Friday, 2 October 2015

Vicidial Installation Guide

Introduction

VICIDIAL is an enterprise class, open source, call center suite in use by many large call centers around the world.
Asterisk is software that turns an ordinary computer into a voice communications server.
Together, you have a full featured predictive dialer. It can also function as an ACD for inbound calls, or closer calls coming from VICIDIAL outbound fronters. It is capable of inbound, outbound, and blended call handling. VICIDIAL even allows you to have agents logged in from remote locations.

Preliminary Notes

In this guide I will be installing this on a newly installed & updated CentOS 6 64-bit dedicated server that I am leasing from a data center. It has no control panel (cPanel, Plesk, ISPconfig, etc..) because a control panel is not needed. You should be comfortable using the putty command line terminal software and knowledgeable in server administration.
This guide also applies to CentOS 6 32-bit. (There were a couple minor modifications needed that I pointed out in that part of the guide)
This guide will not explain how to configure or use vicidial. For that, I recommend purchasing the Agent and Managers Manual from www.eflo.net. This is required reading. There is also a free version of the Agent and Manager's Manual available for download that will help. You may also use the forums to ask specific questions.
This tutorial is a derivative of the original scratch install instructions found in the astguiclient source package. It has been adapted to CentOS.
I recommend reading this turorial in its entirety before starting so you get an idea of what prerequisites are required.
From time to time this page may get updated and if so, I will update the date at the bottom of this guide.
The text that are highlighted in red are the areas you need to customize.

You must login as root during the entire installation and configuration process.


Update the system

Make sure you update the system first, then reboot if you installed an updated kernel.
yum -y update
reboot

Install the following software
yum install rdate unzip make patch gcc gcc-c++ subversion php php-devel php-gd gd-devel php-mbstring php-mcrypt php-imap php-ldap php-mysql php-odbc php-pear php-xml php-xmlrpc curl curl-devel perl-libwww-perl ImageMagick libxml2 libxml2-devel httpd libpcap libpcap-devel libnet ncurses ncurses-devel screen mysql-server mysql-devel ntp kernel* mutt glibc.i686 conntrack-tools telnet

Setup MySQL


Setup default MySQL tables, start MySQL and configure root password
Replace "MYSQL_PASSWORD" with a password that you want to create.
/etc/init.d/mysqld start
/usr/bin/mysqladmin -u root password 'MYSQL_PASSWORD'
mysql_secure_installation
chkconfig mysqld on
Here is a sample mysql configuration file you can use. Backup your original, then use this instead.
service mysqld stop
cp /etc/my.cnf /etc/my.cnf.original
echo "" > /etc/my.cnf
nano /etc/my.cnf
[mysql.server]
user = mysql
#basedir = /var/lib

[client]
port = 3306
socket = /var/lib/mysql/mysql.sock

[mysqld]
datadir = /var/lib/mysql
#tmpdir = /home/mysql_tmp
socket = /var/lib/mysql/mysql.sock
user = mysql
old_passwords = 0
ft_min_word_len = 3
max_connections = 800
max_allowed_packet = 32M
skip-external-locking

log-error = /var/log/mysqld/mysqld.log

query-cache-type = 1
query-cache-size = 32M

long_query_time = 1
#slow_query_log = 1
#slow_query_log_file = /var/log/mysqld/slow-queries.log

tmp_table_size = 128M
table_cache = 1024

join_buffer_size = 1M
key_buffer = 512M
sort_buffer_size = 6M
read_buffer_size = 4M
read_rnd_buffer_size = 16M
myisam_sort_buffer_size = 64M

max_tmp_tables = 64

thread_cache_size = 8
thread_concurrency = 8

# If using replication, uncomment log-bin below
#log-bin = mysql-bin

[mysqldump]
quick
max_allowed_packet = 16M

[mysql]
no-auto-rehash

[isamchk]
key_buffer = 256M
sort_buffer_size = 256M
read_buffer = 2M
write_buffer = 2M

[myisamchk]
key_buffer = 256M
sort_buffer_size = 256M
read_buffer = 2M
write_buffer = 2M

[mysqlhotcopy]
interactive-timeout

[mysqld_safe]
#log-error = /var/log/mysqld/mysqld.log
#pid-file = /var/run/mysqld/mysqld.pid

mkdir /var/log/mysqld
mv /var/log/mysqld.log /var/log/mysqld/mysqld.log
touch /var/log/mysqld/slow-queries.log
chown -R mysql:mysql /var/log/mysqld
service mysqld restart

Update the time zone

Configure the system time and update it.
Customize the timezone. Take a look inside /usr/share/zoneinfo/ for all possible values.
rm /etc/localtime
ln -sf /usr/share/zoneinfo/US/Arizona /etc/localtime
rdate -s wwv.nist.gov
Changes take effect immediately after you run the rdate command.
Note: It's very important to set the correct time zone of your Operating System (shown above) and in the vicidial admin area (Admin->Phones, Admin->Servers, Admin->System Settings) and also in your php.ini file. They must all be the same time zone or offset equivalent. Don't forget about this when configuring vicidial after using this guide.

Turn off ntpd and remove it from bootup runlevels.
You will be running ntpdate from cron instead.
service ntpd stop
chkconfig ntpd off

Setup CPAN and install libraries

Run the following command
yum install perl-CPAN
yum install perl-YAML
perl -MCPAN -e shell

You will then install some CPAN libraries
Once you see the cpan> prompt you can begin installing modules.
This may take a while.
cpan> install CPAN::Meta
cpan> install CPAN
cpan> reload cpan
cpan> install YAML
cpan> install MD5
cpan> install Digest::MD5
cpan> install Digest::SHA1
cpan> install readline
cpan> install Bundle::CPAN
cpan> reload cpan
cpan> install DBI
cpan> force install DBD::mysql
cpan> install Net::Telnet
cpan> install Time::HiRes
cpan> install Net::Server
cpan> install Switch
cpan> install Mail::Sendmail
cpan> install Unicode::Map
cpan> install Jcode
cpan> install Spreadsheet::WriteExcel
cpan> install OLE::Storage_Lite
cpan> install Proc::ProcessTable
cpan> install IO::Scalar
cpan> install Spreadsheet::ParseExcel
cpan> install Curses
cpan> install Getopt::Long
cpan> install Net::Domain
cpan> install Term::ReadKey
cpan> install Term::ANSIColor
cpan> install Spreadsheet::XLSX
cpan> install Spreadsheet::Read
cpan> install LWP::UserAgent
cpan> install HTML::Entities
cpan> install HTML::Strip
cpan> install HTML::FormatText
cpan> install HTML::TreeBuilder
cpan> install Time::Local
cpan> install MIME::Decoder
cpan> install Mail::POP3Client
cpan> install Mail::IMAPClient
cpan> install Mail::Message
cpan> install IO::Socket::SSL
cpan> install MIME::Base64
cpan> install MIME::QuotedPrint
cpan> install Crypt::Eksblowfish::Bcrypt
cpan> quit
In the end, I usually run all these commands once again to make sure its all installed.

Installing the Asterisk-Perl module

NOTE: Do NOT use the 0.09 or any newer version, they do not work with ViciDial.
cd /usr/src
wget http://asterisk.gnuinter.net/files/asterisk-perl-0.08.tar.gz
tar -zxf asterisk-perl-0.08.tar.gz
cd asterisk-perl-0.08
perl Makefile.PL
make all
make install

Installing additional software from source

Next, you will download, compile and install the following software.
  • lame
  • ttyload
  • iftop
  • mtop
  • mytop
  • htop
  • sipsak
  • ploticus

LAME:
LAME is an MP3 encoder used to convert audio files from WAV to MP3. Some prefer GSM usually, but others have standardized on MP3 so you would need this utility to be loaded to use that option.
cd /usr/src
wget http://downloads.sourceforge.net/project/lame/lame/3.99/lame-3.99.5.tar.gz
tar -zxf lame-3.99.5.tar.gz
cd lame-3.99.5
./configure
make
make install

SOX:
SoX is a cross-platform command line utility that can convert various formats of computer audio files in to other formats.
cd /usr/src
wget http://downloads.sourceforge.net/project/sox/sox/14.4.1/sox-14.4.1.tar.gz
tar -zxf sox-14.4.1.tar.gz
cd sox-14.4.1
./configure
make -s
make install

TTYLOAD:
ttyload is a simple terminal application that shows the processor load in a graphical time-based scrolling graph. I use it to view how loaded the system is and it visualizes load spikes very well.
cd /usr/src
wget http://www.daveltd.com/src/util/ttyload/ttyload-0.5.3.tar.bz2
tar -xvjpf ttyload-0.5.3.tar.bz2
cd ttyload-0.5.3
nano ttyload.h

   insert this #include directive just above the #define directives, then save and close the ttyload.h file
   #include <time.h>

make
ln -s /usr/src/ttyload-0.5.3/ttyload /usr/bin/ttyload

IFTOP:
iftop is a good console bandwidth visualization tool that shows you active connections, where they are going to/from and how much of your precious bandwidth they are using.
cd /usr/src
wget http://www.ex-parrot.com/~pdw/iftop/download/iftop-0.17.tar.gz
tar -zxf iftop-0.17.tar.gz
cd iftop-0.17
./configure
make
make install

MTOP:
mtop is a great utility for real-time monitoring of mysql and the queries that are running in it.
Note: the root mysql password must be blank before installing this
mysql -u root -p

Enter your MySQL password, then the following MySQL command:
SET PASSWORD FOR root@localhost=PASSWORD('');QUIT;
cd /usr/src
wget http://downloads.sourceforge.net/project/mtop/mtop/v0.6.6/mtop-0.6.6.tar.gz
tar -zxf mtop-0.6.6.tar.gz
cd mtop-0.6.6
perl Makefile.PL
make
make install

Enter the following MySQL command to put your root password back the way it was originally
Replace "MYSQL_PASSWORD" with your real password.
SET PASSWORD FOR root@localhost=PASSWORD('MYSQL_PASSWORD');QUIT;

MYTOP:
mytop is is an optional utility for monitoring the threads and overall performance of mysql
Note: the root mysql password must be blank before installing this
mysql -u root -p

Enter your MySQL password, then the following MySQL command:
SET PASSWORD FOR root@localhost=PASSWORD('');QUIT;
cd /usr/src
wget http://jeremy.zawodny.com/mysql/mytop/mytop-1.6.tar.gz
tar -zxf mytop-1.6.tar.gz
cd mytop-1.6
perl Makefile.PL
make
make test
make install
Enter the following MySQL command to put your root password back the way it was originally
Replace "MYSQL_PASSWORD" with your real password.
SET PASSWORD FOR root@localhost=PASSWORD('MYSQL_PASSWORD');QUIT;

HTOP:
htop is an interactive process viewer for Linux
cd /usr/src
wget http://downloads.sourceforge.net/project/htop/htop/1.0.2/htop-1.0.2.tar.gz
tar -zxf htop-1.0.2.tar.gz
cd htop-1.0.2
./configure
make
make install

SIPSAK:
sipsak is an optional utility that VICIDIAL can use to send messages to an agent's SIP-based phone(like the Snom 320) to display text on their LCD screen.
cd /usr/src
wget http://downloads.sourceforge.net/project/sipsak.berlios/sipsak-0.9.6-1.tar.gz
tar -zxf sipsak-0.9.6-1.tar.gz
cd sipsak-0.9.6
./configure
make
make install
/usr/local/bin/sipsak --version

PLOTICUS:
ploticus is a free graph creation package that allows you to create line graphs within PNG files simply by creating a config file and a data file. ViciDial uses this package to generate server performance graphs that can be displayed real-time within the ViciDial reports page.
cd /usr/src
wget http://downloads.sourceforge.net/project/ploticus/ploticus/2.42/ploticus242_src.tar.gz
tar -zxf ploticus242_src.tar.gz
cd ploticus242/src/
make clean
make
make install
mkdir -p /var/www/html/vicidial/ploticus/
cp pl /var/www/html/vicidial/ploticus/

Installing eAccelerator for PHP

Install the php module
cd /usr/src
wget http://downloads.sourceforge.net/project/eaccelerator/eaccelerator/eAccelerator%200.9.6.1/eaccelerator-0.9.6.1.zip
unzip eaccelerator-0.9.6.1.zip
cd eaccelerator-0.9.6.1
export PHP_PREFIX="/usr"
$PHP_PREFIX/bin/phpize
./configure --enable-eaccelerator=shared --with-php-config=$PHP_PREFIX/bin/php-config
make
make install

Configure php.ini
nano /etc/php.ini
Change the following values in your php.ini file.
Customize the date.timezone so you don't end up with a bunch of php errors complaining about it not being defined.
error_reporting  =  E_ALL & ~E_NOTICE
memory_limit = 48M
short_open_tag = On
max_execution_time = 330
max_input_time = 360
post_max_size = 48M
upload_max_filesize = 42M
default_socket_timeout = 360
date.timezone = America/Phoenix

Add the following lines to the dynamic extensions section of php.ini:
Note: For CentOS 32-bit, use this below: zend_extension="/usr/lib/php/modules/eaccelerator.so"
zend_extension="/usr/lib64/php/modules/eaccelerator.so"
;For CentOS 32-bit: zend_extension="/usr/lib/php/modules/eaccelerator.so"
eaccelerator.shm_size="48"
eaccelerator.cache_dir="/tmp/eaccelerator"
eaccelerator.enable="1"
eaccelerator.optimizer="1"
eaccelerator.check_mtime="1"
eaccelerator.debug="0"
eaccelerator.filter=""
eaccelerator.shm_max="0"
eaccelerator.shm_ttl="0"
eaccelerator.shm_prune_period="0"
eaccelerator.shm_only="0"
eaccelerator.compress="1"
eaccelerator.compress_level="9"

mkdir /tmp/eaccelerator
chmod 0777 /tmp/eaccelerator
php -v
You should see something like this:
PHP 5.3.3 (cli) (built: Dec 11 2013 03:29:57)
Copyright (c) 1997-2010 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2010 Zend Technologies
with eAccelerator v0.9.6.1, Copyright (c) 2004-2010 eAccelerator, by eAccelerator

Editing the Apache config file


nano /etc/httpd/conf/httpd.conf

To disable logging, change:
CustomLog logs/access_log combined
        to this:
CustomLog /dev/null combined

To enable web browsing of Recordings on Asterisk server, add this:
Alias /RECORDINGS/ "/var/spool/asterisk/monitorDONE/"

<Directory "/var/spool/asterisk/monitorDONE">
    Options Indexes MultiViews
    AllowOverride None
    Order allow,deny
    Allow from all
        <files *.mp3>
            Forcetype application/forcedownload
        </files>
</Directory>


Change the values of ServerSignature and ServerTokens directives as shown below.
ServerSignature Off
ServerTokens Prod

Restart the Apache web server to apply the changes
service httpd restart
chkconfig httpd on

Install php-mcrypt extension module from a fedora repository since its not available in the standard repo.
You will need this so phpMyAdmin doesn't complain about not having mcrypt installed.
cd /usr/src
wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
wget http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
rpm -Uvh remi-release-6*.rpm epel-release-6*.rpm
yum update
yum install php-mcrypt*
nano /etc/php.d/mcrypt.ini

Comment out the current mcrypt location because it is incorrect, then add the new path below it.
Note: For CentOS 32-bit, use this below: extension=mcrypt.so"
; Enable mcrypt extension module
;For CentOS 32-bit: extension=mcrypt.so
extension=/usr/lib64/php/modules/mcrypt.so

Restart the Apache web server to apply the changes
service httpd restart


Installing Asterisk

Any time you upgrade the Linux kernel you must recompile/install dahdi for the new kernel.
Asterisk must be compiled with dahdi support.
Add a user account named "asterisk" with a strong password. You will not need to use this account for anything, but Asterisk expects it to exist.
Note: The install MUST be done in the following order:
Minor note: dahdi-linux-complete-current.tar.gz and libpri-1.4-current.tar.gz may contain an updated version than what I am currently using, therefore the directory names may be different than shown below.
useradd asterisk -s /sbin/nologin
passwd asterisk
mkdir /usr/src/asterisk
cd /usr/src/asterisk
wget http://downloads.vicidial.com/required-apps/asterisk-1.8.23.0-vici.tar.gz
wget http://downloads.asterisk.org/pub/telephony/dahdi-linux-complete/dahdi-linux-complete-current.tar.gz
wget http://downloads.asterisk.org/pub/telephony/libpri/libpri-1.4-current.tar.gz
tar -zxf asterisk-1.8.23.0-vici.tar.gz
tar -zxf dahdi-linux-complete-current.tar.gz
tar -zxf libpri-1.4-current.tar.gz
cd dahdi-linux-complete-2.9.1.1+2.9.1
make clean
make
make install
make config
cd tools
make clean
make
make install
make config
cd ../../libpri-1.4.15
make clean
make
make install
cd ../asterisk-1.8.23.0
./configure
make clean
make menuselect
make
make install
make samples

* Confirm DAHDI works properly.
* You do not need dahdi_dummy anymore, because it has not been required since DAHDI-Linux 2.3.0.
* The core of DAHDI is now able to use the kernel timers automatically if no telephony hardware is installed.
* http://www.voip-info.org/wiki/view/DAHDI
* http://www.voip-info.org/wiki/view/chan_dahdi.conf
* http://www.voip-info.org/wiki/view/Asterisk+CLI
service dahdi restart
chkconfig dahdi on
modprobe dahdi
lsmod | grep dahdi
dahdi_genconf
dahdi_cfg -vvv
dahdi_test
Check to see if the dahdi drivers are loaded.
lsmod | grep dahdi
Output should look similar to this:
dahdi_transcode         6697  1 wctc4xxp
dahdi_voicebus         54834  2 wctdm24xxp,wcte12xp
dahdi                 223523  15 xpp,dahdi_transcode,wcb4xxp,wctdm,wcfxo,wcaxx,wctdm24xxp,wcte11xp,wct1xxp,wcte13xp,wcte12xp,dahdi_voicebus,wcte43x,wct4xxp,oct612x
crc_ccitt               1717  2 wctdm24xxp,dahdi


Installing audio files

Download the audio files
cd /usr/src
wget http://downloads.asterisk.org/pub/telephony/sounds/asterisk-core-sounds-en-ulaw-current.tar.gz
wget http://downloads.asterisk.org/pub/telephony/sounds/asterisk-core-sounds-en-wav-current.tar.gz
wget http://downloads.asterisk.org/pub/telephony/sounds/asterisk-core-sounds-en-gsm-current.tar.gz
wget http://downloads.asterisk.org/pub/telephony/sounds/asterisk-extra-sounds-en-ulaw-current.tar.gz
wget http://downloads.asterisk.org/pub/telephony/sounds/asterisk-extra-sounds-en-wav-current.tar.gz
wget http://downloads.asterisk.org/pub/telephony/sounds/asterisk-extra-sounds-en-gsm-current.tar.gz
wget http://downloads.asterisk.org/pub/telephony/sounds/asterisk-moh-opsound-gsm-current.tar.gz
wget http://downloads.asterisk.org/pub/telephony/sounds/asterisk-moh-opsound-ulaw-current.tar.gz
wget http://downloads.asterisk.org/pub/telephony/sounds/asterisk-moh-opsound-wav-current.tar.gz
Place the audio files in their proper places
cd /var/lib/asterisk/sounds
tar -zxf /usr/src/asterisk-core-sounds-en-gsm-current.tar.gz
tar -zxf /usr/src/asterisk-core-sounds-en-ulaw-current.tar.gz
tar -zxf /usr/src/asterisk-core-sounds-en-wav-current.tar.gz
tar -zxf /usr/src/asterisk-extra-sounds-en-gsm-current.tar.gz
tar -zxf /usr/src/asterisk-extra-sounds-en-ulaw-current.tar.gz
tar -zxf /usr/src/asterisk-extra-sounds-en-wav-current.tar.gz

mkdir /var/lib/asterisk/mohmp3
mkdir /var/lib/asterisk/quiet-mp3
ln -s /var/lib/asterisk/mohmp3 /var/lib/asterisk/default

cd /var/lib/asterisk/mohmp3
tar -zxf /usr/src/asterisk-moh-opsound-gsm-current.tar.gz
tar -zxf /usr/src/asterisk-moh-opsound-ulaw-current.tar.gz
tar -zxf /usr/src/asterisk-moh-opsound-wav-current.tar.gz
rm -f CHANGES*
rm -f LICENSE*
rm -f CREDITS*

cd /var/lib/asterisk/moh
rm -f CHANGES*
rm -f LICENSE*
rm -f CREDITS*

cd /var/lib/asterisk/sounds
rm -f CHANGES*
rm -f LICENSE*
rm -f CREDITS*


cd /var/lib/asterisk/quiet-mp3
sox ../mohmp3/macroform-cold_day.wav macroform-cold_day.wav vol 0.25
sox ../mohmp3/macroform-cold_day.gsm macroform-cold_day.gsm vol 0.25
sox -t ul -r 8000 -c 1 ../mohmp3/macroform-cold_day.ulaw -t ul macroform-cold_day.ulaw vol 0.25
sox ../mohmp3/macroform-robot_dity.wav macroform-robot_dity.wav vol 0.25
sox ../mohmp3/macroform-robot_dity.gsm macroform-robot_dity.gsm vol 0.25
sox -t ul -r 8000 -c 1 ../mohmp3/macroform-robot_dity.ulaw -t ul macroform-robot_dity.ulaw vol 0.25
sox ../mohmp3/macroform-the_simplicity.wav macroform-the_simplicity.wav vol 0.25
sox ../mohmp3/macroform-the_simplicity.gsm macroform-the_simplicity.gsm vol 0.25
sox -t ul -r 8000 -c 1 ../mohmp3/macroform-the_simplicity.ulaw -t ul macroform-the_simplicity.ulaw vol 0.25
sox ../mohmp3/reno_project-system.wav reno_project-system.wav vol 0.25
sox ../mohmp3/reno_project-system.gsm reno_project-system.gsm vol 0.25
sox -t ul -r 8000 -c 1 ../mohmp3/reno_project-system.ulaw -t ul reno_project-system.ulaw vol 0.25
sox ../mohmp3/manolo_camp-morning_coffee.wav manolo_camp-morning_coffee.wav vol 0.25
sox ../mohmp3/manolo_camp-morning_coffee.gsm manolo_camp-morning_coffee.gsm vol 0.25
sox -t ul -r 8000 -c 1 ../mohmp3/manolo_camp-morning_coffee.ulaw -t ul manolo_camp-morning_coffee.ulaw vol 0.25

Installing Proftpd

Install the FTP server from source
cd /usr/src
wget --passive-ftp ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.5.tar.gz
tar -zxf proftpd-1.3.5.tar.gz
cd proftpd-1.3.5
./configure --prefix=/usr --sysconfdir=/etc
make
make install

The proftpd binary gets installed in /usr/local/sbin, but we need it in /usr/sbin, so we create a symlink:
(This file might already exist, so don't worry if it gives you an error message that says it already exists)
ln -s /usr/local/sbin/proftpd /usr/sbin/proftpd

Create the init.d script
touch /etc/init.d/proftpd
nano /etc/init.d/proftpd

insert the following code:
#! /bin/sh
#
# proftpd          Start/Stop the cron proftpd daemon.
#
# chkconfig: 2345 40 60
# description: proftpd is a ftp server.
# processname: proftpd
# config: /etc/proftpd
# pidfile: /var/run/proftpd

# RedHat or Suse?
if [ -e "/etc/SuSE-release" ]; then
        SUSE=1
        DAEMONIZE=''
        RESULT='done'
else
        REDHAT=1
        DAEMONIZE='daemon'
        RESULT=''
fi

if [ "$REDHAT" = "1" ]; then
        # Source function library.
        if [ -f /etc/init.d/functions ]; then
          . /etc/init.d/functions
        elif [ -f /etc/rc.d/init.d/functions ]; then
          . /etc/rc.d/init.d/functions
        else
          echo "Could not find functions file, your system may be broken"
        exit 1
        fi
fi

if [ "$SUSE" = "1" ]; then
        # Source rc status functions
        . /etc/rc.status

fi


# See how we were called.
case "$1" in
  start)
        echo -n "Starting proftpd: "
        $DAEMONIZE proftpd -p 0
        echo $RESULT
        touch /var/lock/subsys/proftpd
        ;;
  stop)
        echo -n "Stopping proftpd: "
        killproc proftpd
        echo $RESULT
        rm -f /var/lock/subsys/proftpd
        ;;
  status)
        status proftpd
        ;;
  restart)
        $0 stop
        $0 start
        ;;
  *)
        echo "Usage: proftpd {start|stop|status|restart}"
        exit 1
esac

exit 0

Create a log directory and log files for proftpd to use
mkdir /var/log/proftpd/
touch /var/log/proftpd/ftpxferlog
touch /var/log/proftpd/proftpd.log

I use /var/www/html as my web root. You should do the same.
MY_FTP_USERNAME is the name of a Linux user account that you will create.
groupadd proftpd
useradd MY_FTP_USERNAME -d /var/www/html -s /bin/bash
passwd MY_FTP_USERNAME
chown -R MY_FTP_USERNAME /var/www/html

Generate SSL certificate and key so you can transfer files securely to/from your server using SSL.
openssl version -a
openssl req -x509 -nodes -newkey rsa:4096 -keyout /etc/ftpd-rsa-key.pem -out /etc/ftpd-rsa.pem

It will ask you some questions. Fill it out correctly.
Country Name (2 letter code) [XX]: US
State or Province Name (full name) []: Arizona
Locality Name (eg, city) [Default City]: Mesa
Organization Name (eg, company) [Default Company Ltd]: MyBusiness LLC
Organizational Unit Name (eg, section) []: HQ
Common Name (eg, your name or your server's hostname) []: dialer.mydomain.com
Email Address []: email@ddress.com

Backup the proftpd.conf file, delete all the contents, then edit it.
cp /etc/proftpd.conf /etc/proftpd.conf.original
echo "" > /etc/proftpd.conf
nano /etc/proftpd.conf

insert the collowing code and replace xxx.xxx.xxx.xxx with the static IP address that ONLY YOU will be connecting from, also replace MY_FTP_USERNAME with a valid Linux user account
# This is a basic ProFTPD configuration file (rename it to
# 'proftpd.conf' for actual use.  It establishes a single server
# and a single anonymous login.  It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.

ServerName                      "MyBusiness Dialer"
ServerType                      standalone
DefaultServer                   on

<IfModule mod_tls.c>
    TLSEngine on
    TLSLog /var/log/proftpd/tls.log
    TLSProtocol SSLv3 TLSv1
    TLSRequired on
    TLSRSACertificateFile /etc/ftpd-rsa.pem
    TLSRSACertificateKeyFile /etc/ftpd-rsa-key.pem
    TLSCipherSuite HIGH:MEDIUM:+TLSv1:!SSLv2:+SSLv3
    TLSOptions NoSessionReuseRequired
    TLSVerifyClient off
    TLSRenegotiate none
</IfModule>
TransferLog /var/log/proftpd/ftpxferlog
ExtendedLog /var/log/proftpd/proftpd.log read,write
UseReverseDNS off
IdentLookups off

# Port 21 is the standard FTP port.
Port                            21

# Don't use IPv6 support by default.
UseIPv6                         off

# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask                           022

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd).
MaxInstances                    30

# Set the user and group under which the server will run.
User                            nobody
Group                           proftpd

# To cause every FTP user to be "jailed" (chrooted) into their home
# directory, uncomment this line.
DefaultRoot ~

MaxLoginAttempts                5

# Normally, we want files to be overwriteable.
AllowOverwrite          on

<Limit LOGIN>
Order Allow,Deny
AllowUser MY_FTP_USERNAME
Allow xxx.xxx.xxx.xxx
DenyALL
</Limit>

Allow proftpd to run on bootup and start proftpd
chmod 755 /etc/init.d/proftpd
chkconfig proftpd on
service proftpd restart

Now you can connect to your server via FTP with or without SSL. Vicidial by default will not use SSL. This configuration gives the opportunity to use it either way. Use Filezilla to test this and see what it does.

Installing astGUIclient (ViciDial)


First, login to mysql to create the database, add a couple users and assign privileges.
NOTE: MY_DATABASE_USER and MY_DATABASE_PASSWORD will be used for login with phpMyAdmin
mysql -u root -p

Enter these MySQL commands:
CREATE DATABASE `asterisk` DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;
CREATE USER 'MY_DATABASE_USER'@'localhost' IDENTIFIED BY 'MY_DATABASE_PASSWORD';
GRANT ALL PRIVILEGES on asterisk.* to MY_DATABASE_USER@localhost;
CREATE USER 'cron'@'localhost' IDENTIFIED BY '1234';
GRANT SELECT,INSERT,UPDATE,DELETE,LOCK TABLES on asterisk.* TO cron@'%' IDENTIFIED BY '1234';
GRANT SELECT,INSERT,UPDATE,DELETE,LOCK TABLES on asterisk.* TO cron@localhost IDENTIFIED BY '1234';
GRANT RELOAD ON *.* TO cron@'%';
GRANT RELOAD ON *.* TO cron@localhost;
flush privileges;
quit

I am going to install the latest 2.x SVN trunk which happens to be version 2.9 at this time.
mkdir /usr/src/astguiclient
cd /usr/src/astguiclient
svn checkout svn://svn.eflo.net:3690/agc_2-X/trunk
cd trunk
perl install.pl

You will have to define various things like IP address of the server and FTP username/password.
It will also ask you where is the web root, use /var/www/html
Leave the other login settings as-is unless you already know how to update the database and other asterisk config files.
defined server_ip:        xxx.xxx.xxx.xxx
defined DB_server:        localhost
defined DB_database:      asterisk
defined DB_user:          cron
defined DB_pass:          1234
defined DB_custom_user:   custom
defined DB_custom_pass:   custom1234
defined DB_port:          3306
defined active_keepalives:     1234568
defined asterisk_version:      1.8
defined copying conf files:    y
defined copying weblang files: n
defined FTP_host:         xxx.xxx.xxx.xxx
defined FTP_user:         MY_FTP_USERNAME
defined FTP_pass:         MY_FTP_PASSWORD
defined FTP_port:         21
defined FTP_dir:          RECORDINGS
defined HTTP_path:        http://xxx.xxx.xxx.xxx
defined REPORT_host:      xxx.xxx.xxx.xxx
defined REPORT_user:      MY_FTP_USERNAME
defined REPORT_pass:      MY_FTP_PASSWORD
defined REPORT_port:      21
defined REPORT_dir:       REPORTS


Import sample data

Login to mysql to run some commands
mysql -u root -p
Enter these MySQL commands:
SET GLOBAL connect_timeout=60;
use asterisk;

\. /usr/src/astguiclient/trunk/extras/MySQL_AST_CREATE_tables.sql
\. /usr/src/astguiclient/trunk/extras/first_server_install.sql
\. /usr/src/astguiclient/trunk/extras/sip-iax_phones.sql

quit
In the Linux terminal, enter these commands
/usr/share/astguiclient/ADMIN_area_code_populate.pl
cp /usr/src/astguiclient/trunk/extras/performance_test_leads.txt /usr/share/astguiclient/LEADS_IN/
/usr/src/astguiclient/trunk/bin/VICIDIAL_IN_new_leads_file.pl --forcelistid=107 --forcephonecode=1

Final Adjustments

Make several entries in the rc.local of your system.
nano /etc/rc.d/rc.local
On a new system I just overwrite the file with the following:
#!/bin/sh
#
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don't
# want to do the full Sys V style init stuff.

touch /var/lock/subsys/local

# OPTIONAL enable ip_relay(for same-machine trunking and blind monitoring)
/usr/share/astguiclient/ip_relay/relay_control start 2>/dev/null 1>&2

# Disable console blanking and powersaving
/usr/bin/setterm -blank
/usr/bin/setterm -powersave off
/usr/bin/setterm -powerdown

### start up the MySQL server
/etc/init.d/mysqld start

### start up the apache web server
/etc/init.d/httpd start

### roll the Asterisk logs upon reboot
/usr/share/astguiclient/ADMIN_restart_roll_logs.pl

### clear the server-related records from the database
/usr/share/astguiclient/AST_reset_mysql_vars.pl

### load dahdi drivers
modprobe dahdi
/usr/sbin/dahdi_cfg -vvvvvvvvvvvvv

### sleep for 20 seconds before launching Asterisk
sleep 20

### start up asterisk
/usr/share/astguiclient/start_asterisk_boot.pl

Make several entries in the crontab of your system:
crontab -e
### recording mixing/compressing/ftping scripts
#0,3,6,9,12,15,18,21,24,27,30,33,36,39,42,45,48,51,54,57 * * * * /usr/share/astguiclient/AST_CRON_audio_1_move_mix.pl
0,3,6,9,12,15,18,21,24,27,30,33,36,39,42,45,48,51,54,57 * * * * /usr/share/astguiclient/AST_CRON_audio_1_move_mix.pl --MIX
0,3,6,9,12,15,18,21,24,27,30,33,36,39,42,45,48,51,54,57 * * * * /usr/share/astguiclient/AST_CRON_audio_1_move_VDonly.pl
1,4,7,10,13,16,19,22,25,28,31,34,37,40,43,46,49,52,55,58 * * * * /usr/share/astguiclient/AST_CRON_audio_2_compress.pl --GSM
#2,5,8,11,14,17,20,23,26,29,32,35,38,41,44,47,50,53,56,59 * * * * /usr/share/astguiclient/AST_CRON_audio_3_ftp.pl --GSM

### keepalive script for astguiclient processes
* * * * * /usr/share/astguiclient/ADMIN_keepalive_ALL.pl --cu3way

### kill Hangup script for Asterisk updaters
* * * * * /usr/share/astguiclient/AST_manager_kill_hung_congested.pl

### updater for voicemail
* * * * * /usr/share/astguiclient/AST_vm_update.pl

### updater for conference validator
* * * * * /usr/share/astguiclient/AST_conf_update.pl

### flush queue DB table every hour for entries older than 1 hour
11 * * * * /usr/share/astguiclient/AST_flush_DBqueue.pl -q

### fix the vicidial_agent_log once every hour and the full day run at night
33 * * * * /usr/share/astguiclient/AST_cleanup_agent_log.pl
50 0 * * * /usr/share/astguiclient/AST_cleanup_agent_log.pl --last-24hours
## uncomment below if using QueueMetrics
#*/5 * * * * /usr/share/astguiclient/AST_cleanup_agent_log.pl --only-qm-live-call-check

## uncomment below if using Vtiger
#1 1 * * * /usr/share/astguiclient/Vtiger_optimize_all_tables.pl --quiet

### updater for VICIDIAL hopper
* * * * * /usr/share/astguiclient/AST_VDhopper.pl -q

### adjust the GMT offset for the leads in the vicidial_list table
1 1,7 * * * /usr/share/astguiclient/ADMIN_adjust_GMTnow_on_leads.pl --debug

### reset several temporary-info tables in the database
2 1 * * * /usr/share/astguiclient/AST_reset_mysql_vars.pl

### optimize the database tables within the asterisk database
3 1 * * * /usr/share/astguiclient/AST_DB_optimize.pl

## adjust time on the server with ntp
30 * * * * /usr/sbin/ntpdate -u pool.ntp.org 2>/dev/null 1>&2

### VICIDIAL agent time log weekly and daily summary report generation
2 0 * * 0 /usr/share/astguiclient/AST_agent_week.pl
22 0 * * * /usr/share/astguiclient/AST_agent_day.pl

### VICIDIAL campaign export scripts (OPTIONAL)
#32 0 * * * /usr/share/astguiclient/AST_VDsales_export.pl
#42 0 * * * /usr/share/astguiclient/AST_sourceID_summary_export.pl

### remove old recordings more than 7 days old
#24 0 * * * /usr/bin/find /var/spool/asterisk/monitorDONE -maxdepth 2 -type f -mtime +7 -print | xargs rm -f

### roll logs monthly on high-volume dialing systems
#30 1 1 * * /usr/share/astguiclient/ADMIN_archive_log_tables.pl

### remove old vicidial logs and asterisk logs more than 2 days old
28 0 * * * /usr/bin/find /var/log/astguiclient -maxdepth 1 -type f -mtime +2 -print | xargs rm -f
29 0 * * * /usr/bin/find /var/log/asterisk -maxdepth 3 -type f -mtime +2 -print | xargs rm -f
30 0 * * * /usr/bin/find / -maxdepth 1 -name "screenlog.0*" -mtime +4 -print | xargs rm -f

### cleanup of the scheduled callback records
25 0 * * * /usr/share/astguiclient/AST_DB_dead_cb_purge.pl --purge-non-cb -q

### GMT adjust script - uncomment to enable
#45 0 * * * /usr/share/astguiclient/ADMIN_adjust_GMTnow_on_leads.pl --list-settings

### Dialer Inventory Report
1 7 * * * /usr/share/astguiclient/AST_dialer_inventory_snapshot.pl -q --override-24hours

### inbound email parser
* * * * * /usr/share/astguiclient/AST_inbound_email_parser.pl


Next, it is important to change the externip and localnet values in the sip.conf
The externip needs to be the public facing ip of your server.
The localnet will consist of the public facing ip and netmask of your server.
nano /etc/asterisk/sip.conf
externip = xxx.xxx.xxx.xxx
localnet=xxx.xxx.xxx.xxx/xxx.xxx.xxx.xxx

Run this perl script to update the server_ip fields in the asterisk tables (copy the command as-is)
/usr/share/astguiclient/ADMIN_update_server_ip.pl --old-server_ip=10.10.10.15

Update music on hold configuration
nano /etc/asterisk/musiconhold.conf
;
; Music on Hold -- Sample Configuration
;

[default]
mode=files
directory=/var/lib/asterisk/mohmp3

[quiet]
mode=files
directory=/var/lib/asterisk/quiet-mp3

#include musiconhold-vicidial.conf

* There are other sample configration files in /usr/src/astguiclient/docs/conf_examples/ that you might want to look at and maybe copy from and customize.

Lastly, reboot the machine
reboot

Diagnostics

After reboot, check your logs for any errors, make sure asterisk is up and running.
Be proactive and look for problems before you start configuring vicidial.
Run these commands to view log files:
  • tail -f -n 50 /var/log/asterisk/messages
  • tail -f -n 50 /var/log/messages
  • more /var/log/dmesg
  • tail -f -n 40 /etc/httpd/logs/error_log
  • tail -f -n 40 /var/log/maillog
  • tail -f -n 40 /var/log/cron
Run this command:
screen -ls
The output should look similar to this:
There are screens on:
        2301.ASTVDauto  (Detached)
        2125.asterisk   (Detached)
        2292.ASTupdate  (Detached)
        2307.ASTVDadapt (Detached)
        2120.astshell20131221211922     (Detached)
        2304.ASTVDremote        (Detached)
        2310.ASTfastlog (Detached)
        2298.ASTlisten  (Detached)
        2295.ASTsend    (Detached)
9 Sockets in /var/run/screen/S-root.

Start using vicidial

Login to vicidial and configure it.
Add users, campaigns, in-group, DID's, server, etc....
Go to: http://youripaddress/vicidial/admin.php
The default username is: 6666 and the password is: 1234

A note about security

When you get the vicidial server configured and working, make sure to follow basic common sense server administration rules like setting up a firewall, changing default passwords, disallow remote mysql connections or limiting it, etc...

Below is firewall script I borrowed from VICIbox Server that works quite well (why reinvent the wheel?). It basically blocks all IP adresses by default and only allows the IP addresses in which you specify to have access to the server. It's pretty good at blocking out all those voip hackers. I almost don't even need to worry anymore.
I personally implement these iptable rules as soon as I get my server online and running and BEFORE starting this guide. DO NOT implement this unless you have a way to get back into your server in case it does not work for you. Take a look at it and modify it as needed. In my case, I use a server that I lease from Softlayer and they provide me with a VPN and IPMI interface and software to get back in if needed.
mkdir /usr/src/iptables/
touch /usr/src/iptables/whitelist.rules
nano /usr/src/iptables/whitelist.rules
I also had to add various IP addresses for softlayer to connect to my server because they might do automated ping scans and remote management.
Replace xxx.xxx.xxx.xxx with the IP address that you need to allow access to your server.
These ip addresses will be your remote location (using a static IP), your data center IP's, DID providers (such as Aretta, Switch2Voip, etc..), external database servers, etc...
Customize and add the following code to the whitelist.rules file:
# Generated by iptables-save v1.4.7 on Sat Dec 21 21:31:39 2013
*raw
:PREROUTING ACCEPT [72:5698]
:OUTPUT ACCEPT [71:5742]
-A PREROUTING -i lo -j NOTRACK
-A OUTPUT -o lo -j NOTRACK
COMMIT
# Completed on Sat Dec 21 21:31:39 2013
# Generated by iptables-save v1.4.7 on Sat Dec 21 21:31:39 2013
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:forward_ext - [0:0]
:forward_int - [0:0]
:input_ext - [0:0]
:input_int - [0:0]
:reject_func - [0:0]
-A INPUT -s xxx.xxx.xxx.xxx -j ACCEPT
-A INPUT -s xxx.xxx.xxx.xxx -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state ESTABLISHED -j ACCEPT
-A INPUT -p icmp -m state --state RELATED -j ACCEPT
-A INPUT -i eth0 -j input_int
-A INPUT -i eth1 -j input_ext
-A INPUT -j input_ext
-A INPUT -m limit --limit 3/min -j LOG --log-prefix "SFW2-IN-ILL-TARGET " --log-tcp-options --log-ip-options
-A INPUT -j DROP
-A FORWARD -m limit --limit 3/min -j LOG --log-prefix "SFW2-FWD-ILL-ROUTING " --log-tcp-options --log-ip-options
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -m limit --limit 3/min -j LOG --log-prefix "SFW2-OUT-ERROR " --log-tcp-options --log-ip-options
-A input_ext -m pkttype --pkt-type broadcast -j DROP
-A input_ext -m recent --rcheck --name GOOD --rsource -j ACCEPT
-A input_ext -p icmp -m icmp --icmp-type 4 -j ACCEPT
-A input_ext -p tcp -m tcp --dport 113 -m state --state NEW -j reject_func
-A input_ext -m pkttype --pkt-type multicast -j DROP
-A input_ext -m pkttype --pkt-type broadcast -j DROP
-A input_ext -p tcp -m limit --limit 3/min -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-DROP-DEFLT " --log-tcp-options --log-ip-options
-A input_ext -p icmp -m limit --limit 3/min -j LOG --log-prefix "SFW2-INext-DROP-DEFLT " --log-tcp-options --log-ip-options
-A input_ext -p udp -m limit --limit 3/min -m state --state NEW -j LOG --log-prefix "SFW2-INext-DROP-DEFLT " --log-tcp-options --log-ip-options
-A input_ext -j DROP
-A input_ext -p icmp -m icmp --icmp-type 4 -j ACCEPT
-A input_ext -p tcp -m tcp --dport 113 -m state --state NEW -j reject_func
-A input_int -j ACCEPT
-A reject_func -p tcp -j REJECT --reject-with tcp-reset
-A reject_func -p udp -j REJECT --reject-with icmp-port-unreachable
-A reject_func -j REJECT --reject-with icmp-proto-unreachable
COMMIT
# Completed on Sat Dec 21 21:31:39 2013

To implement the firewall rules immediately, run this command
iptables-restore < /usr/src/iptables/whitelist.rules
Edit the iptables configuration
nano /etc/sysconfig/iptables-config
Change the following values to yes
This will ensure the iptable rules get saved to the default iptables file (/etc/sysconfig/iptables) and re-used each time the firewall is stopped or restarted.
IPTABLES_SAVE_ON_STOP="yes"
IPTABLES_SAVE_ON_RESTART= "yes"
You can verify this by stopping and restarting the firewall or rebooting the server. Go ahead and try this.
service iptables stop
iptables -L
service iptables restart
iptables -L
reboot
iptables -L


Upgrading

First, you will do a full backup, then you will upgrade your local copy of astguiclient via SVN and install it.
Make sure to read the UPGRADE doc for any new instructions.
/usr/share/astguiclient/ADMIN_backup.pl --debugX
cd /usr/src/astguiclient/trunk
svn up
perl install.pl
nano UPGRADE


Author
Ray Solomon
Was any of this helpful? if so, send me a donation :)
My Bitcoin address: 3DFuEPrrbfBGxCoRjiab6RS4Y7TWE9VoWe
Paypal donations also accepted

Thursday, 1 January 2015

ViciBox v.8.1 Bug Fixes and Updates

ViciBox v.8.1.1 and under has a broken vicibox-certbot install. The fixes are numerous and replacement of it is recommended. Here is how you do that

1) cd /usr/local/bin
2) rm vicibox-certbot
3) wget http://download.vicidial.com/vicibox/vicibox-certbot
4) chmod 755 vicibox-certbot


------------------------------------------------------------


ViciBox v.8.1.0 had the wrong rtc port opened in the firewall. It was opening the non-tls port (8088) instead of the tls port (8089). This issue prevent the WebRTC features from working correctly, like ViciPhone.

Here's how to fix that :
1) sed -i 's/8088/8089/g' /etc/sysconfig/scripts/SuSEfirewall2-custom
2) SuSEfirewall2


------------------------------------------------------------


ViciBox v.8.1.0 did not issue an apache or asterisk soft reload after attempting a certbot certificate renewal. If the SSL certificate is renewed then Apache/Asterisk will need to re-read the new cert. If you have a cluster then you only need to run the apache or asterisk parts depending upon what your server is doing. Here is the fix :

1) crontab -l > /tmp/rootcron
2) echo '10 0 1 * * /usr/sbin/apache2ctl -k graceful >/dev/null 2>&1' >> /tmp/rootcron
3) echo '11 0 1 * * /usr/sbin/asterisk -rx "module reload http" >/dev/null 2>&1' >> /tmp/rootcron
4) crontab /tmp/rootcron


------------------------------------------------------------


ViciBox v.8.1.0 had the wrong IPSet type for whitelistnets. It should have been nethash not iphash. You can correct it by doing the following :

1) sed -i 's/whitelistnets iphash/whitelistnets nethash/g' /etc/sysconfig/scripts/SuSEfirewall2-custom
2) reboot (rules have to be recreated, so easiest to reboot)


------------------------------------------------------------


ViciBox v.8.1.0 had the Asterisk REST Interface enable by default. You can correct this by doing the following:

1) sed -i 's/enabled=yes/enabled=no/g' /etc/asterisk/ari.conf
2) reboot (can be done overnight from crontab)


------------------------------------------------------------


While not really a ViciBox bug, Asterisk v.13 has an issue where doing a 'module reload http' does not actually reload the HTTP module unless the file /etc/asterisk/http.conf has actually changed. At some point this will be fixed in upstream Asterisk v.13 but in the meantime you will need to modify your crontab entry for certbot to work around this issue. Here's how you do that :

1) crontab -e
2) Change this line : 11 0 * * 0 /usr/sbin/asterisk -rx "module reload http" >/dev/null 2>&1'
to : 11 0 * * 0 touch /etc/asterisk/http.conf; /usr/sbin/asterisk -rx 'module reload http' >/dev/null 2>&1
3) ctrl-X to exit and save the file

You are basically putting 'touch /etc/asterisk/http.conf;' in front of the asterisk command. That will cause the module to actually reload and pull in the new Certbot SSL certificates. If your dialer reboots every week or every day from the crontab you can skip this step.


------------------------------------------------------------


ViciBox v.8.1.2 and under has incorrect kernel printk settings. This results in a bunch of kernel messages, mainly from iptables, being strewn across the console when you are on it. It doesn't affect SSH connections but it's quite annoying nontheless. The issue is more of an annoyance then a bug but here is how you would fix it

1) echo "kernel.printk = 4 4 1 7" >> /etc/sysctl.conf
2) echo "4 4 1 7" > /proc/sys/kernel/printk


------------------------------------------------------------


ViciBox v.8.1.2 and under had the Spectre mitigation patches enabled which causes a significant performance impact on Database servers. Linux kernels above 4.4.110 had the Spectre patches enabled by default if the CPU is found to be vulnerable to Spectre. While this results in very little CPU penalty, it does impose quite a significant penalty on I/O operations like Disk and RAM. This results in a significant impact on the DataBase server. The solution is to add 'nopti nospectre_v2 nospec' to the Kernel boot command line. Here's how you do that:

1) yast bootloader
2) Press ALT-K to go to the Kernel Parameters
3) Press ALT-P to go to the Optional Kernel Command Line Parameter field
4) At the end of the line, type in : nopti nospectre_v2 nospec
5) Press ALT-O or F10 to accept and save changes
6) Type 'reboot' at the command prompt to reboot and load the new kernel settings.

Tuesday, 11 November 2014

Manual Installation for ViciBox Cluster


Installation Manual for ViciBox v.8.1
http://www.vicibox.com/
Foreword
Some basic Linux skills and general IT knowledge is assumed throughout parts of this document. For
this reason, this guide does not cover topics such as basic networking, CD burning, partitioning scheme
design, varying infrastructure methodologies, validity of install, and other unmentioned topics or
variations of installation. To find out more about any of the steps in this document, or to learn more
about any particular ViciBox install or ViciDial setup, we suggest you search and ask questions on the
ViciDial forums at http://www.vicidial.org/VICIDIALforum/. In addition, you can find more
information with regards to Linux, OpenSuSE, and other general topics by using Google and/or the
official OpenSuSE Leap v.42.3 documentation located at https://doc.opensuse.org/opensuse.html
ViciBox is a self-contained installation CD based upon the OpenSuSE v.42.3 Linux distribution. It
includes both online as well as offline installation capabilities. It is packaged as a LiveCD that can be
used as an installation medium, rescue disk, or hardware testing resource.
Paid Support is available through the ViciDial Group (www.vicidial.com) to help with any portion of a
ViciBox or ViciDial installation. Custom development of both ViciBox and ViciDial are offered
through the ViciDial Group as well.
Alternatively, if the prospect of installing and maintaining your own ViciBox/ViciDial installation
seems too daunting, the ViciHost (www.vicihost.com) service is available to give you all the features
and benefits of ViciDial without having to maintain physical servers or worry about installing and
updating ViciBox
As of the writing of this document the current version of ViciBox is v.8.1.2. It is built with the
following software and features :
OpenSuSE Leap v.42.3
Kernel v.4.4.155
Asterisk v.13.21.1-vici
DAHDI v.2.11.1
LibPRI v.1.6.0
Amfletec VoiceSync v.1.3.8
OpenR2 v.1.3.3 for MFC/R2 supporting
ViciDial SVN v.2.14-689a build 180922-0958 revision 3035
Automated G729/G723 codec installation with internet connectivity
Integrated firewall with VoIPbl.org and White/Dynamic/Black IP ACL
CertBot set-up script to generate valid LetsEncrypt.org SSL certificates
WebRTC ViciPhone ready
Hardware Recommendations and Dimensioning
The recommended minimum hardware specifications for ViciDial is as follows :
Quad-Core CPU 2.0+Ghz
4+ GB RAM
160+ GB RAID-1 Hard Drive setup
A ViciBox “Express” system consists of all major roles including Database, Web, and Telephony
server. Using the minimum hardware specifications listed above, this would be well suited for a call
center up to 15 agents doing outbound calling with call recordings at a 4:1 ratio. When used for
inbound the same minimum hardware specifications are acceptable for up to 25 agents. Please note that
the figures presented are a conservative guideline and that your actual system capacity is heavily
determined by the number of agents, number of leads, concurrent call count, dialing ratio if applicable,
campaign settings, and the general capacity of the hardware. It is for this reason that additional
specifications were provided should you run into any minor load issues. Particular attention should be
paid to the size of the hard-drive(s) installed in the system if you record your calls. The most frequent
issue new customers experience is a crashed server due to the hard drive filling up with recordings.
Clustering is where multiple individual servers perform specific roles within ViciDial. Those roles are
Database, Web, Telephony, and Archive server. Clustering should generally be used for an install
consisting of more then 20 outbound agents or 30 inbound agents. If you do not know or are unsure of
whether you should perform a clustered install please consult with the free community-based ViciDial
forums or paid-for ViciDial Group for support. Please be prepared to explain your planned installation
including number of agents, call type (Outbound/Blended/Inbound), expected dialing ratio or
concurrent call volume, archival requirements, and any other unique processes or requirements you
may have. This will help generate an accurate answer to your questions.
Clustering of the Web and Telephony roles in vicidial is done horizontally. This means that as your
capacity grows you simply add more servers to your cluster to compensate. A cluster should always
start with at least one dedicated Telephony server and a combination Database and Web server. If your
total agent capacity will be less then 50 agents then you can use the optional server specifications
provided under the “Compatibility and Prerequisite” section for your Database. All other clustering
options should use one of the database-specific specifications listed under the “ViciBox Cluster”
section. All Web and Telephony servers just need to adhere to the base specifications listed under the
“Compatibility and Prerequisite” section.
In general, you can expect to get 25 outbound agents dialing 4:1 ratio or 50 inbound agents with 100
concurrent lines on a dedicated Telephony server using the standard hardware specification. It is
recommended to use the optional specification for recording long call durations or inbound call centers.
A dedicated Web Server will handle approximately 150 agents using the standard hardware
specification. When more then one web server is used it is recommended to configure a third machine
to act as a load-balancer for the agent interface between the multiple web servers. The agent will
initially go to the load balancer to log in and then be redirected to one of the back-end servers.
Configuration of the load balancer is done through the use of the mod_proxy_balancer module in
Apache and is not covered by this document. There are many examples and walk-throughs available by
searching the internet. Alternatively, the ViciDial Group can install and set-up a load balancer for you
through paid support options.
Phase 1 – OS Installation
1. Download the current ViciBox ISO from http://download.vicidial.com/iso/vicibox/server/
2. Burn ISO to CD/DVD or USB thumb drive and boot from it.
3. At the boot screen, select “ViciBox_v8_1” and press ENTER to boot the ViciBox live CD.
4. At the login prompt type in ‘root’ and press ENTER.
5. As the password prompt type in ‘vicidial’ and press ENTER.
6. To begin the OS installation type ‘os-install’ and press ENTER. If you wanted to do anything
prior to OS installation you would do that before completing this step.
7. At the license screen press ALT-N to select ‘Next’ and move to the next screen.
8. To change the Region press ALT-E and use the up and down arrow keys to select the proper
Region.
9. To change the Time Zone press ALT-Z and use the up and down arrow key to select the proper
Region.
10. Verify that the selected Region and Time Zone are correct and press ALT-N to select ‘Next’ and
move to the next screen. The Region and Time Zone should be set for the server’s physical
location, not the location of the agents.
11. To accept the default partitioning scheme press ALT-N to proceed to the next screen. By default
the partitioning scheme assigns 4GB to swap and the rest to / (root). If there is a second drive,
like an SSD, that is to be used solely for database access it would need to be mounted under
/srv/mysql
12. Type in the new root password and press the TAB key to move the cursor down to the Confirm
Password field. The default root user password is ‘vicidial’. The TAB key can be pressed
multiple times to cycle through the fields.
13. Re-type the password in the Confirm Password field to verify it. DO NOT LOSE OR FORGET
THIS PASSWORD OR YOU WILL NOT BE ABLE TO LOG INTO THE SERVER’S
OPERATING SYSTEM IN THE FUTURE.
14. Press ALT-N to select ‘Next’ and move to the next screen.
15. If the system determines that the entered root password is not a high security password it will
prompt you to verify you want to use that password. Using the TAB key make sure ‘Yes’ is
highlighted and then press the ENTER key to proceed to the next screen.
16. An installation summary screen will show you the configured install options. If there are no
changes to be made to the installation options presented, press ALT-I to start the installation
process. EVERYTHING AFTER THIS STEP WILL RESULT IN THE SERVER BEING
FORMATTED AND ALL DATA ON IT BEING LOST.
17. To confirm the start of the installation process press ALT-I again. EVERYTHING AFTER THIS
STEP WILL RESULT IN THE SERVER BEING FORMATTED AND ALL DATA ON IT BEING
LOST.
18. When prompted, use the TAB key to select ‘Reboot Now’ and then press the ENTER key. The
CD/DVD or USB thumb drive can be removed at this step.
19. After rebooting type ‘root’ at the login prompt and press the ENTER key.
20. At the password prompt type in the ‘root’ password from step 12 and press the ENTER key.
Upon successful login you should see a red prompt that says ‘vicibox81:~ # _’ with the underscore
blinking. This is the ‘root’ prompt and where you should begin Phase 1.5 and Phase 2 installations. If
you have other set-up tasks to do you can do those at this time. Phase 1.5 includes some recommended
and optional set-up tasks that can be performed prior to the final Phase 2 installation of ViciDial.
Phase 1.5 – Recommended and Optional installation steps
Network Configuration – HIGHLY RECOMMENDED
1. If not already please login as the ‘root’ user to get to the root prompt. Steps 19 and 20 from the
Phase 1 installation instructions cover how to login as the root user.
2. Type ‘yast lan’ and press the ENTER key to start the network configuration. Optionally, you
can type ‘yast’ and navigate to the network configuration by going to System → Network
Settings.
3. Using the TAB key, press it until the network card is highlighted. If you have multiple network
cards, use the up and down arrow keys to select the proper network card to configure.
4. Press ALT-I to edit the configuration of the selected network interface.
5. Press ALT-T to select ‘Statically assigned IP Address’. All servers in a ViciDial cluster should
have a statically assigned IP.
6. Press ALT-I or the TAB key to move to the ‘IP Address’ field.
7. Enter the IP Address for this network interface. This IP is determined by your network
environment and is beyond the scope of this installation guide.
8. Press ALT-S or the TAB key to move to the ‘Subnet Mask’ field.
9. Enter the Subnet Mask for your network environment. The subnet mask can be entered in either
dotted notation (A.B.C.D) or CIDR notation (/XX).
10. Press ALT-G to view the General settings for this network interface.
11. Press ALT-X to change the Firewall Zone for this network interface.
12. Using the Up and Down Arrow keys, select the ‘Internal Zone’ for the network interface if it is
not directly attached to the Internet or ‘External Zone’ if it is directly attached to the Internet.
For example, if the IP address for this server is an RFC1918 private IP like 192.168.X.Y or
10.X.Y.Z then this should be considered an Internal Zone connection.
13. Press ALT-N to accept the configuration changes and return to the Network Settings screen. If
you have multiple network interfaces to configure you can repeat steps 3 through 12 for each of
the additional interfaces. Network configurations can be complex and consulting a qualified
network technician is recommended if there is any doubt as to what settings to use.
14. Press ALT-S to configure the Hostname and DNS settings.
15. Press ALT-T or the TAB key to move to the ‘Hostname’ field.
16. Enter the unique Hostname for this server. All servers MUST have a unique 16-character or
less hostname for a clustered installation to install properly. The recommended naming
convention is to use DBX, WebX, and DialX where X represents the numerical sequence of that
server. For example, the first Telephony server would be Dial1, the second Dial2, etc. The web
servers would be web1, web2, etc. Please avoid arbitrary names like ‘Zeus’, ‘Batman’,
‘Lemonade’, etc.
17. Press ALT-D or the TAB key to move to the ‘Domain Name’ field.
18. Enter the Domain Name for this server. The domain name ‘vicibox.local’ can be used if a
domain name is not known or not set-up in the current Network Environment.
19. Press ALT-1 or the TAB key to move to the ‘Name Server 1’ field.
20. Enter the primary DNS server for your network. This will typically be the IP address the router
if you are using a private IP, or the DNS servers for your ISP if you are not. The ip ‘8.8.8.8’ can
be used if the primary DNS server is not known or provided.
21. Press ALT-2 or the TAB key to move to the ‘Name Server 2’ field.
22. Enter the secondary DNS server for your network. This will typically be the DNS server from
your ISP. The ip ‘4.2.2.1’ can be used if the primary DNS server is not known or provided.
23. Press ALT-U to change to the Routing screen.
24. Press ALT-F or the TAB key to change to the ‘Default IPv4 Gateway’.
25. Enter the Default Gateway for your network. This will typically be the router’s IP if the server
is configured with a private IP address or the gateway as provided by the ISP if it’s directly
attached to the network.
26. Press ALT-O to select ‘OK’ and save the network configuration. This will cause the network to
reload and the changes to become active. It is possible during this step that the network will not
reload cleanly. To prevent this issue from causing any problems it is recommended to reboot the
server prior to the Phase 2 ViciDial installation.
27. Once back at the root prompt, type ‘ping -c6 google.com’ and verify that the server is properly
able to ping out onto the internet.
In addition to basic network configuration, you can configure the built-in firewall by typing ‘yast
firewall’. This interface will allow you to open ports and selectively allow access for certain IPs. This
will not configure the ViciBox Firewall (VB-firewall.pl) but will allow static firewall entries.
Install Updates – RECOMMENDED AND REQUIRES INTERNET CONNECTIVITY
1. If not already please login as the ‘root’ user to get to the root prompt. Steps 19 and 20 from the
Phase 1 installation instructions cover how to login as the root user.
2. Type ‘zypper ref’ to refresh all installed repositories for the latest packages.
3. Type ‘zypper dup -y’ to install updated packages and any package changes. This step might take
a while depending upon the age of the installed ViciBox image and the speed of your internet
connection.
4. After the updates are done installing, type ‘reboot’ to reboot the server and load and newly
updated software.
Switch to Asterisk v.11 – OPTIONAL BUT REQUIRED IF INSTALLED SVN IS UNDER 2960
1. If not already please login as the ‘root’ user to get to the root prompt. Steps 19 and 20 from the
Phase 1 installation instructions cover how to login as the root user.
2. Type ‘vicibox-ast11’ and press the ENTER key to begin the switch to Asterisk 11. This should
ONLY be done prior to Phase 2 ViciDial installation. Doing this on a configured server will
cause that server to no longer work properly with ViciDial.
Install LetEncrypt/Certbot SSL – OPTIONAL FOR WEB AND TELEPHONY SERVERS
1. If not already please login as the ‘root’ user to get to the root prompt. Steps 19 and 20 from the
Phase 1 installation instructions cover how to login as the root user.
2. Type ‘service apache2 start’ to start apache for the verification process.
3. Verify that your Fully Qualified Domain Name is properly pointing to this server by going to
http://<FQDN> and seeing if you browser says “It Works!”.
4. Type ‘vicibox-certbot’ to start the simplified CertBot setup wizard.
The CertBot verification will only work if this server has a Fully Qualified Doman Name (FQDN)
properly pointed to it. If your network environment is complex enough where a public FQDN cannot
be mapped to your server publicly then it is recommended to use a conventional SSL provider.
Change ‘root’ user password – OPTIONAL (READ COMPLETELY FIRST)
1. If not already please login as the ‘root’ user to get to the root prompt. Steps 19 and 20 from the
Phase 1 installation instructions cover how to login as the root user.
2. Type ‘passwd’ at the root prompt.
3. Type in the new root password and then press the ENTER key
4. Verify the new root password by typing it in again and then pressing the ENTER key
DO NOT LOSE THIS PASSWORD! It is always needed for any sort of support (remote or otherwise)
that needs to be done at the Operating System level. It is not trivial to recover a lost root password and
requires someone to physically be at the server or using an IP-KVM during the recovery. It is
recommended to chose a root password that is more of a phrase then a single word. Avoid choosing
passwords that are overly complex, random, or hard to remember. Such passwords end up being written
down on a piece of paper and shoved in a drawer or taped to the front of a server. An example of a pass
phrase would be “ThisIsViciBox!”.
It is recommended to use 12 or more characters in your root password. None of the passwords used in
this document should be used on a server that is directly connected or exposed to the internet. All
alphanumeric characters (A through Z and 0 through 9) are valid in a root password along with the
special characters @=/+-!~
Phase 2 – ViciDial Installation
There are two different types of ViciDial installations. The first one is an ‘Express’ install which is
primarily used for a single server installation. The second type is a ‘Cluster’ install which is where
ViciDial is using multiple servers to function. The actual installer is the same for both options but the
‘Express’ install has predetermined settings given to the installer making it the least involved to set-up.
For a new ViciBox/ViciDial admin it is recommended to start with an Express install to familiarize
yourself with the installation process. If there is a possibility that within the next month or two after
install the server might grow beyond supporting 20 agents it is recommended to start with mutliple
servers and do a ViciDial cluster. An express install can be migrated to a cluster install at a later time
but the it takes a bit of knowledge and understanding of how the back-end processes of ViciDial work.
ViciDial Express Installation
1. If not already please login as the ‘root’ user to get to the root prompt. Steps 19 and 20 from the
Phase 1 installation instructions cover how to login as the root user.
2. At the root prompt type ‘vicibox-express’ and press the ENTER key. This will start the
installation wizard. Follow the prompts to continue installation.
3. After the installation has finished, type ‘reboot’ and press the ENTER key to reboot the server.
You should carefully examine the output of the installer to make sure that it installed properly.
Do not assume that just because it finished it had successfully installed.
4. From a web browser on a desktop type in the IP Address of FQDN of your server and press the
ENTER key.
5. If the installation was successful you should see the ViciDial Welcome page.
ViciDial Cluster Installation
1. If not already please login as the ‘root’ user to get to the root prompt. Steps 19 and 20 from the
Phase 1 installation instructions cover how to login as the root user.
2. On the database server at the root prompt type ‘vicibox-install’ and press the ENTER key. This
will start the installation wizard. Follow the prompts to continue installation making sure to
indicate that this server is the DataBase. If using any custom database settings please write
them down for later reference on the Web and Telephony servers.
3. If you have a database slave server, please login as the root user on the slave server. Steps 19
and 20 from the Phase 1 installation instructions cover how to login as a root user.
4. On the slave server at the root prompt type ‘vicibox-install’ and press the ENTER Key. This
will start the installation wizard. Follow the prompts to contiue and make sure to select Expert
Options and indicate that this is a slave database server. If you used any custom database
configurations from Step 2 you will need to input them here.
5. Once the database(s) has finished installing, please login as the root user on the Web server.
Steps 19 and 20 from the Phase 1 installation instructions cover how to login as the root user.
6. On the Web server at the root prompt type ‘vicibox-install’ and press the ENTER key. This will
start the installation wizard. Follow the prompts to continue installing and make sure to
indicate that this server si the Web server. If you used any custom database configurations from
Step 2 you will need to input them here.
7. Repeat step 4 for any additional Web servers you might have.
8. If you will be using a ViciBox server for an Archive server, please login as the root user on the
archive server.Steps 19 and 20 from the Phase 1 installation instructions cover how to login as
the root user.
9. On the archive server at the root prompt type ‘vicibox-install’ and press the ENTER key. This
will start the installation wizard. Follow the prompts to continue installation and make sure to
indicate that this is an Archive server. If you used any custom database configurations from
Step 2 you will need to input them here.
10. Once the Web server has finished installing, please login as the root user on the Telephony
server. Steps 19 and 20 from the Phase 1 installation instructions cover how to login as the root
user.
11. On the Telephony server at the root prompt type ‘vicibox-install’ and press the ENTER key.
This will start the installation wizard. Follow the prompts to continue installation and make
sure to indicate that this is a Telephony server. If you used any custom database configurations
from Step 2 you will need to input them here.
12. Repeat step 7 for any additional Telephony servers you might have.
13. When all servers in the cluster have been successfully installed it is recommended to reboot
them to load things cleanly.
When doing a cluster installation it is possible to consolidate server roles during the install by inputting
the proper options into the vicibox-install wizard. For example, if one server was going to be both the
DataBase and Web Server you would say Yes to both the DataBase and Web Server questions during
the install. The recommended minimum cluster installation is two server. One server to be the DataBase
and Web server and the second server to act as a dedicated Telephony server.
Please refer to the ViciDial manual for further instructions on logging into ViciDial and configuring the
various options. The default Admin user is ‘6666’ with a password of ‘1234’.
Please use caution when selecting ViciDial passwords such as the phone registration password. If you
keep the passwords too simple you open yourself up to hackers committing toll fraud through your
system. A secure password contains more then 8 characters and consists of one lowercase letter, one
uppercase letter, and one numeral. An example of a secure password would be 'nebl6HE0u25a0Gt'.
Please DO NOT use this password, it is ONLY an example. The default phone registration password
and server password has already been randomized during the install. When changing them, please keep
the above secure password requirements in mind.

Ads