====== Build a PBX Virtual Machine with YUM Using CentOS, Asterisk and FreePBX ======

See also: **[[https://www.sonoracomm.com/wiki/doku.php?do=search&id=freepbx&highlight=no|Other FreePBX pages in this wiki]]**

These other pages were used in the preparation of the Virtual Architects vPBX template:

:!: See also **[[voice:pbx:freepbx:freepbx_config|FreePBX Configuration]]**

:!: See also **[[voice:pbx:pbx_security|PBX Security]]**

:!: See also **[[voice:pbx:asterisk:asterisk_timing|Asterisk Timing Issues]]**

:!: See also **[[voice:pbx:freepbx:freepbx_provisioning|FreePBX Phone Provisioning]]**

:!: See also **[[voice:pbx:freepbx:freepbx_isymphony|iSymphony Operator Panel]]**

http://www.roelbroersma.nl/index.php/2013/04/14/asterisknow-vm-for-xenserver

  * CentOS 6.4 x64
  * Asterisk 11.5
  * FreePBX 2.11

===== Documentation =====

https://wiki.asterisk.org/wiki/display/AST/Asterisk+11+Documentation

https://wiki.asterisk.org/wiki/display/AST/Asterisk+Packages

===== Warnings =====

:!: CAUTION!  This document assumes your PBX is behind a firewall and not exposed directly to the Internet.

:!: Be VERY careful exposing your PBX to the outside world.  Otherwise, YOU WILL BE HACKED and it can be VERY expensive!  Evildoers are constantly looking for loose security settings on PBXs (and anything else).

:!: NEVER use trivial passwords for anything!  Even internally.  Otherwise, YOU WILL BE HACKED and it can be VERY expensive!

===== Updating =====

Since we wisely use RPM packages and YUM throughout:

<file>
yum update
</file>

===== XenServer =====

Create a new paravirtualized VM using the Centos 6 (x64) template.

:!: Estimate 100KBps of network (Internet) bandwidth required per simultaneous conversation is also required.

:!: Voice services are a separate expense.

The following are estimates only.  Sizing is easy to adjust later on virtualization platforms.

^PBX Size   ^Price   ^RAM     ^vCPUs  ^Disk Size  ^Anticipated Simultaneous Calls ^Notes                      ^
|Small      |  $14.95|512MB   |1      |15GB       |3-4                            |Perfect for small offices  |
|Medium     |  $24.95|1024MB  |2      |25GB       |5-7                            |Minimum for iSymphony      |
|Large      |  $34.95|1536MB  |4      |40GB       |8-20+                          |More than most small offices need|

Install the XenServer Tools after the OS is installed if using XenServer:

  - In XenCenter, choose **VM -> Install XenServer Tools**
  - In the VM:
    - ''mount /dev/xvdd /mnt''
    - ''/mnt/Linux/install.sh''

===== Minimal CentOS 6 Install =====

Do a **[[computing:linux:minimal_centos_install|Minimal Install]]** of Centos 6 x64.

:!: I generally disable IPv6 since I've never used it on a PBX.

After the initial reboot:

<file>
yum update -y
</file>

then reboot again.

===== Networking =====

:!: You may need to do this before updating.

Configure a **[[networking:linux:static_ip_addr|Static IP Address]]** (CentOS).

===== Security Enhanced Linux (selinux) =====

Disable selinux:

<file>
setenforce 0
sed -i 's/\(^SELINUX=\).*/\SELINUX=disabled/' /etc/sysconfig/selinux
</file>

===== Firewall =====

See also **[[voice:pbx:pbx_security|PBX Security]]**

==== External Firewall ====

:!: Only open the firewall or forward the ports that are absolutely necessary.

:!: If you don't have any remote extensions, don't open the SIP ports (UDP) 5060-5061.

:!: If you are using SIP trunks, and you sometimes get one-way audio, you may have to open or forward RTP ports (UDP) 10000-20000.

:!: If using IAX for trunks or extensions, you may have to open or forward (UDP) port 4569.

Assuming your PBX is behind a NAT firewall of some sort, forward some ports in to the PBX (Mikrotik example shown):

<file>
/ip firewall nat add action=dst-nat chain=dstnat comment="Forward UDP ports to PBX" \
dst-port=5060-5061,10000-20000,4569 in-interface=ether1 protocol=udp to-addresses=<PBX_IP>
</file>

==== PBX Internal Firewall ====

:!: This is not intended to show the perfect firewall.  Adjust to your needs.

<file>
vi /etc/sysconfig/iptables
</file>

Make it look something like this:

<file>
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 50000 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 50003 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 5060:5061 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 10000:20000 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 4569 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
</file>

===== RepoForge Repository =====

Here we add the RepoForge Repository (x64) needed to install ''mpg123'':

<file>
wget wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm
rpm -ivh rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm
rm -f rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm
</file>

Now we disable the repository so it isn't used without being called:

<file>
vi /etc/yum.repos.d/rpmforge.repo

enabled=0
</file>

===== Installation =====

:!: Digium provides separate repositories for different Asterisk versions.

:!: Once you install an Asterisk version, its repository will be enabled permanently.

Check for updates and additional CentOS (64-bit) packages [[http://packages.asterisk.org/centos/6/current/x86_64/RPMS/|here]] and Asterisk 11 packages [[http://packages.asterisk.org/centos/6/asterisk-11/x86_64/RPMS/|here]].

<file>
yum install --enablerepo=rpmforge dnsmasq mpg123

rpm -Uvh http://packages.asterisk.org/centos/6/current/i386/RPMS/asterisknow-version-3.0.0-1_centos6.noarch.rpm
</file>

<file>
yum install --enablerepo=asterisk-11 asterisk asterisk-configs asterisk-addons \
asterisk-sounds-core-en-ulaw asterisk-sounds-extra-en-gsm asterisk-sounds-extra-en-ulaw \
dahdi-tools dahdi-tools-doc freepbx nmap libsrtp mod_ssl sox nano
</file>

:!: Once installed, you can search for additional asterisk-related packages using a web browser to the repo URLs or at the command line with YUM:

<file>
yum search asterisk
</file>

Now we stop Asterisk and delete a few files so FreePBX can recreate them properly (as links, on the first 'Apply Config'):

<file>
amportal stop

rm -f /etc/asterisk/features.conf
rm -f /etc/asterisk/iax.conf
rm -f /etc/asterisk/sip_notify.conf
rm -f /etc/asterisk/logger.conf
rm -f /etc/asterisk/cel_odbc.conf
rm -f /etc/asterisk/cel.conf
rm -f /etc/asterisk/res_odbc.conf
rm -f /etc/asterisk/logger.conf
</file>

Comment out the various unneeded DAHDI modules (all of them):

<file>
vi /etc/dahdi/modules
</file>

Verify a few permissions settings:

<file>
amportal chown

chown -R asterisk.asterisk /var/lib/asterisk/agi-bin/
chown -R asterisk.asterisk /etc/asterisk
</file>

And tweak the startup:

<file>
sed -i 's/AsteriskNOW with FreePBX/your Virtual Architects vPBX/g' 
sed -i 's/AsteriskNOW system/Virtual Architects vPBX/g' /usr/bin/update-etcissue.sh
echo -e "\nVirtual Architects vPBX v1.0\n" > /etc/asterisknow-version
</file>

Now we reboot and start configuring with FreePBX:

<file>
reboot
</file>

===== FreePBX PBX Manager =====

http://wiki.freepbx.org/display/HTGS/How+to+Get+Started+Home

http://wiki.freepbx.org/display/HTGS/2.+First+Steps+After+Installation

Replace xxx.xxx.xxx.xxx with the IP of your PBX.

http://xxx.xxx.xxx.xxx

:!: The default username and password are **admin / admin**.