How to install Asterisk 18 on Redhat 8
Introduction
The
purpose of this article is to provide a step by step description of the
Asterisk setup as a media server for the Nixxis platform.
To be able properly complete the setup, you will need at least the following configuration details before
starting the installation
1. Nixxis Application server IP or FQDN
Checking User Privileges
- Ensure that you have root access or administrative privileges to perform the following tasks.
2. Checking Operating System Compatibility
- Verify that your operating system is RedHat 8.
- To check the version, run the following command:
· rpm -qa \*-release | grep -Ei "RedHat" | cut -d"-" -f3
- If the output is not "8", please contact your system administrator for further assistance.
3. Starting and Checking NTP Service
- Start the NTP service and ensure that it is active.
- Run the following commands:
· systemctl enable ntpd.service
· ntpdate pool.ntp.org
· systemctl start ntpd.service
· systemctl status ntpd.service
- If the status shows "active", the NTP service is running successfully.
5. iptables / firewalld
Make sure iptables and firewalld are correctly configured to allow traffic between the different components communicating with the NMS. See diagram below.
8. Installing EPEL Repository
- Install the EPEL repository to enable additional package installations.
- Run the following commands if you have internet.
· yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
· yum -y install https://dl.fedoraproject.org/pub/epel/epel-next-release-latest-8.noarch.rpm
· yum -y install epel-release
9. Updating System
- Update the system to ensure all packages are up to date.
- Run the following command:
yum update -y
yum upgrade -y
- Restart server is necessary
10. Installing Mandatory Packages
- Install the following mandatory packages:
- git.x86_64
- net-tools
- gcc gcc-c++
- pjproject
- libxml2-devel
- ncurses-devel
- dialog
- curl
- curl-devel
- whois.x86_64
- libuuid-devel
- ntp
- nano
- jansson.x86_64
- dos2unix
- jq
11. Installing SNMP
· Install the SNMP package by running the command:
·yum install -y net-snmp
12. Starting SNMP Service
· Start the SNMP service by running the command:
·systemctl enable snmpd.service
·systemctl start snmpd.service
· Verify that the service is active by running the command:
·systemctl status snmpd.service
· If the status shows "active", the SNMP service is running successfully.
13. Installing Additional Packages
- Install the following additional packages:
- libedit-devel-3.1-23.20170329cvs.el8.x86_64.rpm from https://vault.centos.org/centos/8/PowerTools/x86_64/os/Packages/
- libedit-20090923-3.0_1.el3.rf.x86_64.rpm from https://rpmfind.net/linux/dag/redhat/el3/en/x86_64/dag/RPMS/
14. Installing Option Packages (Connections DB)
- Install the following option packages:
- wget
- mysql-devel
- sqlite-devel
- libtool-ltdl-devel
- samba-client
- perl-libwww-perl
- mlocate
- ntp
- rsync
- svn
15. Installing Lame MP3 Encoder and Lighttpd Web-server
- Install the Lighttpd web-server by running the command:
· yum install -y lighttpd
15. Configuring Lighttpd Modules
- Activate the CGI module by editing the /etc/lighttpd/modules.conf file:
- Uncomment
the line that includes conf.d/cgi.conf by
removing the # symbol at the
beginning of the line.
- Create and edit the /etc/lighttpd/conf.d/cgi.conf file:
- Remove any existing cgi.conf file by running the command:
o rm -rf /etc/lighttpd/conf.d/cgi.conf
- Create a new cgi.conf file by running the command:
o touch /etc/lighttpd/conf.d/cgi.conf
- Add the following lines to the cgi.conf file:
o server.modules += ( "mod_cgi" )
o cgi.assign =
( "" => "" )
16. Installing php-cli
- Install the package by running the command:
· yum install -y php-cli
17. Customizing nano
- Install nano by running the command:
· yum install -y nano
- After installation, verify that nano was installed successfully.
- Customize nano by performing the following steps:
- Copy the backup nanorc file to the nanorc file by running the command:
o cp -f /etc/nanorc.bak /etc/nanorc
- Add the following lines to the nanorc file:
o include "/usr/share/nano/asterisk.nanorc"
o include "/usr/share/nano/php.nanorc"
o include "/usr/share/nano/html.nanorc"
o include "/usr/share/nano/sh.nanorc"
- Create the /usr/share/nano directory by running the command:
o mkdir -p /usr/share/nano
- Navigate to the /usr/share/nano directory by running the command:
o cd /usr/share/nano
- Move the sh.nanorc file to sh2.nanorc by running the command:
o mv -f sh.nanorc sh2.nanorc
- Download the following files from the provided URLs:
o wget https://bitbucket.org/NixxisSupport/nixxis-nms-installation/downloads/asterisk.nanorc
o wget https://bitbucket.org/NixxisSupport/nixxis-nms-installation/downloads/php.nanorc
o wget https://bitbucket.org/NixxisSupport/nixxis-nms-installation/downloads/sh.nanorc
18. Installing and Configuring FTP Server
- Install the vsftpd package by running the command:
· yum install -y vsftpd
- After installation, verify that the FTP server was installed successfully.
- Edit the /etc/vsftpd/vsftpd.conf file and make the following changes:
- Set anonymous_enable to NO.
- Set local_enable to YES.
- Set write_enable to YES.
- Uncomment the line chroot_list_file=/etc/vsftpd/chroot_list and add the line chroot_local_user=YES below it.
- Add the line reverse_lookup_enable=NO at the end of the file.
- Enable the vsftpd service to start on boot by running the command:
· chkconfig vsftpd on
- Start the vsftpd service by running the command:
· service vsftpd start
- After starting the service, verify that the FTP server is running.
19. Downloadting Asterisk sources
After this, Asterisk can be downloaded and installed following:
Create the folder and download the sources from Digium in it:
mkdir /usr/src/asterisk
cd /usr/src/asterisk
Untar the archives:
·tar zxvf asterisk-18-current.tar.gz
tar zxvf libpri-1.4.3.tar.gz
Install libpri
pushd /usr/src/asterisk/libpri-1.4*
make clean
make
make install
20. Downloading and installing hardware/IAX2 support drivers
Downloading and installing Dahdi
For IAX2 Trunking time or Transcoder cards from Digium, the Dahdi (Digium Asterisk Hardware Device Interface) interface is needed (this replaces the old zaptel interfaces).
To download the dahdi drivers please execute the following commands in the same folder (/usr/src/asterisk):
yum install -y make
tar zxvf dahdi-linux-complete-current.tar.gz
cd /usr/src/asterisk/dahdi-linux-complete-current.tar.gz/
make all
make install
make config
Configuring Dahdi
To configure Dahdi with the devices that are present within the machine please execute the following command:
dahdi_genconf modules
This step will generate the /etc/dahdi/modules conf based on the hardware detected in the machine.
Start the service:
service dahdi start
21. Compiling and installing Asterisk
Install Asterisk
Execute the following commands:
cd /usr/src/asterisk/asterisk-18*
./contrib/scripts/install_prereq install
./configure --libdir=/usr/lib64 --without-pjproject-bundled --with-jansson-bundled
make menuselect.makeopts
It is very important to remove the flag BUILD_NATIVE in Compiler Flags.
Make sure to select func_curl in Dialplan Functions.
Within the “menuselect” tool make sure that at least the different sound packages are selected. Make sure that with the 3 sound sections
- Core Sound Package
- Music On Hold
- Extra Sound Packages
At least the ALAW and WAV sets for both ‘EN’ and ‘FR’ are selected.
It’s highly advisable to install also the g729 packages in case there is a chance of usage of g729 codecs. This will avoid transcoding for standard sound files and Music on Hold.
Build asterisk with the following commands:
make
make install
make samples
22. Transfer Nixxis Asterisk configuration files
These files need to be transferred onto the media server and can (before or after transfer) be adapted to your current installation situation.
Note: An easy way of transferring files onto a server can be done using the SFTP protocol. Either filezilla client (windows) or Cyberduck (Mac OS X) support SFTP and allow to login in to the server to transfer files directly.
Unpack “Install.3.0.0.zip” (can be found here : http://update.nixxis.net/v3.0/Install.3.0.0.zip)
Via Filezilla, transfer the folders ‘etc’, ‘usr, ‘var’ and ‘srv’ to the relevant folders on the media server.
Via Linux:
cd /usr/src/asterisk/
unzip Install.3.0.0.zip -d ./nixxis
pushd /usr/src/asterisk/nixxis/MediaServer/
cp -rf /usr/src/asterisk/nixxis/MediaServer/etc/* /etc
cp -rf /usr/src/asterisk/nixxis/MediaServer/usr/* /usr
cp -rf /usr/src/asterisk/nixxis/MediaServer/var/* /var
cp -rf /usr/src/asterisk/nixxis/MediaServer/srv/* /srv
Update the rights:
- /usr/sbin/* files to be executable à chmod a+x /usr/sbin/*
- /srv/www/lighttpd/* files to be executable à chmod a+x /srv/www/lighttpd/*
- /var/lib/asterisk/agi-bin/* files to be executable à chmod a+x /var/lib/asterisk/agi-bin/*
Convert to UNIX format:
- dos2unix /srv/www/lighttpd/*
23. Creating IVR and Recording users
adduser sounds
set a password
chmod 777 /home/sounds
chown sounds:sounds /home/sounds
mkdir /home/soundsv2
chmod 777 /home/soundsv2
chown sounds:sounds /home/soundsv2
adduser recording
set a password
chmod 777 /home/recording
chown recording:recording /home/recording
24.Web-server installation and configuration
chmod a+x /srv/www/lighttpd/
chgrp sounds /var/log/lighttpd/
chmod g+w /var/log/lighttpd/
sed -i 's|.*server.username = "lighttpd".*|server.username = "sounds"|' /etc/lighttpd/lighttpd.conf
sed -i 's|.*server.groupname = "lighttpd".*|server.groupname = "sounds"|' /etc/lighttpd/lighttpd.conf
service lighttpd stop
chown sounds:sounds/var/log/lighttpd/
chown sounds:sounds/var/log/lighttpd/*
chmod 777 /var/log/*
chown sounds:sounds/srv/www/lighttpd
chown sounds:sounds/srv/www/lighttpd/*
chmod 777 /srv/www/lighttpd/*
chkconfig lighttpd on
service lighttpd start
service lighttpd stop
service lighttpd restart
25. Adapting config files
cd /etc/asterisk
cp -rf sip_sample.conf sip.conf
cp -rf extensions_sample.conf extensions.conf
echo -e '\n[nixxis]' >> /etc/asterisk/manager.conf
echo 'secret=nixxis00' >> /etc/asterisk/manager.conf
echo 'read = system,call,log,verbose,command,agent,user,config' >> /etc/asterisk/manager.conf
echo 'write = system,call,log,verbose,command,agent,user,config' >> /etc/asterisk/manager.conf
# fail2ban installation
yum install -y fail2ban
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
# Automatically start Asterisk on server boot
cp -rf /usr/src/asterisk/asterisk/contrib/init.d/rc.redhat.asterisk /etc/init.d/asterisk
chkconfig asterisk on
sed -i 's|.*AST_SBIN=__ASTERISK_SBIN_DIR__$|AST_SBIN=/usr/sbin|' /etc/init.d/asterisk
service asterisk start
service asterisk stop
service asterisk restart
# Installing Nixxis related options
touch /etc/asterisk/musiconhold_nixxis.conf
chmod 775 /etc/asterisk/musiconhold_nixxis.conf
chown sounds:sounds /etc/asterisk/musiconhold_nixxis.conf
sed -i 'N;s|directory=/var/lib/asterisk/moh\n;$|directory=/var/lib/asterisk/moh\n\#include \"musiconhold_nixxis.conf\"\n|' /etc/asterisk/musiconhold.conf
# Adaptation for Asterisk 18
Go to : etc/asterisk/nixxis
In those 2 files
1.ivr-v2.conf
2.ivr-v2-nochoice.conf
Search and replace "WELCOME" in UPPERCASE letters into lowercase "welcome"
# /etc/asterisk/modules.conf
sed -i 's|.*preload => res_odbc.so$|preload => res_odbc.so|' /etc/asterisk/modules.conf
sed -i 's|.*preload => res_config_odbc.so$|preload => res_config_odbc.so|' /etc/asterisk/modules.conf
sed -i 's/noload = chan_sip.so/load = chan_sip.so/' /etc/asterisk/modules.conf
echo -e 'noload => res_pjsip.so' >> /etc/asterisk/modules.conf
echo -e 'noload => res_config_ldap.so' >> /etc/asterisk/modules.conf
echo -e 'noload => res_config_pgsql.so' >> /etc/asterisk/modules.conf
systemctl restart asterisk.service
# CLI> module reload res_odbc.so
asterisk -rx "module reload res_odbc.so"
# Sudo manipulation
recording ALL= NOPASSWD: /usr/sbin/asterisk -rx "moh reload"
sounds ALL= NOPASSWD: /usr/sbin/asterisk -rx "moh reload"
26. Asterisk configuration files
The folder /etc/asterisk/ contains the asterisk configuration files. If you do not already have your own extensions.conf then you can start with the extensions_sample.conf and rename it to extensions.conf to have a clean example to start your installation with.
Based on sip_sample.conf, generate your own sip.conf defining the various sip peers.
27. Maintenance
scripts
Nixxis
provides 3 maintenance scripts. Below follows an explanation on each of the 3 scripts. All 3 scripts
can be run from CRON at a fixed (nightly) job to perform the actions needed.
There is a 4th script that uses a command already included with RHEL to
remove old recordings from the server.
We advise
to store the files in /usr/sbin/ for them to be widely available to the system.
27.1. Setting
up cronjobs
All script
mentioned above are best executed at a pre-programmed time every day. Following
is an example on how to setup a crontab, though more detailed information is available on the internet.
This
example of a crontab entry will run the MP3 converter every day at 23:00 to
convert the recordings on disk:
By default
the crontab editor uses VI as editor, the user can tell the system to use a
different editor by default, for example Nano by executing the following command:
export EDITOR=nano
Next we
launch the command to edit the crontab by executing:
crontab –e
We add a
line per job to be executed, in our case to run the job at 23:00
0 23 * * * /usr/sbin/nixxis_mp3_converter.sh
Exit the
editor while saving the changes we made to the file. After this to following
command can be used to verify if the job has been put in place:
crontab –l
27.2. nixxis_mp3_converter.sh
This
scripts converts all .wav recording files into MP3 encoded files. This has a
big advantage on the amount of disk-space occupied by recordings if they are
kept on the Asterisk servers.
The script
by default considers that all recordings are stored in /home/recording (though
this can be edited in the script itself if it is not the case).
We advise
to run this script in a cronjob outside of production hours to avoid high CPU
load during production.
To enable the playing of the mp3 files:
Run “make menuselect”
Select “Add-ons”
Make sure “format_mp3” is selected: [*]format_mp3
Use the “Menu Select” command ‘x’ to Save and Quit
Run “contrib/scripts/get_mp3_source.sh” <-- IMPORTANT or you won’t have MP3 source to compile and your build will fail!
Run “make install”
You will now have MP3 support in Asterisk in addition to the default 16-bit, monaural, 8KHz sample rate WAV file format.
27.3. nixxis_recmove.sh
This script
will move all recordings to a given FTP server (normally used to move the recordings
from the Asterisk to the Application Server or some other external storage
device.
The “recmove”
script is based on the scriptable FTP client Kermit which needs to be installed
on the server first.
Afterwards
adapt the nixxis_remove.sh with the
settings of the ftp server, the example file contains the following line, which
needs to be edited with the server, username and password of the remote FTP
connection:
ftp open 192.168.1.2 /user:recording /password:recording
Furthermore
we need to tell the script how many days of recordings we’d like to keep on the
Asterisk server. Any recordings older are moved by this script to the remote
server. To set the number of days to keep, edit the following 2 lines of the
script to reflect the number of days, the example will keep 21 days of
recordings, meaning anything older than 21 days will be moved to the remote
server.
ftp put /before:-21days /delete
*
if fail exit 1 ftp put /before:-21days /delete
*: \v(ftp_message)
Last step
is to put the script into a CRON job, for this see example earlier in this
chapter.
Any other methods/scripts can be used to achieve this if you cannot install kermit on your distribution.
27.4. Tmpwatch
This script
allows you to remove files older than a certain number of hours from the server.
This allows for the cleaning of the /home/recording folder in the case there is
no off-server retention of recording needed.
A simple
crontab entry can be setup to remove the recordings from disk. The following example
will remove all recordings older then 30 days (5040 hours) from the server at
04:30.
30 4 * * *
/usr/sbin/tmpwatch 5040 /home/recording/
Use this
wisely and make sure to understand that the numerical value of tmpwatch is in
HOURS and not days!
Selinux
Here are some general steps and considerations for configuring SELinux for Asterisk, lighttpd, and vsftpd:
1. Set the Correct SELinux Booleans
SELinux booleans are simple on/off switches that can control various aspects of SELinux policy without requiring complex modifications. You can view the current booleans related to your services using the getsebool command and set them with setsebool.
# VSFTPD
For vsftpd, you might need to adjust booleans to allow FTP to read/write in user home directories or to allow network connections, depending on your setup.
setsebool -P ftp_home_dir on
sudo chcon -R -t public_content_rw_t /home/soundsv2
sudo chcon -R -t public_content_rw_t /home/sounds
sudo chcon -R -t public_content_rw_t /home/soundsv2share
This command sets the SELinux context of the specified directories to public_content_rw_t, allowing vsftpd to write to them.
# Lighttpd
For lighttpd, you may need to adjust booleans to allow HTTPD scripts and modules.
setsebool -P httpd_enable_cgi on
Set SELinux Context:
Use the chcon command to set the SELinux context for the "/srv/www/lighttpd" directory and its contents. The appropriate context for web server content is typically httpd_sys_content_t. Run the following command:
sudo chcon -Rv --type=httpd_sys_content_t /srv/www/lighttpd
This command recursively sets the SELinux context for all files and directories under "/srv/www/lighttpd" to "httpd_sys_content_t."
Adjust File Permissions:
Ensure that the file permissions are set correctly. For web server content, it's common to set the permissions to allow read and execute access. For example:
sudo chmod -R 755 /srv/www/lighttpd
This command gives read and execute permissions to the owner and read permission to others.
Restart Lighttpd:
After making changes, restart the Lighttpd service to apply the SELinux context and file permissions:
sudo systemctl restart lighttpd
# Cron job(maintenance scripts) in /usr/sbin/
Check Current SELinux Context:
Use the ls command with the -Z option to check the SELinux context of the shell script files:
ls -Z /usr/sbin/*.sh
Ensure that the files have an appropriate SELinux context. If they don't, you may need to set it.
Set SELinux Context (if necessary):
Use the chcon command to set the SELinux context for the shell script files. For files executed by cron, the context is typically cron_spool_t. Run the following command for the needed script:
sudo chcon -v --type=cron_spool_t /usr/sbin/nixxis_mp3_converter.sh
sudo chcon -v --type=cron_spool_t /usr/sbin/nixxis_recmix_delayed.sh
sudo chcon -v --type=cron_spool_t /usr/sbin/nixxis_recmove.sh
Review File Permissions:
Ensure that the file permissions allow the cron daemon to execute the scripts. The script should be executable (chmod +x).
sudo chmod +x /usr/sbin/filename.sh
# Asterisk
For Asterisk, there might not be specific booleans, but ensure related network and audio permissions are correctly set.
Check Current SELinux Context:
Use the ls command with the -Z option to check the SELinux context of the files in /etc/asterisk:
ls -Z /etc/asterisk
Verify that the files have an appropriate SELinux context. If they don't, you may need to set it.
Set SELinux Context (if necessary):
Use the chcon command to set the SELinux context for the files in the /etc/asterisk directory. For files used by Asterisk, the context is often asterisk_etc_t. Run the following command:
sudo chcon -Rv --type=asterisk_etc_t /etc/asterisk
This command recursively sets the SELinux context for all files and directories under /etc/asterisk to asterisk_etc_t.
Audio recording
sudo chcon -R -t public_content_rw_t /home/recording
This command sets the SELinux context of the specified directories to public_content_rw_t, allowing Asterisk to write to them.
Review File Permissions:
Ensure that the file permissions allow Asterisk to read the configuration files. Generally, read access is sufficient (chmod +r).
sudo chmod +r /etc/asterisk/*
Restart Asterisk:
After making these changes, restart the Asterisk service to apply the SELinux context and file permissions:
sudo systemctl restart asterisk
Review SELinux Alerts :
If you encounter issues, check the SELinux logs for any denials:
sudo ausearch -m avc -ts recent
This command shows recent SELinux AVC (Access Vector Cache) denials. Review the output to identify any SELinux denials related to Lighttpd and adjust the SELinux policy accordingly.
(Selinux settings must be adapted according to your setup/desired security, the rules above are general ones)
Related Articles
How to install Asterisk 1.8 on CentOS 6.x
1. Introduction The purpose of this article is to provide a step by step description of the Asterisk setup as a media server for the Nixxis platform. If the server has not been installed yet, make sure to follow ...How to install Asterisk 11 on CentOS 7.x
1. Introduction The purpose of this article is to provide a description of the Asterisk setup as a media server for the Nixxis platform by using the Asterisk 11 on CentOS 7 automated installation script available on the Nixxis Support bitbucket. If ...How to install CentOS 7.x
1. Introduction The purpose of this article is to provide a description of the CentOS 7.x setup on a media server for the Nixxis platform by using the CentOS 7 automated installation script available on the Nixxis Support bitbucket. 2. ...NCS v3.x - Installation and configuration procedure
Introduction The purpose of this document is to guide you through the installation and the configuration process of Nixxis Contact Suite V3.x Application Server. 1. Prerequisites General prerequisites: Important to make sure prerequisites are ...NCS v3.x - Installation and configuration procedure (EN)
Introduction The purpose of this document is to guide you through the installation and the configuration process of Nixxis Contact Suite V3.x Application Server. 1. Prerequisites General prerequisites: Important to make sure prerequisites are ...