Forum Replies Created

Viewing 15 posts - 61 through 75 (of 254 total)
  • Author
    Posts
  • Avatar photoTelium Support Group
    Member
    Post count: 258
    in reply to: Asterisk 16 support #6813

    Asterisk 16 has numerous architectural changes that impact connected products. Our development team has implemented Asterisk 16 compatibility, but will not release thr code until Asterisk 16 has stabilized, and we see companies implementing Asterisk 16 in production.

    As of March 2019 Asterisk 16 is not widely placed into production yet, and so we advise you to NOT upgrade to Asterisk 16 at this time. Since you are a registered HAAst user you are welcome to download a pre-release version of HAAst which supports Asterisk 16.

    Asterisk 16 has undergone some significant changes since initial release, and until the product has stabilized we do not recommend placing Asterisk 16 in production.[/i][/color]

    Avatar photoTelium Support Group
    Member
    Post count: 258
    in reply to: Asterisk 16 support #6810

    Yes – you will need HAAst version 2.5.0 or later for Asterisk 16 support

    Avatar photoTelium Support Group
    Member
    Post count: 258

    The problem you are encountering has nothing to do with HAAst, and everything to do with the basics of networking. You have setup 2 NIC’s in each PC, but they are on the same subnet! That means that Linux has no idea where (out which NIC) to route traffic for your 192.168.1.0/24 subnet. You should not do this as it confuses Linux. This topic is part of what’s known as “multihoming”, and I would suggest you research this topic a bit further before you continue to setup your networks. As well, reread the HAAst installation guide – there’s a bit more information on this topic there. (This isn’t the first time we’ve seen this issue in the support group).

    By shutting down NIC1 on either PC you allow Linux to figure out how to properly route, but then your management NIC is gone so the cluster fails over.

    The solution (for 2 NIC’s per PBX) is to ensure that each NIC is on it’s own subnet. For example:

    Correct Implementation

    Incorrect Implementation

    Avatar photoTelium Support Group
    Member
    Post count: 258

    Telium’s software is an standalone product, which can run with pure Asterisk, as well as with configuration generators like Issabel, FreePBX, PIAF, etc. Telium’s software is not a plug-in module of FreePBX. (Sangoma signing applies only to FreePBX modules. ) HAAst operates between the operating system and Asterisk levels, while FreePBX operates above Asterisk as a ‘configuration generator’ that presents a pretty GUI and creates Asterisk config files for you.

    You should also be aware that some companies use module signing to protect their system, while other companies use module signing solely as a way of generating profits. In the latter case any developer can have their module signed if they pay for a signing key – even a bad module which steals your data or crashes your PBX can be signed. So signing is not always meaningful, but will always increase your cost.

    So module signing does not apply to HAAst, but be sure you understand the benefits really provided by module signing in the case of FreePBX.

    Avatar photoTelium Support Group
    Member
    Post count: 258

    Whenever you switch from a standalone to a clustered PBX there will be an outage. This can last from seconds to an hours depending on how to perform the cutover.

    It is possible to install HAAst into a live environment, but the “best” way depends a bit on your situation. If you cannot tolerate downtime, then you need to:

    1. Install HAAst on the live system but do not start the HAAst service
    2. Setup the second node (Asterisk and HAAst) but do not start the HAAst service
    3. Fully configure HAAst so the nodes will see each other
    4. At the next failure, maintenance window, or opportunity you chose, start the HAAst service on both nodes and the cluster will form

    If you are running FreePBX as your configuration generator we do not generally recommend the above approach, as FreePBX will crash/misbehave if you synchronize configuration data from (even slightly) different versions / enabled options / installed options. (And it’s very easy to accidentally install/enable different modules on FreePBX nodes). For this reason if you run FreePBX we recommend the following procedure:

    1. Install HAAst on the live system (per the installation guide)
    2. Configure HAAst on the live system
    3. Apply any Asterisk updates you wish
    4. Finalize your Asterisk dialplan and ensure Asterisk works as you wish
    5. During your maintenance window shutdown the PBX
    6. Use ‘dd’ or similar tool to mirror the PBX to a second PBX
    7. Restart both PBX’s (leave the new PBX unplugged from the network)
    8. Customize the second PBX with unique network and HAAst information
    9. Reconnect the second PBX to the network and the nodes should find each other
    10. The nodes should now report the cluster is live

    At a high level this should get you up and running with a working cluster. Our detailed installation guide has more specifics that take you through each of the steps above. As well, be sure to read the maintenance guide for instructions on updating.

    When Telium performs a live site installation, we bring up the cluster with minimal interruption in phone service (unless of course the customer approves more extensive failover test) as described above.

    Avatar photoTelium Support Group
    Member
    Post count: 258

    I’ll start by answering this question in the context of ANY cluster (eg: gateway cluster, router cluster, file server cluster, etc.). If the nodes which make up the cluster cannot talk to one another then they have no way of knowing if the other node is dead or alive. As such, the correct action for any isolated cluster node is to promote to active and assume the other node is dead. Once the nodes contact each other again they discover that multiple nodes are active (a situation called “dual-active contention”). Then the nodes should negotiate who should remain active, and who should demote itself.

    This is exactly what happens with HAAst. If the management connection between nodes is lost, then there is no way for either node to know that the other is alive. And so both nodes try to take over telephony service. Once the nodes reconnect then one node will automatically demote itself.

    You will find this scenario plays out identically with any commercial HA product (eg: CISCO routers with HSRP). Dual-active contention is the worst case scenario for any cluster as the two nodes are competing, and they will both contend for the resources / traffic / data / etc.

    There is a workaround called STONITH – available using event handlers in the Commercial Unlimited edition of HAAst. STONITH is an acronym for “Short The Other Node In The Head”, which basically tells one node to power off the other node. Although HAAst supports STONITH this functionality is disabled by default as the concept of STONITH is hotly debated as risky (a failing node may mistaking shoot the healthy node). And there are many scenarios where STONITH does not work (eg: two isolated nodes) without another out of band connection (eg: serial, 3rd network connection, etc)

    Avatar photoTelium Support Group
    Member
    Post count: 258

    HAAst depends on Asterisk to report the number of calls in progress. From the Asterisk CLI issue the command “core show calls” and you will see how call are calculated/reported.

    If you are running a configuration generator (eg: PIAF, FreePBX) then you will discover that the configuration generator triggers automatic internal (local) calls every X seconds to handle time variable updates and other checks. (Not a good design as they are loading up your PBX with background “calls”). There have been an number of discussions about this topic (on various websites) and causing a lot of frustration with users who are seeing their PBX being loaded up with CPU/disk activity to do little more than update a variable. Since some product vendors only have PHP development experience they must solve every problem using PHP scripts, call files, etc. Other vendors are quite sophisticated (eg: code in C++/C) and their products (eg: XCally) use minimal system resources.

    If you are running only Asterisk then check for channels not being released. (There are some documented bugs in Asterisk – depending on the version you are running).

    Avatar photoTelium Support Group
    Member
    Post count: 258

    This message means that the operating system is having trouble enumerating hardware on your host. This is due to a bug in your BIOS or Linux OS.

    Telium software tries to work around this bug, and everything SHOULD work fine. But if you have any problem with hardware failure detection or licensed features please contact Telium support and we’ll try to incorporate a fix specific to your BIOS/Linux.

    Avatar photoTelium Support Group
    Member
    Post count: 258

    HAAst is correctly NOT failing over because your PBX is operational and in-progress calls remain up. From HAAst’s perspective your PBX has reached capacity (but is still operational).

    First of all, be careful you don’t try to solve a security problem with an HA solution. Even if HAAst fails over to the other node, then that other node will subsequently be subject to those same DoS attacks and it will fail back, etc. So HA failover is not a solution. If you want HAAst to failover once your number of RTP ports in use reach a threshold you set, you can setup a HAAst sensor to monitor the number of RTP ports in use and factor this into each node’s health score. Then, HAAst will failover once the threshold you set for that sensor has been reached.

    Second, a more appropriate solution is to block the DoS attacked. Have a look at our Security for Asterisk product (http://www.autocommander.aws2.ocg.ca/?secast) which is designed to block DoS attacks (and a lot more).

    Avatar photoTelium Support Group
    Member
    Post count: 258

    All of our support services are in English. We have some native French, German, and Hindi language skills, but that depends on the support representatives on duty.

    However, for customers who can’t speak English we try to support them through Google Translate, translating each message in/out to the language of the customer’s choice.

    (Sin embargo, para los clientes que no hablan inglés, intentamos ayudarlos a través de Google Translate, traduciendo cada mensaje de entrada / salida al idioma que elija el cliente.)

    Avatar photoTelium Support Group
    Member
    Post count: 258

    We would be happy to SSH into your hosts to help with configuration.

    Our support machines have pre-installed VPN clients for the most popular protocols: Microsoft Windows protocols (PPTP/L2TP/IPSec/IKEv2), and Cisco VPN protocols (IPSec, PPTP/MPPE, L2TP/IPSec).

    If you chose not to use one of these protocols, or you require that we install a VPN client that is locked to your VPN concentrator / host, then we must build a virtual machine for our support techs to use when connecting to your system. Our support techs cannot (and may not) install any other software on their machines, in order to protect our computing environment.

    If you cannot use one of the pre-installed VPN protocols above, and you cannot port forward SSH from your public IP to your nodes, then we will have to charge you an additional 2 hours of support time to build and maintain a support VM dedicated to your environment. We will also archive this VM (while your maintenance agreement is active) to ensure we can continue to support you going forward.

    See FAQ 10042 for additional information: https://autocommander.aws2.ocg.ca/faq1042

    Avatar photoTelium Support Group
    Member
    Post count: 258

    We would be happy to SSH into your hosts to help with configuration.

    Our support machines have pre-installed VPN clients for the most popular protocols: Microsoft Windows protocols (PPTP/L2TP/IPSec/IKEv2), and shared Cisco VPN protocols.

    If you chose not to use one of these protocols, or you require that we install a VPN client that is locked to your VPN concentrator address, then we must build a virtual machine for our support techs to use when connecting to your system. Our support techs cannot (and may not) install any software on their machines, in order to protect our computing environment.

    If you cannot use one of the pre-installed VPN protocols above, and you cannot port forward SSH from your public IP to your nodes, then we will have to charge you an additional 2 hours of support time to build and maintain a support VM dedicated to your environment. We will also archive this VM (while your maintenance agreement is active) to ensure we can continue to support you going forward.

    See FAQ 10042 for additional information: https://autocommander.aws2.ocg.ca/faq1042

    • This reply was modified 4 years, 9 months ago by user.
    Avatar photoTelium Support Group
    Member
    Post count: 258

    We would be happy to SSH into your hosts to help with configuration.

    Our support machines have pre-installed VPN clients for the most popular protocols: Microsoft Windows protocols (PPTP/L2TP/IPSec/IKEv2), and shared Cisco VPN protocols.

    If you chose not to use one of these protocols, or you require that we install a VPN client that is locked to your VPN concentrator address, then we must build a virtual machine for our support techs to use when connecting to your system. Our support techs cannot (and may not) install any software on their machines, in order to protect our computing environment.

    If you cannot use one of the pre-installed VPN protocols above, and you cannot port forward SSH from your public IP to your nodes, then we will have to charge you an additional 2 hours of support time to build and maintain a support VM dedicated to your environment. We will also archive this VM (while your maintenance agreement is active) to ensure we can continue to support you going forward.

    See FAQ 10042 for additional information: https://autocommander.aws2.ocg.ca/faq1042

    Avatar photoTelium Support Group
    Member
    Post count: 258

    HAAst can handle that easily using the event handler system. There are 2 aspects to your cluster that must be handled separately: the FreePBX configuration, and the Asterisk configuration. Remember that FreePBX is a pretty GUI with it’s own configuration database (in MySQL), and it regenerates the Asterisk configuration files (flat files) when you click apply changes. So we have to handle each a bit differently.

    I should also point out that because FreePBX creates a relationship between DIALPLAN->ROUTES->TRUNKS, you cannot simply delete a trunk on one node but have it present on the other. To effectively remove the second trunk from London we modify one trunk configuration to ensure it cannot be activated by Asterisk (so it will be ignored in the dialplan). We do so by setting the SIP port to an invalid number.

    FreePBX Configuration
    To make your life simpler (and setup less confusing), on your New York FreePBX name your NY1 and NY2 trunks:

    Quote:
    MASTER_TRUNK1 (for the trunk)
    MASTER_TRUNK1_IN (for inbound)
    MASTER_TRUNK1_OUT (for outbound)
    MASTER_TRUNK2
    MASTER_TRUNK2_IN
    MASTER_TRUNK2_OUT

    Next, add to your New York FreePBX your LON trunk named exactly as follows:

    Quote:
    SLAVE_TRUNK1 (for the trunk)
    SLAVE_TRUNK1_IN (for inbound)
    SLAVE_TRUNK1_OUT (for outbound)

    Finally, add to your New York FreePBX a duplicate the above SLAVE_TRUNK1 to be named SLAVE_TRUNK2:

    Quote:
    SLAVE_TRUNK2
    SLAVE_TRUNK2_IN
    SLAVE_TRUNK2_OUT

    In FreePBX (on Master) edit your routes to use:

    1. MASTER_TRUNK1
    2. SLAVE_TRUNK1
    3. MASTER_TRUNK2
    4. SLAVE_TRUNK2

    in that order. Don’t worry about NY using SLAVE trunks, or London using MASTER trunks. HAAst will disable them to ensure only the right trunks are used in the right location.

    HAAst FreePBX MySQL event handler
    HAAst will be responsible for enabling all master trunks in New York (and disabling all slave trunks), and enabling all slave trunks in London (and disabling master trunks there), and changing the external IP address (for SIP config). HAAst will also disable SLAVE_TRUNK2 in London so it won’t be used (contents ignored). HAAst will also change the external IP address in SIP settings. Assuming that you are using the sample HAAst configuration file for Sangoma FreePBX, you will have a sync job named ‘freepbx-mysql’. You need to create a post-sync event handler (file) called sync.stop.post.freepbx-mysql in the /usr/local/haast/events folder. That event handler will be responsible for enabling/disabling trunks:


    #!/bin/bash

    # Determine if this is the SLAVE PBX
    ISSLAVE=$(hostname | grep london | wc -l)

    # Determine value of ‘disabled’ setting in FreePBX
    if [ ${ISSLAVE} -eq 0 ] ; then
    NODENAME=”NewYork”
    LOCALIP=”1.2.3.4″
    REMOTEIP=”5.6.7.8″
    MASTERDISABLED=”off”
    SLAVEDISABLED=”on”
    else
    NODENAME=”London”
    REMOTEIP=”1.2.3.4″
    LOCALIP=”5.6.7.8″
    MASTERDISABLED=”on”
    SLAVEDISABLED=”off”
    fi

    #—————————————————————————-

    HVERBOSE=0
    if [ -f “/usr/local/haast/internal/helperfunctions.sh” ] ; then
    . /usr/local/haast/internal/helperfunctions.sh
    elif [ -f “../internal/helperfunctions.sh” ] ; then
    . ../internal/helperfunctions.sh
    else
    echo “ERROR: Cannot find helperfunctions.sh”
    exit 10
    fi

    # Update the trunks table for MASTER_XXX trunks
    mysql
    -u ${MYSQL_SYNCUSERNAME}
    -p${MYSQL_SYNCPASSWORD}
    -h ${MYSQL_SYNCLOCALHOST}
    -D asterisk
    -P ${MYSQL_SYNCPORT}
    -N
    -B
    –execute=”update trunks set disabled=’${MASTERDISABLED}’ where name like ‘MASTER_%'”

    # Update the trunks table for SLAVE_XXX trunks
    mysql
    -u ${MYSQL_SYNCUSERNAME}
    -p${MYSQL_SYNCPASSWORD}
    -h ${MYSQL_SYNCLOCALHOST}
    -D asterisk
    -P ${MYSQL_SYNCPORT}
    -N
    -B
    –execute=”update trunks set disabled=’${SLAVEDISABLED}’ where name like ‘SLAVE_%'”

    # Update the kvblob table for the SIP settings > externip value
    mysql
    -u ${MYSQL_SYNCUSERNAME}
    -p${MYSQL_SYNCPASSWORD}
    -h ${MYSQL_SYNCLOCALHOST}
    -D asterisk
    -P ${MYSQL_SYNCPORT}
    -N
    -B
    –execute=”UPDATE kvblobstore SET content = REPLACE(content, ‘${REMOTEIP}’, ‘${LOCALIP}’)”
    mysql
    -u ${MYSQL_SYNCUSERNAME}
    -p${MYSQL_SYNCPASSWORD}
    -h ${MYSQL_SYNCLOCALHOST}
    -D asterisk
    -P ${MYSQL_SYNCPORT}
    -N
    -B
    –execute=”UPDATE kvstore_FreePBX_modules_Sysadmin SET val = REPLACE(val, ‘${REMOTEIP}’, ‘${LOCALIP}’)”
    mysql
    -u ${MYSQL_SYNCUSERNAME}
    -p${MYSQL_SYNCPASSWORD}
    -h ${MYSQL_SYNCLOCALHOST}
    -D asterisk
    -P ${MYSQL_SYNCPORT}
    -N
    -B
    –execute=”UPDATE kvstore_Sipsettings SET val = REPLACE(val, ‘${REMOTEIP}’, ‘${LOCALIP}’)”
    mysql
    -u ${MYSQL_SYNCUSERNAME}
    -p${MYSQL_SYNCPASSWORD}
    -h ${MYSQL_SYNCLOCALHOST}
    -D asterisk
    -P ${MYSQL_SYNCPORT}
    -N
    -B
    –execute=”UPDATE sysadmin_options SET value = REPLACE(value, ‘${REMOTEIP}’, ‘${LOCALIP}’)”

    # Tell HAAst all exitted ok
    exit 0

    HAAst Asterisk file event handler
    HAAst will be responsible for ensuring the trunk information (in sip.conf) has the contents appropriate for the node it is running on. There are also 2 distinct use cases we must consider. First use case: if SLAVE becomes active and the admin edits the configuration in FreePBX then Asterisk must accept that configuration and run normally (even if no event handlers have run). In this case there is nothing to be done since the disabled trunks will not generate any config data for Asterisk since they have been disabled in FreePBX. (Nothing to do). Second use case: The Asterisk configuration files from MASTER has been sent to SLAVE, and the SLAVE trunks contain information relevant for New York. To handler this situation we replace trunk content (in the Asterisk config files), and we also remove the MASTER_ prefix from any Asterisk config files (for clarity). Assuming that you are using the sample HAAst configuration file for Sangoma FreePBX, you will have a sync job named ‘freepbx-conf’. You need to create a post-sync event handler (file) called sync.stop.post.freepbx-conf in the /usr/local/haast/events folder. That event handler will be responsible for modify the Asterisk config files:


    #!/bin/bash

    # Determine if this is the SLAVE PBX
    ISSLAVE=$(hostname | grep london | wc -l)

    # Determine value of ‘disabled’ setting in FreePBX
    if [ ${ISSLAVE} -eq 0 ] ; then
    NODENAME=”NewYork”
    SECRET=”NySeCrEt”
    HOST=”12.23.34.45″
    EXTERNIP=”1.2.3.4″
    else
    NODENAME=”London”
    SECRET=”LoNSeCrEt”
    HOST=”98.87.76.65″
    EXTERNIP=”9.8.7.6″
    fi

    #—————————————————————————-

    HVERBOSE=0
    if [ -f “/usr/local/haast/internal/helperfunctions.sh” ] ; then
    . /usr/local/haast/internal/helperfunctions.sh
    elif [ -f “../internal/helperfunctions.sh” ] ; then
    . ../internal/helperfunctions.sh
    else
    echo “ERROR: Cannot find helperfunctions.sh”
    exit 10
    fi

    # Remove MASTER_ and SLAVE_ prefixes from sip config files and dialplan config files,
    # to allow for shared files between MASTER and SLAVE (with shared trunk names)
    sed -i ‘s/MASTER_//g’ /etc/asterisk/sip_additional.conf
    sed -i ‘s/MASTER_//g’ /etc/asterisk/extensions_additional.conf
    sed -i ‘s/SLAVE_//g’ /etc/asterisk/sip_additional.conf
    sed -i ‘s/SLAVE_//g’ /etc/asterisk/extensions_additional.conf

    # Enable / disable trunks in Asterisk config files, and alter settings for common
    if [ ${ISSLAVE} -eq 0 ] ; then
    # THIS IS MASTER
    # Enable trunk2 by removing port to a value that will never accept SIP
    # TRUNK2
    crudini –del –inplace /etc/asterisk/sip_additional.conf “TRUNK2_OUT” port
    else
    # THIS IS SLAVE
    # Disable trunk2 by setting port to a value that will never accept SIP
    crudini –set –inplace /etc/asterisk/sip_additional.conf “TRUNK2_OUT” port “9999”
    fi

    # Change values to match required local node settings
    # TRUNK1
    echo secret=”${HOST}” | crudini –merge –inplace /etc/asterisk/sip_additional.conf “TRUNK1_OUT”
    echo secret=”${SECRET}” | crudini –merge –inplace /etc/asterisk/sip_additional.Tconf “TRUNK1_OUT”
    # External IP address
    echo external_media_address=”${EXTERNIP}” | crudini –merge –inplace /etc/asterisk/pjsip.transports.conf “0.0.0.0-udp”
    echo external_signaling_address=”${EXTERNIP}” | crudini –merge –inplace /etc/asterisk/pjsip.transports.conf “0.0.0.0-udp”
    echo externip=”${EXTERNIP}” | crudini –merge –inplace /etc/asterisk/sip_general_additional.conf “”

    # Notify HAAst of success
    exit 0

    Notice that the above event handler also disables TRUNK2 by adding an incorrect sip port number (9999), and uses the open source ‘crudini’ package to accomplish this. This will cause the trunk connection to fail, and Asterisk will ignore the trunk. The result is that the ROUTES as setup in FreePBX will skip this trunk.

    Notice as well that we hard coded a bit of information at the start of the event handlers; this is for simplicity. If you want to get really fancy, you can extract the relevant trunk data from the MySQL database and use that to update the Asterisk files. But the above explains the concept in the simplest way possible.

    Avatar photoTelium Support Group
    Member
    Post count: 258

    It looks like your MySQL server database is closing the connection – causing SecAst to constantly reopen the connection. Normally a support rep would connect to your system by SSH to look for a MySQL related issue, or to capture more detail about the cause of the database closure. As you are running the free edition we can’t assist much further, but I’ve opened a ticket to see if we can reproduce this in our lab prior to our next release. Could you post your Linux distro, version, and architecture? (So I can add to the ticket)

Viewing 15 posts - 61 through 75 (of 254 total)