15 @@
           "selected": true,
           "tags": [],
           "text": [
-            "ip-172-31-33-65"
+            "ip-172-31-0-10"
           ],
           "value": [
-            "ip-172-31-33-65"
+            "ip-172-31-0-10"
           ]
         },
         "datasource": "InfluxDB-Telegraf",
         "definition": "",
+        "description": null,
         "error": null,
         "hide": 0,
         "includeAll": false,
@@ -4899,6 +4901,7 @@
           "value": "$__auto_interval_inter"
         },
         "datasource": null,
+        "description": null,
         "error": null,
         "hide": 0,
         "includeAll": false,
@@ -5011,6 +5014,7 @@
         },
         "datasource": "$datasource",
         "definition": "",
+        "description": null,
         "error": null,
         "hide": 0,
         "includeAll": true,
@@ -5038,6 +5042,7 @@
         },
         "datasource": "$datasource",
         "definition": "",
+        "description": null,
         "error": null,
         "hide": 0,
         "includeAll": true,
@@ -5065,6 +5070,7 @@
         },
         "datasource": "$datasource",
         "definition": "",
+        "description": null,
         "error": null,
         "hide": 0,
         "includeAll": true,

packer/jambonz-web-server-and-monitoring-server/aws/files/jaeger-collector.service

@@ -0,0 +1,15 @@
+[Unit]
+Description=Jaeger Collector
+After=network.target
+
+[Service]
+Environment="SPAN_STORAGE_TYPE=cassandra"
+Environment="CASSANDRA_SERVERS=127.0.0.1"
+Environment="CASSANDRA_KEYSPACE=jaeger_v1_dc1"
+ExecStart=/usr/local/bin/jaeger-collector --cassandra.keyspace=jaeger_v1_dc1 --cassandra.servers=127.0.0.1 --cassandra.username=jaeger --cassandra.password=JambonzR0ck$ --collector.num-workers=50 --collector.queue-size=2000 --collector.http-server.host-port=0.0.0.0:14268
+User=admin
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target
+

packer/jambonz-web-server-and-monitoring-server/aws/files/jaeger-query.service

@@ -0,0 +1,15 @@
+[Unit]
+Description=Jaeger Query
+After=network.target
+
+[Service]
+Environment="SPAN_STORAGE_TYPE=cassandra"
+Environment="CASSANDRA_SERVERS=127.0.0.1"
+Environment="CASSANDRA_KEYSPACE=jaeger_v1_dc1"
+ExecStart=/usr/local/bin/jaeger-query --cassandra.keyspace=jaeger_v1_dc1 --cassandra.servers=127.0.0.1 --cassandra.username=jaeger --cassandra.password=JambonzR0ck$
+User=admin
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target
+

packer/jambonz-web-server-and-monitoring-server/aws/files/jaeger.service

@@ -0,0 +1,11 @@
+[Unit]
+Description=jaeger service unit file.
+After=syslog.target network.target local-fs.target
+
+[Service]
+Type=exec
+ExecStart=/usr/local/bin/jaeger-all-in-one
+
+[Install]
+WantedBy=multi-user.target
+ 

packer/jambonz-web-server-and-monitoring-server/aws/files/nginx.default

@@ -4,7 +4,7 @@ server {
 
     location /api/ {
         rewrite ^/api/(.*)$ /$1 break;
-        proxy_pass http://localhost:3002;
+        proxy_pass http://localhost:3000;
         proxy_set_header Host $host;
     }
 

packer/jambonz-web-server-and-monitoring-server/aws/scripts/install_app.sh

@@ -0,0 +1,30 @@
+#!/bin/bash
+VERSION=$1
+
+cd /home/admin/apps
+cp /tmp/ecosystem.config.js .
+
+echo "building jambonz-api-server.."
+cd /home/admin/apps/jambonz-api-server && npm ci
+echo "building jambonz-webapp.."
+cd /home/admin/apps/jambonz-webapp && npm ci && npm run build
+echo "building public-apps.."
+mkdir -p /home/admin/apps/public-apps
+cd /home/admin/apps/public-apps && npm install
+
+sudo npm install -g pino-pretty pm2 pm2-logrotate gulp grunt
+
+sudo -u admin bash -c "pm2 install pm2-logrotate"
+sudo -u admin bash -c "pm2 set pm2-logrotate:max_size 1G"
+sudo -u admin bash -c "pm2 set pm2-logrotate:retain 5"
+sudo -u admin bash -c "pm2 set pm2-logrotate:compress true"
+
+sudo chown -R admin:admin  /home/admin/apps
+
+sudo cp /tmp/auto-assign-elastic-ip.sh /usr/local/bin
+sudo chmod +x /usr/local/bin/auto-assign-elastic-ip.sh
+
+sudo snap install core
+sudo snap install --classic certbot
+sudo rm /usr/bin/certbot
+sudo ln -s /snap/bin/certbot /usr/bin/certbot

packer/jambonz-web-server-and-monitoring-server/aws/scripts/install_chrony.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+
+sudo apt-get update
+sudo apt-get install -y chrony
+sudo systemctl enable chrony

packer/jambonz-web-server-and-monitoring-server/aws/scripts/install_cloudwatch.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+
+if [ "$1" == "yes" ]; then 
+
+#install cloudwatch
+sudo wget https://s3.amazonaws.com/amazoncloudwatch-agent/debian/amd64/latest/amazon-cloudwatch-agent.deb -O /home/admin/amazon-cloudwatch-agent.deb
+sudo dpkg -i -E /home/admin/amazon-cloudwatch-agent.deb
+sudo rm -rf /home/admin/amazon-cloudwatch-agent.deb
+
+# install config file for jambonz
+sudo cp -r /tmp/cloudwatch-config.json /opt/aws/amazon-cloudwatch-agent/bin/config.json
+
+fi

packer/jambonz-web-server-and-monitoring-server/aws/scripts/install_fail2ban.sh

@@ -1,31 +1,6 @@
 #!/bin/bash
 
 sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
-sudo bash -c "cat >> /etc/fail2ban/jail.local" << EOF
-
-
-[drachtio-tcp]
-maxretry = 1
-bantime = 86400
-enabled  = true
-filter   = drachtio
-port     = 5060
-protocol = tcp
-logpath  = /var/log/drachtio/drachtio.log
-
-[drachtio-udp]
-maxretry = 1
-bantime = 86400
-enabled  = true
-filter   = drachtio
-port     = 5060
-protocol = udp
-logpath  = /var/log/drachtio/drachtio.log
-
-EOF
-
-sudo cp /tmp/drachtio-fail2ban.conf /etc/fail2ban/filter.d/drachtio.conf
-sudo chmod 0644 /etc/fail2ban/filter.d/drachtio.conf
 
 # add nginx jails and filters
 sudo cp /tmp/nginx-noscript.jail /etc/fail2ban/jail.d/nginx-noscript.conf

packer/jambonz-web-server-and-monitoring-server/aws/scripts/install_grafana.sh

@@ -1,4 +1,6 @@
 #!/bin/bash
+if [ "$1" = "yes" ]; then 
+
 curl -sL https://packages.grafana.com/gpg.key | sudo apt-key add -
 echo "deb https://packages.grafana.com/oss/deb stable main" | sudo tee /etc/apt/sources.list.d/grafana.list
 sudo apt-get update 
@@ -8,11 +10,16 @@ sudo mv /tmp/grafana-dashboard-default.yaml /etc/grafana/provisioning/dashboards
 sudo mv /tmp/grafana-datasource.yml /etc/grafana/provisioning/datasources/datasource.yml
 
 sudo mv /tmp/grafana-dashboard-heplify.json /var/lib/grafana/dashboards
-sudo mv /tmp/grafana-dashboard-jambonz.json /var/lib/grafana/dashboards
+sudo mv /tmp/grafana-dashboard-jambonz-cluster.json /var/lib/grafana/dashboards/grafana-dashboard-jambonz.json
 sudo mv /tmp/grafana-dashboard-servers.json /var/lib/grafana/dashboards
 
 sudo chown -R grafana:grafana /var/lib/grafana/dashboards
 sudo chown -R grafana:grafana /etc/grafana/provisioning/dashboards
 
+# move to port 3010
+sudo sed -i -e "s/;http_port = 3000/http_port = 3010/g" /etc/grafana/grafana.ini
+
 sudo systemctl enable grafana-server
 sudo systemctl start grafana-server
+
+fi

packer/jambonz-web-server-and-monitoring-server/aws/scripts/install_homer.sh

@@ -1,17 +1,22 @@
 #!/bin/bash
+if [ "$1" == "yes" ]; then 
+
 DB_USER=$2
 DB_PASS=$3
 
 curl -s https://packagecloud.io/install/repositories/qxip/sipcapture/script.deb.sh | sudo bash
 sudo apt-get install -y homer-app heplify-server
 
+sudo cp /usr/local/homer/etc/webapp_config.json.example /usr/local/homer/etc/webapp_config.json
 sudo sed -i -e "s/homer_user/$DB_USER/g" /usr/local/homer/etc/webapp_config.json
 sudo sed -i -e "s/homer_password/$DB_PASS/g" /usr/local/homer/etc/webapp_config.json
+sudo sed -i -e "s/localhost/127.0.0.1/g" /usr/local/homer/etc/webapp_config.json
 sudo homer-app -create-table-db-config 
 sudo homer-app -populate-table-db-config
 sudo sed -i -e "s/DBUser\s*=\s*\"postgres\"/DBUser          = \"$DB_USER\"/g" /etc/heplify-server.toml
 sudo sed -i -e "s/DBPass\s*=\s*\"\"/DBPass          = \"$DB_PASS\"/g" /etc/heplify-server.toml
 sudo sed -i -e "s/PromAddr\s*=\s*\"\"/PromAddr        = \"0.0.0.0:9096\"/g" /etc/heplify-server.toml
+sudo sed -i -e "s/^HEPWSAddr/#HEPWSAddr/g" /etc/heplify-server.toml
 sudo sed -i -e "s/AlegIDs\s*=\s*\[\]/AlegIDs        = \[\"X-CID\"]/g" /etc/heplify-server.toml
 sudo sed -i -e "s/CustomHeader\s*=\s*\[\]/CustomHeader        = \[\"X-Application-Sid\", \"X-Originating-Carrier\", \"X-MS-Teams-Tenant-FQDN\", \"X-Authenticated-User\"]/g" /etc/heplify-server.toml
 
@@ -22,3 +27,5 @@ sudo systemctl status homer-app
 sudo systemctl enable heplify-server
 sudo systemctl restart heplify-server
 sudo systemctl status heplify-server
+
+fi

packer/jambonz-web-server-and-monitoring-server/aws/scripts/install_influxdb.sh

@@ -0,0 +1,18 @@
+#!/bin/bash
+
+if [ "$1" == "yes" ]; then 
+
+sudo apt-get install -y apt-transport-https
+
+cd /tmp
+wget -q https://repos.influxdata.com/influxdata-archive_compat.key
+gpg --with-fingerprint --show-keys ./influxdata-archive_compat.key
+cat influxdata-archive_compat.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/influxdata-archive_compat.gpg > /dev/null
+echo 'deb [signed-by=/etc/apt/trusted.gpg.d/influxdata-archive_compat.gpg] https://repos.influxdata.com/debian stable main' | sudo tee /etc/apt/sources.list.d/influxdata.list
+
+sudo apt-get update 
+sudo apt-get install -y influxdb
+sudo systemctl enable influxdb
+sudo systemctl start influxdb
+
+fi

packer/jambonz-web-server-and-monitoring-server/aws/scripts/install_jaeger.sh

@@ -0,0 +1,66 @@
+#!/bin/bash
+
+if [ "$1" == "yes" ]; then 
+
+cd /tmp
+
+echo "installing jaeger"
+
+wget https://github.com/jaegertracing/jaeger/releases/download/v1.46.0/jaeger-1.46.0-linux-amd64.tar.gz
+tar xvfz jaeger-1.46.0-linux-amd64.tar.gz
+sudo mv jaeger-1.46.0-linux-amd64/jaeger-collector /usr/local/bin/
+sudo mv jaeger-1.46.0-linux-amd64/jaeger-query /usr/local/bin/
+
+sudo cp jaeger-collector.service /etc/systemd/system
+sudo chmod 644 /etc/systemd/system/jaeger-collector.service
+
+sudo cp jaeger-query.service /etc/systemd/system
+sudo chmod 644 /etc/systemd/system/jaeger-query.service
+
+echo "installing cassandra"
+
+sudo apt-get install -y default-jdk
+
+tar xvfz apache-cassandra-4.1.3-bin.tar.gz
+mv apache-cassandra-4.1.3 /usr/local/cassandra
+sudo cp cassandra.yaml /usr/local/cassandra/conf
+sudo chown -R admin:admin /usr/local/cassandra/
+cat /usr/local/cassandra/conf/cassandra.yaml 
+
+chown -R admin:admin /usr/local/cassandra/
+
+echo 'export PATH=$PATH:/usr/local/cassandra/bin' | tee -a /home/admin/.bashrc
+echo 'export PATH=$PATH:/usr/local/cassandra/bin' | tee -a /etc/profile
+export PATH=$PATH:/usr/local/cassandra/bin
+
+sudo cp cassandra.service /etc/systemd/system
+sudo chmod 644 /etc/systemd/system/cassandra.service
+sudo systemctl enable cassandra
+sudo systemctl start cassandra
+
+echo "waiting 60 secs for cassandra to start.."
+sleep 60
+echo "create jambonz user in cassandra"
+
+export CQLSH_HOST='127.0.0.1'
+export CQLSH_PORT=9042
+export USER_TO_CREATE='jaeger'
+export PASSWORD='JambonzR0ck$'
+cqlsh -u cassandra -p cassandra -e "CREATE ROLE IF NOT EXISTS $USER_TO_CREATE WITH PASSWORD = '$PASSWORD' AND LOGIN = true AND SUPERUSER = false;"
+
+echo "create keyspace and schema for jaeger in cassandra"
+
+export CASSANDRA_HOST="localhost" 
+export CASSANDRA_PORT=9042
+echo "CREATE KEYSPACE IF NOT EXISTS jaeger_v1_dc1 WITH replication = {'class': 'SimpleStrategy', 'replication_factor': '2'}  AND durable_writes = true;"
+cqlsh -u cassandra -p cassandra -e "CREATE KEYSPACE IF NOT EXISTS jaeger_v1_dc1 WITH replication = {'class': 'SimpleStrategy', 'replication_factor': '2'}  AND durable_writes = true;"
+cqlsh -u cassandra -p cassandra -e "GRANT ALL PERMISSIONS ON KEYSPACE jaeger_v1_dc1 TO $USER_TO_CREATE;"
+
+git clone https://github.com/jaegertracing/jaeger.git
+cd jaeger/plugin/storage/cassandra/schema
+MODE=prod DATACENTER=datacenter1 TRACE_TTL=604800 KEYSPACE=jaeger_v1_dc1 ./create.sh | cqlsh localhost -u cassandra -p cassandra
+
+systemctl enable jaeger-collector
+systemctl enable jaeger-query
+
+fi

packer/jambonz-web-server-and-monitoring-server/aws/scripts/install_nginx.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+
+echo "installing nginx"
+
+sudo apt-get install -y nginx
+
+echo "installing apache utils for htpasswd"
+sudo apt-get install -y apache2-utils
+
+sudo systemctl enable nginx
+sudo systemctl restart nginx
+
+# NB: customization of sites-availble handled in terraform / cloudformation userdatra scripts

packer/jambonz-web-server-and-monitoring-server/aws/scripts/install_nodejs.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+curl -sL https://deb.nodesource.com/setup_18.x | sudo bash - && sudo apt-get install -y nodejs
+sudo npm install -g npm@latest
+node -v
+npm -v
+sudo ls -lrt /root/.npm/
+sudo ls -lrt /root/.npm/_logs
+sudo ls -lrt /root/.npm/_cacache
+sudo chmod -R a+wx /root
+sudo chown -R 1000:1000 /root/.npm
+ls -lrt /root/.npm/
+ls -lrt /root/.npm/_logs
+ls -lrt /root/.npm/_cacache

packer/jambonz-web-server-and-monitoring-server/aws/scripts/install_os_tuning.sh

@@ -0,0 +1,16 @@
+#!/bin/bash
+sudo sed -i '/# End of file/i *                hard       nofile          65535'  /etc/security/limits.conf
+sudo sed -i '/# End of file/i *                soft       nofile          65535'  /etc/security/limits.conf
+sudo sed -i '/# End of file/i root             hard       nofile          65535'  /etc/security/limits.conf
+sudo sed -i '/# End of file/i root             soft       nofile          65535'  /etc/security/limits.conf
+sudo sed -i s/^#DefaultLimitNOFILE=.*$/DefaultLimitNOFILE=65535:65535/g /etc/systemd/system.conf
+
+sudo bash -c 'cat >> /etc/sysctl.conf << EOT
+net.core.rmem_max=26214400
+net.core.rmem_default=26214400
+vm.swappiness=0
+vm.dirty_expire_centisecs=200
+vm.dirty_writeback_centisecs=100
+EOT'
+
+sudo cp /tmp/20auto-upgrades /etc/apt/apt.conf.d/20auto-upgrades

packer/jambonz-web-server-and-monitoring-server/aws/scripts/install_postgresql.sh

@@ -1,10 +1,10 @@
 #!/bin/bash
 
+if [ "$1" == "yes" ]; then
+
 DB_USER=$2
 DB_PASS=$3
 
-echo "creating postgresql databases for homer with user ${DB_USER} and password ${DB_PASS}"
-
 sudo apt-get update
 sudo apt-get install -y postgresql
 sudo systemctl daemon-reload
@@ -13,6 +13,8 @@ sudo systemctl restart postgresql
 
 sudo -u postgres psql -c "CREATE DATABASE homer_config;"
 sudo -u postgres psql -c "CREATE DATABASE homer_data;"
-sudo -u postgres psql -c "CREATE ROLE ${DB_USER} WITH SUPERUSER LOGIN PASSWORD '${DB_PASS}';"
+sudo -u postgres psql -c "CREATE ROLE ${DB_USER} WITH SUPERUSER LOGIN PASSWORD '$DB_PASS';"
 sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE homer_config to ${DB_USER};"
 sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE homer_data to ${DB_USER};"
+
+fi

packer/jambonz-web-server-and-monitoring-server/aws/scripts/install_telegraf.sh

@@ -0,0 +1,21 @@
+#!/bin/bash
+
+if [ "$1" == "yes" ]; then 
+
+INFLUXDB_IP=$2
+
+cd /tmp
+wget -q https://repos.influxdata.com/influxdata-archive_compat.key
+gpg --with-fingerprint --show-keys ./influxdata-archive_compat.key
+cat influxdata-archive_compat.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/influxdata-archive_compat.gpg > /dev/null
+echo 'deb [signed-by=/etc/apt/trusted.gpg.d/influxdata-archive_compat.gpg] https://repos.influxdata.com/debian stable main' | sudo tee /etc/apt/sources.list.d/influxdata.list
+
+sudo apt-get update 
+sudo apt-get install -y telegraf
+
+sudo cp /tmp/telegraf.conf /etc/telegraf/telegraf.conf
+
+sudo systemctl enable telegraf
+sudo systemctl start telegraf
+
+fi

packer/jambonz-web-server-and-monitoring-server/aws/template.json

@@ -0,0 +1,160 @@
+{
+  "variables": {
+    "region": "us-east-1",
+    "ssh_username": "admin",
+    "ami_description": "jambonz web+monitoring server", 
+    "instance_type": "t3.xlarge",
+    "jambonz_version": "v0.8.4-4",
+    "ami_base_image_arch": "amd64",
+    "ami_base_image_owner": "136693071363",
+    "install_datadog": "no",
+    "homer_user": "homer_user",
+    "homer_password": "XcapJTqy11LnsYRtxXGPTYQkAnI",
+    "install_telegraf": "yes",
+    "install_influxdb":  "yes",
+    "install_homer":  "yes",
+    "install_jaeger":  "yes",
+    "install_nodered":  "no",
+    "install_cloudwatch":  "yes",
+    "influxdb_ip":  "127.0.0.1"
+
+  },
+  "builders": [{
+    "type": "amazon-ebs",
+    "region": "{{user `region`}}",
+    "source_ami_filter": {
+      "filters": {
+        "virtualization-type": "hvm",
+        "name": "debian-11-{{user `ami_base_image_arch`}}-*",
+        "root-device-type": "ebs"
+      },
+      "owners": ["{{user `ami_base_image_owner`}}"],
+      "most_recent": true
+    },
+    "instance_type": "{{user `instance_type`}}",
+    "ssh_username": "{{user `ssh_username`}}",
+    "ami_name": "jambonz-web-monitoring-{{user `jambonz_version`}}-{{user `ami_base_image_arch`}}-{{isotime |clean_resource_name }}",
+    "ami_description": "{{user `ami_description`}}",
+    "launch_block_device_mappings": [
+      {
+        "device_name": "/dev/xvda",
+        "volume_size": 120,
+        "volume_type": "gp2",
+        "delete_on_termination": true
+      }
+    ],
+    "tags": {
+      "Name": "jambonz-web-monitoring"
+    },
+    "run_tags": {
+      "Name": "jambonz-web-monitoring-build"
+    }
+  }],
+  "provisioners": [
+    {
+      "type": "shell",
+      "inline": [
+        "while [ ! -f /var/lib/cloud/instance/boot-finished ]; do echo 'Waiting for cloud-init...'; sleep 1; done",
+        "sudo apt-get update",
+        "sudo apt-get remove --auto-remove nftables",
+        "sudo apt-get purge nftables",
+        "sudo apt-get -y install python gcc g++ make cmake build-essential git autoconf automake default-mysql-client redis-tools \\",
+        "curl telnet libtool libtool-bin libssl-dev libcurl4-openssl-dev libz-dev systemd-coredump liblz4-tool \\",
+        "libxtables-dev libip6tc-dev libip4tc-dev  libiptc-dev libavformat-dev lsb-release fail2ban \\",
+        "nginx python3-certbot-nginx default-libmysqlclient-dev htop dnsutils gdb snapd \\",
+        "gnupg2 wget pkg-config ca-certificates libjpeg-dev libsqlite3-dev libpcre3-dev libldns-dev libgoogle-perftools-dev",
+        "sudo chmod a+w /usr/local/src",
+        "ssh-keyscan github.com >> ~/.ssh/known_hosts",
+        "mkdir ~/apps",
+        "cd ~/apps",
+        "git config --global advice.detachedHead false",
+        "git clone https://github.com/jambonz/jambonz-api-server.git -b {{user `jambonz_version`}}",
+        "git clone https://github.com/jambonz/jambonz-webapp.git -b {{user `jambonz_version`}}",
+        "git clone https://github.com/jambonz/public-apps.git",
+        "sudo find / -name authorized_keys | sudo xargs -0 -r rm -Rf"
+      ]
+    },
+    {
+      "type": "file",
+      "source": "files/",
+      "destination": "/tmp"
+    },
+    {
+      "type": "shell",
+      "script": "scripts/install_os_tuning.sh"
+    },
+    {
+      "type": "shell",
+      "execute_command": "chmod +x {{ .Path }}; sudo '{{ .Path }}' {{user `install_cloudwatch`}}",
+      "script": "scripts/install_cloudwatch.sh"
+    },
+    {
+      "type": "shell",
+      "execute_command": "chmod +x {{ .Path }}; sudo '{{ .Path }}' {{user `install_homer`}} {{user `homer_user`}} {{user `homer_password`}}",
+      "script": "scripts/install_postgresql.sh"
+    },
+    {
+      "type": "shell",
+      "execute_command": "chmod +x {{ .Path }}; sudo '{{ .Path }}' {{user `install_homer`}} {{user `influxdb_ip`}}",
+      "script": "scripts/install_telegraf.sh"
+    },
+    {
+      "type": "shell",
+      "execute_command": "chmod +x {{ .Path }}; sudo '{{ .Path }}' {{user `install_homer`}} {{user `homer_user`}} {{user `homer_password`}}",
+      "script": "scripts/install_homer.sh"
+    },
+    {
+      "type": "shell",
+      "execute_command": "chmod +x {{ .Path }}; sudo '{{ .Path }}' {{user `install_influxdb`}}",
+      "script": "scripts/install_influxdb.sh"
+    },
+    {
+      "type": "shell",
+      "execute_command": "chmod +x {{ .Path }}; sudo '{{ .Path }}' {{user `install_influxdb`}}",
+      "script": "scripts/install_grafana.sh"
+    },
+    {
+      "type": "shell",
+      "execute_command": "chmod +x {{ .Path }}; sudo '{{ .Path }}' {{user `install_jaeger`}}",
+      "script": "scripts/install_jaeger.sh"
+    },
+    {
+      "type": "shell",
+      "script": "scripts/install_nginx.sh"
+    },
+    {
+      "type": "shell",
+      "script": "scripts/install_chrony.sh"
+    },
+    {
+      "type": "shell",
+      "execute_command": "chmod +x {{ .Path }}; sudo '{{ .Path }}' {{user `install_telegraf`}}",
+      "script": "scripts/install_telegraf.sh"
+    },
+    {
+      "type": "shell",
+      "script": "scripts/install_nodejs.sh"
+    },
+    {
+      "type": "shell",
+      "script": "scripts/install_fail2ban.sh"
+    },
+    {
+      "type": "shell",
+      "execute_command": "chmod +x {{ .Path }}; sudo '{{ .Path }}' {{user `jambonz_version`}}",
+      "script": "scripts/install_app.sh"
+    },
+    {
+      "type": "shell",
+      "inline": [
+        "echo iptables-persistent iptables-persistent/autosave_v4 boolean true | sudo debconf-set-selections",
+        "echo iptables-persistent iptables-persistent/autosave_v6 boolean true | sudo debconf-set-selections",
+        "sudo apt-get -y install iptables-persistent",
+        "sudo rm -Rf /tmp/*",
+        "sudo rm /root/.ssh/authorized_keys",
+        "sudo rm /home/admin/.ssh/known_hosts",
+        "sudo rm /home/admin/.ssh/authorized_keys"
+      ]
+    }
+  ]
+}