GOOD NEWS Fault-Tolerant PBX for $1/month

kyle95wm

Phone Genius Owner
Joined
Apr 16, 2016
Messages
521
Reaction score
89
Location
Midhurst, ON, Canada
Stupid question incoming: What about people who use a service like VoIPMS? Will we be able to have this setup? Right now I have one sub-account for the main PBX and one sub-account for the backup PBX. Each PBX is being maintained separately.
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
15,083
Reaction score
2,602
Today's design won't work with trunk providers like VoIP.ms that require SIP registration.
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
15,083
Reaction score
2,602
You'd have to play with it. I don't think it'll work with trunk registrations. That's why Sangoma charges $3,000 for their software. :sorcerer:
 

AndyInNYC

Active Member
Joined
May 23, 2013
Messages
529
Reaction score
77
Ward,

If I disable server 1 (amportal stop) and my Yealink connects to SIP server 2, does the phone auto reconnect to server 1 if it comes back up? Otherwise, how do the phones recover to only attach to primary? Seems like both servers could be in use if there is a hiccup.

It would seem that a recovery process is needed to swap primary and secondary restores if a failover occurs. i.e. messages and recordings are now on the backup that need to go back to primary upon service being restored.
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
15,083
Reaction score
2,602
@AndyInNYC: Excellent point. Easiest solution would be to shut down Asterisk on the secondary server for a few minutes once the primary server is back in operation. I will add this to the tutorial, but I'm reluctant to do much more than that because every situation could be a little different. As you noted, depending upon the length of the outage, it may be necessary to recover voicemails and other spool items from the secondary server as well:
Code:
amportal stop
rsync -a -e "ssh" /var/spool/* [email protected]$(cat /etc/pbx/server1):/var/spool
sleep 900
amportal start
 
Last edited:

kenn10

A lesser geek
Joined
Dec 16, 2007
Messages
926
Reaction score
167
I've done the automation and set my backup and sync jobs in the root crontab file. I'm noticing that when the backup is done on the primary system and copied to the backup system, the crontab file is also copied. This makes kind of a mess on the backup system since it is then trying to do its own backup and restore and sync. Should the crontab commands be placed under user Asterisk instead?

Also if you have set your advanced SIP settings for domain only access on the primary system, that domain name is copying onto the backup system and station registrations fail upon primary system failure to the backup system.

One other thing, I've always had my sshd_config set for
Code:
Protocol 2
PasswordAuthorization=no
This prevents login by any user that does not have the authorization key in their putty setup. This configuration is blocking the two systems from exchanging data and I have had to set the password authorization = yes so the scp and rsync will work.
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
15,083
Reaction score
2,602
@kenn10: Are you sure you're using the latest version of Incredible Backup and Restore? If you have issued these commands:
Code:
sed -i 's|PROCEEDNOW=false|PROCEEDNOW=true|' /root/incrediblebackup13
sed -i 's|PROCEEDNOW=false|PROCEEDNOW=true|' /root/incrediblerestore13
Then /etc/crontab should not be copied over during the restore.

Domain-only access shouldn't be necessary with Travelin' Man 3 firewall setup. I don't know of an easy workaround for this one.

As for PasswordAuthorization=no, I can't think of an easy workaround, but it shouldn't be necessary with the Travelin' Man 3 firewall setup.
 

dicko

Still learning but earning
Joined
Oct 30, 2015
Messages
644
Reaction score
234
@kenn10: Are you sure you're using the latest version of Incredible Backup and Restore? If you have issued these commands:
Code:
sed -i 's|PROCEEDNOW=false|PROCEEDNOW=true|' /root/incrediblebackup13
sed -i 's|PROCEEDNOW=false|PROCEEDNOW=true|' /root/incrediblerestore13
Then /etc/crontab should not be copied over during the restore.

Domain-only access shouldn't be necessary with Travelin' Man 3 firewall setup. I don't know of an easy workaround for this one.

As for PasswordAuthorization=no, I can't think of an easy workaround, but it shouldn't be necessary with the Travelin' Man 3 firewall setup.

Surely the answer to the ssh auth is to not even think about passwords but just publish a pub key as appropriate for the user doing the "stuff" who has sufficient privilege (it should be on both the Primary and Secondary machines, as should the same protected private key) and allow key authentication only, it will then "swing both ways"

https://www.ssh.com/ssh/public-key-authentication
 
Last edited:
  • Like
Reactions: wardmundy

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
15,083
Reaction score
2,602
There obviously are a lot of moving parts to this. And, once you wander off the reservation, as @kenn10 has documented, things can go South in a hurry. That's not a criticism, just an observation. And it merely reinforces the need to test this procedure carefully if you've made design changes on your primary server that aren't part of the traditional Incredible PBX build that we were working with. :sorcerer:
 
Last edited:

Members online

PIAF 5 - Powered by 3CX

Forum statistics

Threads
22,320
Messages
137,026
Members
14,550
Latest member
treimers