Le 19/12/2016 à 17:10, Olivier a écrit :
2016-12-19 16:11 GMT+01:00 Jean Aunis <jean.au...@prescom.fr
<mailto:jean.au...@prescom.fr>>:
Le 19/12/2016 à 15:54, Olivier a écrit :
<snip>
Running systemctl start asterisk fails with :
Dec 19 15:43:08 foobar systemd: PID file
/var/run/asterisk/asterisk.pid not readable (yet?) after start.
Dec 19 15:43:09 foobar systemd: asterisk.service: main process
exited, code=exited, status=1/FAILURE
Dec 19 15:43:09 foobar asterisk: Unable to connect to remote
asterisk (does /var/run/asterisk/asterisk.ctl exist?)
Dec 19 15:43:09 foobar systemd: asterisk.service: control process
exited, code=exited status=1
Dec 19 15:43:09 foobar systemd: Unit asterisk.service entered
failed state.
Dec 19 15:43:09 foobar systemd: asterisk.service failed.
But /usr/sbin/asterisk -vvvgF -U asterisk -G asterisk -C
/etc/asterisk/asterisk.conf succeeds:
# rasterisk
Asterisk 13.13.1, Copyright (C) 1999 - 2014, Digium, Inc. and others.
...
=========================================================================
Running as user 'asterisk'
Running under group 'asterisk'
Connected to Asterisk 13.13.1 currently running on ...
Any hint or help on how to debug this ?
(I tried with and without any /run/asterisk directory owned by
asterisk.asterisk)
Best regards
Hello,
Make sure that selinux is disabled, or in "permissive" mode.
Otherwise it will prevent asterisk from starting.
Thanks for the tip:
changing to permissive mode made it !
Using methods suggested in [1], do you think its possible and worth
the effort to configure SELinux to work with Asterisk/Systemd in
Enforcing mode ?
A quick look in various tuto all disable SELinux.
[1] https://wiki.centos.org/HowTos/SELinux
I never spent time to figure out how selinux should be configured for
Asterisk, but it is certainly possible to do something clean about that.
I noticed that, when I install Asterisk with a custom-made RPM package,
SELinux will stop blocking it. I guess RPM has some magic embedded into
it to configure SELinux with the proper rules.
Still, is it worth the effort ? Probably not if you consider Asterisk
alone : as it is running with the unprivileged user asterisk, the
standard Linux permissions will protect your system if Asterisk is attacked.
But considering your system as a whole, disabling selinux may not be a
good idea : other processes may required to be secured with the selinux
stuff.
I'm not an IT security expert, so please consider what I wrote above
with caution.
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
Check out the new Asterisk community forum at: https://community.asterisk.org/
New to Asterisk? Start here:
https://wiki.asterisk.org/wiki/display/AST/Getting+Started
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
