GOOD NEWS Fault-Tolerant PBX for $1/month

kyle95wm

Phone Genius Owner
Joined
Apr 16, 2016
Messages
520
Reaction score
90
Stupid question incoming: What about people who use a service like VoIPMS? Will we be able to have this setup? Right now I have one sub-account for the main PBX and one sub-account for the backup PBX. Each PBX is being maintained separately.
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
19,168
Reaction score
5,199
Today's design won't work with trunk providers like VoIP.ms that require SIP registration.
 

kyle95wm

Phone Genius Owner
Joined
Apr 16, 2016
Messages
520
Reaction score
90
Is there a workaround? Perhaps ignoring the "trunks" table during the backup process?
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
19,168
Reaction score
5,199
You'd have to play with it. I don't think it'll work with trunk registrations. That's why Sangoma charges $3,000 for their software. :sorcerer:
 

AndyInNYC

Active Member
Joined
May 23, 2013
Messages
772
Reaction score
124
Ward,

If I disable server 1 (amportal stop) and my Yealink connects to SIP server 2, does the phone auto reconnect to server 1 if it comes back up? Otherwise, how do the phones recover to only attach to primary? Seems like both servers could be in use if there is a hiccup.

It would seem that a recovery process is needed to swap primary and secondary restores if a failover occurs. i.e. messages and recordings are now on the backup that need to go back to primary upon service being restored.
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
19,168
Reaction score
5,199
@AndyInNYC: Excellent point. Easiest solution would be to shut down Asterisk on the secondary server for a few minutes once the primary server is back in operation. I will add this to the tutorial, but I'm reluctant to do much more than that because every situation could be a little different. As you noted, depending upon the length of the outage, it may be necessary to recover voicemails and other spool items from the secondary server as well:
Code:
amportal stop
rsync -a -e "ssh" /var/spool/* root@$(cat /etc/pbx/server1):/var/spool
sleep 900
amportal start
 
Last edited:

kenn10

Well-Known Member
Joined
Dec 16, 2007
Messages
3,764
Reaction score
2,173
I've done the automation and set my backup and sync jobs in the root crontab file. I'm noticing that when the backup is done on the primary system and copied to the backup system, the crontab file is also copied. This makes kind of a mess on the backup system since it is then trying to do its own backup and restore and sync. Should the crontab commands be placed under user Asterisk instead?

Also if you have set your advanced SIP settings for domain only access on the primary system, that domain name is copying onto the backup system and station registrations fail upon primary system failure to the backup system.

One other thing, I've always had my sshd_config set for
Code:
Protocol 2
PasswordAuthorization=no

This prevents login by any user that does not have the authorization key in their putty setup. This configuration is blocking the two systems from exchanging data and I have had to set the password authorization = yes so the scp and rsync will work.
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
19,168
Reaction score
5,199
@kenn10: Are you sure you're using the latest version of Incredible Backup and Restore? If you have issued these commands:
Code:
sed -i 's|PROCEEDNOW=false|PROCEEDNOW=true|' /root/incrediblebackup13
sed -i 's|PROCEEDNOW=false|PROCEEDNOW=true|' /root/incrediblerestore13

Then /etc/crontab should not be copied over during the restore.

Domain-only access shouldn't be necessary with Travelin' Man 3 firewall setup. I don't know of an easy workaround for this one.

As for PasswordAuthorization=no, I can't think of an easy workaround, but it shouldn't be necessary with the Travelin' Man 3 firewall setup.
 

dicko

Still learning but earning
Joined
Oct 30, 2015
Messages
1,607
Reaction score
826
@kenn10: Are you sure you're using the latest version of Incredible Backup and Restore? If you have issued these commands:
Code:
sed -i 's|PROCEEDNOW=false|PROCEEDNOW=true|' /root/incrediblebackup13
sed -i 's|PROCEEDNOW=false|PROCEEDNOW=true|' /root/incrediblerestore13

Then /etc/crontab should not be copied over during the restore.

Domain-only access shouldn't be necessary with Travelin' Man 3 firewall setup. I don't know of an easy workaround for this one.

As for PasswordAuthorization=no, I can't think of an easy workaround, but it shouldn't be necessary with the Travelin' Man 3 firewall setup.


Surely the answer to the ssh auth is to not even think about passwords but just publish a pub key as appropriate for the user doing the "stuff" who has sufficient privilege (it should be on both the Primary and Secondary machines, as should the same protected private key) and allow key authentication only, it will then "swing both ways"

https://www.ssh.com/ssh/public-key-authentication
 
Last edited:

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
19,168
Reaction score
5,199
There obviously are a lot of moving parts to this. And, once you wander off the reservation, as @kenn10 has documented, things can go South in a hurry. That's not a criticism, just an observation. And it merely reinforces the need to test this procedure carefully if you've made design changes on your primary server that aren't part of the traditional Incredible PBX build that we were working with. :sorcerer:
 
Last edited:

Members online

Forum statistics

Threads
25,778
Messages
167,504
Members
19,198
Latest member
serhii
Get 3CX - Absolutely Free!

Link up your team and customers Phone System Live Chat Video Conferencing

Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.

3CX
A 3CX Account with that email already exists. You will be redirected to the Customer Portal to sign in or reset your password if you've forgotten it.
Top