TIPS How to ditch FreePBX12 on U14.04 and move to U18.04

redstonemason

Certified AWS Architect (And a KVM fan!!!)
Joined
Apr 3, 2014
Messages
151
Reaction score
41
Is there a backup and restore script to move from unsupported FreePBX 12 to the latest PIAF3 (Incredible 13-13.10).

Or is there a multi-step process at the very least to get the old PIAF3 running FreePBX 12 to run FreePBX 13.
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
19,159
Reaction score
5,192
I'd recommend you switch to CentOS 7 with either Incredible PBX 16-15.2 or IncrediblePBX 2020. We're not going to support Ubuntu moving forward. Cut-and-paste is the only option from FreePBX 12.
 

redstonemason

Certified AWS Architect (And a KVM fan!!!)
Joined
Apr 3, 2014
Messages
151
Reaction score
41
After a lot of head banging :) I did just notice an item on the Admin Drop Down that was upgrade from 12 to 13. Not sure how it got there. I must have added a module today thru module admin.
In any event, I ran it but it blew up and asked me to run "amportal && fwconsole ma upgradeall" which ran with lots of errors.

Cut and paste? Yikes. I was hoping to go to 13 under Ubuntu and then I would do a backup and bring up a Centos 7 instance with PBX 16-15.2 as per your recommendation above.

Any thoughts Ward? Do you offer Tier 3 paid support to get me out of this mess?
 
Last edited:

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
19,159
Reaction score
5,192
Try running the attached script and then rerun your upgrade procedure and see if that helps.
 

Attachments

  • change_repo.tar.gz
    290 bytes · Views: 1

redstonemason

Certified AWS Architect (And a KVM fan!!!)
Joined
Apr 3, 2014
Messages
151
Reaction score
41
I have created a snapshot of the production system and an AWS AMI from it to get a clean start on a test bench version of the broken system.
And I did manage to run the mysql statement succussfully from your tar.gz file but I don't have an fwconsole on the system as I no longer have the Admin->Upgrade from 12-to-13 option to click on. Earlier the other day I used that click and it blew up but at least if left me with an installed fwconsole. So I am still scratching my head.
 

redstonemason

Certified AWS Architect (And a KVM fan!!!)
Joined
Apr 3, 2014
Messages
151
Reaction score
41
Thru Module Admin I was able to install PBX Ugrader Tool and that is what puts "12 to 13 Upgrade tool" on the Admin dropdown. But when I run it as previously, I get the errors and then running "amportal && fwconsole ma upgradeall" runs but throws errors. And then I am back to square one. Clicking on Incredible PBX Adminstration juste sened me to a server error page.
 

Halea

Well-Known Member
Joined
Aug 12, 2016
Messages
917
Reaction score
620
I'd recommend you switch to CentOS 7 with either Incredible PBX 16-15.2 or IncrediblePBX 2020. We're not going to support Ubuntu moving forward. Cut-and-paste is the only option from FreePBX 12.
@wardmundy : Just noticed your remark about not supporting Ubuntu in the future. Could you elaborate on the reason(s)? I'm just curious.
In contrast after realizing that my resources were spreading thin (and my expenses running higher each passing day) by trying to keep up with 4 different (fundamentally different) Linux/BSD platforms a few months back I decided to only focus on Ubuntu (and to some extent its derivatives) and FreeBSD.
The RedHat family and its derivatives turned out to be the most costly pieces of software to maintain. One of the metrics that we monitor closely is the bug status, not so much their quantity and how the company behind handles them but how those bugs actually affected us (meaning our income generating projects) and CentOS has been the worst offender since version 7. I am sure glad that I am no longer glued against the Centos bug tracker screen first thing every morning.
This is not to say that Ubuntu is a rose garden, but comparatively we are better off, especially that most my colleagues and I have our Linux roots going back to Debian and undoubtedly that gives us some bias.
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
19,159
Reaction score
5,192
@Halea: FreePBX Distro and VitalPBX are both CentOS-centric, and apps from those developers are key components of Incredible PBX. Keeping up with Ubuntu caused us considerably more heartburn than upgrading CentOS releases, but to each his own. For the most part, Incredible PBX runs in a locked down, whitelist-based environment so it takes a major security bug to affect the overall operation of our platforms. And we haven't seen that sort of vulnerability in many years. Having said all of that, we do have an Ubuntu 18.04 release of Incredible PBX, but that's probably the end of the road on that platform. But it's open source code, and (HINT!) someone else is more than welcome to lend a hand moving forward.
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
19,159
Reaction score
5,192
@redstonemason: You've already spent considerably more time on migration than it would have taken to cut-and-paste to a new platform. :oops:
 
Last edited:

redstonemason

Certified AWS Architect (And a KVM fan!!!)
Joined
Apr 3, 2014
Messages
151
Reaction score
41
You are probably right. But cut and paste also comes with somehow getting the recorded prompt files moved too and so I may elect to do nothing and just keep the existing system running until I can talk the customer into going away. How's that for customer service? Plead with them to find some else to build them an entire new system :).
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
19,159
Reaction score
5,192
Voice prompts are all in one directory tree. How hard is it to copy those over??
 

redstonemason

Certified AWS Architect (And a KVM fan!!!)
Joined
Apr 3, 2014
Messages
151
Reaction score
41
Okay. You have me convinced. I will bring up a Centos System on AWS and cut/paste/copy and see what happens. I will follow you documentation on CentOS 7 with Incredible PBX 16-15.2. I am sure it is on your site somewhere. Thanks Ward.
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
19,159
Reaction score
5,192
@redstonemason: Just remember to comment out the private LAN entries (especially 172) in /usr/local/sbin/iptables-custom since Amazon routes (supposedly non-routable) 172.x.x.x addresses.
 

redstonemason

Certified AWS Architect (And a KVM fan!!!)
Joined
Apr 3, 2014
Messages
151
Reaction score
41
@redstonemason: Just remember to comment out the private LAN entries (especially 172) in /usr/local/sbin/iptables-custom since Amazon routes (supposedly non-routable) 172.x.x.x addresses.

Thanks for the tip. Maybe I should use Vultr. They have been good for me on a few PBX's that I don't run on my AWS Custom VPC.
 

jerrm

Guru
Joined
Sep 23, 2015
Messages
838
Reaction score
405
I have our Linux roots going back to Debian and undoubtedly that gives us some bias

Not a big RHEL/CentOS fan myself, but I can see the need for @wardmundy to streamline.

What IPBX parts are you using?

We've got a pretty good Asterisk build/FreePBX install script for Debian 10, Ubuntu 18.04/19.10 and Raspbian 10. Tested on bare metal, VMWare, nspawn containers. While we do cherry pick a few IPBX features, they are not included in the main script.

Unfortunately, we use our own firewall framework. I would guess the IPBX firewall features are probably the biggest IPBX value-add for most folks - but would never be added to our script.
 

redstonemason

Certified AWS Architect (And a KVM fan!!!)
Joined
Apr 3, 2014
Messages
151
Reaction score
41
Vultr is going well. I
Not a big RHEL/CentOS fan myself, but I can see the need for @wardmundy to streamline.

What IPBX parts are you using?

We've got a pretty good Asterisk build/FreePBX install script for Debian 10, Ubuntu 18.04/19.10 and Raspbian 10. Tested on bare metal, VMWare, nspawn containers. While we do cherry pick a few IPBX features, they are not included in the main script.

Unfortunately, we use our own firewall framework. I would guess the IPBX firewall features are probably the biggest IPBX value-add for most folks - but would never be added to our script.

I prefer to rely on AWS Security Groups to act as my hardware firewall. And I expect the same protection from VULTR. As for DDOS, I don't really care any more because nobody can combat that at any level anymore.

Sometimes, just have to tell the client that all hell broke loose on a region in AWS.
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
19,159
Reaction score
5,192
There are some interesting features in the FreePBX Firewall offering that we want to take a look at in coming months. The drawback at the moment is that it depends upon a commercial module. As soon as @Tonyclewis new company can address that, we will proceed. The unique feature is the ability to leave SIP access open and then screen SIP packets at the kernel level to detect SIP attacks. It's far superior to the Fail2Ban approach of scanning logs and something worth a careful look.
 

redstonemason

Certified AWS Architect (And a KVM fan!!!)
Joined
Apr 3, 2014
Messages
151
Reaction score
41
There are some interesting features in the FreePBX Firewall offering that we want to take a look at in coming months. The drawback at the moment is that it depends upon a commercial module. As soon as @Tonyclewis new company can address that, we will proceed. The unique feature is the ability to leave SIP access open and then screen SIP packets at the kernel level to detect SIP attacks. It's far superior to the Fail2Ban approach of scanning logs and something worth a careful look.

Wow. Something in the kernel? That might me a big advancement. I could actually consider multi-tenant PBX.s.

As for my changes to configuration changes such as postfix replacing sendmail and then changes to the status script...? Is that subject to GPL issues? They are minor, but do I need to submit them?

Mark
 

jerrm

Guru
Joined
Sep 23, 2015
Messages
838
Reaction score
405
Wow. Something in the kernel? That might me a big advancement. I could actually consider multi-tenant PBX.s.
There is no SIP kernel module or iptables module involved.

Unless things have changed, the actual blocking is using standard iptables mechanisms like the RECENT module, but with some real time scripting and monitoring to track and flag bad auth attempts. I think it was using the rest api. The core is php mini-daemon to consume and track asterisk security events, then blacklist/whitelist IP's in iptables as appropriate.

A lot of folks could create an effective functionally equivalent set of hard coded scripts for their specific scenario in an afternoon.

I don't mean to trivialize the result. It is a lot of work to put in place the design, structure, and rule generation engine allowing for a gui-manageable, flexible and powerful tool.
 

Members online

No members online now.

Forum statistics

Threads
25,770
Messages
167,441
Members
19,181
Latest member
ejrubin
Get 3CX - Absolutely Free!

Link up your team and customers Phone System Live Chat Video Conferencing

Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.

3CX
A 3CX Account with that email already exists. You will be redirected to the Customer Portal to sign in or reset your password if you've forgotten it.
Top