echo "

No audio on direct redirect using SIP (external follow up numbers) on Asterisk

I had a set up where incoming calls and outbound calls had audio but when a call was redirected without being picked up to an external number there was no audio. This is probably because direct media is not working through NAT. To work around this I did something like this:

[provider]
type=friend
host=93.184.216.34
disallow=all
nat=yes
qualify=yes
allow=alaw
allow=ulaw
context=in-provider
dtmfmode=rfc2833
deny=0.0.0.0/0
permit=93.184.216.34/32
directmediadeny=93.184.216.34/32

The directmediadeny will make sure direct media will not be used for the IP of the external SIP server. Most of the times this is a quick fix, direct media should work if your NAT set up is OK.

 

Addendum: SimpleHTTP(S) or how to get an SSL terminated file server with 5 lines of Python code...

So in the previous post I already hinted at the possibility of using SimpleHTTP as a basic file server for your mirror. You can use this to publish any folder and I combined some tricks to get this SSL terminated SimpleHTTP server. This is a lot simpler than Apache and a good solution if your only goal is a simple file server.

 

The actual web server (simple-https-server.py)

import BaseHTTPServer, SimpleHTTPServer
import ssl

httpd = BaseHTTPServer.HTTPServer(('', 8443), SimpleHTTPServer.SimpleHTTPRequestHandler)
httpd.socket = ssl.wrap_socket (httpd.socket, certfile='../mirror.pem', keyfile='../mirror.key', server_side=True)
httpd.serve_forever()

The SystemD service. Make sure the user exists and please disable the shell for the simplehttp user in /etc/passwd. (/etc/systemd/system/simplehttp.service)

[Unit]
Description=Job that runs the python SimpleHTTPServer daemon
Documentation=man:SimpleHTTPServer(1)

[Service]
Type=simple
User=simplehttp
WorkingDirectory=/opt/data/mirror/
ExecStart=/usr/bin/python /opt/data/simple-https-server.py &
ExecStop=/bin/kill `/bin/ps aux | /bin/grep SimpleHTTPServer | /bin/grep -v grep | /usr/bin/awk '{ print $2 }'`

[Install]
WantedBy=multi-user.target

And of course, enable and start the service + create the right FW entries. In this example you have a redirect to HTTPS as well.

firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --zone=public --add-port=443/tcp --permanent
firewall-cmd --zone=public --add-masquerade --permanent
firewall-cmd --zone=public --add-forward-port=port=80:proto=tcp:toport=443 --permanent
firewall-cmd --zone=public --add-forward-port=port=443:proto=tcp:toport=8443 --permanent
systemctl enable simplehttp
service simplehttp start

 

Creating a local mirror for Red Hat based systems

I created this script to create a local repository of RPM packages based on the repositories available to the system (very important, otherwise it won't work). To automate initial and further syncs I'm simply using Cron.

The machine is a basic system that is used as a webserver (apache, nginx or python SimpleHTTPServer)

I created a directory for RHEL7 (named "7"), you should do this for all versions, before running the script and started python SimpleHTTPServer in /var/www/html/ and opened port 80 in firewalld. This is just a proof-of-concept so nothing fancy.

This is the script:

#!/bin/bash
BASEDIRECTORY="/var/www/html/redhat/"
while read VERSION REPO; do
reposync --gpgcheck -l --repoid=$REPO --download_path=$BASEDIRECTORY/$VERSION/
if [ ! -d "$BASEDIRECTORY/$VERSION/$REPO/repodata" ]; then
createrepo -v $BASEDIRECTORY/$VERSION/$REPO/
else
createrepo --update -v $BASEDIRECTORY/$VERSION/$REPO/
fi
done <$1

This is the repos file:

7 rhel-7-server-extras-rpm
7 rhel-7-server-optional-rpms
7 rhel-7-server-rh-common-rpms
7 rhel-7-server-rpms
7 rhel-7-server-satellite-tools-6.3-rpms
7 rhel-server-rhscl-7-rpms

And to run it, just do:

sh /root/syncrepos.sh /var/www/repos

For older RHEL repositories, you should put them in the content view (when using Satellite) or make sure you can access them. Since they won't automagically appear in your yum repolist you will have to create a repo file yourself. Copy and adapt the snippet for all repositories and to keep things clean, create a repo file for every Red Hat version. (or CentOS, ...). SSLcerts should be just the same as the ones from a working RHEL7 entry.

/etc/yum.repos.d/rhel6.repo

[rhel-6-server-rpms]
metadata_expire = 1
sslclientcert = /etc/pki/entitlement/6369168190531272611.pem
baseurl = https://prhsv401.belgianrail.be/pulp/repos/YPTO/Library/Mirror/content/dist/rhel/server/6/6Server/$basearch/os
ui_repoid_vars = releasever basearch
sslverify = 1
name = Red Hat Enterprise Linux 6 Server (RPMs)
sslclientkey = /etc/pki/entitlement/6369168190531272611-key.pem
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
enabled = 1
sslcacert = /etc/rhsm/ca/katello-server-ca.pem
gpgcheck = 1

For simpleHTTP you can use these 2 neat tricks:

Run SimpleHTTP as a SystemD service

Enable SSL on SimpleHTTP

dracut-initqueue timeout and root LV missing, some LV's missing in rescue mode

Yesterday I had a machine that stopped booting after an update. What I didn't know was that during issues with yum update the LVM package was removed and after that the initramfs's (all of them) where regenerated. Which resulted in a machine that wasn't able to boot anymore.

The errors (list of search words, not actual since no log exists):

dracut-initqueue timeout
root does not exist
Starting dracut emergency shell
Entering emergency mode
dracut-initqueue[259]: Warning: dracut-initqueue timeout
dracut-initqueue[279] Warning: Could not boot
dracut-initqueue[279] Warning; /dev/mapper/rhel_...-root does not exit
in rescue mode
job timeout
Timed out waiting for dev-mapper-VG\LV.device
unable to mount logic volumes
vgchange missing
lvchange missing

This is how I solved it:

I started a live CD, configured the network and chrooted into the machine and ran (check kernel version and actual initramfs file):

lsinitrd -m –k /boot/initramfs-3.10.0-693.11.1.el7.x86_64.img | grep lvm (returned nothing)
yum install lvm2
dracut -f /boot/initramfs-3.10.0-693.11.1.el7.x86_64.img 3.10.0-693.11.1.el7.x86_64

Since this isn't standard behavior, you should check all services and make sure that your packages are consistent.

yum check all

Fully automated backup of Satellite

Today I created a crontab entry to automate the backup of Satellite using katello-backup. We had this in the past but it was a bit harsh. Now we keep biweekly fulls, daily incrementals and clean up after one month. (as an example). Make sure that the backup doesn't run when you for example run your OpenScap reports, since all services are down during the backup.

#katello backup, biweekly full + daily incremental
0 2 * * 0 root expr `date +\%s` / 604800 \% 2 >/dev/null || (/usr/sbin/satellite-backup --assumeyes /backup/ && ls -td -- /backup/satellite-backup-* | head -n 1 > /backup/latest_full; find /backup/ -type d -ctime +30 -exec rm -rf {} \;)
0 2 * * 2-6 root /usr/sbin/satellite-backup --assumeyes /backup/ --incremental "$(cat /backup/latest_full | head -n1)"
#this checks if the latest backup failed and cleans up anyway to free up space
0 6 * * 0 if [[ $(find "$(cat /backup/latest_full)" -mtime +15 -print) ]]; then find /backup/ -type d -ctime +30 -exec rm -rf {} \;; fi
Home ← Older posts