Astrad server installation/migration procedure

Created on 111005 by André Guimarães, Switzernet

If you’re doing a server reinstallation or a migration from porta-sip, first do Step1 and first step of http://ftp.switzernet.com/3/public/110930-new-voting-poll/ (Obtaining the customer list of a server). If you’re installing a new server start by step 0.

Install a new server Debian Lenny 5.0 64 bits. For this installation we’ll choose as base Debian Linux 5.0 Lenny 64 bits. The asterisk version used is 1.4.21.2.

0- Pre-configuration

0.1- Create an user sona

Access the new server by ssh as root using the password sent by email. Use the command adduser sona to create a new user. Replace password0 by the correct password. Leave all other options by default.

ks34189:~# adduser sona

Adding user `sona' ...

Adding new group `sona' (1000) ...

Adding new user `sona' (1000) with group `sona' ...

Creating home directory `/home/sona' ...

Copying files from `/etc/skel' ...

Enter new UNIX password: password0

Retype new UNIX password: password0

passwd: password updated successfully

Changing the user information for sona

Enter the new value, or press ENTER for the default

Full Name []:

Room Number []:

Work Phone []:

Home Phone []:

Other []:

Is the information correct? [Y/n] y

ks34280:~#

0.2- Change the root password

Type the command passwd root to modify its password. Replace password1 by the desired password.

ks34280:~# passwd root

Enter new UNIX password: password1

Retype new UNIX password: password1

passwd: password updated successfully

0.3- Modify Hostname

Find a free astrad name using the command:

newfqdn=`for m in {15..30};

nslookup astrad$m.switzernet.com| grep "t find "|grep -oE "astrad.*com";

done|head -n1`; echo $newfqdn;

If this command don’t print a astrad domain name increase the number in blue until you get a result.

If you’re going to use an already created astrad FQDN execute, replacing the FQDN bellow by the correct one:

newfqdn=astrad17.switzernet.com; echo $newfqdn;

Change the hostname of the machine in /etc/hostname and in /etc/hosts to the chosen name by executing the following commands:

hostname $newfqdn

echo $newfqdn > /etc/hostname

sed -i -r 's/(.*)ks.*/\1'$newfqdn'/g' /etc/hosts

sed -i -e '$d' /etc/motd;sed -i -e '/^hostname/d' /etc/motd; echo -e "hostname : `hostname`\ncompany : Switzernet@2011\n" >> /etc/motd

/etc/init.d/networking restart

Example

ks386980:~# newfqdn=`for m in {15..25};

> do

> nslookup astrad$m.switzernet.com| grep "t find "|grep -oE "astrad.*com";

> done|head -n1`; echo $newfqdn;

astrad17.switzernet.com

ks386980:~# hostname $newfqdn

ks386980:~# echo $newfqdn > /etc/hostname

ks386980:~# sed -i -r 's/(.*)ks.*/\1'$newfqdn'/g' /etc/hosts

ks386980:~# sed -i -e '$d' /etc/motd;sed -i -e '/^hostname/d' /etc/motd; echo -e "hostname : `hostname`\ncompany : Switzernet@2011\n" >> /etc/motd

ks386980:~# /etc/init.d/networking restart

Reconfiguring network interfaces...done.

Validation

Logout and login again. Verify the results seeing the content of /etc/hosts, /etc/hostname and executing hostname, comparing your results with the following example. Also notice the prompt as changed to the new name. Instead of astrad17.switzernet.com you should see another domain assuming astrad17 is not free.

sona@176.31.247.50's password:

Debian GNU/Linux 5.0

Linux ks386980.kimsufi.com 2.6.38.2-grsec-xxxx-grs-ipv6-64 #2 SMP Thu Aug 25 16:40:22 UTC 2011 x86_64 GNU/Linux

server : 176453

ip : 176.31.247.50

hostname : astrad17.switzernet.com

company : Switzernet@2011

Last login: Wed Oct 5 10:16:34 2011 from 212-147-8-99.fix.access.vtx.ch

sona@astrad17:~$ su -

Password:

astrad17:~# cat /etc/hostname

astrad17.switzernet.com

astrad17:~# cat /etc/hosts

# Do not remove the following line, or various programs

# that require network functionality will fail.

127.0.0.1 localhost.localdomain localhost

176.31.247.50 astrad17.switzernet.com

# The following lines are desirable for IPv6 capable hosts

#(added automatically by netbase upgrade)

::1 ip6-localhost ip6-loopback

feo0::0 ip6-localnet

ff00::0 ip6-mcastprefix

ff02::1 ip6-allnodes

ff02::2 ip6-allrouters

ff02::3 ip6-allhosts

astrad17:~# hostname

astrad17.switzernet.com

1- Pre-Installation

Authorize new server to make calls

Follow the procedure described in if you’re installing a new server:

http://switzernet.com/1/company/100512-insert-new-node/

If you’re replacing a server, verify the node information in https://www.intarnetinc.com/node.html and correct it if necessary.

DB servers

In each of the DB servers execute the following lines in mysql (login as root) replacing IPADDRESS by the new server’s IP address:

GRANT PROCESS, FILE, SUPER, REPLICATION CLIENT, REPLICATION SLAVE, RELOAD,LOCK TABLES ON *.* TO 'astrob'@'IPADDRESS' IDENTIFIED BY '';

GRANT all privileges ON astrad.* TO 'astrob'@'IPADDRESS' IDENTIFIED BY '';

GRANT all privileges ON asterisk.* TO 'astrob'@'IPADDRESS' IDENTIFIED BY '';

FLUSH PRIVILEGES;

Reverse DNS

Replace the name of the server by its astrad name in Dedicated servers > Services > Reverse IPV4:

DNS

Create an entry in DNS for astradXX.switzernet.com, fry.youroute.net and sipZZ.youroute.net in server ns1.switzernet.com. Change serial value YYYYMMDD01 to the current date. Add the lines in blue changing the values on the example to the new FQDNs of the server. Replace astradYY by the name of your new server, SERVERIP by its IP address, frXX by the last fr name in the file incremented by one and sipZZ by the last sip name incremented by one. Reload bind and try to ping the new server by each of its new names.

vi /var/cache/bind/db.switzernet.com

; The $TTL directive at the top of the zone file (before the SOA)

; gives a default TTL for every RR without a specific TTL set.

$TTL 3600

switzernet.com. IN SOA ns1.switzernet.com. hostmaster (

YYYYMMDD01 ; Serial

30 ; Refresh

30M ; Retry

1W ; Expiry

3H ; Minimum

)

...

astradYY IN A SERVERIP

...

vi /var/cache/bind/db.youroute.net

youroute.net. IN SOA ns1.youroute.net. hostmaster.switzernet.com. (

YYYYMMDD01 ; Serial

1D ; Refresh

30M ; Retry

1W ; Expiry

1H ; Minimum

)

...

frXX IN CNAME astradYY.switzernet.com.

…

sipZZ IN CNAME frXX

/etc/init.d/bind9 restart

ping astradYY.switzernet.com -c4

ping frXX.youroute.net -c4

ping sipZZ.youroute.net -c4

2- Installation

From this point forward DNS should be already working. Your new server must answer to pings to all its names.

If this a server reinstallation you need to run the following line as root on the Puppet Master server (puppet.switzernet.com), replacing X by the new server number:

puppetca --clean astradX.switzernet.com

Install puppet and asterisk in the new server. Execute the following commands as root:

aptitude update

aptitude install -y puppet asterisk

/etc/init.d/puppet stop

sed -i -r 's/^pluginsync=.*/pluginsync=false/g' /etc/puppet/puppet.conf

puppetd --server puppet.switzernet.com --waitforcert 60 --test

Connect to the Puppet Master. Verify if you can ping the new server by name and run the following commands (replacing X by the new server number). If the server does not respond to pings verify DNS configurations.

ping astradX.switzernet. com -c4

puppetca --list

puppetca --sign astradX.switzernet.com

Example:

puppet:~# puppetca --list

astrad17.switzernet.com

puppet:~# ping astrad17.switzernet.com -c4

PING astrad17.switzernet.com (176.31.247.50) 56(84) bytes of data.

64 bytes from astrad17.switzernet.com (176.31.247.50): icmp_seq=1 ttl=60 time=0.391 ms

64 bytes from astrad17.switzernet.com (176.31.247.50): icmp_seq=2 ttl=60 time=0.328 ms

64 bytes from astrad17.switzernet.com (176.31.247.50): icmp_seq=3 ttl=60 time=0.315 ms

64 bytes from astrad17.switzernet.com (176.31.247.50): icmp_seq=4 ttl=60 time=0.315 ms

--- astrad17.switzernet.com ping statistics ---

4 packets transmitted, 4 received, 0% packet loss, time 2997ms

rtt min/avg/max/mdev = 0.315/0.337/0.391/0.034 ms

puppet:~# puppetca --sign astrad17.switzernet.com

Signed astrad17.switzernet.com

puppet:~# puppetca --list

No certificates to sign

In /etc/puppet/manifests/nodes.pp create a new node for the new server. Change the values of each variable as needed.

vim /etc/puppet/manifests/nodes.pp

…

node "astrad16.switzernet.com" {

…

}

…

node "astrad17.switzernet.com" {

$server_id=114

$mysql_ast_user = "root"

$mysql_ast_pass = "XXXXXXX"

$db3_host_ip = "91.121.175.148" # DB4

$db3_ast_user = "astrob"

include iptables

import "astrad009"

include common

include astrad009

include fail2ban

include fail2ban::asterisk

}

…

On the new Astrad server execute:

puppetd --server puppet.switzernet.com --waitforcert 60 --test

/etc/init.d/puppet start

After executing the first command Puppet will install and configure all needed services.

Verify if all astrad modules are working by typing:

/etc/init.d/astrad status

A typical result will be:

astrad17:~# /etc/init.d/astrad status

Asterisk-Radius PBX Status (Astrad) :

- Asterisk daemon.................................. [ /usr/sbin/asterisk ] -> [ 28807 ]

- Radius Accounting............................... [ ast-rad-acc.pl ] -> [ 28816 ]

- Resend lost Accouting.......................... [ ast-resend-lost.pl ] -> [ 28822 ]

- Forwarding registration to DBA server.. [ ast-registration.pl ] -> [ 28825 ]

- Sending sip Notify message.................. [ ast-send-notify.pl ] -> [ 28828 ]

- Sending empty UDP packets................ [ ast-send-empty.pl ] -> [ 28832 ]

On puppet master disable astrad synchronization by commenting the lines in blue in the file /etc/puppet/manifests/nodes.pp:

vim /etc/puppet/manifests/nodes.pp

…

node "astrad16.switzernet.com" {

…

}

…

node "astrad17.switzernet.com" {

$server_id=114

$mysql_ast_user = "root"

$mysql_ast_pass = "XXXXXXX"

$db3_host_ip = "91.121.175.148" # DB4

$db3_ast_user = "astrob"

include iptables

# import "astrad009"

# include common

# include astrad009

include fail2ban

include fail2ban::asterisk

}

…

3- Monitoring

Add the server to monitoring list

Log in to http://monitor.switzernet.com/cacti and follow the procedure described in 2.3 and 3.6 of the following document:

http://switzernet.com/public/100510-cacti-monitoring/

Follow the procedure in:

http://ftp.switzernet.com/3/support/110419-cacti-graph-page-manual/

to add the graphs to:

http://monitor.switzernet.com/view_graphs_list.php

To add the synchronization status between the new server and its DB server, edit /root/folders/110726-check-replication/check-rep.conf and add the new server to the correct STARX group (the group containing the DB server where the Astrad is synchronizing). Verify if in this web page appears a new line with the DBX->AstradYY (It may take 30 minutes to appear):

http://switzernet.com/3/public/110727-normality-monitoring/

4- Control telephone

Register a telephone in the new astrad server. This phone should be registered in this server at all times. It should be configured to register each 180 seconds. To create the account to this phone:

- access:

https://www.intarnetinc.com/customer.html

- search for Swiss Offices and click on its name once found: