Olivier
2016-Dec-19 16:10 UTC
[asterisk-users] Asterisk installation script on CentOS7 with systemd [SOLVED]
2016-12-19 16:11 GMT+01:00 Jean Aunis <jean.aunis at prescom.fr>:> Le 19/12/2016 ? 15:54, Olivier a ?crit : > > Hello, > > For a new project, I'm adapting existing installation script to CentOS 7. > I must admit I don't understand how to adapt things to systemd. > > Here are my questions: > > 1. I don't see any systemd sub-directory in asterisk-13.13.1/contrib. > Do you think such directory and matching Makefile target could be useful ? > > 2. Should /run/asterisk directory creation be left to systemd or done by > installation script before running "systemctl start asterisk" ? > > 3. I edited the following /etc/systemd/system:asterisk.service file: > [Unit] > Description=Asterisk PBX and telephony daemon. > After=network.target > > [Service] > Type=forking > PIDFile=/var/run/asterisk/asterisk.pid > Environment=HOME=/var/lib/asterisk > WorkingDirectory=/var/lib/asterisk > ExecStart=/usr/sbin/asterisk -vvvgF -U asterisk -G asterisk -C > /etc/asterisk/asterisk.conf > #ExecStart=/usr/sbin/asterisk -vvvgF -C /etc/asterisk/asterisk.conf > ExecStop=/usr/sbin/asterisk -rx 'core stop now' > ExecReload=/usr/sbin/asterisk -rx 'core reload' > > > [Install] > WantedBy=multi-user.target > > Running systemctl start asterisk fails with : > Dec 19 15:43:08 foobar systemd: PID file /var/run/asterisk/asterisk.pid > not readable (yet?) after start. > Dec 19 15:43:09 foobar systemd: asterisk.service: main process exited, > code=exited, status=1/FAILURE > Dec 19 15:43:09 foobar asterisk: Unable to connect to remote asterisk > (does /var/run/asterisk/asterisk.ctl exist?) > Dec 19 15:43:09 foobar systemd: asterisk.service: control process exited, > code=exited status=1 > Dec 19 15:43:09 foobar systemd: Unit asterisk.service entered failed state. > Dec 19 15:43:09 foobar systemd: asterisk.service failed. > > > But /usr/sbin/asterisk -vvvgF -U asterisk -G asterisk -C > /etc/asterisk/asterisk.conf succeeds: > # rasterisk > Asterisk 13.13.1, Copyright (C) 1999 - 2014, Digium, Inc. and others. > ... > ========================================================================> Running as user 'asterisk' > Running under group 'asterisk' > Connected to Asterisk 13.13.1 currently running on ... > > Any hint or help on how to debug this ? > (I tried with and without any /run/asterisk directory owned by > asterisk.asterisk) > > > Best regards > > > > Hello, > > Make sure that selinux is disabled, or in "permissive" mode. Otherwise it > will prevent asterisk from starting. >Thanks for the tip: changing to permissive mode made it ! Using methods suggested in [1], do you think its possible and worth the effort to configure SELinux to work with Asterisk/Systemd in Enforcing mode ? A quick look in various tuto all disable SELinux. [1] https://wiki.centos.org/HowTos/SELinux> Best regards > > Jean Aunis > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > Check out the new Asterisk community forum at: https://community.asterisk. > org/ > > New to Asterisk? Start here: > https://wiki.asterisk.org/wiki/display/AST/Getting+Started > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20161219/0f7f7bfb/attachment.html>
Jean Aunis
2016-Dec-19 16:58 UTC
[asterisk-users] Asterisk installation script on CentOS7 with systemd [SOLVED]
Le 19/12/2016 ? 17:10, Olivier a ?crit :> > > 2016-12-19 16:11 GMT+01:00 Jean Aunis <jean.aunis at prescom.fr > <mailto:jean.aunis at prescom.fr>>: > > Le 19/12/2016 ? 15:54, Olivier a ?crit : >> <snip> >> >> Running systemctl start asterisk fails with : >> Dec 19 15:43:08 foobar systemd: PID file >> /var/run/asterisk/asterisk.pid not readable (yet?) after start. >> Dec 19 15:43:09 foobar systemd: asterisk.service: main process >> exited, code=exited, status=1/FAILURE >> Dec 19 15:43:09 foobar asterisk: Unable to connect to remote >> asterisk (does /var/run/asterisk/asterisk.ctl exist?) >> Dec 19 15:43:09 foobar systemd: asterisk.service: control process >> exited, code=exited status=1 >> Dec 19 15:43:09 foobar systemd: Unit asterisk.service entered >> failed state. >> Dec 19 15:43:09 foobar systemd: asterisk.service failed. >> >> >> But /usr/sbin/asterisk -vvvgF -U asterisk -G asterisk -C >> /etc/asterisk/asterisk.conf succeeds: >> # rasterisk >> Asterisk 13.13.1, Copyright (C) 1999 - 2014, Digium, Inc. and others. >> ... >> ========================================================================>> Running as user 'asterisk' >> Running under group 'asterisk' >> Connected to Asterisk 13.13.1 currently running on ... >> >> Any hint or help on how to debug this ? >> (I tried with and without any /run/asterisk directory owned by >> asterisk.asterisk) >> >> >> Best regards >> >> > > Hello, > > Make sure that selinux is disabled, or in "permissive" mode. > Otherwise it will prevent asterisk from starting. > > > Thanks for the tip: > changing to permissive mode made it ! > > Using methods suggested in [1], do you think its possible and worth > the effort to configure SELinux to work with Asterisk/Systemd in > Enforcing mode ? > A quick look in various tuto all disable SELinux. > > > > [1] https://wiki.centos.org/HowTos/SELinux >I never spent time to figure out how selinux should be configured for Asterisk, but it is certainly possible to do something clean about that. I noticed that, when I install Asterisk with a custom-made RPM package, SELinux will stop blocking it. I guess RPM has some magic embedded into it to configure SELinux with the proper rules. Still, is it worth the effort ? Probably not if you consider Asterisk alone : as it is running with the unprivileged user asterisk, the standard Linux permissions will protect your system if Asterisk is attacked. But considering your system as a whole, disabling selinux may not be a good idea : other processes may required to be secured with the selinux stuff. I'm not an IT security expert, so please consider what I wrote above with caution. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20161219/00bec7e0/attachment.html>
Tzafrir Cohen
2016-Dec-20 11:41 UTC
[asterisk-users] Asterisk installation script on CentOS7 with systemd [SOLVED]
On Mon, Dec 19, 2016 at 05:10:42PM +0100, Olivier wrote:> Thanks for the tip: > changing to permissive mode made it ! > > Using methods suggested in [1], do you think its possible and worth the > effort to configure SELinux to work with Asterisk/Systemd in Enforcing mode > ? > > [1] https://wiki.centos.org/HowTos/SELinuxI think it should be possible. IIRC I once gave it a shot and was mildly successful, but eventually gave up due to issues related to interaction with Apache. If you do run into a problem, I wonder what it is. -- Tzafrir Cohen icq#16849755 jabber:tzafrir.cohen at xorcom.com +972-50-7952406 mailto:tzafrir.cohen at xorcom.com http://www.xorcom.com