Asterisk Virtual PBX Perfection: PiaF + Proxmox, Part II

Taming the OpenVZ beast to support Asterisk® virtualization has been interesting. Reminds me of laying track in front of a steaming locomotive. The demand for a solid, stable Asterisk-based Virtual PBX is overwhelming based upon the visitor count we've recorded. So we wanted to get it right! If you haven't visited the original article in a few days or if you've just landed here, start there. Then come back.

Security WARNING: Always run Proxmox behind a secure, hardware-based firewall with no port exposure to the Internet. Review this message thread for the reasons why.

If you're new to the virtualization world, the beauty of OpenVZ templates running on a Proxmox VE server is that you can create a fully-functional PBX in a Flash system in just under 15 seconds. If you want a dozen fully functional PBXs, the creation time jumps to a whopping 3 minutes. And OpenVZ images load almost instantly with a choice of either dynamic or static IP addresses. Add another 5 minutes to run the new Orgasmatron V installer, and you've got a turnkey, state-of-the-art PBX with dozens of preconfigured Asterisk applications plus free calling in the U.S. and Canada courtesy of Google Voice.

For normal PBX operations, last week's 32-bit PBX in a Flash OpenVZ template was just about perfect. But there were two wrinkles. First, conferencing didn't work because there was no timing source (aka Zaptel/DAHDI). You'll recall that both Zaptel and DAHDI are tied to the Linux kernel. And, with OpenVZ templates, the kernel lives on the Proxmox server. Because Proxmox is a 64-bit native application, its kernel wasn't accessible to 32-bit apps such as last week's template. Second, there's a Denial of Service security issue with the version of IAX2 installed in the default build of PBX in a Flash which you already know about if you've been following us on Twitter or if you subscribe to the PIAF RSS Feed.

So we had our work cut out for us this week. We wanted to kill two birds with one stone by delivering a 64-bit version of PBX in a Flash with conferencing support that also addressed the IAX2 security issue. The nice part of IAX is that you really only need to expose the IAX port through your firewall on one server. Then all of your remaining servers can register to the new safe server (using any version of Asterisk) while remaining safely ensconced behind hardware- based firewalls to avoid DOS attacks.

Overview. There are five pieces to this week's puzzle. First, you need a functioning Proxmox VE 1.3 server. Second, you need to install the new 64-bit PBX in a Flash OpenVZ template on your Proxmox server. Third, you need to create at least one OpenVZ virtual machine (VM) using the new PIAF 64-bit template. Fourth, you need to install and activate DAHDI on your Proxmox server. And finally, you need to enable DAHDI on each of the virtual machines created in step #3.

Installing Proxmox. We're assuming you've already purchased an appropriate hardware platform for Proxmox and have your Proxmox VE 1.3 server up and running. If not, start with last week's article. Be sure to read the footnotes to make certain you purchase hardware that actually can run Proxmox! NOTE: The new Proxmox VE 1.4 beta does not yet have all of the tools necessary to enable conferencing so make certain you install the current 1.3 release.

Installing PIAF 64-bit OpenVZ Template. Using a web browser, download the new PBX in a Flash 64-bit OpenVZ template to your Desktop. Our special thanks to Wolf Paul for his continuing help in teaching us how to build these templates. Once you have the OpenVZ template in hand, point your web browser to your Proxmox server: https://ipaddress. Accept the default certificate and login as root. You'll get a Welcome screen that looks something like what's shown above. Click on the Appliance Template option. In the Upload File section, choose the PIAF 64-bit OpenVZ template on your Desktop and click Upload. Be patient. It's a big file. So go have a cup of coffee. You'll get a prompt when it's completed. And, as Joe Roper has pointed out, you can do this directly within the Proxmox server by logging in as root and issuing the following commands.

cd /var/lib/vz/template/cache/
wget http://nerd.bz/dnlkWr


Creating a PIAF 64-bit Virtual Machine. Now you're ready to create your 64-bit virtual machine. Click on Virtual Machines and then the Create tab. Accept the default OpenVZ Container type. For the Template, choose centos-5.0-pbxinaflash_1.4.0-3_x86_64. Now give your virtual machine a host name that will help you distinguish it from other VMs on your Proxmox server. Create a secure root password for your new VM. We recommend a minimum memory and swap memory size of 512MB and a minimum disk size of 20GB. You can experiment with these to find the best fit on your server. It only takes about 15 seconds to create an OpenVZ virtual machine so trial-and-error isn't painful.

You have a choice of Network Types. With Virtual Networks (venet), you need to designate a static IP for your virtual machine. With Bridged Ethernet (veth), an IP address is assigned by your DHCP server. Be aware that our status app currently won't display venet-assigned IP addresses, but ifconfig will. There are some other significant differences including network security that you may wish to review. To keep things simple, choose Bridged Ethernet as shown in the screen shot above. As mentioned, we'll depend upon your DHCP server to assign a dynamic IP address. You can lock it down on your router to assure that the same IP address always is assigned to this virtual machine. Finally, provide a DNS domain for the new VM and assign at least one DNS server. The IP of your gateway router/firewall usually will suffice. Click create when you have filled in all the blanks.

To start the OpenVZ virtual machine, click on the List tab. Then click on the 64-bit VM you wish to run. When the details display, click the Start button. Within a couple seconds, your VM will start up. Now click on the Open VNC Console link which provides you a command line interface to the now running virtual machine. Type ifconfig several times until you get a display showing your network interfaces. If no IP address is shown for eth0, type: service network restart. You only need to do this the first time your new virtual machine is started. Once the network reloads, you should be good to go. Type status and the IP address of your new VM should display.

Before you do anything else, change the web passwords for your virtual machine to something that is really secure. Just type passwd-master and answer the prompts. You now can close the VNC window after writing down the IP address and VM ID of your new virtual machine.

NOTE: Unlike the 32-bit version from last week, it is not necessary to generate new SSH server keys for PIAF 64-bit virtual machines. These will be generated automatically the first time you start up the VM.

Installing DAHDI on the Proxmox Server. At the outset, we want to express our deep appreciation to Joe Roper, one of the founders of the PBX in a Flash project, for his work in putting together a simple script to install and activate DAHDI on the Proxmox server. In addition, the script spawns another script which makes it easy to activate DAHDI for any PIAF 64-bit virtual machines desired. For our European friends that ever have the need for an Asterisk consultant, you can do no better than Joe Roper. Thanks, Joe!

To begin, log into your Proxmox server as root and issue the following commands:

cd /root
wget http://nerd.bz/dahdi
apt-get -y update
apt-get -y install zip
unzip install-dahdi.zip
rm install-dahdi.zip
chmod +x install-dahdi.sh
./install-dahdi.sh

Activating DAHDI for Designated Virtual Machines. By default, DAHDI is not activated on any of the virtual machines you create. To activate it and enable conferencing, log into your Proxmox server as root and issue the following command: pabx-enable-conference. When prompted to enter the VM ID of the virtual machine to be activated, type in the number (e.g. 101) and press Enter. After activation is complete, use a web browser to access the Proxmox GUI. Start up the virtual machine if it is not already running. Then, either log into the VM with SSH as root or choose Open VNC Console. From the CLI, type amportal restart to reload Asterisk. Once you have created at least one extension and one conference using the FreePBX GUI, you should be able to dial into the conference successfully. If you get an error about a missing TUN device, see comment #1 below for the fix. Enjoy!


Article of the Week. Justin West's Free Homebrew VoIP with Google Voice and Intel Atom


Enhanced Google Maps. In case you haven't noticed, we've added yet another Google Map to Nerd Vittles. Now, in addition to showing our location with Google Latitude, we also are displaying your location based upon your IP address. We'll show you how to add something similar to any LAMP-based Linux system in coming weeks. It's a powerful technology that has enormous potential. If you're unfamiliar with Google Maps, click on the Hybrid and Satellite buttons and then check out the scaling and navigation options. Double-click to zoom. Incredible!


whos.amung.us If you're wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what's happening. It's a terrific resource both for us and for you.



Need help with Asterisk? Visit the PBX in a Flash Forum.
Or Try the New, Free PBX in a Flash Conference Bridge.


 
New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID and 60 free minutes from our special Vitelity sign-up link. If you're seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity's DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here's a deal you can't (and shouldn't) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month and you get a free hour of outbound calling to test out their call quality. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won't get the special pricing! After the free hour of outbound calling, Vitelity's rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you decide to discontinue service with Vitelity.
 


Some Recent Nerd Vittles Articles of Interest...

Be Sociable, Share!

15 Responses to “Asterisk Virtual PBX Perfection: PiaF + Proxmox, Part II”

  1. ward says:

    On some machines (apparently Intel processors), an issue has arisen with regard to access to a missing TUN device. Here is the message thread with the fix. For additional background, see this article on the OpenVZ WIKI. Here’s a sample fix for VMID #106:

    vzctl set 106 --devices c:10:200:rw --save
    vzctl set 106 --capability net_admin:on --save
    vzctl exec 106 mkdir -p /dev/net
    vzctl exec 106 mknod /dev/net/tun c 10 200
    vzctl exec 106 chmod 600 /dev/net/tun

  2. cmpyutr says:

    Oh, no. I just purchased the Dell T105, with Dual Core AMD® Athlon™ 4450B processor. I’m guessing this will NOT support the PIAF 64-bit VM? And the 32-bit VM from last week’s article has unfixable wrinkles?

    [WM: Not sure what the source of your information is. According to AMD, the 4450B supports virtualization. Here’s another link that says the same thing. In fact, one of my partners uses this machine and runs 64-bit Windows XP under Proxmox with no problems.]

  3. Sergio Cury says:

    Ward;
    As usual, GREAT STUFF. And as your title says, it just works. And really works perfectly. Just for the records, I have a X3220 processor with an Intel MB and Areca 1220 raid controller. For my surprise, Proxmox recognized the Areca controller without any need of third party driver.
    One thing I couldn’t do and I am guessing it’s because of the 64 bit operating system is to have Hud Lite working properly. Did anybody tried that? Also, any other suggestions for a desktop front end?
    Congratulations one more time on all your efforts dedicated to the community.

  4. JD Austin says:

    This sounds like just what I’ve been looking for to create real multi-tenant systems without using kludges like custom contexts.

    Question: If I install Dahdi hardware in to the real server would I create IAX2 trunks to allow access to the virtual machines or is there a different way?

    [WM: Still testing whether you can actually use shared hardware.]

  5. powerpbx says:

    Looks good guys. Testing it now. I suggest you do a “yum clean all” before creating the next template.

  6. Jeff K says:

    Will this method of implementing DAHDI allow for time conditions to work? I’m hours away from purchasing a server for colocation using Proxmox, but time conditions and conferencing needs to work.

  7. Nic O says:

    Has anyone tried OpenVZ template with the stable Proxmox 1.4 release?

  8. James says:

    The install-dahdi.sh command fails with the following:

    ./install-dahdi.sh: line 41: make: command not found
    ./install-dahdi.sh: line 42: make: command not found
    ./install-dahdi.sh: line 43: make: command not found
    ./install-dahdi.sh: line 116: /etc/init.d/dahdi: No such file or directory

    any thoughts on how to fix it.

  9. Mark Barry says:

    Has anyone been able to access the devices for the phone cards directly from the VEs?

  10. James says:

    I found the solution to my problem two posts up. I described it on the pbxinaflash site.

    http://pbxinaflash.com/forum/showthread.php?t=5446&page=2

    The simple answer is that the dahdi install fails because proxmox has updated to version 1.4 and the correct dependencies for the install have been moved to the old repository.

  11. Pluto04 says:

    I am trying to get this solution working and am unable to find the OpenVZ image for X86. On the beta download site I only find: centos-5.0-pbxinaflash_1.4.0-3_amd64.tar.gz, the X86 image is not there.
    If someone can point me in the right direction I will greatly appreciate.

    [WM: Go to http://beta.pbxinaflash.net and choose the 32-bit image.]

  12. kerry says:

    I was wondering what version of proxmox this tutorial requires to be installed so that the dahdi install script will work?!?

  13. carl says:

    I try to log into the pbx interface and the password doesn’t work. What should this be? the password setup in the creation of the vm? Should this be the root password?

    [WM: Run passwd-master from the command prompt. Then log into FreePBX web GUI with username maint and the password you set with passwd-master.]

  14. carl says:

    perfect, thanks for that.

  15. wmbond says:

    I think what carl is referring to, is the same thing I am having a problem with. I am using the OpenVZ Purple template and after creating a new VM and going to the IP address of the vm, you are presented with the PBXinaFlash menu. If you click the button on the bottom that says admin, it then prompts you for a password and only a password. This password is not set when you use passwd-master and it is not the root password. I am able to get into FreePBX if I go to http://ipaddress/admin. How do I reset the password to use the admin area of PBXinaFlash?

    [WM: Don’t forget to run passwd-master.]

Ringbinder theme by Themocracy