[Freeswitch-users] Compiling under SmartOS

Stanislav Sinyagin ssinyagin at gmail.com
Thu Sep 10 12:39:44 MSD 2015


wiki is updated:
https://freeswitch.org/confluence/display/FREESWITCH/SmartOS

On Thu, Sep 10, 2015 at 6:47 AM, Stanislav Sinyagin <ssinyagin at gmail.com> wrote:
> I saw the profiles binding to TCP 5080 and 5060 (UDP too).
>
> On Sep 10, 2015 1:15 AM, "Support" <support at directvoip.co.uk> wrote:
>>
>> Stanislav,
>>
>> Great progress you have made there, I returned to Debian myself but I
>> believe quite a few smartos guys are running older versions.
>>
>> I'll spin up a smartos box and see if master resolves the issue that was
>> the killer for me: https://freeswitch.org/jira/browse/FS-7991
>>
>> Sip handsets had no problem with TCP but it just wouldn't send through a
>> gateway using TCP.
>>
>> Thanks for everything so far.
>>
>> Regards
>> Darren
>>
>> ________________________________
>> From: Stanislav Sinyagin [mailto:ssinyagin at gmail.com]
>> To: FreeSWITCH Users Help [mailto:freeswitch-users at lists.freeswitch.org]
>> Sent: Wed, 09 Sep 2015 23:57:00 +0000
>> Subject: Re: [Freeswitch-users] Compiling under SmartOS
>>
>> My patches are now in master, so FreeSWITCH can be compiled under any
>> of Solaris derivatives.
>>
>> The -u option will not work in current FreeSWITCH on any of Solaris
>> derivatives, regardless if it's in a zone or not: the -u option causes
>> it to execute setuid() to switch to the unprivileged user. But the
>> problem is, that setuid() sets the effective set of privileges to
>> "basic", and "proc_clock_highres" is not included, even that it is
>> allowed for the process.
>>
>> This piece illustrates this behavior:
>>
>> [root at fs01 ~]# perl -e 'use POSIX; setuid(1000); system("ppriv \$\$")'
>> 4079: ppriv 4079
>> flags = <none>
>> E: basic
>> I: basic
>> P: basic
>> L:
>> basic,contract_event,contract_identity,contract_observer,dtrace_proc,dtrace_user,file_chown,file_chown_self,file_dac_execute,file_dac_read,file_dac_search,file_dac_write,file_owner,file_setid,ipc_dac_read,ipc_dac_write,ipc_owner,net_bindmlp,net_icmpaccess,net_mac_aware,net_observability,net_privaddr,net_rawaccess,proc_audit,proc_chroot,proc_clock_highres,proc_lock_memory,proc_owner,proc_prioup,proc_setid,proc_taskid,sys_acct,sys_admin,sys_audit,sys_fs_import,sys_ip_config,sys_iptun_config,sys_mount,sys_nfs,sys_ppp_config,sys_resource
>>
>>
>> So, switch_core.c needs to be modified to utilize setpflags() and
>> setppriv() if we are under Solaris, and assign "proc_clock_highres" to
>> the process before the timer is initialized. I will propose the patch
>> within a month or so.
>>
>> FreeSWITCH runs fine as root.
>>
>>
>>
>>
>>
>> On Tue, Sep 8, 2015 at 11:54 PM, Stanislav Sinyagin <ssinyagin at gmail.com>
>> wrote:
>> > Darren,
>> >
>> > if the zone has the proc_clock_highres privilege, you can assign it to
>> > the freeswitch user:
>> > usermod -K defaultpriv=basic,proc_clock_highres frsw
>> >
>> > after that, under "su - frsw", FreeSWITCH can start.
>> >
>> > But launching it as root with "-u frsw -g frsw" causes the same
>> > coredump, as timerfd is unavailable for some reason. This needs
>> > further investigation.
>> >
>> > Also inside a zone, -rp does not have any effect on the process
>> > priority, because this needs another privilege: PRIV_PROC_PRIOUP or
>> > PRIV_PROC_PRIOCNTL (see privileges(5)).
>> >
>> > So, there are still obstacles, but we're getting there slowly. But it
>> > looks like you anyway have to have administrative access to the global
>> > zone in order to run FreeSWITCH in a SmartOS zone. So, hosting it at
>> > Joyent doesn't look realistic. Still, it's a very attractive platform
>> > because of its lightweight zones and nice network performance and
>> > built-in ZFS. Soon I will have a test physical server with SmartOS in
>> > my lab, and I can let the interested people access it and test or play
>> > around.
>> >
>> > cheers,
>> > stanislav
>> >
>> >
>> >
>> >
>> >
>> > On Tue, Sep 8, 2015 at 6:59 PM, Support <support at directvoip.co.uk>
>> > wrote:
>> >> Stanislav,
>> >>
>> >> Yes I did use that to get it going but then found that only worked as
>> >> root.
>> >>
>> >> Also, I know for myself, who was in control of the global zone, that
>> >> this
>> >> was a workaround but it was quickly pointed out to me by community
>> >> members
>> >> that this is just a workaround as those just using for example Joyent
>> >> cloud
>> >> or any zone other than on their own server would probably never be
>> >> given
>> >> access to the high res clock.
>> >>
>> >> Regards
>> >> Darren
>> >>
>> >> ________________________________
>> >> From: Stanislav Sinyagin [mailto:ssinyagin at gmail.com]
>> >> To: FreeSWITCH Users Help
>> >> [mailto:freeswitch-users at lists.freeswitch.org]
>> >> Sent: Tue, 08 Sep 2015 16:49:01 +0000
>> >>
>> >> Subject: Re: [Freeswitch-users] Compiling under SmartOS
>> >>
>> >> phew, it started finally.
>> >>
>> >> The correct string is "limit_priv": "default,proc_clock_highres"
>> >>
>> >> After vmadm update, you need to reboot the zone, in order for new
>> >> permissions to propagate to its processes.
>> >>
>> >>
>> >>
>> >>
>> >> On Tue, Sep 8, 2015 at 5:38 PM, Stanislav Sinyagin
>> >> <ssinyagin at gmail.com>
>> >> wrote:
>> >>> no, my bad, it's still failing on the timer. I'll spend some time on
>> >>> it. Feel free to contact me directly on skype or google hangouts or
>> >>> telegram
>> >>>
>> >>> On Tue, Sep 8, 2015 at 5:27 PM, Stanislav Sinyagin
>> >>> <ssinyagin at gmail.com>
>> >>> wrote:
>> >>>> actually the answer about the timer was given in that same chat where
>> >>>> you took part:
>> >>>> http://echelog.com/logs/browse/smartos/1438293600
>> >>>>
>> >>>> I added the following line to the VM manifest json, and then did
>> >>>> "vmadm
>> >>>> update":
>> >>>>
>> >>>> "limit_priv": "default,-proc_clock_highres"
>> >>>>
>> >>>> Now it doesn't complain about the timer. But the master branch still
>> >>>> coredumps for some other reason :)
>> >>>>
>> >>>>
>> >>>>
>> >>>>
>> >>>> On Tue, Sep 8, 2015 at 3:42 PM, Support <support at directvoip.co.uk>
>> >>>> wrote:
>> >>>>> Stanislav,
>> >>>>>
>> >>>>> I cannot help with this, my skills don't reach that far but I can
>> >>>>> point
>> >>>>> you
>> >>>>> in the right direction.
>> >>>>>
>> >>>>> I had the same problem and it seems to be related to something
>> >>>>> called
>> >>>>> timerfd. Using the ppriv command you can see freeswitch is wanting
>> >>>>> access to
>> >>>>> the high res clock, something not available to smartos zones with
>> >>>>> the
>> >>>>> default privileges.
>> >>>>>
>> >>>>> I did manage to mess with the smartos privileges and get it to run
>> >>>>> at
>> >>>>> one
>> >>>>> time but it was only when running as root.
>> >>>>>
>> >>>>> If you actually used an older version of smartos, I think the one I
>> >>>>> used
>> >>>>> is
>> >>>>> dated around january this year, then it will compile fine and use
>> >>>>> some
>> >>>>> sort
>> >>>>> of other timing method.
>> >>>>>
>> >>>>> This timerfd thing, thing relates to freeswitch finding a file
>> >>>>> called
>> >>>>> timerfd.h that didn't appear in smartos zones until about march this
>> >>>>> year,
>> >>>>> something to do with lx brand I think.
>> >>>>>
>> >>>>> I have just looked and the smartos version that will compile is
>> >>>>> 20150108T111855Z, obviously it would be better on the newer.
>> >>>>>
>> >>>>> Compiling on the above smartos version and then running it on newer
>> >>>>> is
>> >>>>> no
>> >>>>> problem which is what I ended up doing.
>> >>>>>
>> >>>>> Hope this helps
>> >>>>>
>> >>>>> Regards
>> >>>>> Darren
>> >>>>>
>> >>>>> ________________________________
>> >>>>> From: Stanislav Sinyagin [mailto:ssinyagin at gmail.com]
>> >>>>> To: FreeSWITCH Users Help
>> >>>>> [mailto:freeswitch-users at lists.freeswitch.org]
>> >>>>> Sent: Tue, 08 Sep 2015 07:55:37 +0000
>> >>>>> Subject: Re: [Freeswitch-users] Compiling under SmartOS
>> >>>>>
>> >>>>>
>> >>>>> See the update at https://freeswitch.org/jira/browse/FS-7967
>> >>>>>
>> >>>>> I fixed the compilation problems, and now there's a runtime issue.
>> >>>>>
>> >>>>> On Mon, Aug 17, 2015 at 10:40 AM, Stanislav Sinyagin
>> >>>>> <ssinyagin at gmail.com> wrote:
>> >>>>>> I see there are some people on the list, working with SmartOS.
>> >>>>>>
>> >>>>>> The current master fails to compile:
>> >>>>>> https://freeswitch.org/jira/browse/FS-7967
>> >>>>>>
>> >>>>>> Your input will be appreciated.
>> >>>>>>
>> >>>>>> I just started looking around and getting the feeling what SmartOS
>> >>>>>> is.
>> >>>>>> I worked with Solaris quite a lot, but that was almost 10 years
>> >>>>>> ago.
>> >>>>>
>> >>>>>
>> >>>>>
>> >>>>> _________________________________________________________________________
>> >>>>> Professional FreeSWITCH Consulting Services:
>> >>>>> consulting at freeswitch.org
>> >>>>> http://www.freeswitchsolutions.com
>> >>>>>
>> >>>>> Official FreeSWITCH Sites
>> >>>>> http://www.freeswitch.org
>> >>>>> http://confluence.freeswitch.org
>> >>>>> http://www.cluecon.com
>> >>>>>
>> >>>>> FreeSWITCH-users mailing list
>> >>>>> FreeSWITCH-users at lists.freeswitch.org
>> >>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> >>>>>
>> >>>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> >>>>> http://www.freeswitch.org
>> >>>>>
>> >>>>>
>> >>>>>
>> >>>>>
>> >>>>> _________________________________________________________________________
>> >>>>> Professional FreeSWITCH Consulting Services:
>> >>>>> consulting at freeswitch.org
>> >>>>> http://www.freeswitchsolutions.com
>> >>>>>
>> >>>>> Official FreeSWITCH Sites
>> >>>>> http://www.freeswitch.org
>> >>>>> http://confluence.freeswitch.org
>> >>>>> http://www.cluecon.com
>> >>>>>
>> >>>>> FreeSWITCH-users mailing list
>> >>>>> FreeSWITCH-users at lists.freeswitch.org
>> >>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> >>>>>
>> >>>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> >>>>> http://www.freeswitch.org
>> >>
>> >>
>> >> _________________________________________________________________________
>> >> Professional FreeSWITCH Consulting Services:
>> >> consulting at freeswitch.org
>> >> http://www.freeswitchsolutions.com
>> >>
>> >> Official FreeSWITCH Sites
>> >> http://www.freeswitch.org
>> >> http://confluence.freeswitch.org
>> >> http://www.cluecon.com
>> >>
>> >> FreeSWITCH-users mailing list
>> >> FreeSWITCH-users at lists.freeswitch.org
>> >> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> >>
>> >> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> >> http://www.freeswitch.org
>> >>
>> >>
>> >>
>> >> _________________________________________________________________________
>> >> Professional FreeSWITCH Consulting Services:
>> >> consulting at freeswitch.org
>> >> http://www.freeswitchsolutions.com
>> >>
>> >> Official FreeSWITCH Sites
>> >> http://www.freeswitch.org
>> >> http://confluence.freeswitch.org
>> >> http://www.cluecon.com
>> >>
>> >> FreeSWITCH-users mailing list
>> >> FreeSWITCH-users at lists.freeswitch.org
>> >> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> >>
>> >> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> >> http://www.freeswitch.org
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://confluence.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://confluence.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org



Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list