ViciBox v.8.0 Bug Fixes and Issues - Updated Oct 5, 2017
Posted: Tue Sep 26, 2017 7:02 pmWell that didn't take long. And on to the first BugFix...
In ViciBox v.8.0.1, there is an experimental MariaDB option enabled which should not be. The failure mode will cause MariaDB to lock up and become unresponsive resulting in a forced exit and crashed tables. The trigger for this is caused by high concurrency load on larger systems, however it is recommended all systems apply this fix. In order to correct this issue you will need to restart the database which will cause an interruption to all production. I would recommend performing step 1 and 2 ahead of time and then prepare to perform step 3 after hours.
Steps to fix:
1) sed -i '/thread_handling=pool-of-threads/d' /etc/my.cnf
2) sed -i 's/thread_pool_size=8/thread_concurrency=8/' /etc/my.cnf
3) service mysql restart
-------------
ViciBox v.8.0.0 does not have properly configured SSL support out of the box like ViciBox v.7. If you are not planning to use the WebRTC phone or SSL connectivity then you do not need to perform this bug fix. In fact, performing this bug-fix incorrectly without understanding what is being fixed can likely cause apache (web server) to not start. Think of this as a missing feature more then a bug. Bottom line is if you do not know if you need SSL then very likely you do not.
If you have your own SSL certificate then you can skip step 5 and just load those onto the server. You'll need to modify the 1111-default-ssl.conf file to point to your SSL certificate. Otherwise you can enter pretty much whatever you want on the prompts for step 5 and it will create a self-signed certificate for you which should only be used for testing purposes.
1) a2enflag SSL
2) cd /etc/apache2/vhosts.d
3) wget http://download.vicidial.com/vicibox/11 ... t-ssl.conf
4) wget http://download.vicidial.com/vicibox/1111-default.conf
5) openssl req -x509 -nodes -days 1095 -newkey rsa:2048 -keyout /etc/apache2/ssl.key/vicibox.key -out /etc/apache2/ssl.crt/vicibox.crt
-------------
ViciBox v.8.0.0 and under does not have the perl module symlinked in the place a decryption module expects it for the lead loader. This just needs to be put into place. Directions are below:
1) mkdir -p /usr/lib/perl5/site_perl/5.18.2/Crypt/
2) ln -s /usr/lib/perl5/vendor_perl/5.18.2/Crypt/RC4.pm /usr/lib/perl5/site_perl/5.18.2/Crypt/RC4.pm
-------------
ViciBox v.8.0.0 and under is missing a perl module. You just need to run this one command to fix it. The missing perl module prevents the lead loader from loading.
1) zypper rm xls2csv
2) zypper in perl-Spreadsheet-Read
-------------
ViciBox v.8.0.1 and under has a postfix directive uncommented by default which does not use the proper hostname. This is only an issue when trying to send email with a server.
1) sed -i 's/myhostname = localhost/#myhostname = localhost/' /etc/postfix/main.cf
2) service postfix restart
-------------
ViciBox v.8.0 uses OpenSSH v.7.0 which disables weaker SSH encryption and cipher options. This results in some old linux SSH installs from being unable to connect to ViciBox v.8.0. Due to the security reasons surrounding why these options were disabled, they will not be enabled by default in ViciBox v.8.0. For my information on why these options will not be enabled by default I would recommend reading the information at https://weakdh.org/.
If you need to enable these legacy features, you can do so with the following commands:
1) echo 'KexAlgorithms diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1' >> /etc/ssh/sshd_config
2) echo 'Ciphers 3des-cbc,blowfish-cbc,aes128-cbc,aes128-ctr,aes256-ctr' >> /etc/ssh/sshd_config
3) service sshd restart
In ViciBox v.8.0.1, there is an experimental MariaDB option enabled which should not be. The failure mode will cause MariaDB to lock up and become unresponsive resulting in a forced exit and crashed tables. The trigger for this is caused by high concurrency load on larger systems, however it is recommended all systems apply this fix. In order to correct this issue you will need to restart the database which will cause an interruption to all production. I would recommend performing step 1 and 2 ahead of time and then prepare to perform step 3 after hours.
Steps to fix:
1) sed -i '/thread_handling=pool-of-threads/d' /etc/my.cnf
2) sed -i 's/thread_pool_size=8/thread_concurrency=8/' /etc/my.cnf
3) service mysql restart
-------------
ViciBox v.8.0.0 does not have properly configured SSL support out of the box like ViciBox v.7. If you are not planning to use the WebRTC phone or SSL connectivity then you do not need to perform this bug fix. In fact, performing this bug-fix incorrectly without understanding what is being fixed can likely cause apache (web server) to not start. Think of this as a missing feature more then a bug. Bottom line is if you do not know if you need SSL then very likely you do not.
If you have your own SSL certificate then you can skip step 5 and just load those onto the server. You'll need to modify the 1111-default-ssl.conf file to point to your SSL certificate. Otherwise you can enter pretty much whatever you want on the prompts for step 5 and it will create a self-signed certificate for you which should only be used for testing purposes.
1) a2enflag SSL
2) cd /etc/apache2/vhosts.d
3) wget http://download.vicidial.com/vicibox/11 ... t-ssl.conf
4) wget http://download.vicidial.com/vicibox/1111-default.conf
5) openssl req -x509 -nodes -days 1095 -newkey rsa:2048 -keyout /etc/apache2/ssl.key/vicibox.key -out /etc/apache2/ssl.crt/vicibox.crt
-------------
ViciBox v.8.0.0 and under does not have the perl module symlinked in the place a decryption module expects it for the lead loader. This just needs to be put into place. Directions are below:
1) mkdir -p /usr/lib/perl5/site_perl/5.18.2/Crypt/
2) ln -s /usr/lib/perl5/vendor_perl/5.18.2/Crypt/RC4.pm /usr/lib/perl5/site_perl/5.18.2/Crypt/RC4.pm
-------------
ViciBox v.8.0.0 and under is missing a perl module. You just need to run this one command to fix it. The missing perl module prevents the lead loader from loading.
1) zypper rm xls2csv
2) zypper in perl-Spreadsheet-Read
-------------
ViciBox v.8.0.1 and under has a postfix directive uncommented by default which does not use the proper hostname. This is only an issue when trying to send email with a server.
1) sed -i 's/myhostname = localhost/#myhostname = localhost/' /etc/postfix/main.cf
2) service postfix restart
-------------
ViciBox v.8.0 uses OpenSSH v.7.0 which disables weaker SSH encryption and cipher options. This results in some old linux SSH installs from being unable to connect to ViciBox v.8.0. Due to the security reasons surrounding why these options were disabled, they will not be enabled by default in ViciBox v.8.0. For my information on why these options will not be enabled by default I would recommend reading the information at https://weakdh.org/.
If you need to enable these legacy features, you can do so with the following commands:
1) echo 'KexAlgorithms diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1' >> /etc/ssh/sshd_config
2) echo 'Ciphers 3des-cbc,blowfish-cbc,aes128-cbc,aes128-ctr,aes256-ctr' >> /etc/ssh/sshd_config
3) service sshd restart