Reference10:Concept Linux Application Platform

From innovaphone wiki
Jump to navigation Jump to search
There are also other versions of this article available: Reference9 | Reference10 (this version)

Introduction

The innovaphone Linux Application Platform permits to install innovaphone or custom applications for certain purposes, like Reporting or a Fax Server.
It also allows to backup/restore configuration files, uninstall applications or see and backup logs.

The Linux distribution Debian 7.1 (Wheezy) is used and linux kernel is 3.4.10 (IPxx10) and 3.2.0.4 (VM)

The architecture of the platform is armel.

Requirements

There are three ways to use the innovaphone Linux Application Platform:

On an IPxx10 Gateway

  • An IP810, IP0010, IP3010 or IP6010 Gateway
  • Firmware Version 10
  • A compact flash card with UDMA support (minimum 8 GB)
    • We recommend SanDisk Extreme with UDMA and 90 MB/s or above

On an IPx11 Gateway

  • An IP0011, IP311, IP411, IP811 or IP3011 Gateway
  • Firmware Version 11r2
  • An SSD mSATA

As a Virtual Machine

  • Minimal Requirements for the Virtual Machine:
1vCPU ( we run 800 MHZ CPU on our IPXX10 Gateways, so similar speed or higher it's enough, nevertheless depending on the operations/load you could need more CPU speed/vCPU)
512 MB RAM
8GB Disk

Installation

Download the latest Linux Application Platform from download.innovaphone.com .
You can download and install two different packages: The IPxx10/IPx11 package to run on the gateways or a VMware image for VMware

Default Credentials

  • Web/Webdav: admin/linux
  • Root-Login (e.g. with Putty): root/iplinux

Disk space calculation

See Reference10:Concept_Reporting#Calculation_of_required_disk_space.

It is strongly recommended that you try to precalculate the needed disk space and that you choose a suiting disk size.

Disk space usage after first time installation

IPxx10/IPx11 Gateways

  • /dev/sda1: 32 MB (fat32 partition with two kernels, which are started by the IPxx10 or IPx11)
  • /dev/sda2: 524 MB (ext2 initial installation partition)
  • /dev/sda3: 120 MB (swap partition)
  • /dev/sda4: 620 MB / xx GB depending of the size of the used CF card (ext4 partition, which is actually booted)
All in all about 1.3 GB are already in use after the initial installation.

VMWare

  • /dev/sda1: 674 MB (ext2 initial installation partition)
  • /dev/sda2: 120 MB (swap partition)
  • /dev/sda3: 767 MB / xx GB depending of your pre installation configuration (ext3 partition, which is actually booted)
All in all about 1.6 GB are already in use after the initial installation.

Linux Application Platform (IPxx10 or IPx11 Gateways)

It is recommended to use CF-Cards with sizes of 8GB or more and the card must support UDMA!

  • Enable Linux under Linux General.
 IPxx10 Linux - enable.png
  • Be sure that "Autostart Linux" is disabled until the installation process is finished.
  • You need to enable Proxy-ARP on ETH0 or ETH1 here , so your gateway and the linux appliance will share the same physical interface. Simply go to IP4 > ETH0 (if used) > IP and check Proxy ARP
  • Decompress the downloaded package. You should have an image file like linux_ipxx10_armel.img now. This works for both IPxx10 and IPx11 hardware!
  • Upload the decompressed file over the gateways web interface under Reference10:General/Compact-Flash/Image (IPxx10) or Reference11r2:General/SSD/Image (IPx11). Unmount the CF card/SSD if necessary. Select "Part 1" before starting the upload!
 IPxx10 Linux - upload image.jpg
  • Reset the box (which also activates the config change of step 1).
  • Configure IP under Reference10:Linux/IP : select either "Disabled" to assign a static IP or ETH0/ETH1 to receive an IP-Address from DHCP-Server behind ETH0 or ETH1.
  • Configure the kernel file, which you find under Reference10:General/Compact-Flash/General#Browse_CF_Content on Reference10:Linux/General Linux kernel file
    • IPxx10 hardware: Image-6010-3.4.10
    • IPx11 hardware: Image-IPx11-4.4.0
  • Configure root=/dev/sda2 under Reference10:Linux/General Kernel command line.
  • If you want, configure the autostart flag.
  • Submit your changes.
  • Click the Reference10:Linux/General Start-Link. The page refreshes until Linux gets an IP and then tries to get a link to the Linux Web Server, which can take some time for the first time installation (~ 5 minutes to 2 hours, for a IP411 ~15 minutes).

Device conf.jpg

  • Open the Linux Web Server to see the installation progress (which might take several minutes too). The default credentials are admin/linux for both platforms.

Installation.jpg

  • The output of the installation log is stored on the Linux AP under /var/log/init_install.log. In case you have no access to the web server but a console or SSH access, you can check the installation progress in this log file. E.g. login to the console with root/iplinux and run follwong command: more /var/log/init_install.log. In case you have an SSH connection to the Linux AP, you can download this file using WinSCP tool.
  • Enter the innovaphone device IP address (optional port allowed) and admin credentials when the installation has finished. Now wait until the page refrehses. The web server credentials are now the innovaphone device admin credentials, e.g. admin/ip6010.
    • If the device couldn't be reconfigured, you will get an error message Command line at the PBX could not be changed... In this case, you have to open Reference10:Linux/General on your device, click stop and enter root=/dev/sda4 under Kernel command line. Then start again. Your Linux webserver credentials will be admin/linux in this case.
  • Linux install has finished.
  • You will see now root=/dev/sda4 under Reference10:Linux/General since Linux is running in on the fourth partition. You shouldn't change that unless you want to install Linux again.

Linux Application Platform (VMWare)

  • Decompress the downloaded archive. You should have two files: IP-Debian.vmx and IP-Debian.vmdk.
  • We can open using Vmware Player/Workstation, if you wish to run on Vsphere 4.x or later please convert it by the same method it's done with the IPVA (see Using VMware vSphere)
  • Now you have two possibilities (example for VMWare Player, VMWare Workstation should be similar):
    • If you want to assign more than 8 GB virtual flash:
      • Do not directly start/doubleclick the vmx file!
      • Start the VMware Player and Open the vmx file with Open a Virtual Machine.
      • Open Edit virtual machine settings.
      • Select the hard disk and Expand it under Utilities to the wished size.
      • Apply the change and klick Play virtual machine.
    • If 8 GB are enough, simply double click the vmx file and Linux will start.
  • The first time, a script will automatically configure a new partition, the web server etc., which will take some time. The waiting time depends on the CPU of the computer running the vmware player. In some cases the waiting time can be up to 30 minutes, in most cases the installation finishes in about 2-5 minutes.
  • In the meantime, fetch your IP from the VMWare Player screen or login as root and get your IP address with the command ifconfig.
  • Login to the web server to see the installation progress (it may take some minutes until the web server is up).
  • Linux will restart automatically after the first time installation has finished.
  • Linux install has finished.

Hotfix Installation

If you have already installed the latest version of the Linux Application Platform, simply download the Linux...HotfixIncremental for your platform (VM or IPxx10/IPx11) or if you have missed some hotfixes, download the Linux...HotfixCumulative archive, which contains all hotfixes since hotfix1.

Upload this hotfix archive here.

Refreshing issue on installation

You might get a PHP error when the browser is refreshing during the installation. Just refresh (F5) the page and you'll get the installation progress again.

Upgrade from a previous major Release

For instructions how to upgrade from a previous major release (such as V9 to V10), see Upgrading Linux Application Platform in Firmware Upgrade V9 V10.

Static IP

The Linux itself must be running in DHCP client mode on an IPxx10/IPxx11 gateway to run properly. If you want to assign a static IP address, do it like this:

  • On an IPxx10/IPxx11: assign a static IP under Reference10:Linux/IP, this will do an internal DHCP response to the Linux that's running as DHCP client mode.
  • On a VMWare: assign a static IP in your local DHCP server for your MAC address defined in the *.vmx file or configure a static IP address under Configure IP .

IPxx10/IPxx11 Transit network for Linux

When running Linux on an innovaphone device IPxx10/IPxx11 there is no dedicated network interface for the Linux machine. Instead we have a special transit network between the Linux and the device. The Linux will always operate as DHCP Client mode.

Any ARP request done by the Linux machine will always get the same ARP result that will be the internal "NIC" inside the device, so all packets are always sent to the same IPxx10/IPxx11 device that works as a router. When the packet sent by the Linux machine arrives the innovaphone device, it will follow the IP routing table of the device itself.

In case we have a single network (voice) we will have no problem since the default gateway is just one. However, if we wish to split into two networks (voice and data) and the Linux machine should have a different default gateway, this has no effect since IP routing is based on the innovaphone device IP routing table, because we can't have two default gateways at the same time.

Administration

General

Configure IP

The IP configuration on the Linux Application Platform is only available on a VM! A static IP for a Linux Application Platform for an IPxx10/IPxx11 can be configured on your gateway under Linux/IP.

  • Mode: either DHCP Client or Static
  • [IP Address]: the desired static IP address
  • [Subnet Mask]
  • [Gateway]
  • [DNS Server]
  • [Alternate DNS Server]

The optional parameters in [] can be only configured, if Static is selected as mode.

Change the root credentials

Here you can change the credentials of the Linux root user.
Default password: iplinux

Configure Authenticated URLs

Configure credentials for authenticated URLs. These credentials will be used in automatic backups.
You can add/remove Urls with the + and - at the right side of the list.

Configure NTP server

Configures a NTP server.

  • NTP Server: the IP of the NTP Server

Change Timezone

Default is Europe/Berlin but you can change that to a valid timezone (an error is given if timezone not present).

Change postgresql admin password

If innovaphone Reporting is installed, you can configure another password for the postgres admin user.
Default password: postgres.

Web Server

We use lighttpd version 1.4.32. The linux web server user is www-data and group user also www-data. Root directory for the web-server is /var/www/innovaphone. This information is mainly relevant if you plan to develope custom applications and integrate them into linux application platform.

Default users and password for the different levels on the Linux application plattform (see figure below): Linux Application hierarki.PNG

Change web server properties and public access to the web/webdav

  • Force HTTPS: enables redirection for HTTP to HTTPS
  • Public Web Paths: these paths are not password protected, e.g. '/ap'
  • Public Webdav Paths: these webdav paths are not password protected, e.g. '/backup'
    • These paths are by default readonly. You can set the 'Write' flag to make the path also writable. This flag will be anyway ignored if credentials are provided.

<IPadr>/webdav/ is the root directory for webdav files. If you want to access a directory/file without credentials you have to add this directory to the Public Webdav Paths.

Example: /webdav/background/ Here you have the background pictures for your Phones.
Public Webdav Paths: /background or /background/a
Now you have a public access to the folder background.

  • Enter a single '/' for a public root directory. All sub directories and files will be also public then.
  • If you enter e.g. '/update/', the directory 'update' and all sub directories/files will be public.
  • If you enter e.g. '/update', only the directory 'update' and its files will be public.

Important: Linux file names are case sensitive (so /Update is not equal /update)!.

Change the Linux web server credentials

Here you can change the credentials for Web Server access.

If running VMWare, default password is linux. If running IPXX10, password is the one entered at the end of first installation (admin password of the device where linux is running)

Change the Linux webdav access credentials

Here you can change the credentials for webdav access.

If running VMWare, default password is linux. If running IPXX10, password is the one entered at the end of first installation (admin password of the device where linux is running)

Change application access credentials

If you have installed an application, which has the lighttpd-auth property set in its configuration file, you can configure a separate user/password for the applications web site.
If you want to disable the separate authentication, leave the user field empty and enter the currently configured password. The authentication will be the same as the root web server authentication afterwards.
One can just login on the application web site with this access.

A configured access overrides a configured public web path to '/apps/application-name'!

Configure mutual TLS

If you need mutual TLS for innovaphone devices with a certificate signed by innovaphone, you can activate mutual TLS for a configurable port.
Currently we're just supporting client certificates signed by innovaphone's innovaphone Device Certification Authority.

The physical mutual TLS path is /var/www/innovaphone/mtls. Here you can put your script files, e.g. mtls.php.
You then call this script file by https://linux-ip:mtls-port/mtls.php, as this path is the document root for the configured port.

How to upload the script:

Using a webdav client (like NetDrive) upload the script to the webdav folder. Afterwards connect with Putty to the linux.

The uploaded file is under /var/www/innovaphone/webdav and we must move it to /var/www/innovaphone/mtls

Certificates

The current server certificate installed on the web server is shown here. A self signed certificate, innovaphone-linux, is installed by default. It is recommended to change it with your own certificate.

It is also possible to trust or reject other certificates.

Note: Currently the LAP doesn't support the upload of a password protected certificate. As a workaround it is possible to convert the certificate with OpenSSL (on windows or Linux) to PEM format without password and upload this one.

With the following openssl command, the password protected certificate can be changed into an unprotected certificate.

openssl pkcs12 -in CertificateWithPasswort -out CertificateWithoutPasswort.pem -nodes

The unprotected certificate should be deleted directly after upload for security reasons.


If you want to create a private, unsigned certificate you can do this with the following commands on the Linux AP CLI. It is best to go in a folder which can be reached via http later as /var/www/innovaphone/webdav/...

Enter the following command:

openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days xxxx (insert number)

Add -nodes if you don't want to protect your private key with a passphrase.

You now will be asked for certificate information.

To merge the certificate and key you can enter the following command:

cat cert.pem >> key.pem

The file key.pem can now be uploaded via the web interface of the Linux AP.

Backup

The web server can be configured to poll a Command File URL (on a web server).
The backup process is similar to Reference10:Services/Update.

An alarm server can be also configured to receive alarms during an automatic backup: Alarm Server under Diagnostics .

At the bottom you will see a list of the current automatic backup serials from the Command File URL and the log of the last automatic backups.

Backup restore.jpg

Command File

Example:

saveinnovaphonecfgs http://172.16.123.123/webdav/backup/cfgs-#i-#b10.tar.gz

The available default commands are:

saveinnovaphonecfgs

Saves all neccessary configuration files (no application specific files) as a tar gz archive (so you should use .tar.gz as ending).

saveinnovaphonelogs

Saves all available (also application related) log files as a tar gz archive (so you should use .tar.gz as ending).

saveinnovaphone-applicationnamelogs

Saves log files as a tar gz archive (so you should use .tar.gz as ending) for applicationname (reporting, exchange or faxserver) saveinnovaphone-reportinglogs

saveinnovaphone-applicationnamecfgs

Saves all neccessary configuration files as a tar gz archive (so you should use .tar.gz as ending) for applicationname (reporting, exchange or faxserver) saveinnovaphone-reportingcfgs

saveinnovaphone-applicationnamedb

Saves ddbb if existing as a tar gz archive (so you should use .tar.gz as ending) for applicationname (reporting, exchange or faxserver) saveinnovaphone-reportingdb

times

Executes the following command(s) only, if the specified time matches and only once per hour (independent of poll timeout value).
Example:

# both commands always executed
saveinnovaphonelogs http://xxx.xxx.xxx.xxx.xxx/webdav/backup/linux-logs-#i-#m-#b10.tar.gz
saveinnovaphonecfgs http://xxx.xxx.xxx.xxx.xxx/webdav/backup/linux-cfg-#i-#m-#b10.tar.gz
# commands only from monday till saturday at 10am and 11am executed. 
times day:1,2,3,4,5 hour:10,11 
saveinnovaphone-reportingcfgs http://xxx.xxx.xxx.xxx.xxx/webdav/backup/linux-innovaphone-reporting-cfgs-#i-#d-#b10.tar.gz
saveinnovaphone-reportinglogs http://xxx.xxx.xxx.xxx.xxx/webdav/backup/linux-innovaphone-reporting-logs-#i-#d-#b10.tar.gz
# commands only Saturdays and Sundays at 00am executed. 
times day:6,7 hour:00 
saveinnovaphone-reportingcfgs http://xxx.xxx.xxx.xxx.xxx/webdav/backup/linux-innovaphone-reporting-cfgs-#i-#d-#b10.tar.gz
saveinnovaphone-reportinglogs http://xxx.xxx.xxx.xxx.xxx/webdav/backup/linux-innovaphone-reporting-logs-#i-#d-#b10.tar.gz
  • day goes from 1 (Monday) to 7 (Sunday).
  • hour goes from 00 to 23.

You can specify multiple times commands to override the last one.

Backup file name macros

You can use some macros for the backup filename:

  • #i - will be replaced with the current IP address
  • #m - will be replaced with the current MAC address
  • #d - will be replaced with date/time in format Ymd-His (20110231-111010)
  • #bxx - will be replaced with the current backup index, whilst xx is the maximum index

Save configuration files/data

Open this link to see all available files/data/logs to download them manually.

Password files for web server authentication won't be saved!

Restore configuration files/data

Open this link to restore all available files/data.

Password files for web server authentication won't be restored!

Relay Hosts

The Application Platform contains a mail client which speaks SMTP. The SMTP daemon (postfix) looks up by default the DNS MX record of the recipient email address.
Relay SMTP hosts can also be configured to deliver the mails. Each relay host is related to a sender mail address or a sender mail domain. TLS is used if the host supports it.
Examples of the server entry:

mydomain.com
MX record to the domain
smtphost
host name with MX record lookup
[gateway.example.com]
host name with DNS lookup
[an.ip.add.ress]
IP address without DNS lookup

The form [hostname] turns off MX lookups. See also the postfix documentation.
If anonymous SMTP is to be used, user and password must be left empty.

Relay hosts.jpg

Note: Important to use "[]" like in the picture.

Currently innovaphone Reporting and innovaphone Faxserver are using these relay hosts, if entered.

Database

The innovaphone database is created to store e.g. relay hosts. PostgreSQL is also available for other applications and any of them could create its own database.

Password

The database user is innovaphone with default password innovaphone. This password may be changed here.

Remote Access

There are tools (PgAdmin III) that allow to connect to application databases remotely. It is first needed to configure the IP you are connecting from here. (Only Single-IP entry it's allowed, no submask or wildcard for multiple IPs)

For the PgAdmin III it is imporant to use innovaphone as Service-DB (Wartungs-DB). Default login credentials - User: innovaphone - Password: innovaphone

Announcements

You can upload a 16bit,8khz,mono wave file, which will be converted to G711U/G711A/G723/G729 .
The converted files will be stored inside the webdav/announcements folder, e.g. http://172.16.111.111/webdav/announcements/test.g7xx

If you check the Return files as ZIP file flag, you will get a ZIP file, which contains the converted files. These files are not stored locally then!

For the new Codec G722, OPUS-NB and OPUS-WB you have to use the online converter available on my.innovaphone portal (login necessary first): https://my.innovaphone.com/support.php or on our website https://www.innovaphone.com/en/support/convert.html. No Conversion of new codecs is possible with Linux AP !

Applications

List

A list of all currently installed applications.
If an application has an own web interface, you can reach it by using the application name link.

Uninstall

Use the uninstall link in the list to uninstall an application.

Upload/Update

Here all new applications, application updates and application platform updates are installed.
After uploading the file, the installation will start automatically and the installation process will be shown. The page refreshes until the installation has finished.

Diagnostics

Logs

Here you can view, download or clear the available log files from the application platform or from installed applications.
You can also download all log files at once (this archiv also contains older versions from the log files).

RPCAP

Enable/disable RPCAP for use with Wireshark.
A link will be displayed, which you can use within Wireshark.

Alarm Server

Configure an innovaphone device as alarm server:

  • ip: IP address of the innovaphone device
  • [port]
  • [user]: user for authentication to the alarm server
  • [password]
  • [https]: use https to send the alarm

Options in [] are optional.

Alarms from installed applications or the application platform itself will be sent to this configured server.

Status

View the disk usage.

Reset

IPxx10

Shutdown the application platform. You'll have to restart it over the IPxx10 gateway.

VMWare

Shutdown the application platform or reboot it.

Status PHP script

http://LinuxAP/status.php returns an XML file containing the output from the following linux commands:

  • df -H
  • free -h
  • uptime
  • ps -wwweo pid,lstart,time,etime,pcpu,pmem,rsz,vsz,args
  • ss -A inet -ap
  • top -b -n 1

Use as Log or Alarm Server

You can use the application platform as a server for innovaphone logs.
Configure Local-AP(-s)/Remote-AP(-s) on Reference10:Services/Logging.
The following scripts are used to retrieve the logs/alarms:

  • logs: /ap/log.fcgi
  • alarms: /ap/alarm.fcgi

So you can make the path /ap public on the Linux Web Server or you configure an authenticated URL for these files/this path on your innovaphone gateway.

If you configure an authenticated URL, don't forget to configure port 80 or port 443 for secure transport (Remote-AP-S) like
https://111.111.111.111:443/ap or http://111.111.111.111:80/ap

The log and alarm files will be saved unter http://LAP/webdav/log or /alarm. The files are rotated after 1 MB size and four times, so you'll have max 5 files.

Use as File/VM-Server

You can use the application platform as file server, e.g. for update scripts, voicemail etc.
You can access the server with a webdav client via http(s)://Linux-IP/webdav

Public access to certain paths etc. can be configured under the web server configuration.

Keep in mind that the Linux Filesystem(ext3) is case sensitive. The PBX will always search for lowercase letters. If you name your file ‘greetings.G711A’ it won’t be found. You have to name the file ‘greetings.g711a’.

Enable further Tracing

There are different trace options, which can be enabled by calling a certain php script:

https://LINUX-IP/trace.php?level=127

The level is calculated by the addition of one or multiple of the following trace options:

Option To add
TRACE_STD 1
TRACE_DB 2
TRACE_TIME 4
TRACE_CALL_FLOW_TOTAL 8
TRACE_CALL_FLOW 16
TRACE_PARSE_CFG 32
TRACE_LDAP 64
TRACE_XML 128


So currently all trace options are enabled with the level 255.

Default trace level are "0"

Appendix

Creating own applications

See Reference10:Concept Linux Application

Tools

WinSCP

WinSCP is a usefull webdav client, which can be used to access webdav of the innovaphone application platform.

Putty

Putty is SSH client to connect to the linux application platform.


Configuring a new Kernel

If you have installed a hotfix with a new kernel, you will see a warning message on your application platform. Something like:

You're not running the latest kernel Image-6010-3.4.10!
Take a look at our wiki to see, what you have to do now!


To change to the new kernel, you have to reconfigure something on your device, where the CF card is plugged in.

Alarms of the Application Platform

If you have configured an Alarm Server, you will receive certain alarms.
Currently, the following alarms exist:

  • Disk Usage >= 90%
  • read-only mounted partition
  • bad blocks on CF cards
  • Alarms for the innovaphone Reporting Application, if installed
  • Alarms for the innovaphone Exchange Calendar Connector Application, if installed
  • Alarms for the innovaphone Faxserver Application, if installed

Initially installed packages

The following packages are already installed without any application:

  • adduser
  • apt
  • apt-utils
  • aptitude
  • aptitude-common
  • base-files
  • base-passwd
  • bash
  • binutils
  • bsdmainutils
  • bsdutils
  • bzip2
  • ca-certificates
  • comerr-dev
  • coreutils
  • cpio
  • cpp
  • cpp-4.7
  • cpp-4.6
  • cron
  • curl
  • dash
  • db-util
  • db5.1-util
  • debconf
  • debconf-i18n
  • debian-archive-keyring
  • debianutils
  • diffutils
  • dmidecode
  • dmsetup
  • dos2unix
  • dovecot-common
  • dovecot-core
  • dovecot-pgsql
  • dovecot-pop3d
  • dovecot-sieve
  • dpkg
  • e2fslibs
  • e2fsprogs
  • file
  • findutils
  • gamin
  • gcc
  • gcc-4.7
  • gcc-4.6
  • gcc-4.6-base
  • gcc-4.7-base
  • gettext-base
  • gnupg
  • gpgv
  • grep
  • groff-base
  • grub-common
  • grub-legacy
  • gzip
  • hdparm
  • hostname
  • ifupdown
  • info
  • initramfs-tools
  • initscripts
  • insserv
  • install-info
  • iproute
  • iptables
  • iputils-ping
  • isc-dhcp-client
  • isc-dhcp-common
  • klibc-utils
  • kmod
  • krb5-multidev
  • libacl1
  • libapt-inst1.5
  • libapt-pkg4.12
  • libasprintf0c2
  • libattr1
  • libblkid1
  • libboost-iostreams1.49.0
  • libbsd0
  • libbz2-1.0
  • libbz2-dev
  • libc-bin
  • libc-client2007e
  • libc-dev-bin
  • libc6
  • libc6-dev
  • libcap2
  • libclass-isa-perl
  • libcomerr2
  • libcurl3
  • libcurl4-openssl-dev
  • libcwidget3
  • libdb5.1
  • libdevmapper1.02.1
  • libedit2
  • libept1.4.12
  • libexpat1
  • libfcgi-dev
  • libfcgi0ldbl
  • libffi5
  • libfreetype6
  • libfuse2
  • libgamin-dev
  • libgamin0
  • libgcc1
  • libgcrypt11
  • libgcrypt11-dev
  • libgdbm-dev
  • libgdbm3
  • libglib2.0-0
  • libgmp10
  • libgnutls-dev
  • libgnutls-openssl27
  • libgnutls26
  • libgnutlsxx27
  • libgomp1
  • libgpg-error-dev
  • libgpg-error0
  • libgpgme11
  • libgpm2
  • libgssapi-krb5-2
  • libgssrpc4
  • libidn11
  • libidn11-dev
  • libitm1
  • libk5crypto3
  • libkadm5clnt-mit8
  • libkadm5srv-mit8
  • libkdb5-6
  • libkeyutils1
  • libklibc
  • libkmod2
  • libkrb5-3
  • libkrb5-dev
  • libkrb5support0
  • libldap-2.4-2
  • libldap2-dev
  • liblocale-gettext-perl
  • liblzma5
  • libmagic1
  • libmemcache-dev
  • libmemcache0
  • libmount1
  • libmpc2
  • libmpfr4
  • libmysqlclient18
  • libncurses5
  • libncursesw5
  • libnewt0.52
  • libnfnetlink0
  • libonig2
  • libopts25
  • libp11-kit-dev
  • libp11-kit0
  • libpam-modules
  • libpam-modules-bin
  • libpam-pgsql
  • libpam-runtime
  • libpam0g
  • libpam0g-dev
  • libparted0debian1
  • libpcre3
  • libpcre3-dev
  • libpcrecpp0
  • libpipeline1
  • libpng12-0
  • libpng12-dev
  • libpopt0
  • libpq-dev
  • libpq5
  • libprocps0
  • libpth20
  • libqdbm14
  • libquadmath0
  • libreadline6
  • librtmp-dev
  • librtmp0
  • libsasl2-2
  • libsasl2-modules
  • libselinux1
  • libsemanage-common
  • libsemanage1
  • libsepol1
  • libsigc++-2.0-0c2a
  • libslang2
  • libsqlite3-0
  • libsqlite3-dev
  • libss2
  • libssh2-1
  • libssh2-1-dev
  • libssl-dev
  • libssl1.0.0
  • libstdc++6
  • libtasn1-3
  • libtasn1-3-dev
  • libtext-charwidth-perl
  • libtext-iconv-perl
  • libtext-wrapi18n-perl
  • libtinfo5
  • libtokyocabinet9
  • libudev0
  • libusb-0.1-4
  • libustr-1.0-1
  • libuuid-perl
  • libuuid1
  • libwrap0
  • libxapian22
  • libxml2
  • libxml2-dev
  • libxml2-utils
  • linux-base
  • linux-image-3.2.0-4-686-pae
  • linux-libc-dev
  • locales
  • login
  • logrotate
  • lsb-base
  • lsb-release
  • make
  • makedev
  • man-db
  • manpages
  • manpages-dev
  • mawk
  • mime-support
  • mlock
  • module-init-tools
  • mount
  • multiarch-support
  • mysql-common
  • nano
  • ncurses-base
  • ncurses-bin
  • net-tools
  • netbase
  • netcat-traditional
  • ntp
  • ntpdate
  • openssh-client
  • openssh-server
  • openssl
  • parted
  • passwd
  • patch
  • perl-base
  • php-pear
  • php-xml-parser
  • php-xml-serializer
  • php5-cgi
  • php5-cli
  • php5-common
  • php5-curl
  • php5-imap
  • php5-pgsql
  • php5-xcache
  • pkg-config
  • postfix
  • postfix-pcre
  • postfix-pgsql
  • postgresql-9.1
  • postgresql-client-9.1
  • postgresql-client-common
  • postgresql-common
  • procps
  • psmisc
  • python
  • python-minimal
  • python2.7
  • python2.7-minimal
  • rdate
  • readline-common
  • rsyslog
  • sasl2-bin
  • sed
  • sensible-utils
  • shared-mime-info
  • ssh
  • ssl-cert
  • sudo
  • sysv-rc
  • sysvinit
  • sysvinit-utils
  • tar
  • tasksel
  • tasksel-data
  • traceroute
  • tzdata
  • ucf
  • udev
  • util-linux
  • uuid-dev
  • vim
  • vim-common
  • vim-runtime
  • vim-tiny
  • wget
  • whiptail
  • xz-utils
  • zlib1g
  • zlib1g-dev
  • lighttpd-mod-webdav
  • lighttpd

Known Issues

Do not update Debian Packages

The Linux application platform comes with the tested set of required Debian packages. It is not recommended to do a manual update of those packages (or the kernel itself). We have seen situations where updated packages had been changed in a non-downward compatible fashion - resulting in the applications running on the Linux application platform not working properly an more!

Separate authentication for innovaphone applications

If you configured a separate authentication, it depends on the used browser, whether you have to re-authenticate on switching between the root web and the innovaphone application web access or not.

Refreshing issue on hotfix installation

See here.

Kernel Update in VM Platform

The installation of a new kernel fails and this process leaves the system unstable, not being able to install any more debian packages. Hotfix installations will probably fail.

Outdated packages? Debian dist-upgrade?

From time to time we will deliver upgraded debian packages with a new hotfix. As we have to insure compatibility with our applications, we won't perform an upgrade for each hotfix!

Please do not perform an update/upgrade yourself, as this will break future hotfix/application releases. Sometimes we deliver debian packages in our hotfixes and dependencies might be broken if you update/upgrade yourself.

I want to do it anyway!!!

Ok, save your application/ap configuration and data files and install our latest FULL release without any hotfix. Restore the configuration/data files and perform your update/upgrade. Now you can be happy, if everything still works fine...
Perform these steps for each new hotfix release, as you might not be able to apply a new hotfix.

Manual Debian 8 (jessie) dist-upgrade

Make a backup first and innovaphone won't be able to support manually upgraded installations!

If you want an update to Debian 8 (jessie), you can do this via the command line interface (CLI). But there are a few steps necessary.

Install or update all innovaphone applications (Reporting, Faxserver, Exchange Calendar Connector) that should be run on the Linux Application Platform.

Important
  • Subsequently, no Innovaphone applications may be installed or uninstalled!
  • Future Innovaphone Service Releases can not be installed after this step.

Update the Linux Application Platform and all applications to the latest version (at least Service Release 53).

Make a Backup of the Linux Application Platform and all applications.

Make sure, your Linux Application Platform has internet access.

  • Login with a terminal client like Putty.
  • Enter the Debian 8 (jessie) sources in the sources.list to perform the update.
echo "deb http://ftp.de.debian.org/debian jessie main" >> /etc/apt/sources.list
 echo "deb http://security.debian.org jessie/updates main" >> /etc/apt/sources.list
  • Perform the update.
apt-get update
 apt-get dist-upgrade

The following questions answer as follows.

Configuration file '/etc/sysctl.conf': N => keep the current version <br>
 Configuration file '/etc/vim/vimrc': N => keep the current version
  • Remove the paket php5-xcache, as the new PHP comes with an own opcode cache which creates conflicts.
apt-get remove php5-xcache
  • Disable php zend extension, which is now incompatible and restart the webserver.
sed -i 's/zend_extension/;zend_extension/g' /etc/php5/cgi/php.ini
  • Change /bin/sh shell.
ln -sf /bin/bash /bin/sh
  • Apply unoconv patch which comes with latest service release.
cp /usr/bin/unoconv /var/www/innovaphone/apps/innovaphone-faxserver
 cd /var/www/innovaphone/apps/innovaphone-faxserver
 patch < /var/www/innovaphone/apps/innovaphone-faxserver/unoconv_jessie.patch
  • Restart the Linux Application Platform.
reboot


Manual Debian 9 (stretch) dist-upgrade

Available from V10sr63

Make a backup first and innovaphone won't be able to support manually upgraded installations!

If you have already upgraded to Debian 8 (jessie) and you want an update to Debian 9 (stretch), you can do this via the command line interface (CLI). But there are a few steps necessary.

Important
  • Subsequently, no Innovaphone applications may be installed or uninstalled!
  • Future Innovaphone Service Releases can not be installed after this step.

Make a Backup of the Linux Application Platform and all applications.

Make sure, your Linux Application Platform has internet access.

  • Login with a terminal client like Putty.
  • Enter the Debian 9 (stretch) sources in the sources.list to perform the update.
echo "deb http://ftp.de.debian.org/debian stretch main" >> /etc/apt/sources.list
 echo "deb http://security.debian.org stretch/updates main" >> /etc/apt/sources.list
  • Perform the update.
apt-get update
 apt-get dist-upgrade

The following questions answer as follows.

Configuration file '/etc/sysctl.conf': N => keep the current version 
 Configuration file '/etc/dhcp/dhclient-exit-hooks.d/ntp': N => keep the current version 
 Configuration file '/etc/ntp.conf': N => keep the current version 
 Configuration file '/etc/rsyslog.conf': N => keep the current version 
 Configuration file '/etc/vim/vimrc': N => keep the current version
  • Cleanup old packages.
apt-get autoremove
  • Change /bin/sh shell.
ln -sf /bin/bash /bin/sh
  • Install needed PHP 7 Modules.
apt-get install php7.0-soap php7.0-pgsql php7.0-curl
  • Update php.ini.
sed -i 's/;include_path = \".:\/usr\/share\/php\"/include_path = \".:\/usr\/share\/php:\/var\/www\/innovaphone\"/' /etc/php/7.0/cli/php.ini
 echo "extension=soap" >> /etc/php/7.0/cli/php.ini
  • Apply unoconv patch which comes with latest service release.
cp /usr/bin/unoconv /var/www/innovaphone/apps/innovaphone-faxserver
 cd /var/www/innovaphone/apps/innovaphone-faxserver
 patch < /var/www/innovaphone/apps/innovaphone-faxserver/unoconv_stretch.patch
  • Restart the Linux Application Platform.
reboot


Important, you cannot upgrade the Linux Application Platform to Debian 10 (buster).

Database Performance Issues

When you run many applications on your LAP (for example, Reporting or Fax for many PBXs), you may run into database performance issues. In this case, you will see messages like

LOG:  checkpoints are occurring too frequently (29 seconds apart)
HINT:  Consider increasing the configuration parameter "checkpoint_segments".

in the postgresql log file. To fix this, you may carefully increase the setting of checkpoint_segments in /etc/postgresql/9.1/main/postgresql.conf. By default, this value is not set (commented out):

#checkpoint_segments = 3  # in logfile segments, min 1, 16MB each

You can change this to 10

checkpoint_segments = 10  # in logfile segments, min 1, 16MB each

(note the removed comment introducer at the beginning of the line). Please note that this will take 112MB more disk space on the LAP, so be sure you have enough.

For more details on postgresql tuning, see https://wiki.postgresql.org/wiki/Tuning_Your_PostgreSQL_Server.

Note that you may need to re-apply this change when you have installed a LAP update.

Socket error on LAP web server

By default, the LAP's web server lighttpd allows for 512 concurrent connections with 1024 open file descriptors. If you have reached that number of concurrent connections, the web server isn't reachable anymore, and you will see errors like

sockets disabled, connection limit reached 

in the web server logs.

To increase the number of concurrent connections, follow these instructions

How To

Reset webserver/webdav passwords

In case you have lost your webserver or webdav password, but you still have the root credentials, you can login with SSH and execute the following commands:

echo "admin:Linux Web Server:c33c4d3f554367d5d1c3c9bf36803024" > /home/lighttpd/lighttpd_htdigest.user
echo "admin:Linux Webdav:7182e328a0531dd2d44d225f36da6b87" > /home/lighttpd/webdav_htdigest.user
/etc/init.d/lighttpd restart

Afterwards you can access your webserver/webdav with admin/linux

The same can be done for application specific passwords, e.g. Reporting. 
In this case, use the file /home/lighttpd/innovaphone-reporting-htdigest.user

Convert the Linux AP to VMware vSphere

If you are using a VMware vSphere 4.x or later you need to use the VM Ware Standalone Converter to convert the Linux Application Platform. You'll find a step by step guide here

TroubleShooting

Installation process failed

When the installation process stuck either because it doesn't get IP or services are not refresh/finished there is some additional information we could get from the Compact Flash that could help us understanding what is failing and if necessary open a support ticket and include this information in the ticket to innovaphone.

  • Stop the linux and check General->Compact Flash "Browse files". All files in there might be helpfull (all but the kernel, of course).
  • Start the linux and check if you can connect to the configured/expected IP address via Putty after ~1 minute.

Note: The file /var/log/init_install.log might help us to get a clue of the failure.

Howto save and restore Linux AP data/database if the webgui is not available

If the linux ap webgui is not reachable a common reason is that the harddisc is full. If a full hd is the case, maybe your first thought is to increase the harddisc. It could be a solution but there are some traps to increase the partition in linux which can be ended in complete data loss

The fastest way to get linux ap working with a new harddsik size is to install a new one.

How can you save the data without get access over the webgui? If you can reach linux via putty it could be possible :)

Here are some possibilities how to do that over the shell: (But keep in the back of you head that you are working as root and therefore typing errors can lead to undesirable behaviours!)

1. Delete at first all the logfiles. Sometimes a few MByte are enough to get all the stopped services running again and you could reach liunx over the webgui. i.e. the reporting logfiles are under "/var/www/innovaphone/apps/innovaphone-reporting/log", the fax server logfiles are under "/var/www/innovaphone/apps/innovaphone-faxserver/log" -> Don't delete the 'log' directory itself! Delete only the content:

  root@vmware-debian: cd /var/www/innovaphone/apps/innovaphone-reporting/log/
  root@vmware-debian: rm *

Is the linux ap after a restart running and over http reachable, download all the config and databases and restore them on the new linux ap (2.2).

Save.png

2. In case the reason for the unreachable webgui was not a full harddisk you can save the config/database (only reporting and exchange connector at the moment) over the shell.

 root@vmware-debian:/# cd /home/postgres/
 for reporting type:
 root@vmware-debian:/# sudo -u postgres /usr/bin/pg_dump --encoding=utf8 --schema=public -Fc -U postgres innovaphone-reporting | gzip -fc6 > innovaphone-reporting-db.gz
 root@vmware-debian:/# cd /home/postgres/
 for exchange connector type:
 root@vmware-debian:/# sudo -u postgres /usr/bin/pg_dump --encoding=utf8 --schema=public -Fc -U postgres innovaphone-exchange | gzip -fc6 > innovaphone-exchange-db.gz

2.1 Access linux with winscp (protocol: scp / user: root) and download the .gz (don't unzip)

Reporting.png

(BTW: you can download with scp also the complete webdav files. But for the upload use as user 'admin' and as protocol "webdav". Otherwise the owner is still root and this ends in authorization problems)

Webdav.png

2.2. on the new linux ap upload this .gz

Restore.png


3. The steps mentioned above should be only the last try to get the data and could work or not. To be always on the save site use a standby Linux (for reporting), save configs (update server) and delete (automatic) old cdr's to avoid a full hd.

How to recover from a broken File System

Sometimes you may find messages in the kern.log log file (in var/log) like

Aug 15 10:45:31 ip6010-debian kernel: EXT4-fs (sda4): initial error at 1500329378: ext4_journal_start_sb:328
Aug 15 10:45:31 ip6010-debian kernel: EXT4-fs (sda4): last error at 1500329378: ext4_journal_start_sb:328

This indicates a file system failure on the Linux Installation.

When the Linux file system is broken, you can try to repair it using some command line Linux tools.

  • Open the WebGUI of the gateway running your LAP and proceed to Linux/General
    • terminate Linux (Status/Stop)
    • modify the Kernel command line from root=/dev/sda4 to root=/dev/sda2
    • start Linux again
This will run Linux on another (hopefully sane) partition.
  • use putty to log in to the LAP's command line
    • on the command prompt, use e2fsck -p -f /dev/sda4
this should fix any issue on the file system
  • go back to the WebGUI of the gateway running your LAP and proceed to Linux/General
    • terminate Linux (Status/Stop)
    • modify the Kernel command line from root=/dev/sda2 to root=/dev/sda4
    • start Linux again
This will run Linux on the original partition.

If this doesn't fix your issue, you need to replace the SSD with a new one, re-install the LAP and any applications and restore your backups.

<internal> Internal: How to recover from a disk-is-full Condition: [1] </internal>

Lighttpd logfile shows "(response.c.634) file not found ... or so: Too many open files ..."

In large installations with many users, depending on the configurations, the web server may be at its limit and not deliver new files because there are too many parallel accesses. The following command can be used to check the current number of open files

root@ip-armel-debian:~# cat /proc/sys/fs/file-nr
928 0 155218
[current] [historical 0] [maximum]

In the end, there are the following solutions:

  1. Make sure that the web server can process the requests faster and that there are not so many open files.
    • You have to spend more Hardware Power (SSD, RAM, CPU)
  2. Make sure that the traffic is distributed more and that there is not so much traffic at the same time.
    • Example: 500 telephones that are simultaneously polling for update scripts.
    • Separate web server (LAP) for individual services.
  3. Increase the number of parallel connections in the web server configuration
    • You can increase the number there, but this can also be harmful if the hardware is then no longer able to process it. So please consult the lighttpd documentation for max-fds and max-connections
    • vim /etc/lighttpd/lighttpd.conf
    • ##server.max-fds: maximum number of file descriptors
    • server.max-fds = 8000
    • server.max-connections = 2000
    • /etc/init.d/lighttpd restart

Related Articles