"acme_account_email"
Domain type: master
Value type: str
Default: str
|
E-mail address for notification of operations during the operation of the service
automatic generation of LetsEncrypt SSL certificates. Filling this field will activate the service for all domains.
Further settings control each domain individually (fields 'acme_enabled' and 'acme_subdomains').
|
"acme_enabled"
Domain type: any
Value type: int
Default: 0
|
LetsEncrypt automatic SSL certificate generation service activity for the domain.
The service requires 'acme_account_email' to be configured in the master domain.
On successful generation, the certificate is automatically uploaded to the 'certificate_pem'.
The certificate is issued for 3 months and automatically renews.
If the value of the 'certificate_pem' field is filled manually (has no special signature), the automatic generation service is forcibly deactivated.
If the service is inactive, when a TLS request is made to the domain, the certificate will be searched for in the chain of parent domains by name
(up to the master if the current domain name is inherited from the master domain name). This is done with the expectation that
in the presence of a certificate in the parent domain, the name of the current domain is added to it as a child domain (manually or with the help of 'acme_subdomains').
If no certificate is loaded in any of the parent domains, the certificate from the configuration settings is applied (it is on disk at the path set in the configuration).
|
"acme_subdomains"
Domain type: any
Value type: str
Default: str`
|
Listing of child domains whose names should be included in the automatically generated SSL Certificate LetsEncrypt.
Applies only when the automatic SSL certificate generation service is active ('acme_enabled').
|
"alertcall_defaults"
Domain type: working
Value type: object
Default: { … }
|
|
"ap_constants"
Domain type: any
Value type: object
Default: { … }
|
Set of domain constants for autoprovision templates (see role ap).
|
"ap_options"
Domain type: master
Value type: object
Default: `
{
"masks": [
"{MAC}[.].",
"cfg{MAC}[.].",
"SEP{MAC}[.].*",
"type=ctl|CTLSEP{MAC}[.]tlv",
"type=itl|ITLSEP{MAC}[.]tlv"
],}
|
Set of options for microservice operation autoprovision.
-
masks - File name masks by which MAC addresses are recognized in TFTP requests for configuration files. The basic format is regular expressions with a {MAC} block that is substituted for the search pattern.
A type (default cfg) can be specified up front, separated by a vertical dash, to distinguish between the different configuration options required by the device.
If a type is specified and is different from cfg, it will be added as the final extension when searching for the template file.
For example, a query by the Cisco CP-9971 phone for the file CTLSEP1234123412341234.tlv will result in the following pattern type=ctl|CTLSEP{MAC}[.]tlv by it the service will search for files by descending priority: "Cisco CP-9971.tlv.ctl", "cisco cp-9971.tlv.ctl", "Cisco.tlv.ctl", "cisco.tlv.ctl".
Next, as described sipuser.opts.ap_devices.
|
"auto_model_db_mode"
Domain type: any
Value type: str
Default: default
|
Mode of selecting the name of the postgresql model database in automatic mode (if the specific connection is not specified in the stores, and the mode is selected 'auto')
Possible values:
-
default - Selects the mode based on the field value set in the master domain [auto_model_db_mode_default].
-
separated - An additional database is created next to the main domain database.
-
embedded - The schemas of the model database are placed in the main domain database.
|
"auto_model_db_mode_default"
Domain type: master
Value type: str
Default: separated
|
Mode for selecting the postgresql model database name in automatic mode for all domains where the mode is not overridden by the parameter [auto_model_db_mode].
It is used so that when a domain is created, an additional database is not hastily created if it is necessary to reduce the number of databases on the database server when there are a large number of unloaded domains.
|
"azure_cloud"
Domain type: working
Value type: object
Default: { … }`
|
Connection parameters to Azure.
The root value of 'speech' refers to the 'default' account that is set to the component by default.
Thus, when using only one account for a domain, you do not need to set the 'accounts' field.
The speech object supplies data to connect to the Yandex-cloud SpeechKit service:
-
apiKey - Authorization API key (SubscriptionId). It is specially created to connect to the Speech cloud service Azure.
-
uri_asr_short - Optional parameter. URI to connect to the Azure cloud short audio recognition service. Default: 'https://%REGION%.stt.speech.microsoft.com/speech/recognition/conversation/cognitiveservices/v1'.
-
uri_tts - Optional parameter. URI to connect to the Azure cloud speech synthesis service. Default: 'https://%REGION%.tts.speech.microsoft.com/cognitiveservices/v1'.
-
region - parameter is required if uri_asr_short is not used. The region value is substituted into the macro %REGION%.
Example 1
{
"speech" : {
"apiKey" : "6nBS8zU7WzGg2VYspx2Ag5G9eavE3eTNV5ByH7",
"region": "northeurope"
}
}
Example 2
{
"accounts" : [{
"My Account B" : {
"speech" : {
"uri_asr_short" : "https://northeurope.stt.speech.microsoft.com/speech/recognition/conversation/cognitiveservices/v1",
"apiKey" : "6nBS8zU7WzGg2VYspx2Ag5G9eavE3eTNN3ByH7"
}
},
"My Account C" : ...,
...
}
]
}
You can set them simultaneously, then both the 'default' account settings and the settings of the listed accounts will be listed.
|
"billing_options"
Domain type: master
Default:
{
"enabled": true,
"protocol": "radius",
"sipcode": 403,
"statusline": "Forbidden",
"reason": "Insufficient funds",
"radius": {
"access_servers": [
"192.168.0.112:2813",
"172.27.1.112:2813"
],
"accounting_servers": [
"192.168.0.112:2812",
"172.27.1.112:2812"
],
"attempt_count": 3,
"failover_mode": "restrict",
"interim_update_int1erval_ms": 60000,
"request_timeout_ms": 1000,
"secret": "asdfghjkl",
"select_mode": "leader",
"selected_retransmit_count": 2
}
}
|
Parameters for connecting to and using the billing system.
Billing applies to call shoulders established with providers (upstream) whose accounts have appropriate option enabled.
Caller-Id and Called-Id numbers are accepted as Caller-Id and Called-Id numbers from the external number plan.
Protocol supported RADIUS (RFC-2865, RFC-2866, RFC-2869, RFC-6929).
Sequence of calls to the billing system within the framework of servicing one dialog:
-
Before the initiation of a fork-rule, a request is made access.
-
After the response, the inquiry is carried out accounting:start.
-
Periodically during an active dialog, a request is made to accounting:interim_update.
-
When the dialog is broken, a request is made accounting:stop.
The billing system is accessed as part of the service of each dialog by the microservice esg.
If there is a dialog between two external subscribers, the shoulder of each of which is served by an account with the billing option enabled, then each of the shoulders has its own CallId and represents a separate dialog in terms of interaction with the billing system.
When interacting with the billing system, the dialog time can be reduced based on its responses.
-
enabled - Global billing switch. Default false.
-
protocol - Protocol selection. Possible values: 'radius'.
-
sipcode - The SIP code for the rejection message in case the call is denied by the external billing system. Default 403.
-
statusline - A SIP response string for a rejection message if the call is denied by the external billing system. Default 'Forbidden'
-
reason - Reason string for the Reason header of the rejection message if the call is denied by the external billing system.
-
radius - Options for connecting to the billing system via protocol RADIUS.
Connection options to RADIUS:
-
access_servers - List of connection points to the billing system (address:port). Used for sending requests Access.
-
accounting_servers - List of connection points to the billing system (address:port). Used for sending requests Accounting (start, stop, interim_update).
-
attempt_count - Number of attempts to resend the request. This is used if there is no response within a specified time interval. Default 3.
-
request_timeout_ms - Timeout to wait for a response to a sent request. Default 1000.
-
failover_mode - Mode of operation in case of no response from the billing system. Options: 'permit' - continue the call, 'restrict' - block the call. By default 'restrict'.
-
select_mode - Mode of connection point selection. Options: 'leader' - in order of priority, 'random' - randomly. Calculated in each dialog independently. By default 'leader'.
-
selected_retransmit_count - The number of attempts to resend the request to the previously selected connection point before selecting the next one. Default 2.
-
interim_update_interval - Period for sending accounting:interim_update request, seconds. Default 60.
-
disable_authenticator_check - Switch to check the Authenticator field in RADIUS server responses.
-
secret - A secret string for encrypting values.
-
password - Password.
|
"blf_details_enabled"
Domain type: working
Value type: boolean
Default: false
|
Turns off the call details mode when sending BLF notifications. If the mode is disabled, call details will not be detailed even if the corresponding rules are configured for subscribers.
|
"blf_external_numbers"
Domain type: working
Value type: Array<str>
Default: []
|
Optional list of external numbers whose state is placed in the repository and available for BLF subscriptions and notifications.
Successful subscription requires resolution.
The number must be available in routing to the subscriber subscribing.
The subscribed subscriber will be notified of the state change when the number exactly matches the URI.username of one of the parties to the dialog served by the B2B microservice (To and From headers of the SIP request INVITE).
It is important that when configuring the blf_external_numbers field, it is the URI.username number that is specified, and that it is also specified when configuring the BLF function in the device.
When subscribing to IVR-featurecode numbers, the number will be replaced by "ivr-Extension".
If the specified number is assigned as an internal number of one of the domain users, it is not considered as an external number.
Specified external numbers are tracked across all domains to ensure that a dialog can be subscribed to if in reality the call is made through a provider account in another domain.
|
"block_response_malware"
Domain type: master
Value type: int
Default: 1
|
The value 1 means to block sending 4xx-6xx responses to SIP requests containing unknown domain names in the To field.
Used in microservices that process SIP signaling: sg, esg, b2b, ivr, conf, prompt..
|
"callscrcode_context"
Domain type: any
Value type: str
Default: str_empty
|
Call context handling service script code.
Runs in the master domain at the same time as any call and is supplied with all events of the callevents class via the scripting integration mechanism.
The context script is terminated forcibly at the same time as the call is terminated.
If the script terminates before the call is completed, the events stop being sent.
The script does not run if the field is empty or the code is incorrect.
A context script can pass events to the context scripts of any domain in the tree by first running it there in asynchronous mode with the "Script Run" component".
|
"certificate_pem"
Domain type: any
Value type: str
Default: str_empty
|
The contents of the certificate pem file (contains both the private key and certificates for domains).
When making a TLS request to the system, the certificate of the domain whose name the connection is addressed to is predominantly used.
If there is no domain or setting (empty value), the certificate of the parent domain is used, and so on up to the master domain.
If no certificate is configured in any of the ancestor domains, the certificate specified in the configuration settings for the current instance of the web server role is applied.
|
"default_domain"
Domain type: master
Value type: string
Default: str_emtpy
|
Domain substituted automatically in the web application when the authorization window is displayed.
If an empty value is specified, a single first-level working domain or a single master domain is automatically substituted.
Otherwise, the value 'defaultDomain' from the file is substituted 'defaults.json' (/rest/v1/public/resources/defaults.json).
Otherwise, the field is left blank.
|
"disabled_plugins"
Domain type: master
Value type: object
Default:
{
"events": []
}
|
Allows you to turn off some of the built-in plugins in order to save resources.
For example, to disable CDR event processing for the purpose of CTI event preparation (grpc). To do this, the disabled ones must be listed in the 'events' list. "cti".
|
"email_to_fax"
Domain type: working
Value type: object
Default:
{
"caller_id": "fax",
"caller_name": "fax",
"enabled": false
}
|
Parameters for operation of the service of receiving a letter by e-mail and sending an attachment by fax.
A role is required for the service to work email.
The service subscribes to email/Messages changes and when creating a new email it runs the system service script svc_email_to_fax, which requests all unsent messages, for each of them a dial-up is performed with the ivr script ivr_email_to_fax running to send a fax.
In doing so, the letter must meet the following requirements:
-
the subject line says fax:number, e.g. - fax:1234567
-
only one attachment
-
an attachment can be in one of the following formats: bmp, jpeg, pdf, png, svg.
The result of mail processing will be entered into the statusText field of email/Messages class, possible values:
-
call_error - error dialing the number. Considered unsuccessful, will retry to send.
-
error_bad_email_format - incorrect email format. It is considered an error and will not be sent again.
-
convert_error - error converting attachment to tiff. This is considered an error and will not be resent.
-
send_error - error sending a fax. It is considered an error and will not be resent.
-
sending - fax sending is started. It is considered successful, there will be no retry.
-
completed - the fax transmission is complete. It is considered successful and will not be retried.
all other statuses are considered unprocessed.
Available properties email_to_fax:
-
account_id - account identifier (email/Accounts) from which emails will be processed.
-
script_user_login - login of the user on behalf of whom requests to the class will be executed email/Messages.
-
caller_id - The number that will be substituted when you make a call to send a fax.
-
caller_name - the display name (display_name) that will be substituted when you make a call to send a fax.
-
enabled - an indication of service activity.
For example
{
"account_id": "6dc58a05-0181-858c-e683-00e04c42bef0",
"caller_id": "fax",
"caller_name": "fax",
"enabled": true,
"script_user_login": "admin"
}
|
"ext"
Domain type: any
Value type: object
Default: {"a":1}
|
Arbitrary domain-wide values used in plugins and external design settings.
Among others:
-
default_sipuser_noreg_gates - default values for unregistered sipuser accounts, applied as the value of the devices.gates field if the account contains an empty value or an empty list there.
-
default_provider_srvidxs - default value for provider accounts in the current domain, applied as the value of the serveridxs field if the account contains an empty list there.
|
"fax_to_email"
Domain type: working
Value type: object
Default: {}
|
Parameters to work with featurecode fax_to_email.
Available properties:
For example
{
"receivers": [
"email1@gmail.com",
"email2@gmail.com"
],
"account_id": "6dc58a05-0181-858c-e683-00e04c42bef0"
}
|
"https_host"
Domain type: master
Value type: str
Default: empty
|
DNS name to which the call is routed to the web server of the installed system.
Used when xref:configuration:roles/ws.adoc#ports_mode of http request processing is disabled on web servers.
Applies to:
-
when generating access point URLs for product layer microservices.
-
when the webserver redirects from http to https in https+redir, if the http call is made to a URL with the server’s IP address.
|
|
If the parameter is changed and http service is disabled in the configuration of webservers, it is necessary to restart product microservices or entire nodes with roles msvc.
The parameter value is cached for 30 seconds, so you must wait this time before performing operations that wait for the parameter to be applied.
|
|
"hunt_sipuser_superstate"
Domain type: working
Value type: int
Default: 0
|
Switch to bind the 'registered' state of a sipuser account to the 'registered' state of a linked user account for use in the personal queue and hunt-group service.
If enabled, the user must be authorized through the application and web socket channel for the resource to be released.
Applied by microservice 'hunt' when determining the availability state of a resource.
|
"iam_general_svcscript_code"
Domain type: master
Value type: str
Default: empty
|
The code of the service script used to perform user authentication (account password verification) for the entire system in an enforced manner.
1 – Domain;
2 – Login;
3 – Password.
The script must terminate with a STOP component, contain a variable named result and a value of 1,0,true,false.
If for some reason the script terminates with an error, does not terminate correctly, does not contain a specified variable or does not have a correct value set for it, the standard mechanism of user authorization through the domain center is applied. This is a protection against script failures to avoid loss of access to the system.
The script is created and executed in the master domain. No more than 5 seconds are allocated for script execution.
If no script is specified, the standard password validation mechanism in the domain center is used, or the domain service script specified in the parameter iam_domain_svcscript_code.
Authorization under the backup master-admin account is performed without running the script.
|
"iam_domain_svcscript_code"
Domain type: any
Value type: str
Default: empty
|
The code of the service script used to perform user authentication (account password verification) for domain accounts, provided that no master identity script is specified in the master domain.
1 – Domain;
2 – Login;
3 – Password.
The script must terminate with a STOP component, contain a variable named result and a value of 1,0,true,false.
If for some reason the script terminates with an error, does not terminate correctly, does not contain a specified variable or does not have a correct value set for it, the standard mechanism of user authorization through the domain center is applied. This is a protection against script failures to avoid loss of access to the system.
The script is created and executed in the domain to which the authorization is being performed.
If no script is specified, the standard password validation mechanism in the domain center is used.
If the iam_general_svcscript_code identification master script is created in the master domain, this script is not applied.
Authorization under the backup master-admin account is performed without running the script.
|
"iam_token_svcscript_code"
Domain type: master
Value type: str
Default: empty
|
The code of the service script used to perform user identification when authorizing by external token.
The script is created and executed in the master domain. No more than 15 seconds are allocated for script execution.
In particular, this script applies as a binding script when authorizing via OAuth if the entity OAuth provider mode is set to login_mode = script.
1 – Token. If used as a binding script when authorizing via OAuth, this is the identifier query.
2 - For OAuth binding, this is the authorization provider entity.
3 - For OAuth binding, this is the entity authorization request.
4 - For OAuth binding, this is the "address:port" of the pir.
The script must terminate with a STOP component, contain a variable named result and a value of 1,0,true,false.
If authorization is successful ('result' = 1 or "true"), then values must be assigned to the variables named domain and login, and a user account with the specified login must exist in the specified domain.
The script can create an account at runtime based on the authorization performed in the external system.
Authorization with an external token is done by request:
POST /rest/v1/iam/sessions
Content-Type: application/json
{
"token": "<TOKEN>"
}
|
"kafka_mustache"
Domain type: any
Value type: str | array<object>
Default: []
|
Template mustache for calculating message broker connection parameters KAFKA.
It is specified as a string or a list of JSON-objects (each of which has a binding to a specific site (site field) and a string value) (value)).
The result of applying a string template to a JSON event object should return a string representation of the JSON object with fields:
-
"endpoints" – list of alternative brokers/connection points in the form of objects with keys host, port.
-
"topic" – topical in an addressable instance KAFKA.
-
"partition" – numeric number of a partisan in the top of the addressed KAFKA instance. Or the name of the partisan calculation module. The predefined random and random_by_key modules. Other erlang modules with the function partition(Topic::binary(),PartitionCount::integer(),Key::term(),Value::term()) may be added and specified. → int(). By default 0.
-
"key" – key by which the partition is calculated. By default str_empty.
-
"mode" – record placement mode in KAFKA: sync | async | notify. Default async.
For example
"{
{{#callevents}}
\"endpoints\" : {{kafka_params.client.callevents_broker_group1}},
\"partition\" : \"{{kafka_params.producer.default_partitioner}}\",
\"topic\": \"{{domain}}_{{class}}\",
\"key\": \"{{data.cid}}\"
{{/callevents}}
}"
or in the case of different settings for different sites:
[
{
"site" : "SITE1",
"value" : "{
{{#callevents}}
\"endpoints\" : {{kafka_params.client.callevents_broker_group1}},
\"partition\" : \"{{kafka_params.producer.default_partitioner}}\",
\"topic\": \"{{domain}}_{{class}}\",
\"key\": \"{{data.cid}}\"
{{/callevents}}
}"
}
]
An event is not sent to KAFKA in cases where the calculated result does not have the required fields, if no template is detected for the site either in the domain or in the master domain.
The value of the site field can be either the name of the site or a regular expression in the following format “/reg/…”.
|
"kafka_params"
Domain type: any
Value type: object | array<object>
Default: []
|
An object with parameters added to the JSON event object to construct the template input parameter mustache.
Defined as a JSON-object or a list of JSON-objects, each of which has a binding to a specific site (site field) and a string value (value).
The calculated value is appended to the JSON event object in the "CLASSNAME" field, where CLASSNAME is the value of the field "class".
Must be docked with a mustache template computed for the same domain/site.
For example
{
"client": {
"callevents_broker_group1": [
{
"host": "kafka_broker_1",
"port": 9092
},
{
"host": "192.168.0.136",
"port": 9092
}
]
},
"producer": {
"default_partitioner": "random_by_key",
"progressive_partitioner": "random_by_key"
}
}
or in the case of different settings for different sites:
[
{
"site" : "SITE1",
"value" : {
"client": {
"callevents_broker_group1": [
{
"host": "kafka_broker_1",
"port": 9092
},
{
"host": "192.168.0.136",
"port": 9092
}
]
},
"producer": {
"default_partitioner": "random_by_key",
"progressive_partitioner": "random_by_key"
}
}
}
]
An event is not sent to KAFKA if no template is detected for a site in either the domain or the master domain.
|
"licowned"
Domain type: any
Value type: object
Default: {}
|
Composition of reserved quantity licenses for the domain’s own needs.
Only free domain licenses can be reserved.
The available volume of licenses of each type for reservation in a domain is defined as X = Total - Sub, where Total is the number of licenses transferred from the parent domain, Sub is the number of licenses transferred to child domains.
Reserved licenses cannot be allocated to child domains and taken away by the parent domain.
It is not possible to remove from the reservation the amount of licenses that have already been used in internal domain entities.
Read more about licenses.
|
"limits"
Domain type: any
Value type: object
Default: {}
|
An object containing the various restrictions set for the domain.
The following parameters are available:
-
max_simultaneous_call_count - maximum allowed number of simultaneous telephone conversations involving domain subscribers. 0 - no limit. Default: 0.
-
max_call_duration_sec - the maximum permissible duration of a telephone call. The value is between 10 and 7200. Default 7200.
The next group of settings allows you to set restrictions on the domain script processing machine.
Each of the indicators can set or remove a restriction.
If this domain has restrictions in the parent domain (opts); in case any of the following parameters will set a smaller restriction, its value passed from the parent domain will be applied.
-
script_pause_between_components - Pause in milliseconds between all components of all scripts. Leads to a general slowdown of the scripts and reduces the load on the system. Default: 0 (none).
-
script_limit_component_count - Limits the number of executed components in a single script handler. It also includes all nested scripts. If the limit is exceeded, the script is terminated and control is passed to the post-processing branch with the type "limit exceeded". Default: -1 (not limited).
-
script_duration_sec - Limits the execution time of the script handler in seconds. Also includes all nested scripts. Default: -1 (not limited).
-
script_limit_site_count - (does not apply) Limit the number of script handlers that can be simultaneously executed on one site. Default: -1 (not limited).
-
script_allow_global_variables - (does not apply) Restriction on the use of global variables. Default: true (allowed).
|
"meet_config"
Domain type: master
Value type: object
Default:
{
"era" : {
"defaultDomain" : "
}
}
|
Fragment of the meet server configuration. In case of change, it will be merged with the configuration created when the meet role was started. Allows you to apply changes to the meet configuration that do not require a server restart.
|
"meet_use_system_cert"
Domain type: master
Value type: boolean
Default: false
|
Flag, if set, the certificates for the meet role for wss and turn will be determined from the value of the parameter certificate_pem.
In this case: certificates specified in the meet role parameters or in meet_cert_pem, meet_turn_cert_pem are ignored.
The domain to search for a certificate is defined as follows:
|
"meet_cert_pem"
Domain type: master
Value type: str
Default: str_empty
|
The contents of the certificate pem file (contains both the private key and certificates for domains). When specifying a certificate in the certdir parameter of the meet role is ignored. Applies only in case of meet_use_system_cert=false.
|
"meet_turn_cert_pem"
Domain type: master
Value type: str
Default: str_empty
|
The contents of the certificate pem file (contains both the private key and certificates for domains). When specifying the certificate in the turn_certdir parameter of the meet role is ignored. Applies only in case of meet_use_system_cert=false.
|
"mixed_call_rec_options"
Domain type: any
Value type: object
Default:
{
"mode": enabled,
"endpoints" : []
}
|
Server settings for 'mixed_call' recording. This is an alternative to recording siprec.
Recording to an external server can be enabled in the record rules of a particular domain (field 'mixed_call_rec').
Recording will be performed if at least for one of the dialog subscribers in its domain there is a corresponding rule allowing dialog recording in the mode 'mixed_call_rec'.
The recording is done by one SIP call to each server specified in the 'endpoints' field. SDP describes one mixed stream.
If the list of servers is empty, the recording will be performed on the servers specified in the corresponding field of the master domain.
If no servers are defined in either the domain or the master domain, then no 'mixed_call_rec' writes are performed.
Recording is also not performed if the object at the root level has a "mode" field with the value "disabled". The default value is "enabled".
The "mode" field. Value options:
-
"disabled" - recording in mixed_call_rec mode for domain subscribers is disabled. Recording will be performed only for cross-domain calls, if it is enabled by the rules and settings of another domain.
-
"enabled" - writing in mixed_call_rec mode is allowed and is performed on servers specified in the 'endpoints' field of the current value (current domain). By default there is an empty list, and thus server settings are defined in the master domain.
-
"master" - server settings are defined in the master domain. For the master domain, this value is equivalent to the value of "enabled".
Field "endpoints".
Each server is specified by an endpoint. This is an object with the following fields:
-
"enabled" - switch. The default is true (enabled).
-
"ip_address" - ip-server address.
-
"port" - server port.
-
"transport" - transport protocol. Valid values are "udp", "tcp". Default: "udp".
-
"to_uri" - The logical name to be substituted in the To header. Example: "<sip:srs@somedomain.local>".
-
"from_uri" - The logical name to be substituted in the From header. Example: ' "Display" <sip:src@mydomain.local>'.
-
"headers" - object with additional non-standard headers. Each key is the title of the header and its value is the value of the header.
-
"audio_formats" - list of codecs offered by INVITE-request from among those supported by the platform. Possible codecs and default composition is defined by the parameter payloads_audio_offer in the b2b role parameters in the configuration.
When subscribers of different domains participate in a dialog, then each domain supplies its own settings (enabling dialog recording, list of servers).
No duplicate calls will be made.
A call to the recording server is made within 5 seconds. If the recording server refuses or does not respond, it is excluded from recording and a corresponding entry is made in the log file.
The 'mixed_call_rec' calls are made immediately after the called subscriber answers and the dialog is switched to the active state.
By analogy with standard recording - each dialog is recorded separately, i.e. a separate set of calls to recording servers is formed for each recorded dialog.
Recording can only take place if media processing is not specifically switched off via configuration.
It is possible to set up simultaneous recording in different modes - to do this, you need to enable the corresponding modes in the recording rules.
Since the recording is done by an external system, the records can only be accessed through the external system. No special notes are made in the logfiles themselves.
The 'mixed_call_rec' recording mode degrades overall system performance by generating several additional SIP transactions, as well as switching the media context to conference mode, which necessitates mixing and transcoding of all RTP streams both ways.
{
"mode": "enabled",
"endpoints": [
{
"enabled": true,
"ip_address": "192.168.0.113",
"port": 5060,
"transport": "udp",
"to_uri": "<sip:rec@somedomain.local>",
"from_uri": "\"DISPLAY\"<sip:src@mydomain.local>",
"audio_formats": ["PCMA/8000"],
"headers": {
"X-Test-Header1": "aaa",
"X-Test-Header2": "bbb"
}
}
]
}
|
"mgc_options"
Domain type: master
Value type: object
Default:
{
"regular_deservice": {
"enabled": true,
"work_duration_in_hours": 12,
"allowed_week_days": [1,2,3,4,5,6,7],
"allowed_daily_hours": [0,1,2,3,4,5,22,23]
},
"self_testing": {
"enabled": true,
"interval_minutes": 1,
"timeout_deservice": 3000,
"timeout_restart": 60000
},
"timeout_deservice": 5000
}
|
Customizable common options for microservices 'mgc'.
-
regular_deservice - section to configure the settings for regular preventive maintenance shutdown of media gateways.
-
'enabled' - mode switch. The default is true - enabled.
-
'work_duration_in_hours' - minimum active operating time in hours until a decision is made to take the unit out of service. From 1 to 744 hours. Default is 12 hours.
-
'allowed_week_days' - list of days of the week on which preventive maintenance withdrawal is allowed. An empty list is equivalent to all days of the week. The default is all days of the week.
-
'allowed_daily_hours' - list of hours of the day during which preventive maintenance withdrawal is allowed. An empty list is equivalent to all hours of the day. The default is at night from 22 to 5 o’clock.
-
self_testing - section for configuring the parameters of automatic media gateway diagnostics.
-
'enabled' - mode switch. The default is true - enabled.
-
'interval_minutes' - diagnostic interval in minutes. From 1 to 30 minutes. Default is 1 minute.
-
'timeout_deservice' - timeout for waiting for a response to a test request to make a decision on forced withdrawal from service. From 1000 to 30000 ms. Default is 3000 ms.
-
'timeout_restart' - timeout waiting for a response to a test request to decide whether to force an unscheduled restart of the media gateway. From 'timeout_deservice' to 120,000 ms. Default is 60000 ms.
-
timeout_deservice - is the maximum allowable time of execution of a request to the media gateway in milliseconds, after which a decision is made to force the media gateway out of service (it waits for all conversations to be completed and is not accepted for servicing new ones). 1000 to 60000 ms. The default is 5000 milliseconds.
Any invalid value causes the corresponding default value to be applied.
|
"pgctrl_options"
Domain type: master
Value type: object
Default:
{
"check_interval": 20000,
"failover_timeout": 30000
}
|
Customizable common options for 'middleware' microservices in terms of DBMS replication management postgresql.
|
"platform_name"
Domain type: master
Value type: str
Default: "COMMUNICATION PLATFORM"
|
The name of the platform to be substituted in emails (password recovery, auto-registration, invitations, etc.).
|
[[product_layer"]]"product_layer"
Domain type: any
Value type: object
Default: {}
|
Service information about the product layer installed through the administrator application: version, state, installation date, mode, hash.
You should not change these values manually to avoid further incorrect operation of the product layer installation and update service.
|
"project_postgresql_connstr"
Domain type: any
Value type: str
Default: str_empty
|
Connection string to the project PostgreSQL relational database of the current domain.
Applied in scripts to simplify the customization of SQL query components in scripts (item Designed).
The format is specified in the description of the SQL query component in the "Connection string property"
|
"rec_storagekey_default"
Domain type: worker
Value type: str
Default: empty
|
Code file storage of the current domain (field 'instance') to place conversation records in the domain.
Used by default if no other code is specified in the record rule being applied. See the description of the 'storagekey' property of the record rule.
|
"redirect_codes"
Domain type: master
Value type: array<object>
Default: []
|
List of rules for mapping specific SIP responses to types of forwarding rule application conditions.
Defaults apply:
"decline" – 603,
"busy" – 486,
"timeout" – 408,
"dnd" – 404, 480,
"error" – 0,
"other" – the rest of the codes.
|
"redirect_allowed_masks"
Domain type: working
Value type: array<str>
Default: ["*"]
|
List of number masks allowed to be set in the device as a forwarding number.
Applies to those devices whose own settings ('opts.redirect_allowed_masks') contain among others the element "/default".
If a 3xx forwarding to an unauthorized number is configured in the device, it is not processed by the server. The information is logged in the logfile.
The mask can be used as a mask:
-
constants. For example, "414".
-
preset mask "*" - any number, works effectively.
-
special characters. For example "12XX", "8843*".
-
ranges. For example "/dia/1240+10".
-
regular expressions. For example "/reg/^(7|8)[0-8].*$".
Calculating a large number of regular expressions reduces overall system performance.
|
"record_asr_options"
Domain type: master
Value type: object
Default: { … }`
|
Settings of connection to the service of automatic recognition of recorded conversations. The VOSK service grpc is supported (it is supplied with the system and can be installed on one of the cluster servers or on several servers).
All conversations to be automatically recognized after completion based on the recognition rules in the respective domains are queued and processed sequentially at a set time interval daily.
The queue is processed in one thread by default, unless otherwise specified in the thread_count parameter. With values more than 6 per VOSK server, the recognition rate starts to decrease.
Value format
{
"type" : "vosk",
"servers" : [
{
"host" : "...",
"port" : ...
}, ...
],
"thread_count" : ...,
"utc_hours" : [FromHour, ToHour]
}
-
type - can only be 'vosk'
-
servers - list of parameters for connecting to the recognition services.
-
thread_count - number of simultaneous threads of the handlers of the queue of jobs for recognizing conversations.
-
utc_hours - list of two numbers - the hour of start and hour of end of work with the conversation record queue. By default, the time is unlimited.
|
"sber_salute"
Domain type: working
Value type: object
Default: { … }`
|
Connection parameters to Sber Salute.
-
speech - authorization parameters on Sber Salute service. For correct operation it contains the 'endpoints' element, where as a value an array of objects, each of which represents a connection point ('uri_asr', 'uri_tts', and 'cert').
-
accounts - object that allows you to specify settings for working with different Sber Salute accounts and get account selection when configuring in the script. Each key is an account code, it is displayed in the script in the dropdown list when selecting accounts. Each object inside contains the above 'speech' key with similar content.
The root values of 'speech' refer to the 'default' account that is given to the component by default.
Thus, when using only one account for a domain, you do not need to set the 'accounts' field.
The speech object supplies data to connect to the service Sber salute:
-
mode (onprem|cloud) - how to connect to the service. Default value: 'onprem'.
-
endpoints - list of connection points to the Sber salute service. If mode=cloud is used, the parameter can be omitted, then default values are applied.
-
uri_asr - The full URI to the connection point for the speech recognition service. For example: 'https://x.local:8082'. If mode=cloud is used, the parameter can be omitted, then default values are applied.
-
uri_tts - The full URI to the connection point for the speech synthesis service. For example: 'https://y.local:8082'. In case of using mode=cloud parameter can be omitted, then default values are applied.
-
cert - for SSL/TLS endpoints points to the certificate PEM file located in the ':SYNC_DOMAIN' or ':SYNC_COMMON' directory. The certificate file can be loaded, for example, in the REST-endpoint '/rest/v1/fs/targets/files/certificates/cert.pem' and addressed via ':SYNC_DOMAIN_DATA/files/certificates/cert.pem'. If not specified, the client connection will not check the server certificate for trust. The certificate is required for connection when using the service on-prem.
-
uri_oauth - full URI of OAuth-authorization service and issuance of access token. Applies when mode=cloud is used. Can be omitted, then the default value is used.
-
auth_data - provided during registration Authorization data value (not client_secret!). Required and mandatory when using mode=cloud.
-
scope - according to Sber Salute Speech documentation one of the values provided during registration: 'SALUTE_SPEECH_PERS', 'SALUTE_SPEECH_CORP'. Applies when mode=cloud is used. Can be omitted, then the default value is used: 'SALUTE_SPEECH_PERS'.
Example 1
{
"speech" : {
"endpoints" : [{
"uri_asr" : "https://a.loc:8082",
"uri_tts" : "https://a.loc:8082",
"cert" : ":SYNC_DOMAIN/data/files/crt/a.loc/cert.pem"
},
...
]
}
}
Example 2
{
"accounts" : [{
"My Account B" : {
"speech" : {
"endpoints" : [{
"uri_asr" : "https://b.loc:8082",
"uri_tts" : "https://b.loc:8082",
"cert" : ":SYNC_DOMAIN/data/files/crt/b.loc/cert.pem"
},
...
]
}
},
"My Account C" : ...,
...
}
]
}
You can set them simultaneously, then both the 'default' account settings and the settings of the listed accounts will be listed.
|
"self_register_mode"
Domain type: master
Value type: str
Default: disabled
|
User self-registration mode.
Value options:
-
disabled - self-registration is prohibited.
-
master - independent registration is allowed. The list of domains to be selected in the registration window is substituted from the master domain settings 'self_register_domains'.
-
auto - independent registration is allowed. The list of domains to be selected in the registration window is substituted on the basis of automatic polling of all domains and the value of the setting 'self_register_allowed'.
|
"self_register_domains"
Domain type: master
Value type: array<str>
Default: []
|
|
"self_register_allowed"
Domain type: working
Value type: integer
Default: 0
|
Domain resolution for self-registration by users.
|
"self_register_template"
Domain type: working
Value type: object
Default:
{
"opts" : {
"roles" : [<<"user">>],
"tags" : [],
"ws_session_limit" : 10,
"allow_script_crud" : false
}
}
|
Template of a user account, which is supplemented by a self-registering user account.
Fields are added to the template during self-registration: 'id', 'name', 'login', 'pwd', 'opts.email', 'opts.self_registered'.
All unspecified properties are filled with default values.
|
"serviced_domains"
Domain type: master
Value type: object
Default:
{
"ap": [""],
"broker": [""],
"dms": [""],
"email": [""],
"huntq": [""],
"im": [""],
"msvc": [""],
"resv": [""],
"vmail": ["*"]
}
|
Served domains filter.
Allows you to specify a list of served domains for some microservices.
This can be useful in systems with a large number of domains served on a small number of servers.
The domain list specifies the full domain names of the entire domain tree.
If no value is set for a microservice, or if "*" is present in the domain list, the filter is not applied.
Even if the domain tree is split across multiple microservice instances, they share a common filter.
|
"snmp_options"
Domain type: master
Value type: object
Default:
{
"enabled": false,
"community": "public",
"ip": ",
"level": "info",
"types": ["*"],
"excluded_types": [],
"system_state_interval_min": 5,
"system_state_excluded_keys": [],
"rate_interval_min": 1
}
|
Configuring SNMP traps.
The system notifies SNMP traps version 2c of certain types of events that occur at the current site.
MIB file location: ":SYNC/common/snmp/ERA-MIB.mib"
IANA Enterprise number: 60663.
Traps are sent to a standard port 162.
'ip' and 'community' define the monitoring node where the traps are sent.
'enabled' - switch of the ladder sending mechanism.
Notifications are sent according to the filter types and levels. An event is not sent if:
-
event type is contained in the field 'excluded_types';
-
the 'types' field does not contain "*" or event type;
-
type logging level is lower than set (index value is higher).
Logging levels - 'level':
-
emergency (0)
-
alert (1)
-
critical (2)
-
error (3)
-
warning (4)
-
notice (5)
-
info (6)
-
debug (7)
Event types - 'types', 'excluded_types' (in brackets - logging level and event type from the MIB):
-
syslog_up (info; systemAlert) - agent service restarted syslog.
-
node_down (warning; nodeDown) - lost connection with node, generated 5 seconds after loss of connection with it.
-
node_restart (notice; nodeRestart) - node restarted within 5 seconds after losing communication with it.
-
node_up (info; nodeUp) - the noda is up and running.
-
role_down (critical; roleDown) - role has become unavailable, generated 10 seconds after loss of connectivity provided no instance is available at the site.
-
server_down (error; serverDown) - lost connection with the server, generated 10 seconds after loss of connection with the root configuration node of the server.
-
mg_queued (notice; mgAlert) - The media gateway is queued to be taken out of service due to an error or response timeout.
-
mg_deserviced (notice; mgAlert) - the media gateway has been taken out of service.
-
mg_killed (info; mgAlert) - the media gateway is nailed to the system.
-
mg_cold_boot (warning; mgAlert) - The media gateway started in cold boot mode.
-
mg_disconnected (warning; mgAlert) - communication with the media gateway lost, generated by the controller 5 seconds after disconnection.
-
mg_connected (notice; mgAlert) - the media gateway has joined.
-
db_connected (info; dbAlert) - permanent connection to the database was successful. Role: domain center. The domain is specified in the message text.
-
db_connect_error (error; dbAlert) - database connection error. Role: domain center. The domain is specified in the message text.
-
db_loaded (info; dbAlert) - domain loading from the database has been successfully completed. Role: domain center. The domain is specified in the message text.
-
db_load_error (error; dbAlert) - loading a domain from the database ended with an error. Role: domain center. The domain is specified in the message text.
-
backup_done (info; backupAlert) - backed up.
-
backup_error (alert; backupAlert) - the backup ended with an error.
-
admin_logon_local (notice; auditAlert) - login from an administrator account (user with 'admin' and/or 'crud' roles) with local password verification (without external authorization), a new http or websocket session is created, or a single request is made. Transmitted domain, login, peer.
-
user_logon_local_restricted (notice; auditAlert) - an authorization attempt was recorded due to specifying an incorrect password during local check (without using external authorization). Transmitted domain, login, peer.
-
sip_dialog_crashed (warning; systemAlert) - the SIP dialog service process has terminated with an error. In the CallId parameters of the initiator arm.
-
media_unavailable (error; systemAlert) - SIP The server failed to reserve a media context on the media gateway. In the CallId parameters of the initiator arm.
-
system_state (info | alert | emergency; healthInfo) - regular message (every 5 minutes unless otherwise configured) with the result of system self-diagnostics (/api/monitor/v1/system/state). 'key': 'status', 'value': 'ok', 'alert', 'error'. When 'alert' is notified, the 'message' field contains a list of keys from the self-diagnostic result. The list of analyzed keys can be reduced by specifying in the options the additional key 'system_state_excluded_keys' with the list of keys whose values are not analyzed when determining the message type ('ok' or 'alert').
-
certificate_expires (warning | critical; certificateExpiresAlert) - SSL/TLS certificate expiration notification. Generated for each certificate that has expired or will expire in the next 2 weeks. It is generated no more than once a day between 08:00 and 10:00 UTC. The 'message' field contains the text of the notification, the 'key' and 'value' fields indicate the certificate itself - domain or configuration, and domain or path.
-
sip_provider_state_changed (info; sipProviderAlert) - notification about changes in the connection status to the telephony provider. Generated based on the results of registration/re-registration and ping. Possible values: 'available', 'unavailable', 'unknown'.
-
sip_providers_available (info; rateInfo) - a regular message (once a minute) reporting the total number of active (connected) telephony providers. The sum includes successfully registered accounts with successfully pinged accounts, as well as accounts without registration and without configured ping.
-
sip_cps_rate (info; rateInfo) - a regular message (once per minute) reporting the average cps value rounded down to a whole number. All calls passing through B2B are counted separately, except those initiated by the service.
-
sip_route_fin_rate (info; rateInfo) - A regular message (once per minute) reporting the average number of unsuccessful call routing attempts per minute. Includes all calls received by B2B that are terminated during the routing phase.
-
sip_devices_registered (info; rateInfo) - A regular message (once a minute) reporting the current number of all registered SIP devices in all domains without grouping by account.
-
users_registered (info; rateInfo) - a regular message (once a minute) reporting the current number of connected users (websocket connection to the webserver is active) in all domains grouped by accounts.
-
'system_state_interval_min' - sets the interval in minutes for sending a healthInfo (system_state) trap. By default 5.
-
'system_state_excluded_keys' - sets the filtering mode for healthInfo tests. The tests specified in the list will be performed, but will not influence the decision about the signal type.
-
'rate_interval_min' - sets the interval in minutes for sending all streaming events of the rateInfo trap. By default 1.
|
"siprec_options"
Domain type: any
Value type: object
Default:
{
"mode": enabled,
"endpoints" : []
}
|
Settings of siprec servers for recording conversations according to RFC-7866 and RFC-7865.
Recording via the siprec protocol to external servers can be enabled in the recording rules of a particular domain (field 'siprec').
The recording will be performed if for at least one of the dialog subscribers in its domain a corresponding rule is found that allows the dialog to be recorded in the siprec.
Recording is done by siprec call to all servers specified in the 'endpoints' field. The content of the INVITE request in accordance with RFC-7866 contains a section with SDP and a section with call metadata. The SDP section describes two streams - one broadcasts the media stream of subscriber A (the initiator of the dialog) and the other broadcasts the media stream of subscriber B (the called party in the dialog).
If the list of servers is empty, the recording will be performed on the servers specified in the corresponding field of the master domain.
If no servers are specified in either the domain or the master domain, then siprec recording is not performed.
Recording is also not performed if the object at the root level has a "mode" field with the value "disabled". The default value is "enabled".
The "mode" field. Value options:
-
"disabled" - recording in siprec for domain subscribers is disabled. Recording will be performed only for cross-domain calls, if it is enabled by the rules and settings of another domain.
-
"enabled" - writing to siprec is allowed and is done to the servers specified in the 'endpoints' field of the current value (current domain). By default there is an empty list, and thus server settings are defined in the master domain.
-
"master" - server settings are defined in the master domain. For the master domain, this value is equivalent to the value of "enabled".
Field "endpoints".
Each server is specified by an endpoint. This is an object with the following fields:
-
"enabled" - switch. The default is true (enabled).
-
"ip_address" - ip-siprec server address.
-
"port" - siprec-server port.
-
"transport" - transport protocol. Valid values are "udp", "tcp". Default: "udp".
-
"to_uri" - The logical name to be substituted in the To header. Example: "<sip:srs@somedomain.local>".
-
"from_uri" - The logical name to be substituted in the From header. Example: ' "Display" <sip:src@mydomain.local>'.
-
"headers" - object with additional non-standard headers. Each key is the title of the header and its value is the value of the header.
-
"audio_formats" - list of codecs offered by INVITE-request from among those supported by the platform. Possible codecs and default composition is defined by the parameter payloads_audio_offer in the b2b role parameters in the configuration.
When subscribers from different domains participate in a dialog, then each domain supplies its own settings (enabling dialog recording, list of siprec servers).
No duplicate calls will be made.
A call to the siprec server is made within 5 seconds. If the siprec server refuses or does not respond, it is excluded from the record and a corresponding entry is made in the log file.
RFC-7865 metadata is generated based on the template in the path: "/era_sip/priv/siprec/template.xml".
The template specifies macros (example: "{{{some_name}}"), instead of which the values of a particular dialog are substituted:
-
session_id - session identifier, generated automatically. Same value for all siprec servers.
-
call_id - Call-Id header value from the INVITE request initiating the recorded dialog.
-
start_time - recording start time (generated at the moment of recording start, but actually coincides with the time of dialog transition to the active state).
-
a_participant_id - identifier of subscriber A (dialog initiator), generated automatically.
-
a_aor - logical address of subscriber A, e.g. "sip:user1@some.domain.local".
-
a_dn - the number of subscriber A, e.g. "414".
-
a_name - the full name of subscriber A, for example "John Smith (414)". The number for internal subscribers is added automatically.
-
b_stream_id - voice stream identifier from the subscriber A.
-
b_stream_label - stream index from subscriber A for communication with SDP attribute "a=label:1".
-
b_participant_id - identifier of the called party, generated automatically.
-
b_aor - logical address of subscriber B, e.g. "sip:79274137274@some.domain.local".
-
b_dn - the number of subscriber B, e.g. "79274137274".
-
b_name - the name of subscriber B, e.g. "79274137274".
-
b_stream_id - voice stream identifier from the subscriber B.
-
b_stream_label - stream index from subscriber B for communication with SDP attribute "a=label:1".
Siprec-calls are made immediately after the called party answers and the dialog is switched to the active state.
By analogy with standard recording - each dialog is recorded separately, i.e. a separate set of calls to siprec-servers is formed for each recorded dialog.
Siprec-recording can only be performed if media processing is not specifically disabled via the configuration.
It is possible to set up simultaneous recording both in the normal mode by means of the platform and by means of calls (in particular, siprec) - for this purpose, the corresponding modes should be enabled in the recording rules.
Since the recording is done by an external system, the records can only be accessed through the external system. No special notes are made in the logfiles themselves.
The siprec recording mode degrades overall system performance by generating several additional SIP transactions, and also switches the media context to conference mode, which necessitates mixing and transcoding of all RTP streams in both directions.
{
"mode": "enabled",
"endpoints": [
{
"enabled": true,
"ip_address": "192.168.0.113",
"port": 5060,
"transport": "udp",
"to_uri": "<sip:srs@somedomain.local>",
"from_uri": "\"DISPLAY\"<sip:src@mydomain.local>",
"audio_formats": ["PCMA/8000"],
"headers": {
"X-Test-Header1": "aaa",
"X-Test-Header2": "bbb"
}
}
]
}
|
"speech_analytics_options"
Domain type: master
Value type: object
Default:
{
"mode": "summary",
"silence-threshold": 40,
"silence-duration": 800,
"voice-duration": 200,
"interrupt-offset": 1000,
"interrupt-duration": 1000
}
|
Configuring speech_analytics mode for recorded phone conversations mediagate tools.
Analytics for each channel include the percentage of airtime possession (activity_percent), total duration of airtime possession (activity_duration_ms), number of lines broken by pauses (activity_fragments), and general information about opponent interruptions (interrupt _count, _ms, _percent).
If you select the detailed mode (mode=detailed), time-based lists of air possession fragments and interruptions are also available.
Speech analytics calculation is performed by the mixer microservice immediately after its main operation.
Mixer performance drops by half when speech analytics calculation mode is enabled.
Speech analytics calculation is activated by record rule of the corresponding domain applied to the call.
Possible variants of key values:
-
mode: summary | detailed. Default is summary. In detailed mode, another 'details' section appears listing the detected speech fragments.
-
silence-threshold - silence/voice threshold in dB. Default 40.
-
silence-duration - is the minimum duration of silence in ms. Default 100.
-
voice-duration - minimum voice duration in ms. Default 100.
-
interrupt-offset - minimum interrupt offset in ms. Default 1000.
-
interrupt-duration - minimum duration of interruption in ms. Actual duration of overlap (intersection) of two sections. By default 1000.
|
"streamed_call_rec_options"
Domain type: any
Value type: object
Default:
{
"mode": enabled,
"endpoints" : []
}
|
Server settings for recording in 'streamed_calls' mode. This is an alternative to recording siprec.
Recording to external servers can be enabled in the record rules of a particular domain (field 'streamed_call_rec').
Recording will be performed if at least for one of the dialog subscribers in its domain there is a corresponding rule allowing dialog recording in the mode 'streamed_call_rec'.
Recording is performed through a pair of SIP calls to each server specified in the 'endpoints' field. The first call broadcasts the media stream of subscriber A (the dialog initiator), the second call broadcasts the media stream of subscriber B (the subscriber called in the dialog).
If the list of servers is empty, the recording will be performed on the servers specified in the corresponding field of the master domain.
If no servers are defined in either the domain or the master domain, then no 'streamed_call_rec' recording is performed.
Recording is also not performed if the object at the root level has a "mode" field with the value "disabled". The default value is "enabled".
The "mode" field. Value options:
-
"disabled" - recording in streamed_call_rec mode for domain subscribers is disabled. Recording will be performed only for cross-domain calls, if it is enabled by the rules and settings of another domain.
-
"enabled" - recording in streamed_call_rec mode is allowed and is performed on servers specified in the 'endpoints' field of the current value (current domain). By default there is an empty list, and thus server settings are defined in the master domain.
-
"master" - server settings are defined in the master domain. For the master domain, this value is equivalent to the value of "enabled".
Field "endpoints".
Each server is specified by an endpoint. This is an object with the following fields:
-
"enabled" - switch. The default is true (enabled).
-
"ip_address" - ip-server address.
-
"port" - server port.
-
"transport" - transport protocol. Valid values are "udp", "tcp". Default: "udp".
-
"to_uri" - The logical name to be substituted in the To header. Example: "<sip:srs@somedomain.local>".
-
"from_uri" - The logical name to be substituted in the From header. Example: ' "Display" <sip:src@mydomain.local>'.
-
"headers" - object with additional non-standard headers. Each key is the title of the header and its value is the value of the header.
-
"audio_formats" - list of codecs offered by INVITE-request from among those supported by the platform. Possible codecs and default composition is defined by the parameter payloads_audio_offer in the b2b role parameters in the configuration.
When subscribers of different domains participate in a dialog, then each domain supplies its own settings (enabling dialog recording, list of servers).
No duplicate calls will be made.
A call to the recording server is made within 5 seconds. If the recording server refuses or does not respond, it is excluded from recording and a corresponding entry is made in the log file.
The 'streamed_call_rec' calls are made immediately after the called subscriber answers and the dialog is switched to the active state.
By analogy with standard recording - each dialog is recorded separately, i.e. a separate set of calls to recording servers is formed for each recorded dialog.
Recording can only take place if media processing is not specifically switched off via configuration.
It is possible to set up simultaneous recording in different modes - to do this, you need to enable the corresponding modes in the recording rules.
Since the recording is done by an external system, the records can only be accessed through the external system. No special notes are made in the logfiles themselves.
The 'streamed_call_rec' recording mode degrades overall system performance by generating several additional SIP transactions and also switches the media context to conference mode, which necessitates mixing and transcoding of all RTP streams in both directions.
{
"mode": "enabled",
"endpoints": [
{
"enabled": true,
"ip_address": "192.168.0.113",
"port": 5060,
"transport": "udp",
"to_uri": "<sip:rec@somedomain.local>",
"from_uri": "\"DISPLAY\"<sip:src@mydomain.local>",
"audio_formats": ["PCMA/8000"],
"headers": {
"X-Test-Header1": "aaa",
"X-Test-Header2": "bbb"
}
}
]
}
|
"system_state_options"
Domain type: master
Value type: object
Default:
{
"svc_script_code": ",
"node_startup_sec": 60,
"role_startup_sec": 60,
"mq_len_pid_threshold": 200,
"mq_len_total_threshold": 500,
"mem_available_mb_threshold" : 200,
"mem_used_percent_threshold" : 80,
"disk_space_work_free_mb_threshold" : 5120,
"disk_space_total_mb" : 20480,
"disk_space_free_coeff_threshold" : 5,
"disk_space_low_limit_mb" : 5120,
"disk_space_high_limit_mb" : 20480,
"disk_inodes_total" : 1310720,
"disk_inodes_free_coeff_threshold" : 3,
"disk_inodes_low_limit" : 327680,
"disk_inodes_high_limit" : 1310720
}
|
System_state self-diagnostic operation options that define the values and thresholds for data to hit warnings.
-
svc_script_code - The code of the service script to be executed during the system_state operation. If a script is available, it takes no more than 5 seconds to execute.
The script is expected to return the string variable 'result'. If its value is non-empty, it is included in the 'system/state' warnings. The reason for unscheduled script termination is also included in the warnings.
-
node_startup_sec - Node restart warning interval, seconds. Default 60.
-
role_startup_sec - Microservice application restart warning interval, seconds. Default 60.
-
mq_len_pid_threshold - The maximum allowed number of unprocessed messages in process queues. By default 200.
-
mq_len_total_threshold - The maximum allowed total number of unprocessed messages in the queues of all processes. By default 500.
-
mem_available_mb_threshold - Limit minimum size of available RAM (free + buffers + caches), megabytes. Default 200.
-
mem_used_percent_threshold - Limit maximum percentage of memory occupied (allocated - buffers - caches). Default 80.
-
disk_space_work_free_mb_threshold - Limit minimum allowable free space on the working disk, megabytes. The default is 5120 (5 GB). This value can be used to increase this threshold over the general setting applied to all available disks.
-
disk_space_total_mb - The minimum disk size at which it falls into the free space analysis, megabytes. The default is 20480 (20 GB).
-
disk_space_free_coeff_threshold - Factor for dynamically calculating the threshold of the minimum allowable free disk space size relative to the full disk size. Default 5.
-
disk_space_low_limit_mb - The lower limit value of the free disk space threshold below which the threshold does not fall, megabytes. The default is 5120 (5 GB).
-
disk_space_high_limit_mb - The upper limit value of the free disk space threshold, above which the threshold is not raised, megabytes. The default is 20480 (20 GB).
-
disk_inodes_total - The minimum number of inodes on the disk at which it is subject to free available inodes analysis. Default is 1310720 (equivalent to 20 GB with standard partitioning - 4 blocks of 4096 bytes per inode) 1 inode).
-
disk_inodes_free_coeff_threshold - A factor for dynamically calculating the threshold for the number of freely available inodes on disk relative to the full number on disk. Default 3.
-
disk_inodes_low_limit - The lower limit value of the threshold of freely available inodes on disk, below which the threshold does not fall. Default is 327680 (equivalent to 5 GB with standard partitioning - 4 blocks of 4096 bytes per 1 inode).
-
disk_inodes_high_limit - The upper limit value of the threshold of freely available inodes on disk, above which the threshold is not raised. Default is 1310720 (equivalent to 20 GB with standard partitioning - 4 blocks of 4096 bytes per 1 inode).
|
"telegram_bot_token"
Domain type: master
Value type: str
Default: "master_only"
|
Telegram bot token for remote administrator interaction with the system and status monitoring.
Connection Algorithm:
1. Create a new bot via Telegram BotFather (command /newbot).
2. Enter the issued token as the value of the 'telegram_bot_token' parameter of the master domain settings.
3. Set up a new bot via Telegram BotFather. Set the name (command /setname), icon (command /setuserpic), and context menu (command /setcommands).
4. Detect a new bot in the user list Telegram.
5. Check the availability of the new bot by sending it the /ping command (optional) /test, /testfile, /echo Some Text)
6. Connect to the new bot with the /start AdminLogin:AdminPwd command, specifying the current login and password of the current master domain administrator.
7. Test the connection by sending a command to the new bot /system_state.
Supported context menu, which can be set by the command /setcommands):
start - Connect to service
stop - Disconnect from service
ping - Ping service
test - Test reply message
testfile - Test reply as file
echo - Echo message back
sendtoall - Forward message to all connected users
disable_subscription - Disable automatic events
pause_subscription - Pause automatic events until state is not clear
enable_subscription - Enable automatic events
set_silent_mode - Make notifications silent
reset_silent_mode - Make notifications not silent
system_state - Get system state
After connecting to the bot:
-
Every day in a period of 5 minutes from 8:00 a.m., the bot sends a message to all connected Telegram users 'Report: service alive'.
-
When the system reboots (after the mware microservice is loaded), it sends the following message 'ACHTUNG! Service reloaded!'.
-
When a failure or warning detected by the system_state service, sends a file with the contents of system_state (no more than once every 5 minutes).
-
After neutralizing the failure or warning recorded in the previous iteration, sends a message 'Report: system state ok!'.
-
The current system_state can be polled at any time. If there are warnings, a file will be returned, if there are no warnings, a message will be returned 'system state ok!'
-
Subscription can be disabled (/disable_subscription) - no notifications will be received, then enabled (/enable_subscription), and paused with automatic activation after all warnings have been resolved system_state (/pause_subscription).
-
Silent mode control is allowed (/set_silent_mode, /reset_silent_mode) - notifications will be received in silent mode.
-
Allowed to send messages to all users connected to the bot Telegram (/sendtoall Some Text).
|
|
After a complete reinstallation of the system (into new docker containers) and connection to the existing database, it is necessary to reconnect to the bot again (/start AdminLogin:AdminPwd).
|
|
"user_copy_mode"
Domain type: master
Value type: str
Default: "master_only"
|
Global mode for cloning users between domains.
For a user in the master domain, a list of arbitrary level child domain name templates can be specified to automatically clone the user whenever a change is made in the master domain (property 'opts.copy_to_domains').
Such users can switch in the client application between domains without entering a password by changing the session settings.
The cloning operation is performed on the master site. Accordingly, application of settings on other sites is performed within 20 seconds (period of domain settings synchronization between sites).
The parameter sets the mode of reverse synchronization when users in child domains are changed (or deleted).
The condition is that there is a user in the master domain with the same identifier as the one being changed in the child domain and that the domain name falls under the pattern set for the user in the master domain in the property 'opts.copy_to_domains'.
-
master_only – modification and deletion of such users in child domains is prohibited.
-
sync_oneway – if a user’s properties are changed or deleted in a child domain, the result is applied only in that particular domain until the next time the user’s properties are changed in the master domain.
-
sync_bothway – when changing user properties in a child domain, the operation is duplicated to the master domain, from where it is propagated to other child domains in accordance with the child domain name templates. In the child domain, it is prohibited to change the login, password, add or remove the 'admin' role, or delete a user.
-
sync_bothway_accumulate_roles – in addition to 'sync_bothway' performs role accumulation. The difference in behavior is the inability to remove roles from a cloned user in a child domain. As a consequence, adding different roles in different child domains causes them to be merged.
In the 'master_only' and 'sync_bothway' modes, the properties of cloned users are additionally synchronized from master to child domains on a regular basis (once a day).
|
"user_pwd_policy"
Domain type: master
Value type: object
Default:
{
"description": "Expected symbols: [A-Za-z0-9_-.~!]. At least 1 capital letter, 1 small letter, 1 digit, 1 special symbol should be used. Total length should be 6-20 symbols.",
"regex_patterns": [
"[A-Z]",
"[a-z]",
"[\\d]",
"[-_.~!]",
"^.{6,20}$"
]
}
|
A global policy for ensuring the complexity of user passwords.
Applies whenever the user password is changed. The specified password is checked for compliance with all specified regular expressions in the list regex_patterns.
If a mismatch is detected, the text from the field is returned as an error description.
Regardless of the policy set, only passwords less than 100 characters long are allowed, consisting of the characters A-Za-z0-9_-.~!.
When you change the policy, the previous passwords are not automatically reset and continue to work.
|
"worktime_mode"
Domain type: any
Value type: int
Default: 0
|
Work schedule source (weekly schedule and composition of weekends and weekdays).
0 – default settings;
1 – current domain settings;
2 – inherit from the parent domain.
|
"worktime_periods"
Domain type: any
Value type: array<object>
Default: []
|
Weekly Work Time Schedule.
Each item in the list covers a specific segment within the week: from time on a particular day of the week to time on another particular day of the week.
Based on the aggregate of these segments, an overall schedule is generated.
Weekly schedule list item.
|
"yandex_cloud"
Domain type: working
Value type: object
Default: { … }`
|
Connection parameters to Yandex Cloud.
-
speech - authorization parameters on Yandex Cloud SpeechKit service. To work correctly, the following field must be filled in 'apiKey'.
-
storage - parameters of connection to the S3 storage. The parameters must be filled in for correct operation: 'bucket', 'keyId', 'secretKey'.
-
accounts - object that allows you to specify settings for working with different yandex accounts and get account selection when configuring in the script. Each key is an account code and is displayed in the script. Each object inside contains the above keys 'speech' and 'storage'.
The root values 'speech' and 'storage' refer to the 'default' account, which is set to the component by default.
Thus, when using only one account for a domain, you do not need to set the 'accounts' field.
The speech object supplies data to connect to the Yandex-cloud SpeechKit service:
-
uri_tts - URI to connect to the Yandex-cloud speech synthesis service. Default: 'https://tts.api.cloud.yandex.net/speech/v1/tts:synthesize'.
-
uri_asr_short - URI to connect to the Yandex-cloud short audio recognition service. Default: 'https://stt.api.cloud.yandex.net/speech/v1/stt:recognize'.
-
uri_asr_long - URI to connect to the Yandex-cloud long audio recognition service. Default: 'https://transcribe.api.cloud.yandex.net/speech/stt/v2/longRunningRecognize'.
-
uri_asr_long_response - URI to connect to the Yandex-cloud long audio recognition service. Default: 'https://operation.api.cloud.yandex.net/operations'.
-
apiKey - authorization API key. Specially created to connect to the SpeechKit service of Yandex-cloud.
-
folderId - optional parameter.
The storage object is used when recognizing long audio for pre-loading files into Yandex-cloud storage:
-
bucket - storage name. Created in advance.
-
keyId - authorization key for the service account.
-
secretKey - secret key corresponding to the authorization key.
Example 1
{
"speech" : {
"apiKey" : "BDUQ8zTZWzPmiVYspB__a8CMNG9lenE3eTVR3ByH7"
},
"storage" : {
"bucket": "my_bucket_1",
"keyId": "1dsqW72VN_7KaakeYRR9",
"secretKey": "YNElGkHMrSnWyyfGqvMpDHlLoWGxwT2WAj4LCiWV"
},}
Example 2
{
"accounts" : [{
"My Account B" : {
"speech" : {
"uri_tts" : "https://tts.api.cloud.yandex.net/speech/v1/tts:synthesize",
"uri_asr_short" : "https://stt.api.cloud.yandex.net/speech/v1/stt:recognize",
"uri_asr_long" : "https://transcribe.api.cloud.yandex.net/speech/stt/v2/longRunningRecognize",
"uri_asr_long_response" : "https://operation.api.cloud.yandex.net/operations",
"apiKey" : "6nBS8zU7WzGg2VYspB__x2Ag5G9eavE3eTNN3ByH7"
},
"storage" : {
"bucket": "my_bucket_1",
"keyId": "3thzS72WG_5ioAxHTq0",
"secretKey": "AGalGkChmSnNo1fGqvHzSHlHigGyET2WAj7LCuZn"
}
},
"My Account C" : ...,
...
}
]
}
You can set them simultaneously, then both the 'default' account settings and the settings of the listed accounts will be listed.
|