How to install Asterisk 18 on Redhat 8

How to install Asterisk 18 on Redhat 8

Introduction

The purpose of this article is to provide a step by step description of the Asterisk setup as a media server for the Nixxis platform. 
To be able properly complete the setup, you will need at least the following configuration details before starting the installation
                1.     Nixxis Application server IP or FQDN 
              

Checking User Privileges

  • Ensure that you have root access or administrative privileges to perform the following tasks.

2. Checking Operating System Compatibility

  • Verify that your operating system is RedHat 8.
  • To check the version, run the following command:

·         rpm -qa \*-release | grep -Ei "RedHat" | cut -d"-" -f3

  • If the output is not "8", please contact your system administrator for further assistance.

3. Starting and Checking NTP Service

  • Start the NTP service and ensure that it is active.
  • Run the following commands:

·         systemctl enable ntpd.service

·         ntpdate pool.ntp.org

·         systemctl start ntpd.service

·         systemctl status ntpd.service

  • If the status shows "active", the NTP service is running successfully.

5.  iptables / firewalld 


Make sure iptables and firewalld are correctly configured to allow traffic between the different components communicating with the NMS. See diagram below.






8. Installing EPEL Repository

  • Install the EPEL repository to enable additional package installations.
  • Run the following commands if you have internet.

·         yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm

·         yum -y install https://dl.fedoraproject.org/pub/epel/epel-next-release-latest-8.noarch.rpm

·         yum -y install epel-release



9. Updating System

  • Update the system to ensure all packages are up to date.
  • Run the following command:

yum update -y

             yum upgrade -y
  1. Restart server is necessary

 


10. Installing Mandatory Packages

  • Install the following mandatory packages:
    • git.x86_64
    • net-tools
    • gcc gcc-c++
    • pjproject
    • libxml2-devel
    • ncurses-devel
    • dialog
    • curl
    • curl-devel
    • whois.x86_64
    • libuuid-devel
    • ntp
    • nano
    • jansson.x86_64
    • dos2unix
    • jq

 

11. Installing SNMP

·         Install the SNMP package by running the command:

·         yum install -y net-snmp


12. Starting SNMP Service

·         Start the SNMP service by running the command:

·         systemctl enable snmpd.service
·         systemctl start snmpd.service

·         Verify that the service is active by running the command:

·         systemctl status snmpd.service

·         If the status shows "active", the SNMP service is running successfully.



13. Installing Additional Packages

14. Installing Option Packages (Connections DB)

  • Install the following option packages:
    • wget
    • mysql-devel
    • sqlite-devel
    • libtool-ltdl-devel
    • samba-client
    • perl-libwww-perl
    • mlocate
    • ntp
    • rsync
    • svn

  

15. Installing Lame MP3 Encoder and Lighttpd Web-server

  • Install the Lighttpd web-server by running the command:

·         yum install -y lighttpd



15. Configuring Lighttpd Modules

  • Activate the CGI module by editing the /etc/lighttpd/modules.conf file:
    • Uncomment the line that includes conf.d/cgi.conf by removing the # symbol at the beginning of the line.

  • Create and edit the /etc/lighttpd/conf.d/cgi.conf file:
    • Remove any existing cgi.conf file by running the command:

o    rm -rf /etc/lighttpd/conf.d/cgi.conf

    • Create a new cgi.conf file by running the command:

o    touch /etc/lighttpd/conf.d/cgi.conf

    • Add the following lines to the cgi.conf file:

o    server.modules += ( "mod_cgi" )

o    cgi.assign = ( "" => "" )



16. Installing php-cli

  • Install the package by running the command:

·         yum install -y php-cli

 

 

17. Customizing nano

  • Install nano by running the command:

·         yum install -y nano

  • After installation, verify that nano was installed successfully.
  • Customize nano by performing the following steps:
    • Copy the backup nanorc file to the nanorc file by running the command:

o    cp -f /etc/nanorc.bak /etc/nanorc

    • Add the following lines to the nanorc file:

o    include "/usr/share/nano/asterisk.nanorc"

o    include "/usr/share/nano/php.nanorc"

o    include "/usr/share/nano/html.nanorc"

o    include "/usr/share/nano/sh.nanorc"

    • Create the /usr/share/nano directory by running the command:

o    mkdir -p /usr/share/nano

    • Navigate to the /usr/share/nano directory by running the command:

o    cd /usr/share/nano

    • Move the sh.nanorc file to sh2.nanorc by running the command:

o    mv -f sh.nanorc sh2.nanorc

    • Download the following files from the provided URLs:

o    wget https://bitbucket.org/NixxisSupport/nixxis-nms-installation/downloads/asterisk.nanorc

o    wget https://bitbucket.org/NixxisSupport/nixxis-nms-installation/downloads/php.nanorc

o    wget https://bitbucket.org/NixxisSupport/nixxis-nms-installation/downloads/sh.nanorc



18. Installing and Configuring FTP Server

  • Install the vsftpd package by running the command:

·         yum install -y vsftpd

  • After installation, verify that the FTP server was installed successfully.
  • Edit the /etc/vsftpd/vsftpd.conf file and make the following changes:
    • Set anonymous_enable to NO.
    • Set local_enable to YES.
    • Set write_enable to YES.
    • Uncomment the line chroot_list_file=/etc/vsftpd/chroot_list and add the line chroot_local_user=YES below it.
    • Add the line reverse_lookup_enable=NO at the end of the file.
  • Enable the vsftpd service to start on boot by running the command:

·         chkconfig vsftpd on

  • Start the vsftpd service by running the command:

·         service vsftpd start

  • After starting the service, verify that the FTP server is running.

19. Downloadting Asterisk sources

After this, Asterisk can be downloaded and installed following:
Create the folder and download the sources from Digium in it:

                mkdir /usr/src/asterisk
                cd /usr/src/asterisk

Untar the archives:

·         tar zxvf asterisk-18-current.tar.gz

  tar zxvf libpri-1.4.3.tar.gz


Install libpri
pushd /usr/src/asterisk/libpri-1.4*
make clean
make 
make install

20. Downloading and installing hardware/IAX2 support drivers

Downloading and installing Dahdi
For IAX2 Trunking time or Transcoder cards from Digium, the Dahdi (Digium Asterisk Hardware Device Interface) interface is needed (this replaces the old zaptel interfaces).

To download the dahdi drivers please execute the following commands in the same folder (/usr/src/asterisk):

                yum install -y make
                tar zxvf dahdi-linux-complete-current.tar.gz

                cd /usr/src/asterisk/dahdi-linux-complete-current.tar.gz/
                make all
                make install
                make config


Configuring Dahdi
To configure Dahdi with the devices that are present within the machine please execute the following command:

                dahdi_genconf modules

This step will generate the /etc/dahdi/modules conf based on the hardware detected in the machine.
Start the service:

                service dahdi start

21. Compiling and installing Asterisk
Install Asterisk
Execute the following commands:


cd /usr/src/asterisk/asterisk-18*
./contrib/scripts/install_prereq install
./configure --libdir=/usr/lib64 --without-pjproject-bundled --with-jansson-bundled
make menuselect.makeopts


It is very important to remove the flag BUILD_NATIVE in Compiler Flags.
Make sure to select func_curl in Dialplan Functions.

Within the “menuselect” tool make sure that at least the different sound packages are selected. Make sure that with the 3 sound sections
-       Core Sound Package
-       Music On Hold
-       Extra Sound Packages

At least the ALAW and WAV sets for both ‘EN’ and ‘FR’ are selected.

It’s highly advisable to install also the g729 packages in case there is a chance of usage of g729 codecs. This will avoid transcoding for standard sound files and Music on Hold.

Build asterisk with the following commands:

               make
                make install
                make samples


22. Transfer Nixxis Asterisk configuration files
These files need to be transferred onto the media server and can (before or after transfer) be adapted to your current installation situation.

Note: An easy way of transferring files onto a server can be done using the SFTP protocol. Either filezilla client (windows) or Cyberduck (Mac OS X) support SFTP and allow to login in to the server to transfer files directly.

Unpack “Install.3.0.0.zip” (can be found here : http://update.nixxis.net/v3.0/Install.3.0.0.zip)

Via Filezilla, transfer the folders ‘etc’, ‘usr, ‘var’ and ‘srv’ to the relevant folders on the media server.

Via Linux:

                cd /usr/src/asterisk/

                unzip Install.3.0.0.zip -d ./nixxis

                pushd /usr/src/asterisk/nixxis/MediaServer/
                cp -rf /usr/src/asterisk/nixxis/MediaServer/etc/* /etc
                cp -rf /usr/src/asterisk/nixxis/MediaServer/usr/* /usr
                cp -rf /usr/src/asterisk/nixxis/MediaServer/var/* /var
                cp -rf /usr/src/asterisk/nixxis/MediaServer/srv/* /srv

Update the rights:
-        /usr/sbin/* files to be executable à chmod a+x /usr/sbin/*
-       /srv/www/lighttpd/* files to be executable à chmod a+x /srv/www/lighttpd/*
-       /var/lib/asterisk/agi-bin/* files to be executable à chmod a+x /var/lib/asterisk/agi-bin/*

Convert to UNIX format:
-        dos2unix /srv/www/lighttpd/*


23. Creating IVR and Recording users
adduser sounds 
set a password
chmod 777 /home/sounds
chown sounds:sounds /home/sounds

mkdir /home/soundsv2
chmod 777 /home/soundsv2
chown sounds:sounds /home/soundsv2

adduser recording
set a password
chmod 777 /home/recording
chown recording:recording /home/recording

24.Web-server installation and configuration
chmod a+x /srv/www/lighttpd/
chgrp sounds /var/log/lighttpd/
chmod g+w /var/log/lighttpd/
sed -i 's|.*server.username  = "lighttpd".*|server.username  = "sounds"|' /etc/lighttpd/lighttpd.conf
sed -i 's|.*server.groupname = "lighttpd".*|server.groupname = "sounds"|' /etc/lighttpd/lighttpd.conf
service lighttpd stop
chown sounds:sounds/var/log/lighttpd/ 
chown sounds:sounds/var/log/lighttpd/* 
chmod 777 /var/log/* 
chown sounds:sounds/srv/www/lighttpd 
chown sounds:sounds/srv/www/lighttpd/*
chmod 777  /srv/www/lighttpd/* 
chkconfig lighttpd on
service lighttpd start 
service lighttpd stop
service lighttpd restart 

25. Adapting config files
cd /etc/asterisk 
cp -rf sip_sample.conf sip.conf 
cp -rf extensions_sample.conf extensions.conf
echo -e '\n[nixxis]' >> /etc/asterisk/manager.conf
echo 'secret=nixxis00' >> /etc/asterisk/manager.conf
echo 'read = system,call,log,verbose,command,agent,user,config' >> /etc/asterisk/manager.conf
echo 'write = system,call,log,verbose,command,agent,user,config' >> /etc/asterisk/manager.conf


# fail2ban installation
yum install -y fail2ban
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local


# Automatically start Asterisk on server boot
cp -rf /usr/src/asterisk/asterisk/contrib/init.d/rc.redhat.asterisk /etc/init.d/asterisk 
chkconfig asterisk on 
sed -i 's|.*AST_SBIN=__ASTERISK_SBIN_DIR__$|AST_SBIN=/usr/sbin|' /etc/init.d/asterisk
service asterisk start
service asterisk stop
service asterisk restart

# Installing Nixxis related options 
touch /etc/asterisk/musiconhold_nixxis.conf 
chmod 775 /etc/asterisk/musiconhold_nixxis.conf
chown sounds:sounds /etc/asterisk/musiconhold_nixxis.conf 
sed -i 'N;s|directory=/var/lib/asterisk/moh\n;$|directory=/var/lib/asterisk/moh\n\#include \"musiconhold_nixxis.conf\"\n|' /etc/asterisk/musiconhold.conf

# Adaptation for Asterisk 18 
Go to : etc/asterisk/nixxis
In those 2 files 
1.ivr-v2.conf
2.ivr-v2-nochoice.conf

Search and replace "WELCOME" in UPPERCASE letters into lowercase "welcome"


# /etc/asterisk/modules.conf
sed -i 's|.*preload => res_odbc.so$|preload => res_odbc.so|' /etc/asterisk/modules.conf
sed -i 's|.*preload => res_config_odbc.so$|preload => res_config_odbc.so|' /etc/asterisk/modules.conf
sed -i 's/noload = chan_sip.so/load = chan_sip.so/' /etc/asterisk/modules.conf
echo -e 'noload => res_pjsip.so' >> /etc/asterisk/modules.conf
echo -e 'noload => res_config_ldap.so' >> /etc/asterisk/modules.conf
echo -e 'noload => res_config_pgsql.so' >> /etc/asterisk/modules.conf
systemctl restart asterisk.service 


# CLI> module reload res_odbc.so
asterisk -rx "module reload res_odbc.so" 

# Sudo manipulation
recording ALL= NOPASSWD: /usr/sbin/asterisk -rx "moh reload"
sounds ALL= NOPASSWD: /usr/sbin/asterisk -rx "moh reload"

26. Asterisk configuration files
The folder /etc/asterisk/ contains the asterisk configuration files. If you do not already have your own extensions.conf then you can start with the extensions_sample.conf and rename it to extensions.conf to have a clean example to start your installation with.

Based on sip_sample.conf, generate your own sip.conf defining the various sip peers.


27.  Maintenance scripts
Nixxis provides 3 maintenance scripts. Below follows an explanation on each of the 3 scripts. All 3 scripts can be run from CRON at a fixed (nightly) job to perform the actions needed. There is a 4th script that uses a command already included with RHEL to remove old recordings from the server.

We advise to store the files in /usr/sbin/ for them to be widely available to the system.

27.1. Setting up cronjobs
All script mentioned above are best executed at a pre-programmed time every day. Following is an example on how to setup a crontab, though more detailed information is available on the internet.

This example of a crontab entry will run the MP3 converter every day at 23:00 to convert the recordings on disk:

By default the crontab editor uses VI as editor, the user can tell the system to use a different editor by default, for example Nano by executing the following command:

                export EDITOR=nano

Next we launch the command to edit the crontab by executing:

                crontab –e

We add a line per job to be executed, in our case to run the job at 23:00

                0 23 * * * /usr/sbin/nixxis_mp3_converter.sh

Exit the editor while saving the changes we made to the file. After this to following command can be used to verify if the job has been put in place:

                crontab –l

27.2. nixxis_mp3_converter.sh
This scripts converts all .wav recording files into MP3 encoded files. This has a big advantage on the amount of disk-space occupied by recordings if they are kept on the Asterisk servers.

The script by default considers that all recordings are stored in /home/recording (though this can be edited in the script itself if it is not the case).

We advise to run this script in a cronjob outside of production hours to avoid high CPU load during production.

To enable the playing of the mp3 files:

                Run “make menuselect”
                Select “Add-ons”
                Make sure “format_mp3” is selected: [*]format_mp3
                Use the “Menu Select” command ‘x’ to Save and Quit
                Run “contrib/scripts/get_mp3_source.sh” <-- IMPORTANT or you won’t have MP3 source to compile and your build will fail!
                Run “make install”

You will now have MP3 support in Asterisk in addition to the default 16-bit, monaural, 8KHz sample rate WAV file format.

27.3. nixxis_recmove.sh
This script will move all recordings to a given FTP server (normally used to move the recordings from the Asterisk to the Application Server or some other external storage device.

The “recmove” script is based on the scriptable FTP client Kermit which needs to be installed on the server first.

Afterwards adapt the nixxis_remove.sh with the settings of the ftp server, the example file contains the following line, which needs to be edited with the server, username and password of the remote FTP connection:

                ftp open 192.168.1.2 /user:recording /password:recording

Furthermore we need to tell the script how many days of recordings we’d like to keep on the Asterisk server. Any recordings older are moved by this script to the remote server. To set the number of days to keep, edit the following 2 lines of the script to reflect the number of days, the example will keep 21 days of recordings, meaning anything older than 21 days will be moved to the remote server.

                ftp put /before:-21days /delete *

if fail exit 1 ftp put /before:-21days /delete *: \v(ftp_message)

Last step is to put the script into a CRON job, for this see example earlier in this chapter.

Any other methods/scripts can be used to achieve this if you cannot install kermit on your distribution.

27.4. Tmpwatch
This script allows you to remove files older than a certain number of hours from the server. This allows for the cleaning of the /home/recording folder in the case there is no off-server retention of recording needed.

A simple crontab entry can be setup to remove the recordings from disk. The following example will remove all recordings older then 30 days (5040 hours) from the server at 04:30.

                30 4 * * * /usr/sbin/tmpwatch 5040 /home/recording/

Use this wisely and make sure to understand that the numerical value of tmpwatch is in HOURS and not days!



Selinux
Here are some general steps and considerations for configuring SELinux for Asterisk, lighttpd, and vsftpd:

1. Set the Correct SELinux Booleans
SELinux booleans are simple on/off switches that can control various aspects of SELinux policy without requiring complex modifications. You can view the current booleans related to your services using the getsebool command and set them with setsebool.

# VSFTPD

For vsftpd, you might need to adjust booleans to allow FTP to read/write in user home directories or to allow network connections, depending on your setup.

setsebool -P ftp_home_dir on

sudo chcon -R -t public_content_rw_t /home/soundsv2
sudo chcon -R -t public_content_rw_t /home/sounds
sudo chcon -R -t public_content_rw_t /home/soundsv2share

This command sets the SELinux context of the specified directories to public_content_rw_t, allowing vsftpd to write to them.

# Lighttpd
For lighttpd, you may need to adjust booleans to allow HTTPD scripts and modules.
setsebool -P httpd_enable_cgi on

Set SELinux Context:
Use the chcon command to set the SELinux context for the "/srv/www/lighttpd" directory and its contents. The appropriate context for web server content is typically httpd_sys_content_t. Run the following command:

sudo chcon -Rv --type=httpd_sys_content_t /srv/www/lighttpd

This command recursively sets the SELinux context for all files and directories under "/srv/www/lighttpd" to "httpd_sys_content_t."

Adjust File Permissions:
Ensure that the file permissions are set correctly. For web server content, it's common to set the permissions to allow read and execute access. For example:

sudo chmod -R 755 /srv/www/lighttpd

This command gives read and execute permissions to the owner and read permission to others.

Restart Lighttpd:
After making changes, restart the Lighttpd service to apply the SELinux context and file permissions:

sudo systemctl restart lighttpd



# Cron job(maintenance scripts) in /usr/sbin/
Check Current SELinux Context:
Use the ls command with the -Z option to check the SELinux context of the shell script files:

ls -Z /usr/sbin/*.sh

Ensure that the files have an appropriate SELinux context. If they don't, you may need to set it.

Set SELinux Context (if necessary):
Use the chcon command to set the SELinux context for the shell script files. For files executed by cron, the context is typically cron_spool_t. Run the following command for the needed script:

sudo chcon -v --type=cron_spool_t /usr/sbin/nixxis_mp3_converter.sh
sudo chcon -v --type=cron_spool_t /usr/sbin/nixxis_recmix_delayed.sh
sudo chcon -v --type=cron_spool_t /usr/sbin/nixxis_recmove.sh


Review File Permissions:
Ensure that the file permissions allow the cron daemon to execute the scripts. The script should be executable (chmod +x).

sudo chmod +x /usr/sbin/filename.sh


# Asterisk
For Asterisk, there might not be specific booleans, but ensure related network and audio permissions are correctly set.

Check Current SELinux Context:
Use the ls command with the -Z option to check the SELinux context of the files in /etc/asterisk:
ls -Z /etc/asterisk

Verify that the files have an appropriate SELinux context. If they don't, you may need to set it.

Set SELinux Context (if necessary):
Use the chcon command to set the SELinux context for the files in the /etc/asterisk directory. For files used by Asterisk, the context is often asterisk_etc_t. Run the following command:

sudo chcon -Rv --type=asterisk_etc_t /etc/asterisk

This command recursively sets the SELinux context for all files and directories under /etc/asterisk to asterisk_etc_t.

Audio recording
sudo chcon -R -t public_content_rw_t /home/recording
This command sets the SELinux context of the specified directories to public_content_rw_t, allowing Asterisk to write to them.

Review File Permissions:
Ensure that the file permissions allow Asterisk to read the configuration files. Generally, read access is sufficient (chmod +r).

sudo chmod +r /etc/asterisk/*

Restart Asterisk:
After making these changes, restart the Asterisk service to apply the SELinux context and file permissions:

sudo systemctl restart asterisk


Review SELinux Alerts :
If you encounter issues, check the SELinux logs for any denials:

sudo ausearch -m avc -ts recent

This command shows recent SELinux AVC (Access Vector Cache) denials. Review the output to identify any SELinux denials related to Lighttpd and adjust the SELinux policy accordingly.



(Selinux settings must be adapted according to your setup/desired security, the rules above are general ones)

    • Related Articles

    • How to install Asterisk 1.8 on CentOS 6.x

      1.   Introduction The purpose of this article is to provide a step by step description of the Asterisk setup as a media server for the Nixxis platform. If the server has not been installed yet, make sure to follow ...
    • How to install Asterisk 11 on CentOS 7.x

      1.   Introduction The purpose of this article is to provide a description of the Asterisk setup as a media server for the Nixxis platform by using the Asterisk 11 on CentOS 7 automated installation script available on the Nixxis Support bitbucket. If ...
    • How to install CentOS 7.x

      1.   Introduction The purpose of this article is to provide a description of the CentOS 7.x setup on a media server for the Nixxis platform by using the CentOS 7 automated installation script available on the Nixxis Support bitbucket. 2.  ...
    • [Installation] - NCS v3.x - Installation and configuration procedure

      Introduction The purpose of this document is to guide you through the installation and the configuration process of Nixxis Contact Suite V3.x Application Server. 1. Prerequisites General prerequisites: Important to make sure prerequisites are ...
    • [Installation] - NCS v3.x - Installation and configuration procedure (EN)

      Introduction The purpose of this document is to guide you through the installation and the configuration process of Nixxis Contact Suite V3.x Application Server. 1. Prerequisites General prerequisites: Important to make sure prerequisites are ...