Part 2: Asterisk in a Cloud

In Part 1 of this two-part series, we covered why you should consider using the Amazon Elastic Compute Cloud (EC2) for your telephony solution.  In this article, we will:

Step 1: Signing-up for Amazon Web Services (AWS)

To use Amazon EC2 or any of the Amazon Web Services, you must first sign-up for service.  If you already have an account with Amazon, you can enable that account for Amazon Web Services.

Then you must enable your Amazon Web Services account for Amazon EC2, by signing-up for Amazon EC2.

After providing Amazon with your credit card information, you will be prompted to either create a new X.509 Certificate, or upload your own. We’ll click on “Create a New X.509 Certificate”. You will presented a warning about how you may only have a single certificate per AWS account, and the importance of keeping your Private key in a secure location known only to you. as we are setting up AWS for the first time, we continue by clicking “Yes.”

A new page will prompt you to download your Private Key File. Download it ands store it securely on your computer. From the same page, Download your X.509 Certificate.

When done, click on “Return to Access Identifier Page”.

Step 2: Setting-up Elastifox

There are several ways to manage your Amazon AWS account: a Java based command line toolset, a beta web based AWS management console, and an open-source Firefox extension called Elasticfox.  For this tutorial, we chose Elasticfox because its ease of use and cross-platform availability.

Installing Firefox

The Elasticfox plug-in requires Firefox version 1.5.0 or later. If you don’t already have it, perform the following steps to install Firefox:

  1. In your current web browser, please go to: http://www.mozilla.com.
  2. Click on the “Download Firefox – Free” button.
  3. Save the file, and follow the installation steps on the acknowledgement page.

Installing the Elasticfox extension

Once Firefox is installed, you can install the Elasticfox extension. To do this, perform the following steps:

  1. In your Firefox web browser, please go to: the Elasticfox Firefox Extension for Amazon EC2 page.
  2. Click on the download button.
  3. After the pop-up box comes up, press the install button.
  4. Your Firefox browser will prompt you to restart your browser. After you restart, you can use Elasticfox.

For more information about Elasticfox, see the Elasticfox Getting Started Guide.

Step 3: Configuring Elasticfox

To start Elasticfox,  launch Firefox, then select Elasticfox from the Tools menu.

Setting up your AWS credentials

Credentials button

The first time you launch Elasticfox, if it doesn’t automatically open a Credentials window, click the Credentials button.

In the Credentials widow:

Credentials Window

Credentials Window

  1. Enter an Account Name (it can be anything you like);
  2. Copy and paste your AWS Access Key (available from the AWS Access Identifiers page);
  3. Copy and paste your AWS Secret Key (available from the AWS Access Identifiers page, you will need to click Show there for the Secret Key to appear);
  4. Click the Add button;
  5. Click the Close button.

Creating a keypair

Amazon EC2 uses an SSH keypair for several purposes, including connecting to instances (an “instance” is a virtual machine, in Amazon EC2 parlance). We need to create an SSH keypair, so you can connect to your instance.

KeyPair Tab

KeyPair Tab

To generate a keypair:

  1. Click on the KeyPairs tab in Elasticfox;
  2. Click on the green key button (towards the upper left), to create a new KeyPair;
  3. A small Javascript box will open.  Enter ec2-keypair for your keypair name;
  4. Click the OK button;
  5. You are now prompted to save the keypair private key.  Save the private key in a new ec2-keys folder off of your home directory.  Set the filename to id_ec2-keypair.  If you are not prompted to save the private key, shutdown and restart Firefox;
  6. Confirm that only the user has read/write permissions on the id_ec2-keypair file.

Step 4.  Configuring an Amazon EC2 instance

Now we configure an Amazon EC2 instance.

Creating an EC2 security group

Security groups control what traffic can reach the instance.  You can think of security groups as inbound firewall rules.  Each Amazon EC2 account automatically comes with a default security group that permits SSH traffic from anywhere.  We’ll need to create a new Asterisk security group.  Multiple instances can share the same security group, useful if your operation grows and needs to scale across multiple servers.

Security Groups

Security Groups

  1. Click on the Security Groups tab in Elasticfox;
  2. Click on the green plus button, a new window will appear;
  3. Type Asterisk in the Group Name field;
  4. Type Security group for Asterisk instances in the Description field;
  5. Select the Enable SSH and RDP for this Host radio button;
  6. Click Create Group.
Create security group

Create security group

Configuring the Asterisk security group

Now that we’ve created a new security group, we need to set the inbound traffic permissions for the group.  Because we selected the  Enable SSH and RDP for this Host option when we created the security group, you should see two permissions for your Asterisk security group.  Select the Asterisk security group entry in the Your Groups column, you should see group permissions matching the image below.  The Source CIDR should match the IP address of your local machine.

Asterisk security group permissions

Asterisk security group permissions

Let’s take a minute to interpret the group permissions.  The group permissions in the image above, mean that Amazon EC2 will allow TCP traffic to port 22 (SSH) and port 3389 (Windows RDP) from the machine at IP address 24.219.19.190 to any instances in the the Asterisk security group.

We are going to setup a Linux instance, so we don’t need port 3389 open.  To remove the permission, select the port 3389 row, then click the red hand button.  You will be asked if you want to revoke the permission, click OK.  You should now only have the TCP port 22 permission entry in the Group Permissions column.

Now we’ll add permissions for some protocols used by Asterisk:

  • ICMP
  • RTP
  • SIP

Let’s let other machines ping our Asterisk box, and send us other ICMP information:

  1. Click the green check button, an Add New Permission for Security Group: Asterisk window will appear;
  2. From the Protocol Details drop-down box, select Other;
  3. From the Protocol drop-down box, select ICMP;
  4. In the Host/Network Details section, select the Network radio button;
  5. Type 0.0.0.0/0 in the Network field;
  6. When your entries match the image below, click Add.
Add ICMP permissions

Add ICMP permissions

Voice traffic travels over RTP, the default configuration for Asterisk is to use UDP ports 10000 – 20000. We want to allow RTP traffic from anywhere.

  1. Click the green check button. An Add New Permission for Security Group: Asterisk window will appear;
  2. From the Protocol Details drop-down box, select Other;
  3. From the Protocol drop-down box, select UDP/IP;
  4. In the first Port Range field, enter 10000;
  5. In the second Port Range field, enter 20000;
  6. In the Host/Network Details section, select the Network radio button;
  7. Type 0.0.0.0/0 in the Network field;
  8. When your entries match the image below, click Add.
Add RTP permissions

Add RTP permissions

Voice signaling traffic travels over SIP: UDP, TCP, and TLS, we want to allow SIP traffic from anywhere.

  1. Click the green check button, an Add New Permission for Security Group: Asterisk window will appear;
  2. From the Protocol Details drop-down box, select Other;
  3. From the Protocol drop-down box, select UDP/IP;
  4. In the first Port Range field, enter 5060;
  5. In the second Port Range field, enter 5060;
  6. In the Host/Network Details section, select the Network radio button;
  7. Type 0.0.0.0/0 in the Network field;
  8. Click Add.
  9. Click the green check button, an Add New Permission for Security Group: Asterisk window will appear;
  10. From the Protocol Details drop-down box, select Other;
  11. From the Protocol drop-down box, select TCP/IP;
  12. In the first Port Range field, enter 5060;
  13. In the second Port Range field, enter 5061;
  14. In the Host/Network Details section, select the Network radio button;
  15. Type 0.0.0.0/0 in the Network field;
  16. Click Add.

Your Asterisk security group permissions should now look like the image below.

Asterisk group permissions

Asterisk group permissions

In the image, you can see that we also included an SSH permission opening SSH traffic from anywhere.

Depending on your Asterisk configuration, you may want to allow additional traffic to your Asterisk instance:

  • IAX2 – UDP port 4569;
  • MGCP – UDP port 2727;
  • SNMP – UDP port 161, limit the network to your monitoring servers.

Follow the same steps as for adding SIP access if you need to add any of these permissions.

Step 5.  Starting the Amazon EC2 instance

Select a region

Select a region

Selecting a region

Amazon EC2 is currently available in two regions: the US and Europe. From the Regions pull-down menu in the upper left corner of the Elasticfox window, select the region closest to your VoIP provider and your extensions in order to minimize call latency. 

Selecting an Amazon Machine Image (AMI)

Think of AMIs as packaged servers.  If you have used VMware, an AMI is like a virtual machine image.  When you create an instance, Amazon EC2, uses the AMI as a template for your virtual machine instance.

Amazon provides base AMIs and Amazon EC2 users can share AMIs with each other.  Now you have two choices, you can either build the Asterisk server yourself by following the instructions below, or you can use Voxilla’s pre-built Asterisk image to eliminate a lot of the heavy lifting.

For this tutorial, we will be using a Fedora 8 Amazon AMI.  If you wWe have also pre-built an Asterisk AMI for you to use.

  1. Select the AMIs and Instances tab in Elasticfox;
  2. In the Machine Images (AMIs) box, copy and paste fedora-8-i386-base-v1.07 into the search box in the upper right corner;
  3. Look in the Manifest column and select the row with ec2-public-images/fedora-8-i386-base-v1.07.manifest.xml.  You can click on the Manifest header to display the names in alphabetical order.  The selection should look like the image below, the AMI ID value may differ if you selected the European region;

    Select AMI

    Select AMI

  4. Click the green power button to launch the instance.  A new window will appear;  

    Launch instance

    Launch instance

  5. In the AKI ID field, enter aki-9b00e5f2;
  6. Set the Instance Type to m1.small (Amazon’s smallest and most affordable instance);
  7. Make sure the KeyPair drop-down is set to ec2-keypair;
  8. Set the instance to launch in the Asterisk security group;
  9. When your settings look like the image above, click Launch.

Your new instance will appear in the Your Instances section at the bottom of the AMIs and Instances tab in Elasticfox.  You will notice that the initial state of your instance is pending.  It will take 30 seconds to 5 minutes for an instance to start.  You can click the blue refresh button in the Your Instances section to refresh the status.

You can check on the status by looking at the State column, the state will change to running when your instance starts.  The Public DNS and Private DNS columns will also contain values.  Your running instance entry should look something like the image below.

 

Your instances

Your instances

One thing worth mentioning is that Amazon EC2 offers a number of pre-configured kernel options, accessible on the Kernels and Ramdisks tab in Elasticfox. In step 5 above, we selected the aki-9b00e5f2 kernel, a Xenified version of the 2.6.18 Linux kernel that is optimized for VoIP.  It is the only kernel configured to use a 1000HZ timer; kernels that use a 100HZ time may cause choppy audio.  

Step 6. Assigning the Elastic IP address

Before we connect to the instance, we will setup the Elastic IP address.  This is basically a static IP address that we can keep and point at whatever instance we like.

Imagine you have a bunch of SIP phones all registered with the Asterisk instance.  If the instance failed or shutdown for some reason, you would want to start a new instance.  Well, that new instance would have a different IP address and your SIP phones wouldn’t work until they re-registered.  By using an Elastic IP address, you can assign the IP address of the old instance to the new instance.  The outage window would only be the amount of time it takes to launch a new instance and transfer the IP address.

If you don’t want to configure an Elastic IP address, you can skip to Step 7. Installing Asterisk.

  1. Note the Instance ID of your running instance, we will need it later.  To get the Instance ID, double click on the instance entry in the Your Instances section of the AMIs and Images (AMIs) tab in Elasticfox.  A new window will open, like the image below.  The Instance ID value begins with i-;      

    Instance details

    Instance details

  2.  Click on the Elastic IPs tab in Elasticfox;
  3. Click the green plus button to allocate a new address;
  4. You will see an IP address appear in the window;
  5. Select the IP address row entry and click the green right arrow button to associate the IP address with an instance.  A new window will appear;     

    Associate instance ID

    Associate instance ID

  6. Select the instance ID of your Asterisk instance;
  7. Click OK to associate the IP address with your instance and close the window;

If you don’t want to keep an Elastic IP address after you shut down your instance, remember to release the address, otherwise Amazon charge you for holding the IP address.

Step 7. Installing Asterisk

We are now ready to connect to our Amazon EC2 instance and install asterisk.

Connecting to an EC2 instance

We will now SSH to our new instance.

  1. Click the AMIs and Instances tab in Elasticfox;
  2. In the Your Instances section, select your running Asterisk instance;     

    Connecting to your instance

    Connecting to your instance

  3. Click the green key button, it may take a few seconds for your SSH client to start;
  4. When SSH asks warns you that the authenticity of the server can’t be established, and asks you if you want to continue, type yes.

You should now see the instance command line, it will look something like the image below.

 

 

Welcome to an EC2 public image

Welcome to an EC2 public image

If SSH rejects your login attempt, check that the keypair file is in the ~/ec2-keys directory and named id_ec2-keypair.  If you are still having trouble, click the Tools button in the upper right corner of Elasticfox.  Make sure your keypair file matches the location and filename format of either the SSH Key Template or the EC2 Private Key Template fields.

Keep the command line window and Elasticfox open, we will use them both throughout the remainder of this tutorial.

Updating the instance

First, we’ll prepare the instance for Asterisk.  Copy the commands below to the instance command line.

# update packages
yum -y update
yum -y update
mkdir /usr/src/digium 

Installing the Digium Asterisk Hardware Device Interface (DAHDI)

DAHDI is a collection of kernel modules that provide hardware drivers for Digium telephony hardware and a timing source (dahdi_dummy). Our virtual instance doesn’t have any telephony hardware, but you may need the dahdi_dummy timing source module.

MeetMe conferencing and the IAX protocol both need a timing source and depend on the dahdi_dummy module.  If you are not using MeetMe or IAX, you can skip to the Installing Asterisk section below.

Building the DAHDI kernel modules will take several hours.

First, we need the right compiler.  The compiler used to build the kernel modules, must match the compiler used to compile the kernel.  Run the following commands in the command line to download and install the compiler (building the compiler will take about an hour).

#get the right compiler for 2.6.18 kernel
cd /usr/src
wget http://gcc.releasenotes.org/releases/gcc-4.0.2/gcc-4.0.2.tar.bz2
tar xjf gcc-4.0.2.tar.bz2
cd gcc-4.0.2
mkdir tmp
cd tmp
../configure --program-suffix=-4.0.2
make
make install

Now that we have the compiler, we can get the kernel source code.  Fortunately, Amazon provides us with the same source code that they used to build the 2.6.18-xenU-ec2-v1.0 kernel.  Run the commands below to get the kernel source code.

yum -y install ncurses-devel ; # needed by menuconfig
# get the kernel source
cd /usr/src
wget http://ec2-downloads.s3.amazonaws.com/xen-3.1.0-src-ec2-v1.0.tgz
tar xzvf xen-3.1.0-src-ec2-v1.0.tgz
# extract the linux-2.6-xenU build and apply the xen patches
cd xen-3.1.0-src-ec2-v1.0

Run the command below to begin the kernel configuration tool.  Remember you can’t change the kernel (you can’t add or remove any static modules built into the kernel), any modules you add need to be configured as dynamic modules.

make linux-2.6-xenU-config

Now we configure the build environment to use the correct compiler.  Copy the following commands to the command line.

# fix the links to the build and source paths
rm -f /lib/modules/2.6.18-xenU-ec2-v1.0/build
ln -s /usr/src/xen-3.1.0-src-ec2-v1.0/build-linux-2.6.18-xenU_x86_32 \
      /lib/modules/2.6.18-xenU-ec2-v1.0/build
rm -f /lib/modules/2.6.18-xenU-ec2-v1.0/source
ln -s /usr/src/xen-3.1.0-src-ec2-v1.0/linux-2.6.18-xen \
      /lib/modules/2.6.18-xenU-ec2-v1.0/source
#configure build to use gcc-4.0.2
cd /usr/src/xen-3.1.0-src-ec2-v1.0
mv linux-2.6.18-xen/Makefile linux-2.6.18-xen/Makefile.orig
sed -e 's_^\(HOSTCC.*=\).*_\1 /usr/local/bin/gcc-4.0.2_' \
    -e 's_^\(CC.*=\).*_\1 /usr/local/bin/gcc-4.0.2_' \
    <linux-2.6.18-xen/Makefile.orig >linux-2.6.18-xen/Makefile

We are now ready to build the kernel environment.  Run the commands below, this process takes about an hour.

#build the kernel
make linux-2.6-xenU-build
make linux-2.6-xenU-install

Now we can download and build DAHDI.  Run the following commands.

#configure dahdi
cd /usr/src/digium 
wget http://downloads.digium.com/pub/telephony/dahdi-linux/dahdi-linux-current.tar.gz
tar xzvf dahdi-linux-current.tar.gz
cd dahdi-linux*
# See http://bugs.digium.com/view.php?id=9592
# comment out #define USE_RTC
mv drivers/dahdi/dahdi_dummy.c drivers/dahdi/dahdi_dummy.c.orig
sed 's|^\(#define USE_RTC\)|/\* \1 \*/|' \
  <drivers/dahdi/dahdi_dummy.c.orig > drivers/dahdi/dahdi_dummy.c
make
make install

Next, we build the DHADI tools.  Run the commands below.

# dahdi tools
cd /usr/src/digium
wget http://downloads.digium.com/pub/telephony/dahdi-tools/dahdi-tools-current.tar.gz
tar xzvf dahdi-tools-current.tar.gz
cd dahdi-tools*
./configure
make
make install
make config
# we only want dahdi_dummy
mv /etc/dahdi/modules /etc/dahdi/modules.orig
echo '# only launch dahdi_dummy' > /etc/dahdi/modules 

Test and make sure DAHDI is working by running the command below.

/etc/init.d/dahdi start
dahdi_test -v

You should see output like:Opened pseudo dahdi interface, measuring accuracy…

8192 samples in 8190.480 system clock sample intervals (99.981%)
8192 samples in 8190.168 system clock sample intervals (99.978%)
8192 samples in 8190.392 system clock sample intervals (99.980%)
8192 samples in 8190.384 system clock sample intervals (99.980%)
8192 samples in 8190.424 system clock sample intervals (99.981%)

Press Control-C when you are done with the test.  You will then see the test results.  They will look something like:

— Results after 7 passes —
Best: 99.983 — Worst: 99.977 — Average: 99.980536, Difference: 99.980537

The closer the average is to 100%, the better your MeetMe conference sound quality will be.

Installing Asterisk

Next, we’ll install all the packages required by Asterisk.  You can exclude any packages you don’t need.  Copy the commands below to the instance command line.

# prep for asterisk install
yum -y install gcc-c++ zlib-devel openssl-devel ncurses-devel gtk2-devel ; # basic installation
yum -y install iksemel-devel ; # chan_gtalk
yum -y install speex-devel ; # speex
yum -y install libogg-devel libvorbis-devel ; # OGG/Vorbis audio
yum -y install curl-devel ; # func_curl
yum -y install unixODBC-devel libtool-ltdl-devel ; # cdr_adaptive_odbc, func_odbc, res_odbc
yum -y install net-snmp-devel bzip2-devel newt-devel lm_sensors-devel ; # res_snmp
yum -y install openldap-devel ; # res_config_ldap,
yum -y install uw-imap-devel ; # IMAP_STORAGE
yum -y install postgresql-devel ; # cdr_pgsql, res_config_pgsql
yum -y install libresample-devel ; # chan_resample
yum -y install radiusclient-ng-devel ; # cdr_radius
yum -y install gtk+-devel ; # pbx_gtkconsole
yum -y install jack-audio-connection-kit-devel ; # app_jack
# postgresql-odbc is available, but is an older version, let's go with 8.3.4
cd /usr/src
wget http://yum.pgsqlrpms.org/reporpms/8.3/pgdg-fedora-8.3-4.noarch.rpm
rpm -U pgdg-fedora-8.3-4.noarch.rpm
yum -y install postgresql-odbc
# configure postgresql-odbc
mv /etc/odbcinst.ini /etc/odbcinst.ini.orig
sed 's/libodbcpsql.so/psqlodbc.so/' </etc/odbcinst.ini.orig >/etc/odbcinst.ini

We are now ready to install Asterisk.  Run the instance commands below.

#get asterisk source
# create source dir
mkdir -p /usr/src/digium
cd /usr/src/digium/
wget http://downloads.digium.com/pub/asterisk/asterisk-1.6-current.tar.gz
tar xzvf asterisk-1.6-current.tar.gz
cd asterisk-1.6.*

If you want support for the iLBC codec, run the following command:

contrib/scripts/get_ilbc_source.sh ; # if you want ilbc codec

Building Asterisk

To configure Asterisk, run the following commands:

./configure
make menuselect

An Asterisk Module and Build Option Selection window will appear.  It will look something like the image below.

Asterisk Module and Build Option Selection

Asterisk Module and Build Option Selection

Use this menu to select which Asterisk Modules you would like to build.  If you know what features you need, for performance reasons, it is generally a good idea to disable the modules you won’t be using.

Because you’ll have plenty of disk space available, it’s not a bad idea to install all the audio prompts.  Otherwise, Asterisk must transcode (convert audio from one encoding to another) the audio prompts each time they are needed, eating up bandwidth cycle and potentially adding to your server costs.  Scroll down to Core Sound Packages and select all the sound files for your languages and codecs.  Do the same for the Music On Hold File Packages and the Extras Sound Packages.

Extras Sound Packages

Extras Sound Packages

When you are done making your selections, press F12 to save and exit.

We are now ready to compile and install Asterisk, run the following commands:

make
make install
make samples
make config
chkconfig asterisk on 

Step 8. Configuring Asterisk

We will now customize Asterisk for the Amazon EC2 environment.

If you’d like to enable SNMP support, review our How To: Monitor Asterisk with SNMP tutorial.

Configuring Asterisk to run as the asterisk user

To improve security, we’ll configure Asterisk to not run as root, run the following commands:

# configure asterisk to not run as root
mkdir /var/run/asterisk
/usr/sbin/groupadd asterisk
/usr/sbin/useradd -d /var/lib/asterisk -g asterisk asterisk
# replace /var/run with /var/run/asterisk
mv -f /etc/asterisk/asterisk.conf /etc/asterisk/asterisk.conf.orig
sed -e 's_\(var/run\)_\1/asterisk_' \
    -e 's_\(\[directories\]\).*_\1_' \
    </etc/asterisk/asterisk.conf.orig > /etc/asterisk/asterisk.conf
# make a backup of /etc/init.d/asterisk
mv /etc/init.d/asterisk /etc/init.d/asterisk.orig
# uncomment AST_USER="asterisk" and AST_GROUP="asterisk"
# replace /var/run/asterisk.pid with /var/run/asterisk/asterisk.pid
sed -e 's/#\(AST_USER="asterisk"\)/\1/' \
    -e 's/#\(AST_GROUP="asterisk"\)/\1/' \
    -e 's_\(/var/run/\)\(asterisk.pid\)_\1asterisk/\2_' \
    </etc/init.d/asterisk.orig >/etc/init.d/asterisk 
# set file permissions for asterisk
chown -R -L asterisk:asterisk /var/lib/asterisk
chown -R -L asterisk:asterisk /var/log/asterisk
chown -R -L asterisk:asterisk /var/run/asterisk
chown -R -L asterisk:asterisk /var/spool/asterisk
chown -R -L asterisk:asterisk /usr/lib/asterisk
chown -R -L root:asterisk /etc/asterisk 
chmod -R u=rwX,g=rX,o= /var/lib/asterisk
chmod -R u=rwX,g=rX,o= /var/log/asterisk
chmod -R u=rwX,g=rX,o= /var/run/asterisk
chmod -R u=rwX,g=rX,o= /var/spool/asterisk
chmod -R u=rwX,g=rX,o= /usr/lib/asterisk
chmod -R u=rwX,g=rX,o= /etc/asterisk
chmod g+w /etc/asterisk/voicemail.conf
chmod g+w,+t /etc/asterisk
chmod +x /etc/init.d/asterisk

Configuring the instance external IP address

The Amazon EC2 instance has an internal private IP address and an external public IP address.  In the commands below, we tell Asterisk it is on a private network, get the public IP address and configure Asterisk to use the public IP address.

# EC2 - get the public IP address of this server
PUBLIC_IP=`curl http://169.254.169.254/latest/meta-data/public-ipv4`
# uncomment ;      localnet=10.0.0.0/255.0.0.0      ; Also RFC1918
# set externip to public IP address
mv -f /etc/asterisk/sip.conf /etc/asterisk/sip.conf.orig
sed -e 's_^;.*\(localnet=10.0.0.0/255.0.0.0\(.*\)\)_\1_' \
    -e "s_^;.*\(externip = \)12.34.56.78 \(.*\)_\1$PUBLIC_IP\2_" \
    </etc/asterisk/sip.conf.orig >/etc/asterisk/sip.conf

Minimizing voice traffic

VoIP traffic has two flows:

  • SIP signaling: Who to call, ringing, callee answered, hangup, busy;
  • RTP media stream: the actual voice traffic.

Routing voice traffic through Amazon EC2 can cost upwards of $0.00017/minute using the G.711 codec, based on the data transfer rates in and out of the cloud.  We want to minimize the amount of voice traffic flowing through the Asterisk server.  This means, when possible, we want end-points (phones, VoIP providers, gateways, etc.) to send the media stream directly between each other.

If your SIP phones and gateways are behind NAT (they have private IP addresses), the RTP media stream will try and use the private IP address of the device, this won’t work across the Internet, so you need to configure the device to use STUN – STUN tells the device what its public IP address is, so the device can use the public IP address in the RTP media stream.  Configuring STUN is device specific, you will need to check your device documentation or find help in the Voxilla Forums.

Another way to minimize voice traffic through the cloud and prevent any CPU intensive transcoding (converting from one codec to another), is to configure your SIP devices to use the same codecs as your VoIP provider.  Refer to the Voxilla Forums for help configuring your SIP device.

There are two SIP configuration settings that will help reduce RTP media traffic traveling through the Asterisk instance.  Run the following command to update the sip.conf file.

# uncomment ;canreinvite=nonat and ;directrtpsetup=yes
mv -f /etc/asterisk/sip.conf /etc/asterisk/sip.conf.orig
sed -e 's_^;\(canreinvite=nonat\(.*\)\)_\1_' \
    -e 's_^;\(directrtpsetup=yes\(.*\)\)_\1_' \
    </etc/asterisk/sip.conf.orig  >/etc/asterisk/sip.conf

Step 9. Creating Amazon Elastic Block Store (EBS) volumes

If you don’t want to create Amazon EBS volumes to store your configuration, voicemail, and log files, you can skip to Step 10. Starting Asterisk.

Until recently, Amazon EC2 didn’t offer persistent disk storage.  If an instance was shut down, the data was lost, unless it was backed up into Amazon S3 or off-site.  Most telephony platforms don’t support Amazon S3, and this storage limitation was an impediment to using Amazon EC2 service for the storage of call logs and voice mail.  Amazon addressed the storage limitation with Amazon Elastic Block Store (EBS).

Amazon EBS provides block level storage volumes for use with Amazon EC2 instances. Amazon EBS volumes are off-instance storage that live independently from the life of an instance.  Shut down an instance, start a new one, reattach the storage and your data is still there, like a removable hard drive.

Creating Amazon EBS volumes

We will create two volumes, one to store the Asterisk configuration and the server logs, the other volume to store voicemail and sound files.  We could create one volume, but using separate volumes improves performance.

  1. Click the AMIs and Instances tab in Elasticfox;
  2. Note the Availablitiy Zone of your running instance, we will use it below; 

    Availability Zone

    Availability Zone

  3. Click the Volumes and Snapshots tab in Elasticfox;     

    Volumes and Snapshots

    Volumes and Snapshots

  4. Click the green plus button to create a new volume, a new window will appear;     

    Create new volume

    Create new volume

  5. Enter 1 in the Size (GB) field.  We will use this volume for the Asterisk configuration and logs, you may want to specify a larger volume (storage is charged at $.10/GB/month), if you plan on storing a lot of logs.
  6. Set the Availability Zone drop-down box to match the availability zone of your running instance, we found the availability zone in step 2 above;
  7. Click Create to create the new volume, you will return to the Volumes and Snapshots tab;
  8. We can now create our second volume, click the green plus button to create a new volume, a new window will appear;
  9. Enter 5 in Size (GB) field.  We will use this volume for the Asterisk sound files and voicemail,  depending on your number of users and how much voice mail they store, you may want to specify a larger volume.
  10. Set the Availability Zone drop-down box to match the availability zone of your running instance, we found the availability zone in step 2 above;
  11. Click Create to create the new volume, you will return to the Volumes and Snapshots tab;

You now have two volumes, the volumes will exist independent of the instances, until you delete them.

Attaching EBS volumes

Now we need to attach our new volumes to our instance.

  1. From the Volumes and Snapshots tab in Elasticfox, select your 1GB Asterisk configuration and logs volume;
  2. Click the green check button;     

    Volumes and Snapshots

    Volumes and Snapshots

  3. A new window will appear;     

    Attach this volume to an instance

    Attach this volume to an instance

  4. Make sure your instance is selected in the Instance ID drop-down box;
  5. Enter /dev/sdb in the Device field;
  6. Click Attach;
  7. From the Volumes and Snapshots tab in Elasticfox, select your 5GB Asterisk sounds and voicemail volume;
  8. Click the green check button;
  9. A new window will appear;
  10. Make sure your instance is selected in the Instance ID drop-down box;
  11. Enter /dev/sdc in the Device field;
  12. Click Attach;

Your Volumes should now look like the image below.

 

Volumes (VOLs)

Volumes (VOLs)

Creating the file system

We are now ready to create the file systems.  We will use the xfs filesystem because it has good performance and is able to be suspended for snapshot backups.

Run the commands below to create and mount the new volumes.

# Create the filesystems and mount them
yum -y install xfsprogs ; # for creating the file systems
mkfs.xfs /dev/sdb
SDB=/mnt/asterisk1
mkdir -p $SDB 
echo "/dev/sdb $SDB xfs noatime 0 0" >> /etc/fstab
mount $SDB
mkfs.xfs /dev/sdc
SDC=/mnt/asterisk2
mkdir -p $SDC 
echo "/dev/sdc $SDC xfs noatime 0 0" >> /etc/fstab
mount $SDC

Moving Asterisk files

Now that we have our volumes created, we can move the Asterisk directories over to the new volumes and setup reference links.

# move configuration files
AST_CONF=/etc/asterisk
mkdir -p $SDB/etc
mv  $AST_CONF $SDB/etc
ln -s $SDB$AST_CONF $AST_CONF
# move log files
mkdir -p $SDB/var/log
mv /var/log/asterisk $SDB/var/log
ln -s  $SDB/var/log/asterisk /var/log/asterisk
chown -R asterisk:asterisk  $SDB
# move sound files
mkdir -p $SDC/var/lib/asterisk
mv /var/lib/asterisk/sounds $SDC/var/lib/asterisk
ln -s $SDC/var/lib/asterisk/sounds /var/lib/asterisk/sounds
# move voicemail files
mkdir -p $SDC/var/spool/asterisk
mv /var/spool/asterisk/voicemail $SDC/var/spool/asterisk
ln -s $SDC/var/spool/asterisk/voicemail /var/spool/asterisk/voicemail
chown -R asterisk:asterisk $SDC

Step 10. Starting Asterisk

Now we can start Asterisk, run the following command to start the asterisk on the command line:

asterisk -cvvvvvvvvvv

If Asterisk starts ok, type:

core stop now

to shutdown Asterisk and exit the Asterisk console.

Then start asterisk as a daemon:

/etc/init.d/asterisk start

Then you can connect to the Asterisk console with the following command:

asterisk -rvvvvvvvvvv

Conclusion

Asterisk is now configured and running the Asterisk sample configuration in an Amazon EC2 instance, congratulations. You can now customize Asterisk to your needs or try one of the many Asterisk configuration tutorials available on the Internet.

Appendix A. Terminating an instance

Follow the steps below to terminate your instance.  Remember, once an instance is terminated, all data not stored on an EBS volume is lost.

  1. Click the AMIs and Instances tab in Elasticfox;
  2. In the Your Instances section, select the instance you want to terminate;

    Your Instances

    Your Instances

  3. Click the red power button;
  4. A confirmation window will appear, click OK to terminate the instance;
  5. In the Your Instances section, you will see the instance State change to shutting down;
  6. Click the blue refresh button, when your instance is terminated, the instance State will change to terminated.

 

Terminated instance

Terminated instance

Appendix B. Releasing an Elastic IP address

When an Elastic IP address is not associated with a running instance, Amazon charges for use of the IP address.  To release an Elastic IP address you no longer need, follow the steps below.

  1. Click the Elastic IPs tab in Elasticfox;
  2. Select the unassociated Elastic IP address;      

    Unassociated Elastic IP address

    Unassociated Elastic IP address

  3. Click the red garbage can button to release the Elastic IP address;
  4. A confirmation window will appear, click OK to release the IP address.

Appendix C. Deleting Amazon EBS volumes

Amazon EBS volumes exist independently of instances. Think of them as removable hard drives.  To delete an EBS volume, follow the steps below.

  1. Click on the Volumes and Snapshots tab in Elasticfox;
  2. In the Volumes (VOLs) section, select the volume you wish to delete;     

    EBS volumes

    EBS volumes

  3. Click the red garbage can button to delete the EBS volume;
  4. A confirmation window will appear, click OK to delete the volume;
  5. The volume status will change to deleting;     

    Deleting EBS volumes

    Deleting EBS volumes

  6. It may take some time for Amazon to delete the volume.
Be Sociable, Share!
  • Pingback: Part 1: VoIP in a Cloud()

  • Pingback: Using Asterisk On Amazon's EC2 Service()

  • Pingback: Disruptive Telephony()

  • So I did some quick calculations to figure out how much Amazon EC2 would cost for a small PBX system. I think your quote in the article of price-per-minute for G.711 is off by a few orders of magnitude. 🙂

    Take a look at this calculation set – let me know if I’m wrong in my figures or assumptions:

    http://www.loligo.com/asterisk/misc/amazon-ec2.xls

    JT

  • Also: Eric, was there any reason to use the ElasticFox software rather than the AWS Console on the web? Is there significant benefit to ElasticFox these days still?

    JT

  • @John,

    You are correct, my math is off by 10^3. I’ll update the article. Don’t do bandwidth calculations late at night on a post-it.

    Your spreadsheet is great. Readers should definitely consider their use case to determine their most cost effective solution. Could you add bandwidth costs calculations to the in-house side?

    I used Elasticfox for the tutorial, because the interface hasn’t changed much and I wasn’t sure if the AWS console interface would change as it progresses from beta to production.

    I do like that Elasticfox can launch the an SSH session with a button click.

  • Great post explaining how to configure various aspects of EC2! If someone wants to explore another Amazon service – S3 I would recommend our very own CloudBerry Explorer. It supports most of the Amazon S3 and CloudFront features and It is a FREEWARE (works only on Windows) . I would also be happy if the author of this post give me his expert opinion on our tool

    Thanks!

  • Pingback: Graves On SOHO VoIP » A Talk In The Clouds: Asterisk on EC2()

  • Sly

    How do we restart the same instance? Do we have to redo the whole setup?

  • Ronald Lewis

    Great to see another Asterisk-EC2 guide