vicidial.org

[Kumba]

Updated October 11th, 2019
ViciBox v.9.0.0 has the wrong default white list IPSets in it's config and an accidentally un-commented ipset create statements. Here's what you can do to correct these issues:

Code: Select all

sed -i 's/whitelistips/whiteips/' /usr/local/bin/VB-firewall.pl
sed -i 's/whitelistnets/whitenets/' /usr/local/bin/VB-firewall.pl
sed -i 's/print WHITETMP "create/#print WHITETMP "create/' /usr/local/bin/VB-firewall.pl
sed -i 's/print DYNAMICTMP "create/#print DYNAMICTMP "create/' /usr/local/bin/VB-firewall.pl
sed -i 's/print BLACKTMP "create/#print BLACKTMP "create/' /usr/local/bin/VB-firewall.pl
sed -i 's/print BLACKNETTMP "create/#print BLACKNETTMP "create/' /usr/local/bin/VB-firewall.pl


After that the ipsets should start being populated the next time VB-firewall.pl is ran. You can verify this by viewing 'ipset -L' or 'ipset -L <ipsetname>'

-------------------------------------

Updated October 11th, 2019
ViciBox v.9.0.0 has a certbot package shipped with it that does not generate the /etc/certbot configuration directory or files. The fix has been reported to simply copy the config files from ViciBox v.8.1 and everything then starts working as expected. So here's the instructions to install the config files:

Code: Select all

cd /root
wget http://download.vicidial.com/vicibox/vicibox9-certbotconfs.tar.xz
cd /etc
tar -xf /root/vicibox9-certbotconfs.tar.xz
ln -s certbot letencrypt


After that, you can use the vicibox-certbot script as normal. The bugfix thread for this is here: http://www.vicidial.org/VICIDIALforum/v ... =8&t=39667

-------------------------------------

Updated October 23th, 2019
ViciBox v.9.0 had a repository setup in it to pull in updated Apache related packages. Apparently someone decided to break the php7-mysql package which means your web server no longer works on an update. The fix is to remove this repo and update. I'm removing this repo in ViciBox v.9.0.1 and up.

Here's how you remove it and fix the package:

Code: Select all

zypper rr 1
zypper ref
zypper dup


-------------------------------------

Updated December 3rd, 2019
The Asterisk 13 package was manually setting /var/spool/asterisk directory to '750' permissions. This means that while the permissions were correctly set to '755' when the ISO was built and released, any subsequent package updates to Asterisk 13 would set the permissions back to 750. The result was that Apache could no longer read the recordings and you get an error. The fix is in place in the package itself and here's how you fix the issue:

Code: Select all

chmod 755 /var/spool/asterisk


-------------------------------------

Updated March 31, 2020
In ViciBox v.9.0.1 and under there is a security issue with the ViciBox Dynamic Portal when ViciDial's encrypted passwords feature is enabled. The exploit would allow the attacker to authenticate against the firewall giving them the ability to connect to your server's IPs. They would not be logged into vicidial but they would be able to start using standard brute force attacks to try and guess passwords. If "encrypted passwords" is not enabled in your System Settings then this does not affect you. The following instructions only need to be done to the active Web servers, but you can patch all your servers without it affecting anything.

Code: Select all

cd /srv/www/vhosts/dynportal/inc/
wget http://download.vicidial.com/vicibox/patches/9.0.1/functions.inc.php.diff
patch -p1 functions.inc.php.diff functions.inc.php
rm functions.inc.php.diff


-------------------------------------

Updated April 21, 2020
The code to set the timezone in php.ini from the default of America/New_York had an incorrect patch set. You can correct that by doing the following:

Code: Select all

. /etc/sysconfig/clock
/usr/bin/sed -i "s+date.timezone =.*+date.timezone = $TIMEZONE+" /etc/php7/apache2/php.ini
/usr/bin/sed -i "s+date.timezone =.*+date.timezone = $TIMEZONE+" /etc/php7/cli/php.ini
service apache2 restart


-------------------------------------

Updated April 21, 2020
A fixup was added to disable meetme volume adjustments as it seems to cause purely random asterisk crashes. The full path to extensions.conf was not listed so to disable those meetme volume adjustments weren't put in place. This will not cause is issues if not fixed but it might solve an otherwise seemingly 'random' crash issue within Asterisk. The recommendation is to apply the fix regardless. Here's how you do that:

Code: Select all

sed -i 's/exten => _X48600XXX/;exten => _X48600XXX/g' /etc/asterisk/extensions.conf
sed -i 's/exten => _X38600XXX/;exten => _X48600XXX/g' /etc/asterisk/extensions.conf
asterisk -rx "dialplan reload"


-------------------------------------

Updated April 27, 2020
The vicibox-certbot script in ViciBox v.9.0.2 had a sed command to remove the top three lines of the crontab which used to be comments from doing crontab -l. At some point this behavior changed which caused the first three lines of the actual crontab to be deleted. This results in the keepalive script being removed. There's two methods to fix this. The first method is to correct vicibox-certbot prior to it being ran. The second fix is to just add the keepalive crontab entry back. Here's how you do that:

Fixing vicibox-certbot:

Code: Select all

sed -i 's/sed -e/#sed -e/' /usr/local/bin/vicibox-certbot


Adding the keepalive cron back to the crontab:

Code: Select all

crontab -l > /tmp/rootcron
echo "### keepalive script for astguiclient processes" >> /tmp/rootcron
echo "* * * * * /usr/share/astguiclient/ADMIN_keepalive_ALL.pl" >> /tmp/rootcron
crontab /tmp/rootcron


-------------------------------------

Updated June 26th, 2020
Something in the chrony package got broken at some point after the ViciBox v.9.0.2 release. The result is on some systems, not all, it will cause chronyc to show 100% CPU usage on a single core. The fix seems to be reinstalling the chrony configuration files for OpenSuSE followed by a reboot to clear (or you can kill) the stuck chronyc process. Below is how you do that:

Code: Select all

zypper in -f chrony-pool-openSUSE
reboot


-------------------------------------

Updated July 1st, 2020
The ViciBox v.9.0.2 MD linux raid array image had an error in the vicibox-mdraid1.sh setup script. The result is the fstab does not have the proper /boot entry in it. This will need to be added to prevent the boot process from messing up. This assumed that /dev/md3, which is what vicibox-mdraid1 uses, is the /boot partition. Here's how you correct the issue:

Code: Select all

echo "UUID=$(blkid -s UUID -o value "/dev/md3") /boot ext4 defaults 0 0" >> /etc/fstab
mount /boot


-------------------------------------

Update September 10th, 2020
Chrony is broken internally in all version of ViciBox v.9. I believe it to be related to network conditions upon boot, but the result is that chronyc locks up the CPU at 100% and slowly tries to take the kernel with it. I have tried to track this down for weeks but have determined it's beyond me and no longer worth messing with even though it's the default in OpenSuSE v.15.1. My solution is to uninstall chrony in favor of the tried and true NTP Daemon. Here's how you would do that.

Code: Select all

service chronyd stop
killall chronyc
zypper rm chrony  (enter y when prompted)
zypper in ntp
systemctl enable ntpd.service
echo "restrict -4 default kod notrap nomodify nopeer noquery" >> /etc/ntp.conf
echo "restrict -6 default kod notrap nomodify nopeer noquery" >> /etc/ntp.conf
echo "server 127.127.1.0" >> /etc/ntp.conf
echo "fudge 127.127.1.0  stratum 10" >> /etc/ntp.conf
echo "server 0.opensuse.pool.ntp.org  iburst" >> /etc/ntp.conf
echo "server 1.opensuse.pool.ntp.org  iburst" >> /etc/ntp.conf
echo "server 2.opensuse.pool.ntp.org  iburst" >> /etc/ntp.conf
echo "server 3.opensuse.pool.ntp.org  iburst" >> /etc/ntp.conf
service ntpd start


-------------------------------------

Update March 18th, 2021
In preparing for ViciBox v.10 with Asterisk 16 a libjansson v.2.13 package was created in the ViciDial repository. This caused an issue as ViciBox v.9 was shipped with the libjansson package from the OS repository which was v.2.9. Since updating this package requires a vendor change it was not installed with a normal 'zypper up'. This resulted in Asterisk 13 unable to start with an error code of '/usr/sbin/asterisk: symbol lookup error: /usr/sbin/asterisk: undefined symbol: json_vsprintf'. The fix for this is to install the libjansson update which requires the vendor change. Here's how you do that:

Code: Select all

zypper in openSUSE-Leap-15.1-ViciDial:libjansson4


[fogita]

version: vicibox 9.0
cluster setup: 2 servers with web/telephony + db

After creating a call menu with full Menu ID and Menu Name and listing the call menu entries it will only display the first letter of the Menu Name, this is also the same for the voicemail chooser, all the mailboxes name and description are displayed with only the first letter or number.

see image below: you'll notice even the voicemail email address is truncated

https://1drv.ms/u/s!AvqahFqf54fTgdpcW0S ... w?e=8VtrKe

Regards,

Ogie Dela Cruz

[mflorell]

That issue should be fixed now in svn/trunk

[gobofraggle]

version: vicibox 9.0
cluster: 1 Web + DB, 1 Tele

I tried to run the certbot script, but it can't find cli.ini
It appears the certbot folder is missing entirely.

"Certbot config not found at /etc/certbot//cli.ini"

Thanks.

[Kumba]

I tried to run the certbot script, but it can't find cli.ini
It appears the certbot folder is missing entirely.

"Certbot config not found at /etc/certbot//cli.ini"

It looks like somewhere SuSE decided to abandon certbot in favor of dehydrated. What's odd is that it seems like the 'certbot' package has been broken for a while.

So... I'm going to need to completely re-write that to use the replacement 'dehydrated' program.

[xenia2608]

Tried to run ViciWhite and Dynamic ip List using manual provided for VICIbox v9.0.0 , but its not working . I am getting error after running "/usr/local/bin/VB-firewall.pl --white"
ViciBox Firewall white/dynamic/black list integration

Database Host : 10.0.0.2
Database Name : asterisk
Database User : cron
Database Pass : 1234
Database Port : 3306
White list : Enabled
Vici White List : ViciWhite
IPSet White List IPs : whitelistips
IPSet White List Nets : whitelistnets
RFC1918 White List : YES
Dynamic list : Disabled
Black list : Disabled
VoIP Black List : Disabled
Geo Block list : Disabled


Generating White List from IP List 'ViciWhite'...
Found 4 entires to process
Adding RFC1918 IPs to white lists
Writing IPSet rule files to /tmp//VB-WHITE-tmp and /tmp//VB-WHITENET-tmp
Loading white list IPSet rules into Kernel
ipset v6.36: Error in line 1: The set with the given name does not exist
White List had been loaded!

Already tried on several fresh install but still not working .

[Marco Zink]

It looks like somewhere SuSE decided to abandon certbot in favor of dehydrated. What's odd is that it seems like the 'certbot' package has been broken for a while.

So... I'm going to need to completely re-write that to use the replacement 'dehydrated' program.

I would recommend you try acme.sh, it is much simpler than dehydrated and really fast to set up: https://github.com/Neilpang/acme.sh

[gobofraggle]

It looks like somewhere SuSE decided to abandon certbot in favor of dehydrated. What's odd is that it seems like the 'certbot' package has been broken for a while.

So... I'm going to need to completely re-write that to use the replacement 'dehydrated' program.

I was able to download certbot fresh and do everything manually. I've done it for 2 telephony servers now. It's not as quick and neat as the script in previous versions but it works. I've never used dehydrated. I'll have to try it out on the next one.

[Kumba]

Looks like I used 'whitelistips' and 'whitelistnets' in VB-firewall.pl but the name used for the IPSets were whiteips and whitenets. So the fix is to either rename the ipset rule for firewalld, or tell VB-firewall.pl to use the different ipsets.

The easiest solution is this:
1) sed -i 's/whitelistips/whiteips/' /usr/local/bin/VB-firewall.pl
2) sed -i 's/whitelistnets/whitenets/' /usr/local/bin/VB-firewall.pl

After that the white list IPs should be populated. I'll make a bugfix thread for it and it'll be in ViciBox v.9.0.1.

Tried to run ViciWhite and Dynamic ip List using manual provided for VICIbox v9.0.0 , but its not working . I am getting error after running "/usr/local/bin/VB-firewall.pl --white"
ViciBox Firewall white/dynamic/black list integration

Database Host : 10.0.0.2
Database Name : asterisk
Database User : cron
Database Pass : 1234
Database Port : 3306
White list : Enabled
Vici White List : ViciWhite
IPSet White List IPs : whitelistips
IPSet White List Nets : whitelistnets
RFC1918 White List : YES
Dynamic list : Disabled
Black list : Disabled
VoIP Black List : Disabled
Geo Block list : Disabled


Generating White List from IP List 'ViciWhite'...
Found 4 entires to process
Adding RFC1918 IPs to white lists
Writing IPSet rule files to /tmp//VB-WHITE-tmp and /tmp//VB-WHITENET-tmp
Loading white list IPSet rules into Kernel
ipset v6.36: Error in line 1: The set with the given name does not exist
White List had been loaded!

Already tried on several fresh install but still not working .

[xenia2608]

Tried above fix , now it says "set with the same name already exists"

ViciBox Firewall white/dynamic/black list integration

Database Host : 10.0.0.2
Database Name : asterisk
Database User : cron
Database Pass : 1234
Database Port : 3306
White list : Enabled
Vici White List : ViciWhite
IPSet White List IPs : whiteips
IPSet White List Nets : whitenets
RFC1918 White List : YES
Dynamic list : Disabled
Black list : Disabled
VoIP Black List : Disabled
Geo Block list : Disabled


Generating White List from IP List 'ViciWhite'...
Found 3 entires to process
Adding RFC1918 IPs to white lists
Writing IPSet rule files to /tmp//VB-WHITE-tmp and /tmp//VB-WHITENET-tmp
Loading white list IPSet rules into Kernel
ipset v6.36: Error in line 1: Set cannot be created: set with the same name already exists
White List had been loaded!

For now sticking with firewalld .

Also if anyone can tell me difference between ViciBox_v9.x86_64-9.0.0-md.iso and ViciBox_v9.x86_64-9.0.0.iso

[Kumba]

Set with the same name is normal. You can verify the whitelist loaded by running 'ipset -L whiteips' and 'ipset -L whitenets'

[tgalan]

I tried to run the certbot script, but it can't find cli.ini
It appears the certbot folder is missing entirely.

"Certbot config not found at /etc/certbot//cli.ini"

It looks like somewhere SuSE decided to abandon certbot in favor of dehydrated. What's odd is that it seems like the 'certbot' package has been broken for a while.

So... I'm going to need to completely re-write that to use the replacement 'dehydrated' program.

@Kumba hope this help!!.

After install the Vicibox v9 no system updates (no zyppper ref, zypper up), trying to do the vicibox-certbot script.
I copied and pasted the /etc/certbot folder from an Vicibox v8.1.2 installation
The scrip runs and created the Cert and Keys pem files, only that it saved it /etc/letencrypt/live/FDQN folder.
So I needed to change the SSL location on the /etc/apache2/vhosts.d/1111-default-ssl.conf as well as on asterisk.

---------
Test Install Vicibox v9.0.0 Single Server

[marcelo]

Hi Marcelo here.

BTY....newbie

- ViciBox v.9.0.0 190913-1108 * Released on Friday the 13th during a full moon. So spooky, much wow! |Vicidial 2.14-588c BUILD 190925-1346 | Asterisk 13.27.0-vici | Linux version 4.12.14-lp151.28.16-default | Single Server | No Digium/Sangoma Hardware | No Extra Software After Installation | Intel(R) Xeon(R) CPU E5-2450 0 @ 2.10GHz

After suggested 'sed' changes to file /usr/local/bin/VB-firewall.pl

diff /usr/local/bin/VB-firewall.pl /usr/local/bin/BAK/VB-firewall.pl_ORIGINAL
38,39c38,39
< $IPWHITE='whiteips'; # IPSet whitelist
< $IPWHITENET='whitenets'; # IPSet whitelist for networks
---
> $IPWHITE='whitelistips'; # IPSet whitelist
> $IPWHITENET='whitelistnets'; # IPSet whitelist for networks

I am still getting:

vicibox9:/home/marcelo # /usr/local/bin/VB-firewall.pl --white --dynamic

ViciBox Firewall white/dynamic/black list integration

Database Host : localhost
Database Name : asterisk
Database User : cron
Database Pass : 1234
Database Port : 3306
White list : Enabled
Vici White List : ViciWhite
IPSet White List IPs : whiteips
IPSet White List Nets : whitenets
RFC1918 White List : YES
Dynamic list : Enabled
IPSet Dynamic Age : 14
IPSet Dynamic List : dynamiclist
Black list : Disabled
VoIP Black List : Disabled
Geo Block list : Disabled


Generating White List from IP List 'ViciWhite'...
Found 3 entires to process <<<<<<<<<<<<<<<< THIS IS EXPECTED accordingly my GUI post on white list. BUT....
Adding RFC1918 IPs to white lists
Writing IPSet rule files to /tmp//VB-WHITE-tmp and /tmp//VB-WHITENET-tmp
Loading white list IPSet rules into Kernel
ipset v6.36: Error in line 1: Set cannot be created: set with the same name already exists
White List had been loaded!

Generating Dynamic IP List rules...
Looking for valid web logins within the last 14 days
Writing IPSet rule file to /tmp//VB-DYNAMIC-tmp
Loading dynamic list IPSet rules into kernel
ipset v6.36: Error in line 1: Set cannot be created: set with the same name already exists
Dynamic List had been loaded!

......BUT We do not see these 3 entries listed:

vicibox9:/home/marcelo # ipset -L whiteips
Name: whiteips
Type: hash:ip
Revision: 4
Header: family inet hashsize 1024 maxelem 262144
Size in memory: 88
References: 5
Number of entries: 0 <<<<<<<<<<< NONE here, where expected 3
Members:



Please advise.

[xenia2608]

Yup, i can confirm, ipset -L whiteips not getting listed . wait for ViciBox v.9.0.1 .

For now i am using using Voipbl, geoblock and Firewalld to block and allow as per requirement .

Although i have enabled Voipbl and geoblock but after running ---

"ipset -L geoblock " i can see alot of ipnets in output but when i run " ipset -L voipbl " it says : ipset v6.36: The set with the given name does not exist .

***Bug : After adding ip to Viciwhite from portal, i can not delete all the ip from entry . It by default keeps one ip as an entry . Seems viciwhite list can not be empty even after disabling whitelist set .

Also if anyone can tell me difference between ViciBox_v9.x86_64-9.0.0-md.iso and ViciBox_v9.x86_64-9.0.0.iso

Seems ViciBox_v9.x86_64-9.0.0-md.iso has inbuilt software raid enabled . Can anyone confirm this . I tried this version and it creates another partition /dev/md4 which seems to be software raid 1 .

[marcelo]

Yup, i can confirm, ipset -L whiteips not getting listed . wait for ViciBox v.9.0.1 .

For now i am using using Voipbl, geoblock and Firewalld to block and allow as per requirement .

Although i have enabled Voipbl and geoblock but after running ---

"ipset -L geoblock " i can see alot of ipnets in output but when i run " ipset -L voipbl " it says : ipset v6.36: The set with the given name does not exist .

***Bug : After adding ip to Viciwhite from portal, i can not delete all the ip from entry . It by default keeps one ip as an entry . Seems viciwhite list can not be empty even after disabling whitelist set .

Also if anyone can tell me difference between ViciBox_v9.x86_64-9.0.0-md.iso and ViciBox_v9.x86_64-9.0.0.iso

Seems ViciBox_v9.x86_64-9.0.0-md.iso has inbuilt software raid enabled . Can anyone confirm this . I tried this version and it creates another partition /dev/md4 which seems to be software raid 1 .

Thank you @xenia2608

[Kumba]

Tried above fix , now it says "set with the same name already exists"

Looks like I'm going to have to eat crow on this one. Turns out that is an ipset issue that was supposed to be commented out. You can see in line 545 where I commented out the create statement for the white nets due to this issue. I just forgot the second comment or used the wrong version. The fix is to just comment out line 544. I've updated the bugfix instructions to include a third step to correct this as well.

[Kumba]

***Bug : After adding ip to Viciwhite from portal, i can not delete all the ip from entry . It by default keeps one ip as an entry . Seems viciwhite list can not be empty even after disabling whitelist set .

That would be a ViciDial issue not allowing you to submit an empty IP List. As a work around you can always put in 0.0.0.0/0 in if you want. The black list rules take precedence over white and dynamic list rules so it shouldn't cause any issues. I'll probably seed this list with that value going forward so it's at least there as an example.

Seems ViciBox_v9.x86_64-9.0.0-md.iso has inbuilt software raid enabled . Can anyone confirm this . I tried this version and it creates another partition /dev/md4 which seems to be software raid 1 .

Yes, there's a thread dedicated just to that alternate build target along with some preliminary scripts to get the RAID setup completely.

viewtopic.php?f=8&t=39638

[marcelo]

Tried above fix , now it says "set with the same name already exists"

Looks like I'm going to have to eat crow on this one. Turns out that is an ipset issue that was supposed to be commented out. You can see in line 545 where I commented out the create statement for the white nets due to this issue. I just forgot the second comment or used the wrong version. The fix is to just comment out line 544. I've updated the bugfix instructions to include a third step to correct this as well.

>>>>>>>>>>>>>> Fix done

vicibox9:/home/marcelo # !diff
diff /usr/local/bin/VB-firewall.pl /usr/local/bin/BAK/VB-firewall.pl_ORIGINAL
38,39c38,39
< $IPWHITE='whiteips'; # IPSet whitelist
< $IPWHITENET='whitenets'; # IPSet whitelist for networks
---
> $IPWHITE='whitelistips'; # IPSet whitelist
> $IPWHITENET='whitelistnets'; # IPSet whitelist for networks
544c544
< #print WHITETMP "create $IPWHITE iphash -exist\n"; # Make sure we create the ipset just in case
---
> print WHITETMP "create $IPWHITE iphash -exist\n"; # Make sure we create the ipset just in case
You have new mail in /var/mail/root
vicibox9:/home/marcelo #

>>>>>>>>>>>>>>>>>> But an error message persists on Dynamic List:

Loading dynamic list IPSet rules into kernel
ipset v6.36: Error in line 1: Set cannot be created: set with the same name already exists
Dynamic List had been loaded!

>>>>>>>>>>>>>>>>>> Question: Is this about line 598?

598 print DYNAMICTMP "create $IPDYNAMIC iphash -exist\n"; # Make sure we create the ipset just in case

>>>>>>>>>>>>> Editing after publishing:

Sorry to say commenting line #598 fixes Dynamic List but it is not working guys.

>>>>>>>>>>>>>>>> What is not working?

We can add to the ipset whiteips but we CANNOT delete an entry.

I have added up to 5 IPs at the GUI "ViciWhite MODIFY IP LIST" and when deleting 3 of them and left with only two, our script shows:

Generating White List from IP List 'ViciWhite'...
Found 2 entires to process <<<<<<<<<<<<<< Which looks correct

vicibox9:/home/marcelo # ipset -L whiteips
Name: whiteips
Type: hash:ip
Revision: 4
Header: family inet hashsize 1024 maxelem 262144
Size in memory: 328
References: 5
Number of entries: 5 <<<<<<<<<<<<<<< That is the old total not the list as is now with only 2 members
Members:
XXXXXXXXXXX



>>>>>>>>>>>>> Please advise.

[Kumba]

Remember, unless you specify --flush when running VB-firewall.pl, it will only add entries. I'll make this more evident in the documentation that --flush is what's needed. Basically this option flushes out the contents of the list before loading new entries.

I'll add the dynamic list create comment to the bugfix entry.

[mariusmarais]

Found another VB9 bug...

When using the Start Call URL feature in a campaign, the vdc_query_db.php script crashes, breaking the agent UI. This is due to the use of ereg_replace on line 4988:

Code: Select all

$SCUfile_contents = ereg_replace(';','',$SCUfile_contents);

Luckily the regex is very simple, so replacing `ereg_replace` with `preg_replace` fixes the problem.

[mflorell]

Good catch! I thought we had converted all of the "ereg"'s years ago, but looks like we missed that one. I've fixed it now in svn/trunk so you should be good to go after an upgrade!

[kashinc]

if you are doing a fresh install or updating your webserver using zypper ref followed by a zypper up -y, your webserver wont load and your log will be full of php fatal errors.

PHP Fatal error: Uncaught Error: Call to undefined function mysqli_connect()

in /srv/www/htdocs/vicidial/dbconnect_mysqli.php:78\nStack trace:\n#0 /srv/www/htdocs/vicidial/AST_timeonVDADall.php(125): require()\n#1 {main}\n thrown in /srv/www/htdocs/vicidial/dbconnect_mysqli.php on line 78, referer:

[Kumba]

if you are doing a fresh install or updating your webserver using zypper ref followed by a zypper up -y, your webserver wont load and your log will be full of php fatal errors.

Looks like someone in OpenSuSE land pushed out an experimental PHP7 package. Fix is to do the following:

Code: Select all

zypper rr 1
zypper ref
zypper dup


[kashinc]

thanks kumba!

It was on my production machine, I ended up reinstalling the webserver and not updating but it kept me up all night!

[Kumba]

Yeah, that's the unfortunate part about public repositories. You are somewhat at the mercy of the maintainers who occasionally push out something wonky.

[roger.milligan]

Hi. Found a 2 bugs during pre-go-live testing:
# ViciBox 9.0.0 install with svn update to v:3133 VERSION: 2.14-718a BUILD: 190902-0839

A: SQL7 issue in Inbound Daily Report
PHP Parse error: Invalid numeric literal in /srv/www/htdocs/vicidial/AST_inbound_daily_report.php on line 1390

Invalid octal literals: Previously, octal literals that contained invalid numbers were silently truncated (0128 was taken as 012). Now, an invalid octal literal will cause a parse error.

I changed:
$qtr4=array(01,02,03);
$qtr1=array(04,05,06);
$qtr2=array(07,08,09);
$qtr3=array(10,11,12);
to:
$qtr4=array("01","02","03");
$qtr1=array("04","05","06");
$qtr2=array("07","08","09");
$qtr3=array("10","11","12");
and it looks like it's working, but should be checked.


B: Parameter mismatch calling user_authorization:
PHP Fatal error: Uncaught ArgumentCountError: Too few arguments to function user_authorization(), 4 passed in /srv/www/htdocs/vicidial/AST_rt_whiteboard_rpt.php on line 129 and exactly 5 expected in /srv/www/htdocs/vicidial/functions.php

Same issue in:
AST_rt_whiteboard_rpt_mobile.php:$auth_message = user_authorization($PHP_AUTH_USER,$PHP_AUTH_PW,'REPORTS',1);
timeclock.php: $auth_message = user_authorization($user,$pass,'',1,0,0);
listloaderMAIN.php:$auth_message = user_authorization($PHP_AUTH_USER,$PHP_AUTH_PW,'',1);

Roger

[mflorell]

You need to upgrade to the latest svn/trunk revision of VICIdial. The version you are using still has several PHP7 issues.

[alo]

I am still having trouble with the certbot script.

Anyone know a solution? I get the following error: Certbot binary not installed at /usr/bin/certbot

[williamconley]

viewtopic.php?f=8&t=39667

[alo]

Yeah I saw that. but thought that was more of a work around. I was hoping to use the scripts provided in vicibox9

[m@rio]

Hi,

I did a fresh install of the latest vicidial. 9.0.3
I am having problems with chrony. It shows 100% usage.
I tried this:

zypper in -f chrony-pool-openSUSE
reboot

but it doesnt fix the problem.
The chrony doesnt seem to start. I get this message when I run systemctl status chronyd.service


● chronyd.service - NTP client/server
Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Sat 2020-07-25 20:21:30 CEST; 18min ago
Docs: man:chronyd(8)
man:chrony.conf(5)
Process: 3064 ExecStartPost=/usr/lib/chrony/helper update-daemon (code=exited, status=1/FAILURE)
Process: 3060 ExecStart=/usr/sbin/chronyd $OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 3062 (code=exited, status=0/SUCCESS)

Jul 25 20:21:10 vicinew systemd[1]: Starting NTP client/server...
Jul 25 20:21:10 vicinew chronyd[3062]: chronyd version 3.2 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP -SCFILTER +SECHASH -SI>
Jul 25 20:21:10 vicinew chronyd[3062]: Frequency -20.994 +/- 229.941 ppm read from /var/lib/chrony/drift
Jul 25 20:21:20 vicinew chronyd[3062]: Selected source 185.83.169.27
Jul 25 20:21:30 vicinew helper[3064]: Failed to lock /var/run/chrony-helper
Jul 25 20:21:30 vicinew systemd[1]: chronyd.service: Control process exited, code=exited status=1
Jul 25 20:21:30 vicinew chronyd[3062]: chronyd exiting
Jul 25 20:21:30 vicinew systemd[1]: Failed to start NTP client/server.
Jul 25 20:21:30 vicinew systemd[1]: chronyd.service: Unit entered failed state.
Jul 25 20:21:30 vicinew systemd[1]: chronyd.service: Failed with result 'exit-code'

Can you please help?

[carpenox]

start a new thread for it, this isnt the place to post this. thank you

[rahul4tech]

Updated October 11th, 2019
ViciBox v.9.0.0 has the wrong default white list IPSets in it's config and an accidentally un-commented ipset create statements. Here's what you can do to correct these issues:

Code: Select all

sed -i 's/whitelistips/whiteips/' /usr/local/bin/VB-firewall.pl
sed -i 's/whitelistnets/whitenets/' /usr/local/bin/VB-firewall.pl
sed -i 's/print WHITETMP "create/#print WHITETMP "create/' /usr/local/bin/VB-firewall.pl
sed -i 's/print DYNAMICTMP "create/#print DYNAMICTMP "create/' /usr/local/bin/VB-firewall.pl
sed -i 's/print BLACKTMP "create/#print BLACKTMP "create/' /usr/local/bin/VB-firewall.pl
sed -i 's/print BLACKNETTMP "create/#print BLACKNETTMP "create/' /usr/local/bin/VB-firewall.pl


After that the ipsets should start being populated the next time VB-firewall.pl is ran. You can verify this by viewing 'ipset -L' or 'ipset -L <ipsetname>'

-------------------------------------

Updated October 11th, 2019
ViciBox v.9.0.0 has a certbot package shipped with it that does not generate the /etc/certbot configuration directory or files. The fix has been reported to simply copy the config files from ViciBox v.8.1 and everything then starts working as expected. So here's the instructions to install the config files:

Code: Select all

cd /root
wget http://download.vicidial.com/vicibox/vicibox9-certbotconfs.tar.xz
cd /etc
tar -xf /root/vicibox9-certbotconfs.tar.xz
ln -s certbot letencrypt


After that, you can use the vicibox-certbot script as normal. The bugfix thread for this is here: http://www.vicidial.org/VICIDIALforum/v ... =8&t=39667

-------------------------------------

Updated October 23th, 2019
ViciBox v.9.0 had a repository setup in it to pull in updated Apache related packages. Apparently someone decided to break the php7-mysql package which means your web server no longer works on an update. The fix is to remove this repo and update. I'm removing this repo in ViciBox v.9.0.1 and up.

Here's how you remove it and fix the package:

Code: Select all

zypper rr 1
zypper ref
zypper dup


-------------------------------------

Updated December 3rd, 2019
The Asterisk 13 package was manually setting /var/spool/asterisk directory to '750' permissions. This means that while the permissions were correctly set to '755' when the ISO was built and released, any subsequent package updates to Asterisk 13 would set the permissions back to 750. The result was that Apache could no longer read the recordings and you get an error. The fix is in place in the package itself and here's how you fix the issue:

Code: Select all

chmod 755 /var/spool/asterisk


-------------------------------------

Updated March 31, 2020
In ViciBox v.9.0.1 and under there is a security issue with the ViciBox Dynamic Portal when ViciDial's encrypted passwords feature is enabled. The exploit would allow the attacker to authenticate against the firewall giving them the ability to connect to your server's IPs. They would not be logged into vicidial but they would be able to start using standard brute force attacks to try and guess passwords. If "encrypted passwords" is not enabled in your System Settings then this does not affect you. The following instructions only need to be done to the active Web servers, but you can patch all your servers without it affecting anything.

Code: Select all

cd /srv/www/vhosts/dynportal/inc/
wget http://download.vicidial.com/vicibox/patches/9.0.1/functions.inc.php.diff
patch -p1 functions.inc.php.diff functions.inc.php
rm functions.inc.php.diff


-------------------------------------

Updated April 21, 2020
The code to set the timezone in php.ini from the default of America/New_York had an incorrect patch set. You can correct that by doing the following:

Code: Select all

. /etc/sysconfig/clock
/usr/bin/sed -i "s+date.timezone =.*+date.timezone = $TIMEZONE+" /etc/php7/apache2/php.ini
/usr/bin/sed -i "s+date.timezone =.*+date.timezone = $TIMEZONE+" /etc/php7/cli/php.ini
service apache2 restart


-------------------------------------

Updated April 21, 2020
A fixup was added to disable meetme volume adjustments as it seems to cause purely random asterisk crashes. The full path to extensions.conf was not listed so to disable those meetme volume adjustments weren't put in place. This will not cause is issues if not fixed but it might solve an otherwise seemingly 'random' crash issue within Asterisk. The recommendation is to apply the fix regardless. Here's how you do that:

Code: Select all

sed -i 's/exten => _X48600XXX/;exten => _X48600XXX/g' /etc/asterisk/extensions.conf
sed -i 's/exten => _X38600XXX/;exten => _X48600XXX/g' /etc/asterisk/extensions.conf
asterisk -rx "dialplan reload"


-------------------------------------

Updated April 27, 2020
The vicibox-certbot script in ViciBox v.9.0.2 had a sed command to remove the top three lines of the crontab which used to be comments from doing crontab -l. At some point this behavior changed which caused the first three lines of the actual crontab to be deleted. This results in the keepalive script being removed. There's two methods to fix this. The first method is to correct vicibox-certbot prior to it being ran. The second fix is to just add the keepalive crontab entry back. Here's how you do that:

Fixing vicibox-certbot:

Code: Select all

sed -i 's/sed -e/#sed -e/' /usr/local/bin/vicibox-certbot


Adding the keepalive cron back to the crontab:

Code: Select all

crontab -l > /tmp/rootcron
echo "### keepalive script for astguiclient processes" >> /tmp/rootcron
echo "* * * * * /usr/share/astguiclient/ADMIN_keepalive_ALL.pl" >> /tmp/rootcron
crontab /tmp/rootcron


-------------------------------------

Updated June 26th, 2020
Something in the chrony package got broken at some point after the ViciBox v.9.0.2 release. The result is on some systems, not all, it will cause chronyc to show 100% CPU usage on a single core. The fix seems to be reinstalling the chrony configuration files for OpenSuSE followed by a reboot to clear (or you can kill) the stuck chronyc process. Below is how you do that:

Code: Select all

zypper in -f chrony-pool-openSUSE
reboot


-------------------------------------

Updated July 1st, 2020
The ViciBox v.9.0.2 MD linux raid array image had an error in the vicibox-mdraid1.sh setup script. The result is the fstab does not have the proper /boot entry in it. This will need to be added to prevent the boot process from messing up. This assumed that /dev/md3, which is what vicibox-mdraid1 uses, is the /boot partition. Here's how you correct the issue:

Code: Select all

echo "UUID=$(blkid -s UUID -o value "/dev/md3") /boot ext4 defaults 0 0" >> /etc/fstab
mount /boot


-------------------------------------

Update September 10th, 2020
Chrony is broken internally in all version of ViciBox v.9. I believe it to be related to network conditions upon boot, but the result is that chronyc locks up the CPU at 100% and slowly tries to take the kernel with it. I have tried to track this down for weeks but have determined it's beyond me and no longer worth messing with even though it's the default in OpenSuSE v.15.1. My solution is to uninstall chrony in favor of the tried and true NTP Daemon. Here's how you would do that.

Code: Select all

service chronyd stop
killall chronyc
zypper rm chrony  (enter y when prompted)
zypper in ntp
systemctl enable ntpd.service
echo "restrict -4 default kod notrap nomodify nopeer noquery" >> /etc/ntp.conf
echo "restrict -6 default kod notrap nomodify nopeer noquery" >> /etc/ntp.conf
echo "server 127.127.1.0" >> /etc/ntp.conf
echo "fudge 127.127.1.0  stratum 10" >> /etc/ntp.conf
echo "server 0.opensuse.pool.ntp.org  iburst" >> /etc/ntp.conf
echo "server 1.opensuse.pool.ntp.org  iburst" >> /etc/ntp.conf
echo "server 2.opensuse.pool.ntp.org  iburst" >> /etc/ntp.conf
echo "server 3.opensuse.pool.ntp.org  iburst" >> /etc/ntp.conf
service ntpd start


Hello Kumba,

I am writing this to you and community at the moment while testing chrony which i had similar problem, i was scratching my head and was unable to understand why its not starting, then i found this thread.

i was not sure i want to remove chrony so i also tried everything and lastly i got success, I'm still not sure hows this happening but here it is what i did to understand from when chrony stopped working

1) Booted With ViciBox_v9.x86_64-9.0.3.iso
2) After firstboot sequence and setup completed on shell i tried to find whats the status of chronyd "service chronyd status" and it shows "active running"
3) Before doing "yast lan" and "zypper ref" and "zypper up" i thought of giving it a reboot to understand if service still fails on startup
4) after reboot it astonishing it really showed "status : Failed, Unable lock file helper blabla unable to start NTP client server" so now i was sure now after first boot it always fails so that means "zypper up" is not making any problem
5)after many things i tried chronyd always failed even after "zypper remove chrony" and then reinstalling
6) What really worked is really strange i started from step 1 again till step 4 but this time
7) first i did "zypper remove chrony" then rebooted server
8) after reboot i opened ntp-client via yast by doing "yast ntp-client" as soon as i opened it it gave me error/warning "chrony" is required "Install or Continue" i clicked Install, it downloaded and installed chrony from there while still "yast ntp-client" is open after completeting the install i again clicked to option "Now And On Boot" as after removing it was selectd now to "Only Manually" and then "confirguration sources" to "Static" and then selected "Synchronization Servers" and Added "Public Server" as it was now emtpy as previously chrony was removed
9) after that just clicked okay and voila it started "chrony" i can confirm now via again "service chronyd status" now it was time check after reboot
10) rebooted and chrony was still function with selected source and it was correcting time like "system clock was wrong,.. system clock stepped by 1.58467s"

11) after that i did zypper ref and zypper up to check if it still crashed but thank fully it was still functional even after vicibox-install script and reboot

I tried This Same Procedure with multiple servers and i can confirm this way chrony is working

I hope This help some one and thought of sharing you with guys as this community is really so much helpful thought of giving my small input and "sorry for any typos" was awake for almost 17-18 hrs was trying to figure it out lol didn't know it can be done very easily like this yes still dont know how it works, what really tricky was to understand a reboot is needed after removing chrony and install via yast ntp-client this is the only way trick works

[carpenox]

Does it correct the CPU usage though?

[rahul4tech]

Does it correct the CPU usage though?

Yes it does now no more 100% usage on single core all things working perfectly

[carpenox]

nice, great post