Reference10:Concept Linux Application Platform
Introduction
The innovaphone Linux Application Platform permits to install innovaphone or custom applications for certain purposes, like Reporting or a Fax Server.
It also allows to backup/restore configuration files, uninstall applications or see and backup logs.
The Linux distribution Debian 7.1 (Wheezy) is used and linux kernel is 3.4.10 (IPxx10) and 3.2.0.4 (VM)
The architecture of the platform is armel.
Requirements
There are three ways to use the innovaphone Linux Application Platform:
On an IPxx10 Gateway
- An IP810, IP0010, IP3010 or IP6010 Gateway
- Firmware Version 10
- A compact flash card with UDMA support (minimum 8 GB)
- We recommend SanDisk Extreme with UDMA and 90 MB/s or above
On an IPx11 Gateway
- An IP0011, IP311, IP411, IP811 or IP3011 Gateway
- Firmware Version 11r2
- An SSD mSATA
As a Virtual Machine
- VMWare Player, VMWare Workstation, VMWare vSphere, Microsoft HyperV (Howto:Convert_a_V10_LinuxAP_to_VHDX_to_run_on_Hyper-V)
- Minimal Requirements for the Virtual Machine:
1vCPU ( we run 800 MHZ CPU on our IPXX10 Gateways, so similar speed or higher it's enough, nevertheless depending on the operations/load you could need more CPU speed/vCPU) 512 MB RAM 8GB Disk
Installation
Download the latest Linux Application Platform from download.innovaphone.com .
You can download and install two different packages: The IPxx10/IPx11 package to run on the gateways or a VMware image for VMware
Default Credentials
- Web/Webdav: admin/linux
- Root-Login (e.g. with Putty): root/iplinux
Disk space calculation
See Reference10:Concept_Reporting#Calculation_of_required_disk_space.
It is strongly recommended that you try to precalculate the needed disk space and that you choose a suiting disk size.
Disk space usage after first time installation
IPxx10/IPx11 Gateways
- /dev/sda1: 32 MB (fat32 partition with two kernels, which are started by the IPxx10 or IPx11)
- /dev/sda2: 524 MB (ext2 initial installation partition)
- /dev/sda3: 120 MB (swap partition)
- /dev/sda4: 620 MB / xx GB depending of the size of the used CF card (ext4 partition, which is actually booted)
All in all about 1.3 GB are already in use after the initial installation.
VMWare
- /dev/sda1: 674 MB (ext2 initial installation partition)
- /dev/sda2: 120 MB (swap partition)
- /dev/sda3: 767 MB / xx GB depending of your pre installation configuration (ext3 partition, which is actually booted)
All in all about 1.6 GB are already in use after the initial installation.
Linux Application Platform (IPxx10 or IPx11 Gateways)
It is recommended to use CF-Cards with sizes of 8GB or more and the card must support UDMA!
- Enable Linux under Linux General.
- Be sure that "Autostart Linux" is disabled until the installation process is finished.
- You need to enable Proxy-ARP on ETH0 or ETH1 here , so your gateway and the linux appliance will share the same physical interface. Simply go to IP4 > ETH0 (if used) > IP and check Proxy ARP
- Decompress the downloaded package. You should have an image file like
linux_ipxx10_armel.img
now. This works for both IPxx10 and IPx11 hardware! - Upload the decompressed file over the gateways web interface under Reference10:General/Compact-Flash/Image (IPxx10) or Reference11r2:General/SSD/Image (IPx11). Unmount the CF card/SSD if necessary. Select "Part 1" before starting the upload!
- Reset the box (which also activates the config change of step 1).
- Configure IP under Reference10:Linux/IP : select either "Disabled" to assign a static IP or ETH0/ETH1 to receive an IP-Address from DHCP-Server behind ETH0 or ETH1.
- Configure the kernel file, which you find under Reference10:General/Compact-Flash/General#Browse_CF_Content on Reference10:Linux/General Linux kernel file
- IPxx10 hardware:
Image-6010-3.4.10
- IPx11 hardware:
Image-IPx11-4.4.0
- IPxx10 hardware:
- Configure
root=/dev/sda2
under Reference10:Linux/General Kernel command line. - If you want, configure the autostart flag.
- Submit your changes.
- Click the Reference10:Linux/General Start-Link. The page refreshes until Linux gets an IP and then tries to get a link to the Linux Web Server, which can take some time for the first time installation (~ 5 minutes to 2 hours, for a IP411 ~15 minutes).
- Open the Linux Web Server to see the installation progress (which might take several minutes too). The default credentials are admin/linux for both platforms.
- The output of the installation log is stored on the Linux AP under
/var/log/init_install.log
. In case you have no access to the web server but a console or SSH access, you can check the installation progress in this log file. E.g. login to the console with root/iplinux and run follwong command:more /var/log/init_install.log
. In case you have an SSH connection to the Linux AP, you can download this file using WinSCP tool. - Enter the innovaphone device IP address (optional port allowed) and admin credentials when the installation has finished. Now wait until the page refrehses. The web server credentials are now the innovaphone device admin credentials, e.g. admin/ip6010.
- If the device couldn't be reconfigured, you will get an error message Command line at the PBX could not be changed... In this case, you have to open Reference10:Linux/General on your device, click stop and enter
root=/dev/sda4
under Kernel command line. Then start again. Your Linux webserver credentials will be admin/linux in this case.
- If the device couldn't be reconfigured, you will get an error message Command line at the PBX could not be changed... In this case, you have to open Reference10:Linux/General on your device, click stop and enter
- Linux install has finished.
- You will see now
root=/dev/sda4
under Reference10:Linux/General since Linux is running in on the fourth partition. You shouldn't change that unless you want to install Linux again.
Linux Application Platform (VMWare)
- Decompress the downloaded archive. You should have two files: IP-Debian.vmx and IP-Debian.vmdk.
- We can open using Vmware Player/Workstation, if you wish to run on Vsphere 4.x or later please convert it by the same method it's done with the IPVA (see Using VMware vSphere)
- Now you have two possibilities (example for VMWare Player, VMWare Workstation should be similar):
- If you want to assign more than 8 GB virtual flash:
- Do not directly start/doubleclick the vmx file!
- Start the VMware Player and Open the vmx file with Open a Virtual Machine.
- Open Edit virtual machine settings.
- Select the hard disk and Expand it under Utilities to the wished size.
- Apply the change and klick Play virtual machine.
- If 8 GB are enough, simply double click the vmx file and Linux will start.
- If you want to assign more than 8 GB virtual flash:
- The first time, a script will automatically configure a new partition, the web server etc., which will take some time. The waiting time depends on the CPU of the computer running the vmware player. In some cases the waiting time can be up to 30 minutes, in most cases the installation finishes in about 2-5 minutes.
- In the meantime, fetch your IP from the VMWare Player screen or login as root and get your IP address with the command ifconfig.
- Login to the web server to see the installation progress (it may take some minutes until the web server is up).
- Linux will restart automatically after the first time installation has finished.
- Linux install has finished.
Hotfix Installation
If you have already installed the latest version of the Linux Application Platform, simply download the Linux...HotfixIncremental for your platform (VM or IPxx10/IPx11) or if you have missed some hotfixes, download the Linux...HotfixCumulative archive, which contains all hotfixes since hotfix1.
Upload this hotfix archive here.
Refreshing issue on installation
You might get a PHP error when the browser is refreshing during the installation. Just refresh (F5) the page and you'll get the installation progress again.
Upgrade from a previous major Release
For instructions how to upgrade from a previous major release (such as V9 to V10), see Upgrading Linux Application Platform in Firmware Upgrade V9 V10.
Static IP
The Linux itself must be running in DHCP client mode on an IPxx10/IPxx11 gateway to run properly. If you want to assign a static IP address, do it like this:
- On an IPxx10/IPxx11: assign a static IP under Reference10:Linux/IP, this will do an internal DHCP response to the Linux that's running as DHCP client mode.
- On a VMWare: assign a static IP in your local DHCP server for your MAC address defined in the *.vmx file or configure a static IP address under Configure IP .
IPxx10/IPxx11 Transit network for Linux
When running Linux on an innovaphone device IPxx10/IPxx11 there is no dedicated network interface for the Linux machine. Instead we have a special transit network between the Linux and the device. The Linux will always operate as DHCP Client mode.
Any ARP request done by the Linux machine will always get the same ARP result that will be the internal "NIC" inside the device, so all packets are always sent to the same IPxx10/IPxx11 device that works as a router. When the packet sent by the Linux machine arrives the innovaphone device, it will follow the IP routing table of the device itself.
In case we have a single network (voice) we will have no problem since the default gateway is just one. However, if we wish to split into two networks (voice and data) and the Linux machine should have a different default gateway, this has no effect since IP routing is based on the innovaphone device IP routing table, because we can't have two default gateways at the same time.
Administration
General
Configure IP
The IP configuration on the Linux Application Platform is only available on a VM! A static IP for a Linux Application Platform for an IPxx10/IPxx11 can be configured on your gateway under Linux/IP.
- Mode: either DHCP Client or Static
- [IP Address]: the desired static IP address
- [Subnet Mask]
- [Gateway]
- [DNS Server]
- [Alternate DNS Server]
The optional parameters in [] can be only configured, if Static is selected as mode.
Change the root credentials
Here you can change the credentials of the Linux root user.
Default password: iplinux
Configure Authenticated URLs
Configure credentials for authenticated URLs. These credentials will be used in automatic backups.
You can add/remove Urls with the + and - at the right side of the list.
- URL: the URL, e.g. https://172.16.123.123/backup
- User: the user for this URL
- Password: the password for this URL
Configure NTP server
Configures a NTP server.
- NTP Server: the IP of the NTP Server
Change Timezone
Default is Europe/Berlin but you can change that to a valid timezone (an error is given if timezone not present).
Change postgresql admin password
If innovaphone Reporting is installed, you can configure another password for the postgres admin user.
Default password: postgres.
Web Server
We use lighttpd version 1.4.32. The linux web server user is www-data and group user also www-data. Root directory for the web-server is /var/www/innovaphone. This information is mainly relevant if you plan to develope custom applications and integrate them into linux application platform.
Default users and password for the different levels on the Linux application plattform (see figure below):
Change web server properties and public access to the web/webdav
- Force HTTPS: enables redirection for HTTP to HTTPS
- Public Web Paths: these paths are not password protected, e.g. '/ap'
- Public Webdav Paths: these webdav paths are not password protected, e.g. '/backup'
- These paths are by default readonly. You can set the 'Write' flag to make the path also writable. This flag will be anyway ignored if credentials are provided.
- These paths are by default readonly. You can set the 'Write' flag to make the path also writable. This flag will be anyway ignored if credentials are provided.
<IPadr>/webdav/
is the root directory for webdav files. If you want to access a directory/file without credentials you have to add this directory to the Public Webdav Paths.
Example: /webdav/background/
Here you have the background pictures for your Phones.
Public Webdav Paths: /background
or /background/a
Now you have a public access to the folder background.
- Enter a single '
/
' for a public root directory. All sub directories and files will be also public then. - If you enter e.g. '
/update/
', the directory 'update' and all sub directories/files will be public. - If you enter e.g. '
/update
', only the directory 'update' and its files will be public.
Important: Linux file names are case sensitive (so /Update
is not equal /update
)!.
Change the Linux web server credentials
Here you can change the credentials for Web Server access.
If running VMWare, default password is linux. If running IPXX10, password is the one entered at the end of first installation (admin password of the device where linux is running)
Change the Linux webdav access credentials
Here you can change the credentials for webdav access.
If running VMWare, default password is linux. If running IPXX10, password is the one entered at the end of first installation (admin password of the device where linux is running)
Change application access credentials
If you have installed an application, which has the lighttpd-auth property set in its configuration file, you can configure a separate user/password for the applications web site.
If you want to disable the separate authentication, leave the user field empty and enter the currently configured password. The authentication will be the same as the root web server authentication afterwards.
One can just login on the application web site with this access.
A configured access overrides a configured public web path to '/apps/application-name'!
Configure mutual TLS
If you need mutual TLS for innovaphone devices with a certificate signed by innovaphone, you can activate mutual TLS for a configurable port.
Currently we're just supporting client certificates signed by innovaphone's innovaphone Device Certification Authority.
The physical mutual TLS path is /var/www/innovaphone/mtls. Here you can put your script files, e.g. mtls.php.
You then call this script file by https://linux-ip:mtls-port/mtls.php, as this path is the document root for the configured port.
How to upload the script:
Using a webdav client (like NetDrive) upload the script to the webdav folder. Afterwards connect with Putty to the linux.
The uploaded file is under /var/www/innovaphone/webdav and we must move it to /var/www/innovaphone/mtls
Certificates
The current server certificate installed on the web server is shown here. A self signed certificate, innovaphone-linux, is installed by default. It is recommended to change it with your own certificate.
It is also possible to trust or reject other certificates.
Note: Currently the LAP doesn't support the upload of a password protected certificate. As a workaround it is possible to convert the certificate with OpenSSL (on windows or Linux) to PEM format without password and upload this one.
With the following openssl command, the password protected certificate can be changed into an unprotected certificate.
openssl pkcs12 -in
CertificateWithPasswort -out
CertificateWithoutPasswort.pem -nodes
The unprotected certificate should be deleted directly after upload for security reasons.
If you want to create a private, unsigned certificate you can do this with the following commands on the Linux AP CLI.
It is best to go in a folder which can be reached via http later as /var/www/innovaphone/webdav/...
Enter the following command:
openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days xxxx (insert number)
Add -nodes
if you don't want to protect your private key with a passphrase.
You now will be asked for certificate information.
To merge the certificate and key you can enter the following command:
cat cert.pem >> key.pem
The file key.pem can now be uploaded via the web interface of the Linux AP.
Backup
The web server can be configured to poll a Command File URL (on a web server).
The backup process is similar to Reference10:Services/Update.
An alarm server can be also configured to receive alarms during an automatic backup: Alarm Server under Diagnostics .
At the bottom you will see a list of the current automatic backup serials from the Command File URL and the log of the last automatic backups.
Command File
Example:
saveinnovaphonecfgs http://172.16.123.123/webdav/backup/cfgs-#i-#b10.tar.gz
The available default commands are:
saveinnovaphonecfgs
Saves all neccessary configuration files (no application specific files) as a tar gz archive (so you should use .tar.gz as ending).
saveinnovaphonelogs
Saves all available (also application related) log files as a tar gz archive (so you should use .tar.gz as ending).
saveinnovaphone-applicationnamelogs
Saves log files as a tar gz archive (so you should use .tar.gz as ending) for applicationname (reporting, exchange or faxserver) saveinnovaphone-reportinglogs
saveinnovaphone-applicationnamecfgs
Saves all neccessary configuration files as a tar gz archive (so you should use .tar.gz as ending) for applicationname (reporting, exchange or faxserver) saveinnovaphone-reportingcfgs
saveinnovaphone-applicationnamedb
Saves ddbb if existing as a tar gz archive (so you should use .tar.gz as ending) for applicationname (reporting, exchange or faxserver) saveinnovaphone-reportingdb
times
Executes the following command(s) only, if the specified time matches and only once per hour (independent of poll timeout value).
Example:
# both commands always executed saveinnovaphonelogs http://xxx.xxx.xxx.xxx.xxx/webdav/backup/linux-logs-#i-#m-#b10.tar.gz saveinnovaphonecfgs http://xxx.xxx.xxx.xxx.xxx/webdav/backup/linux-cfg-#i-#m-#b10.tar.gz # commands only from monday till saturday at 10am and 11am executed. times day:1,2,3,4,5 hour:10,11 saveinnovaphone-reportingcfgs http://xxx.xxx.xxx.xxx.xxx/webdav/backup/linux-innovaphone-reporting-cfgs-#i-#d-#b10.tar.gz saveinnovaphone-reportinglogs http://xxx.xxx.xxx.xxx.xxx/webdav/backup/linux-innovaphone-reporting-logs-#i-#d-#b10.tar.gz # commands only Saturdays and Sundays at 00am executed. times day:6,7 hour:00 saveinnovaphone-reportingcfgs http://xxx.xxx.xxx.xxx.xxx/webdav/backup/linux-innovaphone-reporting-cfgs-#i-#d-#b10.tar.gz saveinnovaphone-reportinglogs http://xxx.xxx.xxx.xxx.xxx/webdav/backup/linux-innovaphone-reporting-logs-#i-#d-#b10.tar.gz
- day goes from 1 (Monday) to 7 (Sunday).
- hour goes from 00 to 23.
You can specify multiple times commands to override the last one.
Backup file name macros
You can use some macros for the backup filename:
- #i - will be replaced with the current IP address
- #m - will be replaced with the current MAC address
- #d - will be replaced with date/time in format Ymd-His (20110231-111010)
- #bxx - will be replaced with the current backup index, whilst xx is the maximum index
Save configuration files/data
Open this link to see all available files/data/logs to download them manually.
Password files for web server authentication won't be saved!
Restore configuration files/data
Open this link to restore all available files/data.
Password files for web server authentication won't be restored!
Relay Hosts
The Application Platform contains a mail client which speaks SMTP.
The SMTP daemon (postfix) looks up by default the DNS MX record of the recipient email address.
Relay SMTP hosts can also be configured to deliver the mails. Each relay host is related to a sender mail address or a sender mail domain. TLS is used if the host supports it.
Examples of the server entry:
- mydomain.com
- MX record to the domain
- smtphost
- host name with MX record lookup
- [gateway.example.com]
- host name with DNS lookup
- [an.ip.add.ress]
- IP address without DNS lookup
The form [hostname] turns off MX lookups. See also the postfix documentation.
If anonymous SMTP is to be used, user and password must be left empty.
Note: Important to use "[]" like in the picture.
Currently innovaphone Reporting and innovaphone Faxserver are using these relay hosts, if entered.
Database
The innovaphone database is created to store e.g. relay hosts. PostgreSQL is also available for other applications and any of them could create its own database.
Password
The database user is innovaphone with default password innovaphone. This password may be changed here.
Remote Access
There are tools (PgAdmin III) that allow to connect to application databases remotely. It is first needed to configure the IP you are connecting from here. (Only Single-IP entry it's allowed, no submask or wildcard for multiple IPs)
For the PgAdmin III it is imporant to use innovaphone as Service-DB (Wartungs-DB). Default login credentials - User: innovaphone - Password: innovaphone
Announcements
You can upload a 16bit,8khz,mono wave file, which will be converted to G711U/G711A/G723/G729 .
The converted files will be stored inside the webdav/announcements folder, e.g. http://172.16.111.111/webdav/announcements/test.g7xx
If you check the Return files as ZIP file flag, you will get a ZIP file, which contains the converted files. These files are not stored locally then!
For the new Codec G722, OPUS-NB and OPUS-WB you have to use the online converter available on my.innovaphone portal (login necessary first): https://my.innovaphone.com/support.php or on our website https://www.innovaphone.com/en/support/convert.html. No Conversion of new codecs is possible with Linux AP !
Applications
List
A list of all currently installed applications.
If an application has an own web interface, you can reach it by using the application name link.
Uninstall
Use the uninstall link in the list to uninstall an application.
Upload/Update
Here all new applications, application updates and application platform updates are installed.
After uploading the file, the installation will start automatically and the installation process will be shown. The page refreshes until the installation has finished.
Diagnostics
Logs
Here you can view, download or clear the available log files from the application platform or from installed applications.
You can also download all log files at once (this archiv also contains older versions from the log files).
RPCAP
Enable/disable RPCAP for use with Wireshark.
A link will be displayed, which you can use within Wireshark.
Alarm Server
Configure an innovaphone device as alarm server:
- ip: IP address of the innovaphone device
- [port]
- [user]: user for authentication to the alarm server
- [password]
- [https]: use https to send the alarm
Options in [] are optional.
Alarms from installed applications or the application platform itself will be sent to this configured server.
Status
View the disk usage.
Reset
IPxx10
Shutdown the application platform. You'll have to restart it over the IPxx10 gateway.
VMWare
Shutdown the application platform or reboot it.
Status PHP script
http://LinuxAP/status.php returns an XML file containing the output from the following linux commands:
- df -H
- free -h
- uptime
- ps -wwweo pid,lstart,time,etime,pcpu,pmem,rsz,vsz,args
- ss -A inet -ap
- top -b -n 1
Use as Log or Alarm Server
You can use the application platform as a server for innovaphone logs.
Configure Local-AP(-s)/Remote-AP(-s) on Reference10:Services/Logging.
The following scripts are used to retrieve the logs/alarms:
- logs: /ap/log.fcgi
- alarms: /ap/alarm.fcgi
So you can make the path /ap public on the Linux Web Server or you configure an authenticated URL for these files/this path on your innovaphone gateway.
If you configure an authenticated URL, don't forget to configure port 80 or port 443 for secure transport (Remote-AP-S) like https://111.111.111.111:443/ap or http://111.111.111.111:80/ap
The log and alarm files will be saved unter http://LAP/webdav/log or /alarm. The files are rotated after 1 MB size and four times, so you'll have max 5 files.
Use as File/VM-Server
You can use the application platform as file server, e.g. for update scripts, voicemail etc.
You can access the server with a webdav client via http(s)://Linux-IP/webdav
Public access to certain paths etc. can be configured under the web server configuration.
Keep in mind that the Linux Filesystem(ext3) is case sensitive. The PBX will always search for lowercase letters. If you name your file ‘greetings.G711A’ it won’t be found. You have to name the file ‘greetings.g711a’.
Enable further Tracing
There are different trace options, which can be enabled by calling a certain php script:
https://LINUX-IP/trace.php?level=127
The level is calculated by the addition of one or multiple of the following trace options:
Option | To add |
TRACE_STD | 1 |
TRACE_DB | 2 |
TRACE_TIME | 4 |
TRACE_CALL_FLOW_TOTAL | 8 |
TRACE_CALL_FLOW | 16 |
TRACE_PARSE_CFG | 32 |
TRACE_LDAP | 64 |
TRACE_XML | 128 |
So currently all trace options are enabled with the level 255.
Default trace level are "0"
Appendix
Creating own applications
See Reference10:Concept Linux Application
Tools
WinSCP
WinSCP is a usefull webdav client, which can be used to access webdav of the innovaphone application platform.
Putty
Putty is SSH client to connect to the linux application platform.
Configuring a new Kernel
If you have installed a hotfix with a new kernel, you will see a warning message on your application platform. Something like:
You're not running the latest kernel Image-6010-3.4.10! Take a look at our wiki to see, what you have to do now!
To change to the new kernel, you have to reconfigure something on your device, where the CF card is plugged in.
- First shutdown your Linux (see Reference10:Concept_Linux_Application_Platform#IPxx10 )
- Stop Linux under Reference10:Linux/General
- Configure the latest kernel file (currently
Image-6010-3.4.10
) under Reference10:Linux/General Linux kernel file - Start Linux under Reference10:Linux/General
Alarms of the Application Platform
If you have configured an Alarm Server, you will receive certain alarms.
Currently, the following alarms exist:
- Disk Usage >= 90%
- read-only mounted partition
- bad blocks on CF cards
- Alarms for the innovaphone Reporting Application, if installed
- Alarms for the innovaphone Exchange Calendar Connector Application, if installed
- Alarms for the innovaphone Faxserver Application, if installed
Initially installed packages
The following packages are already installed without any application:
- adduser
- apt
- apt-utils
- aptitude
- aptitude-common
- base-files
- base-passwd
- bash
- binutils
- bsdmainutils
- bsdutils
- bzip2
- ca-certificates
- comerr-dev
- coreutils
- cpio
- cpp
- cpp-4.7
- cpp-4.6
- cron
- curl
- dash
- db-util
- db5.1-util
- debconf
- debconf-i18n
- debian-archive-keyring
- debianutils
- diffutils
- dmidecode
- dmsetup
- dos2unix
- dovecot-common
- dovecot-core
- dovecot-pgsql
- dovecot-pop3d
- dovecot-sieve
- dpkg
- e2fslibs
- e2fsprogs
- file
- findutils
- gamin
- gcc
- gcc-4.7
- gcc-4.6
- gcc-4.6-base
- gcc-4.7-base
- gettext-base
- gnupg
- gpgv
- grep
- groff-base
- grub-common
- grub-legacy
- gzip
- hdparm
- hostname
- ifupdown
- info
- initramfs-tools
- initscripts
- insserv
- install-info
- iproute
- iptables
- iputils-ping
- isc-dhcp-client
- isc-dhcp-common
- klibc-utils
- kmod
- krb5-multidev
- libacl1
- libapt-inst1.5
- libapt-pkg4.12
- libasprintf0c2
- libattr1
- libblkid1
- libboost-iostreams1.49.0
- libbsd0
- libbz2-1.0
- libbz2-dev
- libc-bin
- libc-client2007e
- libc-dev-bin
- libc6
- libc6-dev
- libcap2
- libclass-isa-perl
- libcomerr2
- libcurl3
- libcurl4-openssl-dev
- libcwidget3
- libdb5.1
- libdevmapper1.02.1
- libedit2
- libept1.4.12
- libexpat1
- libfcgi-dev
- libfcgi0ldbl
- libffi5
- libfreetype6
- libfuse2
- libgamin-dev
- libgamin0
- libgcc1
- libgcrypt11
- libgcrypt11-dev
- libgdbm-dev
- libgdbm3
- libglib2.0-0
- libgmp10
- libgnutls-dev
- libgnutls-openssl27
- libgnutls26
- libgnutlsxx27
- libgomp1
- libgpg-error-dev
- libgpg-error0
- libgpgme11
- libgpm2
- libgssapi-krb5-2
- libgssrpc4
- libidn11
- libidn11-dev
- libitm1
- libk5crypto3
- libkadm5clnt-mit8
- libkadm5srv-mit8
- libkdb5-6
- libkeyutils1
- libklibc
- libkmod2
- libkrb5-3
- libkrb5-dev
- libkrb5support0
- libldap-2.4-2
- libldap2-dev
- liblocale-gettext-perl
- liblzma5
- libmagic1
- libmemcache-dev
- libmemcache0
- libmount1
- libmpc2
- libmpfr4
- libmysqlclient18
- libncurses5
- libncursesw5
- libnewt0.52
- libnfnetlink0
- libonig2
- libopts25
- libp11-kit-dev
- libp11-kit0
- libpam-modules
- libpam-modules-bin
- libpam-pgsql
- libpam-runtime
- libpam0g
- libpam0g-dev
- libparted0debian1
- libpcre3
- libpcre3-dev
- libpcrecpp0
- libpipeline1
- libpng12-0
- libpng12-dev
- libpopt0
- libpq-dev
- libpq5
- libprocps0
- libpth20
- libqdbm14
- libquadmath0
- libreadline6
- librtmp-dev
- librtmp0
- libsasl2-2
- libsasl2-modules
- libselinux1
- libsemanage-common
- libsemanage1
- libsepol1
- libsigc++-2.0-0c2a
- libslang2
- libsqlite3-0
- libsqlite3-dev
- libss2
- libssh2-1
- libssh2-1-dev
- libssl-dev
- libssl1.0.0
- libstdc++6
- libtasn1-3
- libtasn1-3-dev
- libtext-charwidth-perl
- libtext-iconv-perl
- libtext-wrapi18n-perl
- libtinfo5
- libtokyocabinet9
- libudev0
- libusb-0.1-4
- libustr-1.0-1
- libuuid-perl
- libuuid1
- libwrap0
- libxapian22
- libxml2
- libxml2-dev
- libxml2-utils
- linux-base
- linux-image-3.2.0-4-686-pae
- linux-libc-dev
- locales
- login
- logrotate
- lsb-base
- lsb-release
- make
- makedev
- man-db
- manpages
- manpages-dev
- mawk
- mime-support
- mlock
- module-init-tools
- mount
- multiarch-support
- mysql-common
- nano
- ncurses-base
- ncurses-bin
- net-tools
- netbase
- netcat-traditional
- ntp
- ntpdate
- openssh-client
- openssh-server
- openssl
- parted
- passwd
- patch
- perl-base
- php-pear
- php-xml-parser
- php-xml-serializer
- php5-cgi
- php5-cli
- php5-common
- php5-curl
- php5-imap
- php5-pgsql
- php5-xcache
- pkg-config
- postfix
- postfix-pcre
- postfix-pgsql
- postgresql-9.1
- postgresql-client-9.1
- postgresql-client-common
- postgresql-common
- procps
- psmisc
- python
- python-minimal
- python2.7
- python2.7-minimal
- rdate
- readline-common
- rsyslog
- sasl2-bin
- sed
- sensible-utils
- shared-mime-info
- ssh
- ssl-cert
- sudo
- sysv-rc
- sysvinit
- sysvinit-utils
- tar
- tasksel
- tasksel-data
- traceroute
- tzdata
- ucf
- udev
- util-linux
- uuid-dev
- vim
- vim-common
- vim-runtime
- vim-tiny
- wget
- whiptail
- xz-utils
- zlib1g
- zlib1g-dev
- lighttpd-mod-webdav
- lighttpd
Known Issues
Do not update Debian Packages
The Linux application platform comes with the tested set of required Debian packages. It is not recommended to do a manual update of those packages (or the kernel itself). We have seen situations where updated packages had been changed in a non-downward compatible fashion - resulting in the applications running on the Linux application platform not working properly an more!
Separate authentication for innovaphone applications
If you configured a separate authentication, it depends on the used browser, whether you have to re-authenticate on switching between the root web and the innovaphone application web access or not.
Refreshing issue on hotfix installation
Kernel Update in VM Platform
The installation of a new kernel fails and this process leaves the system unstable, not being able to install any more debian packages. Hotfix installations will probably fail.
Outdated packages? Debian dist-upgrade?
From time to time we will deliver upgraded debian packages with a new hotfix. As we have to insure compatibility with our applications, we won't perform an upgrade for each hotfix!
Please do not perform an update/upgrade yourself, as this will break future hotfix/application releases. Sometimes we deliver debian packages in our hotfixes and dependencies might be broken if you update/upgrade yourself.
I want to do it anyway!!!
Ok, save your application/ap configuration and data files and install our latest FULL release without any hotfix. Restore the configuration/data files and perform your update/upgrade. Now you can be happy, if everything still works fine...
Perform these steps for each new hotfix release, as you might not be able to apply a new hotfix.
Manual Debian 8 (jessie) dist-upgrade
Make a backup first and innovaphone won't be able to support manually upgraded installations!
If you want an update to Debian 8 (jessie), you can do this via the command line interface (CLI). But there are a few steps necessary.
Install or update all innovaphone applications (Reporting, Faxserver, Exchange Calendar Connector) that should be run on the Linux Application Platform.
- Important
- Subsequently, no Innovaphone applications may be installed or uninstalled!
- Future Innovaphone Service Releases can not be installed after this step.
Update the Linux Application Platform and all applications to the latest version (at least Service Release 53).
Make a Backup of the Linux Application Platform and all applications.
Make sure, your Linux Application Platform has internet access.
- Login with a terminal client like Putty.
- Enter the Debian 8 (jessie) sources in the sources.list to perform the update.
echo "deb http://ftp.de.debian.org/debian jessie main" >> /etc/apt/sources.list
echo "deb http://security.debian.org jessie/updates main" >> /etc/apt/sources.list
- Perform the update.
apt-get update
apt-get dist-upgrade
The following questions answer as follows.
Configuration file '/etc/sysctl.conf': N => keep the current version <br>
Configuration file '/etc/vim/vimrc': N => keep the current version
- Remove the paket php5-xcache, as the new PHP comes with an own opcode cache which creates conflicts.
apt-get remove php5-xcache
- Disable php zend extension, which is now incompatible and restart the webserver.
sed -i 's/zend_extension/;zend_extension/g' /etc/php5/cgi/php.ini
- Change /bin/sh shell.
ln -sf /bin/bash /bin/sh
- Apply unoconv patch which comes with latest service release.
cp /usr/bin/unoconv /var/www/innovaphone/apps/innovaphone-faxserver
cd /var/www/innovaphone/apps/innovaphone-faxserver
patch < /var/www/innovaphone/apps/innovaphone-faxserver/unoconv_jessie.patch
- Restart the Linux Application Platform.
reboot
Manual Debian 9 (stretch) dist-upgrade
Available from V10sr63
Make a backup first and innovaphone won't be able to support manually upgraded installations!
If you have already upgraded to Debian 8 (jessie) and you want an update to Debian 9 (stretch), you can do this via the command line interface (CLI). But there are a few steps necessary.
- Important
- Subsequently, no Innovaphone applications may be installed or uninstalled!
- Future Innovaphone Service Releases can not be installed after this step.
Make a Backup of the Linux Application Platform and all applications.
Make sure, your Linux Application Platform has internet access.
- Login with a terminal client like Putty.
- Enter the Debian 9 (stretch) sources in the sources.list to perform the update.
echo "deb http://ftp.de.debian.org/debian stretch main" >> /etc/apt/sources.list
echo "deb http://security.debian.org stretch/updates main" >> /etc/apt/sources.list
- Perform the update.
apt-get update
apt-get dist-upgrade
The following questions answer as follows.
Configuration file '/etc/sysctl.conf': N => keep the current version
Configuration file '/etc/dhcp/dhclient-exit-hooks.d/ntp': N => keep the current version
Configuration file '/etc/ntp.conf': N => keep the current version
Configuration file '/etc/rsyslog.conf': N => keep the current version
Configuration file '/etc/vim/vimrc': N => keep the current version
- Cleanup old packages.
apt-get autoremove
- Change /bin/sh shell.
ln -sf /bin/bash /bin/sh
- Install needed PHP 7 Modules.
apt-get install php7.0-soap php7.0-pgsql php7.0-curl
- Update php.ini.
sed -i 's/;include_path = \".:\/usr\/share\/php\"/include_path = \".:\/usr\/share\/php:\/var\/www\/innovaphone\"/' /etc/php/7.0/cli/php.ini
echo "extension=soap" >> /etc/php/7.0/cli/php.ini
- Apply unoconv patch which comes with latest service release.
cp /usr/bin/unoconv /var/www/innovaphone/apps/innovaphone-faxserver
cd /var/www/innovaphone/apps/innovaphone-faxserver
patch < /var/www/innovaphone/apps/innovaphone-faxserver/unoconv_stretch.patch
- Restart the Linux Application Platform.
reboot
Important, you cannot upgrade the Linux Application Platform to Debian 10 (buster).
Database Performance Issues
When you run many applications on your LAP (for example, Reporting or Fax for many PBXs), you may run into database performance issues. In this case, you will see messages like
LOG: checkpoints are occurring too frequently (29 seconds apart) HINT: Consider increasing the configuration parameter "checkpoint_segments".
in the postgresql log file. To fix this, you may carefully increase the setting of checkpoint_segments
in /etc/postgresql/9.1/main/postgresql.conf
. By default, this value is not set (commented out):
#checkpoint_segments = 3 # in logfile segments, min 1, 16MB each
You can change this to 10
checkpoint_segments = 10 # in logfile segments, min 1, 16MB each
(note the removed comment introducer at the beginning of the line). Please note that this will take 112MB more disk space on the LAP, so be sure you have enough.
For more details on postgresql tuning, see https://wiki.postgresql.org/wiki/Tuning_Your_PostgreSQL_Server.
Note that you may need to re-apply this change when you have installed a LAP update.
Socket error on LAP web server
By default, the LAP's web server lighttpd allows for 512 concurrent connections with 1024 open file descriptors. If you have reached that number of concurrent connections, the web server isn't reachable anymore, and you will see errors like
sockets disabled, connection limit reached
in the web server logs.
To increase the number of concurrent connections, follow these instructions
How To
Reset webserver/webdav passwords
In case you have lost your webserver or webdav password, but you still have the root credentials, you can login with SSH and execute the following commands:
echo "admin:Linux Web Server:c33c4d3f554367d5d1c3c9bf36803024" > /home/lighttpd/lighttpd_htdigest.user
echo "admin:Linux Webdav:7182e328a0531dd2d44d225f36da6b87" > /home/lighttpd/webdav_htdigest.user
/etc/init.d/lighttpd restart
Afterwards you can access your webserver/webdav with admin/linux
The same can be done for application specific passwords, e.g. Reporting. In this case, use the file /home/lighttpd/innovaphone-reporting-htdigest.user
Convert the Linux AP to VMware vSphere
If you are using a VMware vSphere 4.x or later you need to use the VM Ware Standalone Converter to convert the Linux Application Platform. You'll find a step by step guide here
TroubleShooting
Installation process failed
When the installation process stuck either because it doesn't get IP or services are not refresh/finished there is some additional information we could get from the Compact Flash that could help us understanding what is failing and if necessary open a support ticket and include this information in the ticket to innovaphone.
- Stop the linux and check General->Compact Flash "Browse files". All files in there might be helpfull (all but the kernel, of course).
- Start the linux and check if you can connect to the configured/expected IP address via Putty after ~1 minute.
Note: The file /var/log/init_install.log might help us to get a clue of the failure.
Howto save and restore Linux AP data/database if the webgui is not available
If the linux ap webgui is not reachable a common reason is that the harddisc is full. If a full hd is the case, maybe your first thought is to increase the harddisc. It could be a solution but there are some traps to increase the partition in linux which can be ended in complete data loss
The fastest way to get linux ap working with a new harddsik size is to install a new one.
How can you save the data without get access over the webgui? If you can reach linux via putty it could be possible :)
Here are some possibilities how to do that over the shell: (But keep in the back of you head that you are working as root and therefore typing errors can lead to undesirable behaviours!)
1. Delete at first all the logfiles. Sometimes a few MByte are enough to get all the stopped services running again and you could reach liunx over the webgui. i.e. the reporting logfiles are under "/var/www/innovaphone/apps/innovaphone-reporting/log", the fax server logfiles are under "/var/www/innovaphone/apps/innovaphone-faxserver/log" -> Don't delete the 'log' directory itself! Delete only the content:
root@vmware-debian: cd /var/www/innovaphone/apps/innovaphone-reporting/log/ root@vmware-debian: rm *
Is the linux ap after a restart running and over http reachable, download all the config and databases and restore them on the new linux ap (2.2).
2. In case the reason for the unreachable webgui was not a full harddisk you can save the config/database (only reporting and exchange connector at the moment) over the shell.
root@vmware-debian:/# cd /home/postgres/ for reporting type: root@vmware-debian:/# sudo -u postgres /usr/bin/pg_dump --encoding=utf8 --schema=public -Fc -U postgres innovaphone-reporting | gzip -fc6 > innovaphone-reporting-db.gz
root@vmware-debian:/# cd /home/postgres/ for exchange connector type: root@vmware-debian:/# sudo -u postgres /usr/bin/pg_dump --encoding=utf8 --schema=public -Fc -U postgres innovaphone-exchange | gzip -fc6 > innovaphone-exchange-db.gz
2.1 Access linux with winscp (protocol: scp / user: root) and download the .gz (don't unzip)
(BTW: you can download with scp also the complete webdav files. But for the upload use as user 'admin' and as protocol "webdav". Otherwise the owner is still root and this ends in authorization problems)
2.2. on the new linux ap upload this .gz
3. The steps mentioned above should be only the last try to get the data and could work or not.
To be always on the save site use a standby Linux (for reporting), save configs (update server) and delete (automatic) old cdr's to avoid a full hd.
How to recover from a broken File System
Sometimes you may find messages in the kern.log log file (in var/log) like
Aug 15 10:45:31 ip6010-debian kernel: EXT4-fs (sda4): initial error at 1500329378: ext4_journal_start_sb:328 Aug 15 10:45:31 ip6010-debian kernel: EXT4-fs (sda4): last error at 1500329378: ext4_journal_start_sb:328
This indicates a file system failure on the Linux Installation.
When the Linux file system is broken, you can try to repair it using some command line Linux tools.
- Open the WebGUI of the gateway running your LAP and proceed to Linux/General
- terminate Linux (Status/Stop)
- modify the Kernel command line from root=/dev/sda4 to
root=/dev/sda2
- start Linux again
- This will run Linux on another (hopefully sane) partition.
- use putty to log in to the LAP's command line
- on the command prompt, use
e2fsck -p -f /dev/sda4
- on the command prompt, use
- this should fix any issue on the file system
- go back to the WebGUI of the gateway running your LAP and proceed to Linux/General
- terminate Linux (Status/Stop)
- modify the Kernel command line from root=/dev/sda2 to
root=/dev/sda4
- start Linux again
- This will run Linux on the original partition.
If this doesn't fix your issue, you need to replace the SSD with a new one, re-install the LAP and any applications and restore your backups.
<internal> Internal: How to recover from a disk-is-full Condition: [1] </internal>
Lighttpd logfile shows "(response.c.634) file not found ... or so: Too many open files ..."
In large installations with many users, depending on the configurations, the web server may be at its limit and not deliver new files because there are too many parallel accesses. The following command can be used to check the current number of open files
root@ip-armel-debian:~# cat /proc/sys/fs/file-nr 928 0 155218 [current] [historical 0] [maximum]
In the end, there are the following solutions:
- Make sure that the web server can process the requests faster and that there are not so many open files.
- You have to spend more Hardware Power (SSD, RAM, CPU)
- Make sure that the traffic is distributed more and that there is not so much traffic at the same time.
- Example: 500 telephones that are simultaneously polling for update scripts.
- Separate web server (LAP) for individual services.
- Increase the number of parallel connections in the web server configuration
- You can increase the number there, but this can also be harmful if the hardware is then no longer able to process it. So please consult the lighttpd documentation for max-fds and max-connections
vim /etc/lighttpd/lighttpd.conf
##server.max-fds: maximum number of file descriptors
server.max-fds = 8000
server.max-connections = 2000
/etc/init.d/lighttpd restart