Re: [asterisk-users] Asterisk installation script on CentOS7 with systemd [SOLVED]
On Mon, Dec 19, 2016 at 05:10:42PM +0100, Olivier wrote: > Thanks for the tip: > changing to permissive mode made it ! > > Using methods suggested in [1], do you think its possible and worth the > effort to configure SELinux to work with Asterisk/Systemd in Enforcing mode > ? > > [1] https://wiki.centos.org/HowTos/SELinux I think it should be possible. IIRC I once gave it a shot and was mildly successful, but eventually gave up due to issues related to interaction with Apache. If you do run into a problem, I wonder what it is. -- Tzafrir Cohen icq#16849755 jabber:tzafrir.co...@xorcom.com +972-50-7952406 mailto:tzafrir.co...@xorcom.com http://www.xorcom.com -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Asterisk installation script on CentOS7 with systemd
On Mon, Dec 19, 2016 at 03:54:47PM +0100, Olivier wrote: > Hello, > > For a new project, I'm adapting existing installation script to CentOS 7. > I must admit I don't understand how to adapt things to systemd. > > Here are my questions: > > 1. I don't see any systemd sub-directory in asterisk-13.13.1/contrib. > Do you think such directory and matching Makefile target could be useful ? > > 2. Should /run/asterisk directory creation be left to systemd or done by > installation script before running "systemctl start asterisk" ? > > 3. I edited the following /etc/systemd/system:asterisk.service file: > [Unit] > Description=Asterisk PBX and telephony daemon. > After=network.target > > [Service] > Type=forking > PIDFile=/var/run/asterisk/asterisk.pid Remove those two (or get latest version with sd_notify support, make sure it works, and use 'Type=notify') > Environment=HOME=/var/lib/asterisk > WorkingDirectory=/var/lib/asterisk > ExecStart=/usr/sbin/asterisk -vvvgF -U asterisk -G asterisk -C Drop -F as well > /etc/asterisk/asterisk.conf > #ExecStart=/usr/sbin/asterisk -vvvgF -C /etc/asterisk/asterisk.conf > ExecStop=/usr/sbin/asterisk -rx 'core stop now' I'm trying to think if this is needed. Anything wrong with just letting systemd kill asterisk and all of its child precesses? > ExecReload=/usr/sbin/asterisk -rx 'core reload' Also, IIRC: User=asterisk -- Tzafrir Cohen icq#16849755 jabber:tzafrir.co...@xorcom.com +972-50-7952406 mailto:tzafrir.co...@xorcom.com http://www.xorcom.com -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Asterisk installation script on CentOS7 with systemd [SOLVED]
Le 19/12/2016 à 17:10, Olivier a écrit : 2016-12-19 16:11 GMT+01:00 Jean Aunis>: Le 19/12/2016 à 15:54, Olivier a écrit : Running systemctl start asterisk fails with : Dec 19 15:43:08 foobar systemd: PID file /var/run/asterisk/asterisk.pid not readable (yet?) after start. Dec 19 15:43:09 foobar systemd: asterisk.service: main process exited, code=exited, status=1/FAILURE Dec 19 15:43:09 foobar asterisk: Unable to connect to remote asterisk (does /var/run/asterisk/asterisk.ctl exist?) Dec 19 15:43:09 foobar systemd: asterisk.service: control process exited, code=exited status=1 Dec 19 15:43:09 foobar systemd: Unit asterisk.service entered failed state. Dec 19 15:43:09 foobar systemd: asterisk.service failed. But /usr/sbin/asterisk -vvvgF -U asterisk -G asterisk -C /etc/asterisk/asterisk.conf succeeds: # rasterisk Asterisk 13.13.1, Copyright (C) 1999 - 2014, Digium, Inc. and others. ... = Running as user 'asterisk' Running under group 'asterisk' Connected to Asterisk 13.13.1 currently running on ... Any hint or help on how to debug this ? (I tried with and without any /run/asterisk directory owned by asterisk.asterisk) Best regards Hello, Make sure that selinux is disabled, or in "permissive" mode. Otherwise it will prevent asterisk from starting. Thanks for the tip: changing to permissive mode made it ! Using methods suggested in [1], do you think its possible and worth the effort to configure SELinux to work with Asterisk/Systemd in Enforcing mode ? A quick look in various tuto all disable SELinux. [1] https://wiki.centos.org/HowTos/SELinux I never spent time to figure out how selinux should be configured for Asterisk, but it is certainly possible to do something clean about that. I noticed that, when I install Asterisk with a custom-made RPM package, SELinux will stop blocking it. I guess RPM has some magic embedded into it to configure SELinux with the proper rules. Still, is it worth the effort ? Probably not if you consider Asterisk alone : as it is running with the unprivileged user asterisk, the standard Linux permissions will protect your system if Asterisk is attacked. But considering your system as a whole, disabling selinux may not be a good idea : other processes may required to be secured with the selinux stuff. I'm not an IT security expert, so please consider what I wrote above with caution. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Asterisk installation script on CentOS7 with systemd [SOLVED]
2016-12-19 16:11 GMT+01:00 Jean Aunis: > Le 19/12/2016 à 15:54, Olivier a écrit : > > Hello, > > For a new project, I'm adapting existing installation script to CentOS 7. > I must admit I don't understand how to adapt things to systemd. > > Here are my questions: > > 1. I don't see any systemd sub-directory in asterisk-13.13.1/contrib. > Do you think such directory and matching Makefile target could be useful ? > > 2. Should /run/asterisk directory creation be left to systemd or done by > installation script before running "systemctl start asterisk" ? > > 3. I edited the following /etc/systemd/system:asterisk.service file: > [Unit] > Description=Asterisk PBX and telephony daemon. > After=network.target > > [Service] > Type=forking > PIDFile=/var/run/asterisk/asterisk.pid > Environment=HOME=/var/lib/asterisk > WorkingDirectory=/var/lib/asterisk > ExecStart=/usr/sbin/asterisk -vvvgF -U asterisk -G asterisk -C > /etc/asterisk/asterisk.conf > #ExecStart=/usr/sbin/asterisk -vvvgF -C /etc/asterisk/asterisk.conf > ExecStop=/usr/sbin/asterisk -rx 'core stop now' > ExecReload=/usr/sbin/asterisk -rx 'core reload' > > > [Install] > WantedBy=multi-user.target > > Running systemctl start asterisk fails with : > Dec 19 15:43:08 foobar systemd: PID file /var/run/asterisk/asterisk.pid > not readable (yet?) after start. > Dec 19 15:43:09 foobar systemd: asterisk.service: main process exited, > code=exited, status=1/FAILURE > Dec 19 15:43:09 foobar asterisk: Unable to connect to remote asterisk > (does /var/run/asterisk/asterisk.ctl exist?) > Dec 19 15:43:09 foobar systemd: asterisk.service: control process exited, > code=exited status=1 > Dec 19 15:43:09 foobar systemd: Unit asterisk.service entered failed state. > Dec 19 15:43:09 foobar systemd: asterisk.service failed. > > > But /usr/sbin/asterisk -vvvgF -U asterisk -G asterisk -C > /etc/asterisk/asterisk.conf succeeds: > # rasterisk > Asterisk 13.13.1, Copyright (C) 1999 - 2014, Digium, Inc. and others. > ... > = > Running as user 'asterisk' > Running under group 'asterisk' > Connected to Asterisk 13.13.1 currently running on ... > > Any hint or help on how to debug this ? > (I tried with and without any /run/asterisk directory owned by > asterisk.asterisk) > > > Best regards > > > > Hello, > > Make sure that selinux is disabled, or in "permissive" mode. Otherwise it > will prevent asterisk from starting. > Thanks for the tip: changing to permissive mode made it ! Using methods suggested in [1], do you think its possible and worth the effort to configure SELinux to work with Asterisk/Systemd in Enforcing mode ? A quick look in various tuto all disable SELinux. [1] https://wiki.centos.org/HowTos/SELinux > Best regards > > Jean Aunis > > -- > _ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > Check out the new Asterisk community forum at: https://community.asterisk. > org/ > > New to Asterisk? Start here: > https://wiki.asterisk.org/wiki/display/AST/Getting+Started > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: >http://lists.digium.com/mailman/listinfo/asterisk-users > -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Asterisk installation script on CentOS7 with systemd
Le 19/12/2016 à 15:54, Olivier a écrit : Hello, For a new project, I'm adapting existing installation script to CentOS 7. I must admit I don't understand how to adapt things to systemd. Here are my questions: 1. I don't see any systemd sub-directory in asterisk-13.13.1/contrib. Do you think such directory and matching Makefile target could be useful ? 2. Should /run/asterisk directory creation be left to systemd or done by installation script before running "systemctl start asterisk" ? 3. I edited the following /etc/systemd/system:asterisk.service file: [Unit] Description=Asterisk PBX and telephony daemon. After=network.target [Service] Type=forking PIDFile=/var/run/asterisk/asterisk.pid Environment=HOME=/var/lib/asterisk WorkingDirectory=/var/lib/asterisk ExecStart=/usr/sbin/asterisk -vvvgF -U asterisk -G asterisk -C /etc/asterisk/asterisk.conf #ExecStart=/usr/sbin/asterisk -vvvgF -C /etc/asterisk/asterisk.conf ExecStop=/usr/sbin/asterisk -rx 'core stop now' ExecReload=/usr/sbin/asterisk -rx 'core reload' [Install] WantedBy=multi-user.target Running systemctl start asterisk fails with : Dec 19 15:43:08 foobar systemd: PID file /var/run/asterisk/asterisk.pid not readable (yet?) after start. Dec 19 15:43:09 foobar systemd: asterisk.service: main process exited, code=exited, status=1/FAILURE Dec 19 15:43:09 foobar asterisk: Unable to connect to remote asterisk (does /var/run/asterisk/asterisk.ctl exist?) Dec 19 15:43:09 foobar systemd: asterisk.service: control process exited, code=exited status=1 Dec 19 15:43:09 foobar systemd: Unit asterisk.service entered failed state. Dec 19 15:43:09 foobar systemd: asterisk.service failed. But /usr/sbin/asterisk -vvvgF -U asterisk -G asterisk -C /etc/asterisk/asterisk.conf succeeds: # rasterisk Asterisk 13.13.1, Copyright (C) 1999 - 2014, Digium, Inc. and others. ... = Running as user 'asterisk' Running under group 'asterisk' Connected to Asterisk 13.13.1 currently running on ... Any hint or help on how to debug this ? (I tried with and without any /run/asterisk directory owned by asterisk.asterisk) Best regards Hello, Make sure that selinux is disabled, or in "permissive" mode. Otherwise it will prevent asterisk from starting. Best regards Jean Aunis -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Asterisk installation script on CentOS7 with systemd
Hello, For a new project, I'm adapting existing installation script to CentOS 7. I must admit I don't understand how to adapt things to systemd. Here are my questions: 1. I don't see any systemd sub-directory in asterisk-13.13.1/contrib. Do you think such directory and matching Makefile target could be useful ? 2. Should /run/asterisk directory creation be left to systemd or done by installation script before running "systemctl start asterisk" ? 3. I edited the following /etc/systemd/system:asterisk.service file: [Unit] Description=Asterisk PBX and telephony daemon. After=network.target [Service] Type=forking PIDFile=/var/run/asterisk/asterisk.pid Environment=HOME=/var/lib/asterisk WorkingDirectory=/var/lib/asterisk ExecStart=/usr/sbin/asterisk -vvvgF -U asterisk -G asterisk -C /etc/asterisk/asterisk.conf #ExecStart=/usr/sbin/asterisk -vvvgF -C /etc/asterisk/asterisk.conf ExecStop=/usr/sbin/asterisk -rx 'core stop now' ExecReload=/usr/sbin/asterisk -rx 'core reload' [Install] WantedBy=multi-user.target Running systemctl start asterisk fails with : Dec 19 15:43:08 foobar systemd: PID file /var/run/asterisk/asterisk.pid not readable (yet?) after start. Dec 19 15:43:09 foobar systemd: asterisk.service: main process exited, code=exited, status=1/FAILURE Dec 19 15:43:09 foobar asterisk: Unable to connect to remote asterisk (does /var/run/asterisk/asterisk.ctl exist?) Dec 19 15:43:09 foobar systemd: asterisk.service: control process exited, code=exited status=1 Dec 19 15:43:09 foobar systemd: Unit asterisk.service entered failed state. Dec 19 15:43:09 foobar systemd: asterisk.service failed. But /usr/sbin/asterisk -vvvgF -U asterisk -G asterisk -C /etc/asterisk/asterisk.conf succeeds: # rasterisk Asterisk 13.13.1, Copyright (C) 1999 - 2014, Digium, Inc. and others. ... = Running as user 'asterisk' Running under group 'asterisk' Connected to Asterisk 13.13.1 currently running on ... Any hint or help on how to debug this ? (I tried with and without any /run/asterisk directory owned by asterisk.asterisk) Best regards -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users