TurnKey Linux Virtual Appliance Library

TKLPatch for Asterisk

Hi all! If you'd like to bring the power of VoIP systems to your SOHO, here's all you need! This TKLPatch will convert Turnkey Core 10.04 beta to a powerfull Asterisk system with FreePBX installed. I'm giving my first steps on this world of telephony over ip, so as allways, this patch surely needs a lot of test. FreePBX is like a child, it starts nicely and then begin to complain about a lots of things, but I was able to stabilize the installation so that it's happy and without complains! If there's someone in the community with is more experienced with asterisk, please be kind to install and test this one. 



Asterisk 1.6 installed from ubuntu's repos.
FreePBX 2.8 
Upgraded default freePBX installed modules to last versions.
http and https access configured.
Secured admin interface using database authentication (user: admin, pass: admin)
Changed default passwords for everything on first boot. 
Script that changes ip in amportal if ip changes. 

What it does:

1. Set Hostname to asterisk
echo "$HOSTNAME" > /etc/hostname
sed -i "s| \(.*\)| $HOSTNAME|" /etc/hosts
hostname asterisk
2. Add sources of universe repository (for asterisk-addons sources)
	echo deb-src http://archive.ubuntu.com/ubuntu lucid universe >> /etc/apt/sources.list.d/sources.list
3. Install required packages. I installed makepasswd to create the initial random passwords. Sox and mpg123 are for audio convertion in the recording system. 
	install apache2 php5 mysql-server php5-mysql php5-cli php-pear php-db makepasswd asterisk sox ssl-cert asterisk-sounds-extra mpg123
4. Install asterisk-addons compiled from source. Binaries in the repository where compiled against a different version of the asterisk binary, causing the installation to fail! D'oh!
	cd /usr/src/
apt-get -y build-dep asterisk-addons
apt-get -b source asterisk-addons
dpkg -i *.deb
5. Change apache user and group to asterisk to prevent ownership and permissions conflicts between asterisk and freepbx. FreePBX does a bunch of chmods and chown that causes conflicts with asterisk. To fix this, this is the approach I felt was easy/stable to apply for this patch. 
	sed -i "s/www-data/asterisk/" /etc/apache2/envvars
6. Get freePBX. 
	wget http://mirror.freepbx.org/freepbx-2.8.0.tar.gz
tar xzf freepbx-2.8.0.tar.gz
rm freepbx-2.8.0.tar.gz
cd freepbx-2.8.0/
7. Create mysql database for freepbx and asteriskcdr
	mysqladmin -u root create asterisk
mysqladmin -u root create asteriskcdrdb
mysql -u root asterisk < SQL/newinstall.sql
mysql -u root asteriskcdrdb < SQL/cdr_mysql_table.sql
mysql -u root <<-END_PRIVS
GRANT ALL PRIVILEGES ON asterisk.* TO asteriskuser@localhost IDENTIFIED BY "amp109";
GRANT ALL PRIVILEGES ON asteriskcdrdb.* TO asteriskuser@localhost IDENTIFIED BY "amp109";
flush privileges;
8. Increase maximum allowed size for uploaded files in php. This is to be able to upload bigger music files for the Music On Hold feature. 
	sed -i 's/\(^upload_max_filesize = \).*/\120M/' /etc/php5/apache2/php.ini
9. Backup asterisk modules settings as freePBX mess them up. If you don't backup this settings, when freePBX overrides them, your asterisk won't start anymore. They are restored after freePBX installation.
	cp /etc/asterisk/modules.conf /etc/asterisk/modules.conf.bak
10. Installation of freePBX fails with the error "PHP Fatal error:  Cannot redeclare __parse_DialRulesFile()" in the step "Upgrading to 2.8.0alpha2..". Solution would be edit the source files OR run installation again to continue. I took the second approach and it works flawlessly. More info here. amportal.conf is being overlayed. 
	# Initial run of installation
# Second run to bypass the Cannot redeclare __parse_DialRulesFile() error
if [ $? = 255 ]; then
echo "Second run..."
11. Restore asterisk modules settings. I want Asterisk to startup!
	cp /etc/asterisk/modules.conf.bak /etc/asterisk/modules.conf
12. Final symlinks and permissions needed. The sip_notify link prevents freePBX of complain that it can't create that link because the file is already there. I kept the original as a backup measure. The mohmp3 -> moh is beacause the music on hold module expects to save the files in mohmp3 but the directory by deafult is moh. The agi-bin directory prevents freePBX to complain it can't copy files there. There's another agi-bin in the system where modern modules install things but there's still the need to keep this folder. More info: google. (Sorry I lost the url) Everything else is permissions related. 
	mv /etc/asterisk/sip_notify.conf /etc/asterisk/sip_notify.conf.bak
ln -s /var/www/admin/modules/core/etc/sip_notify.conf /etc/asterisk/
ln -s /var/lib/asterisk/moh /var/lib/asterisk/mohmp3
mkdir -p /var/lib/asterisk/agi-bin
chown -R asterisk:asterisk /var/www
chown -R asterisk:asterisk /var/lib/asterisk
chown -R asterisk:asterisk /etc/asterisk
chown -R asterisk:asterisk /usr/share/asterisk
chown asterisk:asterisk /etc/amportal.conf
13. Upgrade modules: The first thing that freePBX tells you is to upgrade your modules, so I just wanted to avoid this step to final users at least when you just install your appliance. 
	/var/lib/asterisk/bin/module_admin upgradeall
14. Set amportal to start on system boot. Clear enough. This needs to run when the system starts. 
	sed -i -e "s/^\(exit 0\)$/\/usr\/local\/sbin\/amportal start\n\1\n/" /etc/rc.local
15. Set amportal to control asterisk service. If you don't, the amportal script won't be able to stop and start asterisk and you won't be able to do it from the gui niether. So I remove it from startup and let amportal manage that service. The change in background is necesary for debian systems. 
	update-rc.d -f asterisk remove
sed -i "s/BACKGROUND=0/BACKGROUND=1/" /usr/sbin/safe_asterisk
16. Final touches: configure apache's sites, ssl, etc. 
	a2dissite default
a2ensite freepbx 
a2ensite freepbx-ssl
a2enmod ssl
service apache2 stop
service mysql stop
17. Clean apt cache and sources
cd /
rm -Rf /usr/src/
mkdir -p /usr/src

Known Issues:

There are several errors in the log of apache, and researching a bit, freePBX developers are aware of them and have been pushing them back to future releases. Aparently they are harmless, I believe that as my test work ok creating extensions and making calls. 
Also, there are some issues regarding Voicemail. It seems they are aware of those too. FreePBX has it flaws here and there. If you find something that is not working as expected, please post here a message and I'll research what's happening. Or better: propose a solution (and don't forget to add the sources of the info!) ;)
Liraz Siri's picture

Wow, this must have been a difficult integration!

Hats off to you Adrian. This looks like a difficult integration that must have required a ton of testing to work through the issues. I had to navigate a learning curve just to figure what was going on. Impressive work!

For the benefit of others who may not be familiar with Asterisk - here's my summary: it's open source phone switch designed to route voice (and video). In VoIP mode you connect your VoIP phones to the switch through an IP network. You can also use a soft phone program from any PC or smartphone. The switch then routes the calls your phone makes just like a conventional phone switch would.

For users with legacy hardware Asterisk also supports interfacing with analog phone systems, though this requires some extra hardware (and configuration!).

Just like with any other IP application you could use Asterisk to setup a 100% private phone system that just routes phone calls within your organization's Intranet. In this case no access to the outside world would be required. But most users will probably want to interface with the "public" phone system. You can do that by interface with a SIP gateway that provides these services for a cost.

It looks like one of the easiest phone gateway solutions to set up is SIPstation which, if I'm not mistaken, is bundled with FreePBX, a web configuration front-end to Asterisk. Asterisk is a back-end component (e.g,. like Apache, but for phone system stuff).

Unfortunately I'm a bit out of my depth here so an actual review is hard to do right now. I imagine that and not lack of interest is the reason you didn't get more feedback from the community. Once we convert this to a TurnKey appliance we'll dive deeper and may have more feedback. Stay tuned!

not to copy...

I think that the Bitnami poll is a good place to see what appliances people are interested in having created. Looks like Asterisk and OpenBravo ERP are hot...



Liraz Siri's picture

Asterisk 1.8 is out but is it worth the upgrade?

A few days ago Asterisk 1.8 was released with more than 200 enhancements including support for Google Voice, calendaring, etc.

The main thing I'm finding interesting about Asterisk v1.8 is that it's the first version since 1.4 to be deemed a "long term support" version.

The main disadvantage in using a new version of Asterisk v1.8 would be that we have to pull it in from upstream rather than from the package management system. I'm interested in feedback from those who know more about this on whether or not this would be worth it. We do occasionally install from upstream even when a package is available (e.g., WordPress) but the benefits have to outweigh the costs (e.g., more complex integration, harder to upgrade).

In this case I'm not worried about losing security updates from Ubuntu because Asterisk is in the Universe repository anyhow and I'll doubt Canonical will make an exception for such a complex piece of software.

Jeremy's picture

I don't really qualify but...

As usual I'm happy to chip in my 2c :)!

If we can't rely on the repo upgrades anyway (which we can't really if its in Universe) then I'm thinking it sounds like a good reason to go with the upstream 4yr "LTS" install. Pity really that they don't offer their own repo. Actually they do but only for RPM based distros so no good for us. I found a PPA of 1.8 but I don't think a random PPA is a valid repo choice for a TKL appliance!

The only other thing that occurs to me is how will updates be handled? Will it simply be a case of updating the appliance and rereleasing it (and use TKLBAM to migrate data) or will there be some other upgrade mechanism available?

Liraz Siri's picture

Handling upgrades: can't do the ideal thing, just the next best

The ideal thing to do is to follow Debian's packaging policy, which freezes a certain version during a release (e.g., Lenny) and then backport essential security fixes to that version. That way you minimize the risk of breakage during a package upgrade.

Unfortunately, we don't have the resources to do this for even a small fraction of the software in the TurnKey library though perhaps once we gain enough traction we can try to get ISVs on board with the idea that this is something they should be doing themselves. So we can't do the ideal thing yet, but you don't have to be perfect to be useful. At least we're still helping users setup their initial installation with all the added value that TurnKey provides.

The next best thing would be to update an appliance every so often with new versions from upstream and let users use TKLBAM to migrate their data between those versions. Either that or help them migrate in place by documenting the process. We've also done that in the past, but it's more work than an automatic process.

There are also other things to consider

While I'm a fan of latest versions (I think you guys have notice that), we must remember the other components that tightly integrate in this appliance, as it's the freePBX software. So I'll first check if the current freePBX is completely compatible with the new 1.8 release of Asterisk.

Upgrades, they'll surely have a way to apply upgrade to currently running systems, and if there's a very important fix in the software, we can make a script and hang it in the appliance page to help people get the upgrade ok. 

I'll research a little and if everything looks fine, and we agree that we should use 1.8 (I would like to!) I'll work on a new release for this patch. 

Jeff Anthony's picture

I'm only nominally familiar

I'm only nominally familiar with how you all develop these packages but very much enjoy the fruits!

That said, 1.8 with the Google Voice support sounds very useful.

Carpe Diem

John Carver's picture

A word of caution

PS: I'm exploring a similar combination using Freeswitch and BlueBox.

Information is free, knowledge is acquired, but wisdom is earned.

Thanks for the tip John

It's been almost a year from the creation of this patch, surelly it needs an update, taking in consideration the security issues you note. Maybe we can include the iptables rules mentioned in the article and leave access from the local network by default.

I never got this one to production so this kind of feedback is very welcome.

Chris Musty's picture




great job on the VOIP appliance. I love asterix and have played with it for quite a while.

I use a little known image from Askozia (www.askozia.com) and it is built from T2 Linux providing only the required apps to make it tick. As a consequence the image is only about 50Mb. I use it on Proxmox and dedicated hardware. It will run on almost anything PC and the free version supports 2 concurrent calls.

Chris Musty


Specialised Technologies

Nick Farrow's picture


Askozia doesn't look to be free....

-~Time is under your feet~-

Nick Farrow's picture

TKLPatch for Asterisk UPDATED


cd /usr/src/
wget http://www.asterisk.org/downloads/asterisk-11-current.tar.gz 
tar -xzvf asterisk-11-current.tar.gz
cd asterisk-11.3.0
apt-get install gcc g++ libncurses5-dev libxml2 libxml2-dev make sqlite3 libsqlite3-dev
make install
make samples
to check out the install go to /etc/asterisk
if you want my VM here is a link.

-~Time is under your feet~-

Post new comment

The content of this field is kept private and will not be shown publicly. If you have a Gravatar account, used to display your avatar.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <p> <span> <div> <h1> <h2> <h3> <h4> <h5> <h6> <img> <map> <area> <hr> <br> <br /> <ul> <ol> <li> <dl> <dt> <dd> <table> <tr> <td> <em> <b> <u> <i> <strong> <font> <del> <ins> <sub> <sup> <quote> <blockquote> <pre> <address> <code> <cite> <strike> <caption>

More information about formatting options

Leave this field empty. It's part of a security mechanism.
(Dear spammers: moderators are notified of all new posts. Spam is deleted immediately)