Koozali.org: home of the SME Server
Legacy Forums => General Discussion (Legacy) => Topic started by: duncan on February 17, 2005, 09:14:56 AM
-
I have been working on building sme packages for the Asterisk management portal project and have for the most part finished. I have a small problem in that the httpd owner (in this case www) needs a shell to run and update the Flash Operator Panel. Easy enough to do - however I am not sure of the security implecations in doing this.
I would appreciate any comment on the possible risks involved in doing this.
Regards Duncan
-
Hi Duncan,
I guess you are looking at a way to start/stop server.pl Have you considered trying this by using the asterisk manager to execute a system command?
guest
-
Hi Duncan,
I guess you are looking at a way to start/stop server.pl Have you considered trying this by using the asterisk manager to execute a system command?
guest
Hello,
AMP (http://amp.coalescentsystems.ca/) has a few hooks into FOP for adjusting its config files and reloading op_server.pl etc. Does everything automagically - however it needs to run as the httpd owner and does this via su (Has its own script - amportal). The docs suggest running httpd as asterisk:asterisk which doesnt work to well with SME.
Duncan
-
Hi Duncan,
I have installed AMP on a 6.01 SME server (by hand). I had the same issue, so I changed the httpd user to 'asterisk' with a custom template.
However, I would prefer to run asterisk as root, as that way it can take the -p parameter, to run in real-time.
Any idea what effect this would have on AMP? I presume it will have a problem reloading after a change to the AMP database.
-
I did in amportal
su - root -c "export PATH=$PATH:/usr/sbin && export LD_LIBRARY_PATH=/usr/local/lib && /usr/sbin/safe_asterisk -p"
All on one line. Seemed to work fine.
I wasnt keen on running httpd as asterisk - so I gave www a shell and changed some permissions around as well as starting FOP as www.
Curious to know if you patched asterisk for spandsp. I havnt had a chance to test it out yet.
Regards Duncan.
-
Thanks for the tip, I'll try it out.
No, i did'nt patch asterisk at all, just took the 1.0.5 .gz file and made a .rpm for it.
I understood that spandsp was purely for fax support, and as I didn't have a requirement, I didn't include it.
If you need anyone to test your AMP.rpm, I'll be glad to help! :-D
-
Duncan, I am working on the same thing.
I have modifed AMP and have it working with asterisk on a SME6.0.1 box. I have patched a cvs version of asterisk with spandsp. The computer has an X100P card which is happily differentiating between a fax and a voice call. The faxes are being handled nicely (converted to pdf files and emailed as attachments to a designated user). I have two Grandstream phones on the LAN VOIP system and they work nicely within the LAN and also dialing in and out through the X100P card.
I was also hacking around with user:group stuff for amp. I changed it so that asterisk runs httpd and owns /var/www/html . I know this is not the best solution. I tried adding user asterisk to the share and www group instead but still there were permission problems.
I also modifed amp to install in /var/www/html/amp rather than /var/www/html This required making changes to a few amp files since the paths are hard coded in a couple files.
I think it is rather heavy handed that amp wants to own the httpd and /var/www/html ( I assume the idea is that they create a computer as a single purpose amp/asterisk server. But still...)
I would like to collaborate with you on this to reduce redundancy and get a good working product.
Below is a somewhat messy list of the steps I took.
Installed on pbx( the hostname) for AMP (in this order)
cpp-2.96-113.i386.rpm
glibc-devel-2.2.5-44.i386.rpm
glibc-kernheaders-2.4-7.16.i386.rpm
gcc-2.96-113.i386.rpm
audiofile-0.2.3-1.i386.rpm
pkgconfig-0.12.0-1.i386.rpm
audiofile-devel-0.2.3-1.i386.rpm
bison-1.35-1.i386.rpm
kernel-source-2.4.20-18.7.i386.rpm
libtiff-3.5.7-2.i386.rpm
libtiff-devel-3.5.7-2.i386.rpm
ncurses-devel-5.2-26.i386.rpm
openssl-devel-0.9.6b-35.7.i386.rpm
zlib-devel-1.1.4-8.7x.i386.rpm
lame-3.96.1-1.0.rh7.dag.i386.rpm
Gotta install ghostscript for fax to email...
(order is important)
rpm -ivh XFree86-libs-4.2.0-8.i386.rpm
rpm -ivh Omni-0.5.1-3.i386.rpm
rpm -ivh XFree86-font-utils-4.2.0-8.i386.rpm
rpm -ivh XFree86-xfs-4.2.0-8.i386.rpm
rpm -ivh chkfontpath-1.9.5-2.i386.rpm
rpm -ivh ttfonts-1.0-9.noarch.rpm
rpm -ivh VFlib2-2.25.6-4.i386.rpm
rpm -ivh urw-fonts-2.0-17.noarch.rpm
rpm -ivh --nodeps ghostscript-fonts-5.50-3.noarch.rpm
rpm -ivh ghostscript-6.52-8.i386.rpm
Perl modules installed for AMP (in this order)
Net-Telnet-3.03.tar.gz
IPC-Signal-1.00.tar.gz
Proc-WaitStat-1.00.tar.gz
mime-construct-1.8.tar.gz
asterisk-perl-0.08.tar.gz
For via boards the asterisk Makefile has to have PROC=i586 set or it won't work.
In the Opencall dsp software, spandsp ...
(T.31 is the class 1 FAX modem spec and that code is not complete).
In src/Makefile.am remove references to t31.c and build the library.
Create /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/99AMPAccess
/sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf
/etc/e-smith/events/actions/restart-httpd-graceful
Change /var/www/html/amp/panel/op_server.cfg flash_dir parameter to...
flash_dir=/var/www/html/amp/panel
Change /var/www/html/amp/admin/vm_conf.php
$vmconf = '/var/www/html/amp/admin/voicemail.conf';
Change /var/www/html/amp/admin/cdr/lib/defines.php
change WEBROOT and FSROOT
Changes to AMP for e-smith
change /etc/php.ini file to find DB.php in /usr/share/pear
include_path = ".:/usr/share/php:/usr/share/pear"
Should create custom template for...
/etc/e-smith/templates/etc/php.ini/50PathsDirectories:include_path
Dir seems to missing...
mkdir /var/lib/asterisk/sounds/custom
chown asterisk.shared /var/lib/asterisk/sounds/custom/
Change /var/www/html/amp/admin/retrieve_op_conf_from_mysql.pl
$sip_conf = "/var/www/html/amp/panel/op_buttons_additional.cfg";
Change /var/www/cgi-bin/vmail.cgi
$astpath = "/amp/_asterisk";
-
I have built all of the packages required as rpm so you really only need to install libtiff from that lot of dev tools.
The asterisk rpm needs a little work to give it ch_zap.so without requiring zaptel to be compiled and working on the system. The amp rpm needs some work to sort out permissions and owner issues.
I have modified extensions.conf to do away with the pdf attachments and have it send tifs instead. No need to add all the ghostscript stuff (I find pdfs to be cumbersome). I also set it up to make use of the customers TSI rather than caller id - which is more informative.
T.31 will not compile because gcc is lower than 3.0 - doesnt seem to be a problem though - just used the method you used to get it up and running. The faxing works well enough - though I did do some 20 page faxes (for testing) and managed to kill it - so I will need to test it some more before moving away from hylafax.
I have put this to the back burner for the moment - I do however have two large voip installs coming up in the next month (using Samsung iDCS product) and I am really keen to try set * up alongside for voicemail (no hardware - just Sip) so I will pick it up again around that time.
-
Duncan, would you care to share your work in progress with me and I can work on the areas that you have pointed out as needing attention?
I can move this forward while you are working on other projects.
Let me know.
David
-
I must note it is good to see Duncan working hard as always.
I tested this one Duncan on 6.01
http://www.asternic.org/
Has basic operator funtions and was easy enough to setup.
Cheers :-D
-
Just checking to see if you had made any progress with a how-to or rpm for amp. I installed the rpm for asterisk this morning, but would feel more comfortable with a config tool.
Regards
-
For via boards the asterisk Makefile has to have PROC=i586 set or it won't work.
A little trick for VIA CPU users who have to compile sources often: create a file /usr/local/bin/uname containing:
#/bin/sh
/bin/uname ${@} | sed -e s/i686/i586/g
...and chmod it as executable:
chmod +x /usr/local/bin/uname
Every time a Makefile will execute "uname" to get the architecture, it'll invoke /usr/local/bin/uname which will correct any occurrence of "-i686" in /bin/uname's output into "-i586":
[root@emn opt]# uname -a
Linux emn 2.4.20-18.7 #1 Thu May 29 07:51:41 EDT 2003 i586 unknown
[root@emn opt]#
Enzo
-
Just checking to see if you had made any progress with a how-to or rpm for amp. I installed the rpm for asterisk this morning, but would feel more comfortable with a config tool.
Regards
Hi. I uploaded a version 1 of a How to guide for AMP on the SME Server. You can check it out at...
http://no.longer.valid/phpwiki/index.php/How%20to%20install%20AMP%3A%20the%20Asterisk%20Management%20Portal
David K.
-
Looks good.
Some packages -> http://www.goldtel.com.au/amp/
-
Hi. I uploaded a version 1 of a How to guide for AMP on the SME Server. You can check it out at...
http://no.longer.valid/phpwiki/index.php/How%20to%20install%20AMP%3A%20the%20Asterisk%20Management%20Portal
David K.
I have followed a different approach: AMP running into its e-bay as user "amp", asterisk as user "asterisk" and Apache as user "www"; then all of them are placed into a common "astman" group. Here are the main steps (I might have forgotten some):
- Through the web server manager, create an "astman" group, with the Administrator part of it
- Through the web server manager, create an "amp" i-bay, part of the "astman" group,
with user access "read:group, write:group", Web access "Entire Internet (password required)"
Execution of dynamic content "enabled"
- Manually (using vi) add the user asterisk to the group "astman" in /etc/group
Now the html and cgi-bin under /home/e-smith/files/ibays/amp/ (seen from the web as "http://.../amp/") are owned by root but part of the astman group which has rw rights.
Untar AMP to /usr/src/AMP and follow the rest of the instructions inside INSTALL but replace occurrences of /var/www/ with /home/e-smith/files/ibays/amp/ , both in the instructions and inside:
/home/e-smith/files/ibays/amp/html/admin/cdr/lib/defines.php
/home/e-smith/files/ibays/amp/html/admin/bounce_op.sh
/home/e-smith/files/ibays/amp/html/admin/retrieve_op_conf_from_mysql.pl
/home/e-smith/files/ibays/amp/html/admin/vm_conf.php
/home/e-smith/files/ibays/amp/html/panel/op_server.cfg
/usr/sbin/amportal
/etc/init.d/asterisk
Also, in /home/e-smith/files/ibays/amp/html/index.html change /cgi-bin into ./cgi-bin, panel into ./panel and admin into ./admin
Before running "/usr/sbin/amportal start" (which sets various permissions), in /usr/sbin/amportal change chown_asterisk() as follows:
chown_asterisk() {
echo SETTING FILE PERMISSIONS
chown -R asterisk:astman /var/run/asterisk
chmod ug+rw /var/run/asterisk
chown -R asterisk:astman /etc/asterisk
chmod ug+rw /etc/asterisk
chown -R asterisk:astman /var/lib/asterisk
chmod ug+rw /var/lib/asterisk
chown -R asterisk:astman /var/log/asterisk
chmod ug+rw /var/log/asterisk
chown -R asterisk:astman /var/spool/asterisk
chmod ug+rw /var/spool/asterisk
chown -R asterisk:astman /dev/zap
chmod ug+rw /dev/zap
chown asterisk /dev/tty9
#chown -R asterisk:asterisk /var/www
chmod ug+x /var/lib/asterisk/agi-bin/*.agi
chmod ug+x /home/e-smith/files/ibays/amp/cgi-bin/*.cgi
chmod ug+x /home/e-smith/files/ibays/amp/html/admin/*.pl
chmod ug+x /home/e-smith/files/ibays/amp/html/admin/*.sh
chmod ug+x /home/e-smith/files/ibays/amp/html/panel/*.pl
echo Permissions OK
}
Now solve the issue with PEAR, installed in /usr/share/pear which is out of the open_basedir defined in /etc/e-smith/templates/etc/httpd/conf/httpd.conf/95AddType00PHP2ibays . Change:
"php_admin_value open_basedir $basedir\n";
to
"php_admin_value open_basedir $basedir:/usr/share/pear\n";
Then issue:
/sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf
/etc/init.d/httpd restart
Finally, rename /etc/init.d/asterisk to /etc/init.d/asterisk-old and copy /usr/sbin/amportal to /etc/init.d/asterisk .
Enzo
-
So has anyone had any luck loading the latest asterisk and AMP. I tried following enzom's information, however it looks as though the AMP installation scripts have changed. Any pointers or walkthroughs would be greatly appreciated!
Regards