Taming the OpenVZ beast to support Asterisk® virtualization has been interesting. Reminds me of laying track in front of a steaming locomotive. The demand for a solid, stable Asterisk-based Virtual PBX is overwhelming based upon the visitor count we've recorded. So we wanted to get it right! If you haven't visited the original article in a few days or if you've just landed here, start there. Then come back.
Security WARNING: Always run Proxmox behind a secure, hardware-based firewall with no port exposure to the Internet. Review this message thread for the reasons why.
If you're new to the virtualization world, the beauty of OpenVZ templates running on a Proxmox VE server is that you can create a fully-functional PBX in a Flash system in just under 15 seconds. If you want a dozen fully functional PBXs, the creation time jumps to a whopping 3 minutes. And OpenVZ images load almost instantly with a choice of either dynamic or static IP addresses. Add another 5 minutes to run the new Orgasmatron V installer, and you've got a turnkey, state-of-the-art PBX with dozens of preconfigured Asterisk applications plus free calling in the U.S. and Canada courtesy of Google Voice.
For normal PBX operations, last week's 32-bit PBX in a Flash OpenVZ template was just about perfect. But there were two wrinkles. First, conferencing didn't work because there was no timing source (aka Zaptel/DAHDI). You'll recall that both Zaptel and DAHDI are tied to the Linux kernel. And, with OpenVZ templates, the kernel lives on the Proxmox server. Because Proxmox is a 64-bit native application, its kernel wasn't accessible to 32-bit apps such as last week's template. Second, there's a Denial of Service security issue with the version of IAX2 installed in the default build of PBX in a Flash which you already know about if you've been following us on Twitter or if you subscribe to the PIAF RSS Feed.
So we had our work cut out for us this week. We wanted to kill two birds with one stone by delivering a 64-bit version of PBX in a Flash with conferencing support that also addressed the IAX2 security issue. The nice part of IAX is that you really only need to expose the IAX port through your firewall on one server. Then all of your remaining servers can register to the new safe server (using any version of Asterisk) while remaining safely ensconced behind hardware- based firewalls to avoid DOS attacks.
Overview. There are five pieces to this week's puzzle. First, you need a functioning Proxmox VE 1.3 server. Second, you need to install the new 64-bit PBX in a Flash OpenVZ template on your Proxmox server. Third, you need to create at least one OpenVZ virtual machine (VM) using the new PIAF 64-bit template. Fourth, you need to install and activate DAHDI on your Proxmox server. And finally, you need to enable DAHDI on each of the virtual machines created in step #3.
Installing Proxmox. We're assuming you've already purchased an appropriate hardware platform for Proxmox and have your Proxmox VE 1.3 server up and running. If not, start with last week's article. Be sure to read the footnotes to make certain you purchase hardware that actually can run Proxmox! NOTE: The new Proxmox VE 1.4 beta does not yet have all of the tools necessary to enable conferencing so make certain you install the current 1.3 release.
Installing PIAF 64-bit OpenVZ Template. Using a web browser, download the new PBX in a Flash 64-bit OpenVZ template to your Desktop. Our special thanks to Wolf Paul for his continuing help in teaching us how to build these templates. Once you have the OpenVZ template in hand, point your web browser to your Proxmox server: https://ipaddress. Accept the default certificate and login as root. You'll get a Welcome screen that looks something like what's shown above. Click on the Appliance Template option. In the Upload File section, choose the PIAF 64-bit OpenVZ template on your Desktop and click Upload. Be patient. It's a big file. So go have a cup of coffee. You'll get a prompt when it's completed. And, as Joe Roper has pointed out, you can do this directly within the Proxmox server by logging in as root and issuing the following commands.
Creating a PIAF 64-bit Virtual Machine. Now you're ready to create your 64-bit virtual machine. Click on Virtual Machines and then the Create tab. Accept the default OpenVZ Container type. For the Template, choose centos-5.0-pbxinaflash_1.4.0-3_x86_64. Now give your virtual machine a host name that will help you distinguish it from other VMs on your Proxmox server. Create a secure root password for your new VM. We recommend a minimum memory and swap memory size of 512MB and a minimum disk size of 20GB. You can experiment with these to find the best fit on your server. It only takes about 15 seconds to create an OpenVZ virtual machine so trial-and-error isn't painful.
You have a choice of Network Types. With Virtual Networks (venet), you need to designate a static IP for your virtual machine. With Bridged Ethernet (veth), an IP address is assigned by your DHCP server. Be aware that our status app currently won't display venet-assigned IP addresses, but ifconfig will. There are some other significant differences including network security that you may wish to review. To keep things simple, choose Bridged Ethernet as shown in the screen shot above. As mentioned, we'll depend upon your DHCP server to assign a dynamic IP address. You can lock it down on your router to assure that the same IP address always is assigned to this virtual machine. Finally, provide a DNS domain for the new VM and assign at least one DNS server. The IP of your gateway router/firewall usually will suffice. Click create when you have filled in all the blanks.
To start the OpenVZ virtual machine, click on the List tab. Then click on the 64-bit VM you wish to run. When the details display, click the Start button. Within a couple seconds, your VM will start up. Now click on the Open VNC Console link which provides you a command line interface to the now running virtual machine. Type ifconfig several times until you get a display showing your network interfaces. If no IP address is shown for eth0, type: service network restart. You only need to do this the first time your new virtual machine is started. Once the network reloads, you should be good to go. Type status and the IP address of your new VM should display.
Before you do anything else, change the web passwords for your virtual machine to something that is really secure. Just type passwd-master and answer the prompts. You now can close the VNC window after writing down the IP address and VM ID of your new virtual machine.
NOTE: Unlike the 32-bit version from last week, it is not necessary to generate new SSH server keys for PIAF 64-bit virtual machines. These will be generated automatically the first time you start up the VM.
Installing DAHDI on the Proxmox Server. At the outset, we want to express our deep appreciation to Joe Roper, one of the founders of the PBX in a Flash project, for his work in putting together a simple script to install and activate DAHDI on the Proxmox server. In addition, the script spawns another script which makes it easy to activate DAHDI for any PIAF 64-bit virtual machines desired. For our European friends that ever have the need for an Asterisk consultant, you can do no better than Joe Roper. Thanks, Joe!
To begin, log into your Proxmox server as root and issue the following commands:
apt-get -y update
apt-get -y install zip
chmod +x install-dahdi.sh
Activating DAHDI for Designated Virtual Machines. By default, DAHDI is not activated on any of the virtual machines you create. To activate it and enable conferencing, log into your Proxmox server as root and issue the following command: pabx-enable-conference. When prompted to enter the VM ID of the virtual machine to be activated, type in the number (e.g. 101) and press Enter. After activation is complete, use a web browser to access the Proxmox GUI. Start up the virtual machine if it is not already running. Then, either log into the VM with SSH as root or choose Open VNC Console. From the CLI, type amportal restart to reload Asterisk. Once you have created at least one extension and one conference using the FreePBX GUI, you should be able to dial into the conference successfully. If you get an error about a missing TUN device, see comment #1 below for the fix. Enjoy!
Article of the Week. Justin West's Free Homebrew VoIP with Google Voice and Intel Atom
Enhanced Google Maps. In case you haven't noticed, we've added yet another Google Map to Nerd Vittles. Now, in addition to showing our location with Google Latitude, we also are displaying your location based upon your IP address. We'll show you how to add something similar to any LAMP-based Linux system in coming weeks. It's a powerful technology that has enormous potential. If you're unfamiliar with Google Maps, click on the Hybrid and Satellite buttons and then check out the scaling and navigation options. Double-click to zoom. Incredible!
whos.amung.us If you're wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what's happening. It's a terrific resource both for us and for you.
Need help with Asterisk? Visit the PBX in a Flash Forum.
Or Try the New, Free PBX in a Flash Conference Bridge.
Awesome Vitelity Special. Vitelity has generously offered a terrific discount for Nerd Vittles readers. You now can get an almost half-price DID from our special Vitelity sign-up link. If you're seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. When you use our special link to sign up, Nerd Vittles gets a few shekels down the road to support our open source development efforts while you get an incredible signup deal as well. The going rate for Vitelity's DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For our users, here's a deal you can't (and shouldn't) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls and four simultaneous channels for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. NOTE: You can only use the Nerd Vittles sign-up link to order your DIDs, or you won't get the special pricing! Vitelity's rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage. Any balance is refundable if you decide to discontinue service with Vitelity.
Some Recent Nerd Vittles Articles of Interest...