We've invested weeks and months over the years wrestling with virtualization technologies searching for the perfect fit for the Asterisk® PBX platform and especially for the turnkey solutions provided by PBX in a Flash and our latest Orgasmatron V installer. Why virtualization you might be asking? As with most computer applications, it comes down to flexibility and, of course, cost savings.
For the latest article on PBX in a Flash 2 with OpenVZ, follow this link.
In the flexibility department, VoIP virtualization lets you choose options such as Cloud Computing and hosted solutions from various providers. It also provides a terrific training platform as well as your own managed Cloud Computing solution. You can build and host a dozen or more virtual Asterisk systems on a single $500 to $1,000 server and have a transportable solution ready to deploy in a couple of hours. And then there are those of us in the technology business that need to test all sorts of new operating systems and applications without having to dedicate a standalone machine to each experiment.
Security WARNING: Always run Proxmox behind a secure, hardware-based firewall with no port exposure to the Internet. Review this message thread for the reasons why.
Our virtualization platform of choice is Proxmox, a lightweight Debian-based distribution that includes kernel support for both KVM and OpenVZ. As Martin Maurer from Proxmox put it in a recent interview:
This means you get the best of both virtualization worlds... containers (OS Virtualization) and fully-virtualized machines (Machine Virtualization). Proxmox VE also includes a very powerful yet easy to use web-based management system with clustering features. Boot the Proxmox VE install media, answer a few simple questions, and within 10 minutes you have a very powerful virtualization platform you can manage from a web browser. Install it on one or more additional machines that are networked together and use Proxmox VE's cluster management tool to create a virtualization cluster that allows for centralized management, automated backups, iso media and OS Template syncing, as well as migration features. Proxmox VE really is a time saving turnkey solution... and it is freely available under a GPL license."
As far as cost savings, $500 to $1,000 says it all. When you can run a dozen dedicated systems on such a hardware platform, it reduces the individual cost of each turnkey system deployment to well under $100. And the performance penalty for implementing this multitasking solution is only a 1 to 3 per cent performance hit compared to using comparable standalone systems for similar computing tasks. Om Malik recently noted that:
More than half of new servers in 2009 will be virtualized, compared with 30 percent in 2008, according to a new survey by TheInfoPro."
Comparing 2009 to 2008 deployments, that's a 70% increase in just one year. When there is comparable performance, 90% cost savings, and greatly enhanced deployment flexibility, you have to ask yourself why wouldn't you deploy virtualized solutions. With the solution we're providing today, you get some other benefits as well: snapshot backups and cluster computing, both of which actually work. And the cost of this virtualization technology... it's FREE!
Hardware Requirements. For full KVM virtualization support, you'll need either an Intel-VT1 or AMD-V2 capable CPU/Mainboard. Also strongly recommended are a multi-core CPU and as much RAM as your budget can afford. Our favorites (primarily because of cost) are the Dell T105 (with either dual or quad core AMD Athlon processor) or the Dell T300 (with quad core Intel Xeon processor). Both are on sale for the next few days starting at $249 up to about $1,000 with $350-$549 off the retail prices. You can save more by using our Dell coupon in the right margin. We recommend purchasing larger hard disks from other suppliers so stick with the default setup in drives. Dell has gotten more competitive on RAM pricing so that's your call. For a point of reference, a dual core AMD with 8GB of RAM can support about 8 simultaneous Asterisk servers.
Installing Proxmox. If you go the Dell route, you'll need an external USB CD or DVD drive to install Proxmox. Dell's optical drives aren't supported in the Proxmox boot image. So begin by downloading the Proxmox VE 1.3 ISO image and create your CD. Then boot your new server from the CD (by pressing F11 for the boot selection screen and choosing your USB external drive on Dell servers). Press Return to begin the install, agree to the license agreement, and click Next on the installer screen to begin. Choose your country, time zone, and keyboard layout. Next choose a secure password and provide a valid email address which is used to send you critical alerts from your Proxmox server. Finally, choose a hostname, specify a fixed IP address, netmask, gateway, and DNS servers and then press Next. Three minutes later, you'll have a new Proxmox server. Log in to your server as root and create a directory for your backups: mkdir /backup. You're finished on the CLI at this point.
OpenVZ vs. ISO Images. One of the beauties of Proxmox is that it supports two different types of images to create virtual machines. An OpenVZ template is akin to a snapshot of an existing system while an ISO image is identical to the installer you normally would burn onto a CD in order to install a software application on your server. In short, you still have to go through the installation scenario when you create a virtual machine (KVM) from an ISO image. A virtual machine created from an OpenVZ image is ready for use the moment it is created. If you remember when instant-on televisions first were introduced, you'll also appreciate the difference in boot times between OpenVZ and KVM machines which boot an application installed from an ISO in much the same manner as you would experience on a standalone machine.
As with life, there's a dark cloud lurking behind every silver lining, and this is especially true in the Asterisk environment. OpenVZ containers rely upon a shared kernel, the one that actually boots the Proxmox server. KVM containers created from ISO images are self-contained with their own complete operating system and kernel. Thus, zaptel and dahdi cannot be loaded directly from an OpenVZ container. Instead one must rely upon a shared version of zaptel or dahdi loaded on the Proxmox server itself. As it turns out, this is no small feat and certainly not a task for mere mortals. Bottom Line: If you need conferencing or otherwise need a timing source for your Asterisk deployment, you will not want to use the OpenVZ approach at least for now. We hope to more fully document the zaptel/dahdi hurdles that need to be addressed in coming weeks. You can follow our progress in this message thread on the PBX in a Flash Forum. On the other hand, if you have more traditional VoIP requirements for your PBX, then the ease of installation and use of the OpenVZ image makes perfect sense. So let's start there assuming you understand the limitations.
Installing PIAF OpenVZ. Using a web browser, download the new PBX in a Flash OpenVZ image to your Desktop. Our special thanks to Wolf Paul, who did most of the work in putting this together. Once you have the OpenVZ image in hand, point your web browser to your Proxmox server: https://ipaddress. Accept the default certificate and login as root. You'll get a Welcome screen that looks something like what's shown above. Click on the Appliance Template option. In the Upload File section, choose the PIAF OpenVZ image on your Desktop and click Upload. Be patient. It's a big file. So go have a cup of coffee. You'll get a prompt when it's completed. And, as Joe Roper has pointed out, you can do this directly within the Proxmox server by logging in as root and issuing the following commands. Thanks, Joe.
If you really want to walk on the wild side, here's a third method from Ap.Mathu. After logging into your server as root and issuing the following commands, you can download PBX in a Flash as well as Joomla!, eyeOS, BlueOnyx, Moodle, and FrontAccounting directly through the Proxmox web interface (Appliance Templates, Download):
cat piaf1506 >> /var/lib/pve-manager/apl-available
NOTE: You'll need to use the third option above only after you enable IPtables below because the apl-available file gets regenerated from "headquarters" each time Proxmox restarts.
Enabling IPtables Firewall. IPtables works a little differently in the OpenVZ environment. It actually runs on the Proxmox host. There are three steps to get it working. First, be sure you have downloaded PIAF OpenVZ template 15.04 or later. Second, shut down every running VM on your Proxmox server using the web interface. When you're sure they're all stopped, log into your Proxmox server as root using SSH and carefully enter the following two commands. Note that, because of the length, the sed command stretches to several lines which should be unraveled into a single line for the command to execute properly! Using a block-copy from a desktop machine to your SSH session is the safest method.
sed -i 's|ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length|ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp|' /etc/vz/vz.conf
Now you're ready to create your first virtual machine. Click on Virtual Machines and then the Create tab. Accept the default OpenVZ container type and give your virtual machine a host name that will help you distinguish it from other VMs on your Proxmox server. Create a secure root password for your new VM. We recommend a minimum memory and swap memory size of 512MB and a minimum disk size of 20GB. You can experiment with these to find the best fit on your server. It only takes about 30 seconds to create an OpenVZ virtual machine so trial-and-error isn't painful.
You have a choice of Network Types. With Virtual Networks (venet), you need to designate a static IP for your virtual machine. With Bridged Ethernet (veth), an IP address is assigned by your DHCP server. Be aware that our status app currently won't display venet-assigned IP addresses, but ifconfig will. There are some other significant differences including network security that you may wish to review. Our special thanks to Martin Maurer from the Proxmox Dev Team for the hand-holding in getting both options working. To keep things simple, choose Bridged Ethernet as shown in the screen shot above. As mentioned, we'll depend upon your DHCP server to assign a dynamic IP address. You can lock it down on your router to assure that the same IP address always is assigned to this virtual machine. Finally, provide a DNS domain for the new VM and assign at least one DNS server. The IP of your gateway router/firewall usually will suffice. Click create when you have filled in all the blanks. Your new virtual machine will be ready to run in less than a minute.
To start the OpenVZ virtual machine, click on the List tab. Then click on the VM you wish to run. When the details display, click the Start button. Within a couple seconds, your VM will start up. Now click on the Open VNC Console link which provides you a command line interface to the now running virtual machine. Type ifconfig several times until you get a display showing your network interfaces. If no IP address is shown for eth0, type: service network restart. You only need to do this the first time your new virtual machine is started. Once the network reloads, you should be good to go. Type status and the IP address of your new VM should display. Type service iptables status to verify that IPtables is running. It currently does not show properly with status. If it's not running, type service iptables restart, and then check it again. The safest test is to attempt to log into your new server with a phone using the wrong extension password. After three tries, it should lock out that IP address temporarily.
Now it's time to secure your new virtual machine. We need to change the master password (not the root password) that is used to gain web access to your server. We also need to change the server's SSH keys to make them unique. Just run the following three commands making certain that you choose to overwrite your existing SSH keys when prompted to do so:
ssh-keygen -f /etc/ssh/ssh_host_rsa_key -t rsa
ssh-keygen -f /etc/ssh/ssh_host_dsa_key -t dsa
Finally, you can type rasterisk to load the Asterisk CLI. You now have a functional PBX which is ready for configuration. See our knol for step-by-step instructions if you're new to all of this. Or, better yet, you can transform your new virtual machine into a turnkey PBX in less than 10 minutes with free calling in the U.S. and Canada with our Orgasmatron V Installer.
We strongly encourage (actually we're begging) you to read our Primer on Asterisk Security before doing anything else. It could save you an astronomical phone bill down the road.
Where To Go From Here. Until our next chapter, you might want to experiment with some of the other OpenVZ appliances which are available for Proxmox. Many can be installed within the Proxmox GUI (Appliance Templates, Download). Here's the short list: Proxmox Mail Gateway, CYAN Secure Web, Trouble Ticket Tracking, Zenoss Core IT Monitoring, CentOS 4 and 5, Debian 4 and 5, Fedora 9, Ubuntu Hardy, Drupal Content Management, Joomla Content Management, MediaWiki, SugarCRM, and WordPress. Enjoy!
Continue reading Part II for the 64-bit version with DAHDI conferencing...
Enhanced Google Maps. In case you haven't noticed, we've added yet another Google Map to Nerd Vittles. Now, in addition to showing our location with Google Latitude, we also are displaying your location based upon your IP address. We'll show you how to add something similar to any LAMP-based Linux system in coming weeks. It's a powerful technology that has enormous potential. If you're unfamiliar with Google Maps, click on the Hybrid and Satellite buttons and then check out the scaling and navigation options. Double-click to zoom. Incredible!
whos.amung.us If you're wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what's happening. It's a terrific resource both for us and for you.
Need help with Asterisk? Visit the PBX in a Flash Forum.
Or Try the New, Free PBX in a Flash Conference Bridge.
Special Thanks to Our Generous Sponsors
Awesome Vitelity Special. Vitelity has generously offered a terrific discount for Nerd Vittles readers. You now can get an almost half-price DID from our special Vitelity sign-up link. If you're seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. When you use our special link to sign up, Nerd Vittles gets a few shekels down the road to support our open source development efforts while you get an incredible signup deal as well. The going rate for Vitelity's DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For our users, here's a deal you can't (and shouldn't) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls and four simultaneous channels for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. NOTE: You can only use the Nerd Vittles sign-up link to order your DIDs, or you won't get the special pricing! Vitelity's rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage. Any balance is refundable if you decide to discontinue service with Vitelity.
Some Recent Nerd Vittles Articles of Interest...
- Be very careful choosing Intel processors. Even some high-end processors do not support Intel Virtualization Technology. Here's the official list. [↩]
- And here is a useful reference for AMD-compatible processors. The AMD WIKI provides the following list of AMD-V compatible processors: "AMD's x86 virtualization extension to the 64-bit x86 architecture is named AMD Virtualization, also known by the abbreviation AMD-V, and is sometimes referred to by the code name 'Pacifica'. AMD processors using Socket AM2, Socket S1, and Socket F include AMD Virtualization support. AMD Virtualization is also supported by release two (8200, 2200 and 1200 series) of the Opteron processors. The third generation (8300 and 2300 series of Opteron processors) will see an update in virtualization technology..." [↩]