FYI Install PIAF on CentOS Existing Installation

[dghundt]

The script is encrypted, and I don't blame them. I'm sure with enough details Joe can help you. He is always eager to help out.

 

[jroper]

Hi

As far as I know, piafdl has some checks in it to make sure that it is installing on a valid PiaF ISO, which we try to replicate with the script by installing the same stuff that the PiaF ISO installs, and putting other stuff in the right directories, e.g. the contents of /etc/pbx

I would go through my script line by line and check that everything is in the right place, ready to run piafdl.

It is of no comfort to you, but I can assure you it works for me.

Joe

 

[darmock]

yum -y install dialog

then

piafdl

 

[lagreca]

jroper: The first thing i did was to go through your script and make sure it all worked. Everything worked until the very end, where you run the piafdl script. At that point, I had no option but to ask for help here, because it's encrypted so I can't troubleshoot it myself.

darmock: THANK YOU! Your suggestion make the piafdl script work. Although I now have to find the time to actually complete it.

jroper: You may want to add the yum install dialog to your install piaf script, since it is a required package that not all systems have installed.

 

[wardmundy]

 

[jroper]

Hi

Attached is a script version 1.03 with dialog included and a new yum list created from a fresh ISO 32 bit ISO install.

Thanks Tom & lagreca


Joe

 

[tm1000]

I'm sitting here doing another install from a computer that has no CD ROM drive and I'm using your script yet again and I just want to thank you for creating this (again)

It's great!

 

[jroper]

Hi

Thank you for your kind words.

Joe

 

[wardmundy]

Script is now available on PIAF Downloads sites as well. Thanks, Joe.

 

[tm1000]

Joe,

Again the x32 bit tries to download php-pear-db when it should be php-pear-DB.

The x64 is fine

 

[jroper]

Hi

Gets me every time, find attached.

Joe

 

[justinwcoil]

Joe,

Great script saved me a ton of time trying to figure this out. One thing I noticed and its not a huge item but the script does not load the kernel-xen-devel rpm. This was needed by our setup to compile dahdi, other than that great script and thank you for writing it.

 

[jroper]

...the script does not load the kernel-xen-devel rpm.

I think that installing the xen kernel is a bit too specialist for this script, so I will leave that one out.

An enhancement would be to check the kernel being used, and install the appropriate kernel sources, but the script is really designed for a bog standard CentOS install.

Thanks for your comments.

Joe

 

[DragonHawk]

Version 2.00.0 - With Xen support

I have completed a re-write of Joe's script in order to properly get PiaF to install on a Xen cloud system. In the process, I have updated the script to get the missing dependencies from their sources (EPEL, Webmin and PBXinaflash.net) rather than downloading an entire ISO for 6 packages.

I have completed working test installs on both 32 and 64 bit base installs of CentOS 5.5, as well as the 64 bit version of CentOS running on a Xen kernel in a cloud hosting environment.

I'm using Host Virtual (but most Xen based cloud hosts should work). Here are the steps I followed to get a working install:

1. Create a new VM on the cloud you want to use. Select a CentOS 5 x64 bare bones install (No LAMP, MySQL or Apache).
2. Once the VPS is started and running, connect to it over ssh. Use the initial password to log in.
   

   passwd

   Change the root password to something secure.
3. You may need to edit your network and hosts info.
   

   nano /etc/sysconfig/network

   Set your server hostname.
   

   nano /etc/hosts

   Make sure your hostname is on your external IP address. Also, because PiaF uses it on an ISO install, add the hostname "pbx.local" to your IP.
4. (Optional). Clean up your VM. For some reason, the VPS.NET x64 installs include a lot of un-needed 32 bit packages. Lets clean that up now.
   

   yum -y erase *.i386 *.i686

5. Perform an upgrade on the core system.
   

   yum -y upgrade

6. Reboot the system as the kernel was most likely upgraded.
   

   shutdown -r now

7. Download and run version 2 of the install script.
   

   wget http://www.activespeak.com/piaf/install-piaf-v2.00.sh
   chmod 755 install-piaf-v2.00.sh
   ./install-piaf-v2.00.sh

8. After the reboot, run the PiaF installer.
   

   piafdl

9. Installation proceeds a per a normal PiaF install.
10. (Optional) If you want to install the Incredible PBX, now is the time to do it.
    

    wget http://incrediblepbx.com/incrediblepbx.x
    chmod +x incrediblepbx.x
    ./incrediblepbx.x

11. Change your passwords! After running the Incredible PBX installer, or the normal PiaF installer if you are not installing the Incredible PBX, make sure you set new passwords on your system.
    

    passwd-master

12. Check and edit your firewall. Remember the default firewall rules assume you are behind a hardware firewall. On a VPS, odds are you are not. Joe has a great port summary which should help you decide which ports you really need open. Close all the rest.
13. Make sure Fail2Ban is working properly. At the least, make sure it is sending emails to you when something happens. If you are not using a VPN or you have your web interface open to the internet (unless you know what you are doing, please don't do this), make sure you tweak Fail2Ban. The base rules are ok, but there is so much more it can do for you. Research it, edit it and test it. Join BlockList.de and help report bad IPs.
14. Read. Read more. Read everything you can on locking down your PiaF box. When you think you know it all, read some more, ask Joe and Ward, post a question. I'll guarantee there is something you don't already know that can help you lock down your PBX. As Ward rightfully keeps reminding us, you need to keep on top of the security of your PBX.
15. Never, ever use an auto bill, or limitless trunk service. I use Link2Voip because they are prepaid, and you must manually top up your account. They also accept Bitcoin payments, which is really a great idea.

 

[darmock]

Just one note. All of the new 1755.x payload files now automatically run update-programs and update-fixes as part of the base install of PIAF. So you can edit that step out.


Tom

 

[DragonHawk]

Cool. I have removed the manual update suggestion from step 9.

 

[dude78]

How has VPS.net been hosting PIAF

DragonHawk, I see that you wrote your script for vps.net.
I run several cpanel servers on VPS.net, how stable has it been hosting PIAF on their cloud.

I'm also considering Amazon EC2 for my cloud PBX and am curious if you have any thoughts or recommendations?

 

[DragonHawk]

I can't complain. I'm using SLC-D for my PBX and I have had no issues. I am using it for only a few DIDs and extensions (10) and I have been able to use only one node (mind you, I do almost max out the RAM). If I reach the point where I need additional resources, I love that all I need to do is add an additional node and reboot. No transferring all my extensions and settings to a new install.

When choosing a cloud, find the DC closest to you route wise. Although I have not had any issues with latency or jitters with my server being half way across the continent, I would have gone with a closer one had it been available when I set my PBX up (Chicago was/is in the process of moving to a new DC and the new North American location hasn't opened yet - think North East).

Also, just a reminder, as there is no hardware firewall with a VPS, remember Ward and Joe's most important lessons, L-S-S-S! Lockdown, Secure, Secure, Secure! Read everything you can about locking down your install, then apply that knowledge.

EDIT: I am now using Host Virtual for my PiaF VPS as they offer a better price and native IPv6 support.

 

[wardmundy]

Thanks for the hard work, DragonHawk. I've put a copy of your FAQ and install script in our source repo (under xen) as a mirror.

 

[xik]

fyi....figured out the problem. Virgin CentOS_5 image, installed on a "small" instance. Something happens to the root password (there shouldnt be one on AWS?, as AWS uses SSH key).

So. BEFORE running the script I just did a

#passwd -d root

to delete the root password

Sounds scary - i know..LOL but since I am using a key I dont think anyone would be able to break into the system. Comments?

I also had to create a HOSTS file, as there was not one.

vi /etc/hosts
 
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1               pbx.local pbx localhost.localdomain localhost
::1             localhost6.localdomain6 localhost6

This did not work for me. i've been locked out of my instance many times because of this little issue.