Skip to main content

Linux System

This FAQ page collects operational notes for Linux System.

My CentOS 6 is out of support

CentOS 6 support has expired on 1st December, however, you can continue to use it, but it is important to change the repo destination to "Vault". You can do easily using the following command

cd /etc/yum.repos.d/ ; mv CentOS-Base.repo CentOS-Base.repo.old ; wget the PBX web address ; yum clean all ; mv epel.repo epel.repo.old ; wget the PBX web address ; yum --security upgrade ; \rm /etc/yum.repos.d/CentOS-SCLo-scl-rh.repo /etc/yum.repos.d/CentOS-SCLo-scl.repo

My CentOS 7 is out of support

CentOS 7 support has expired on 30 June 2024, however, you can continue to use it, but it is important to change the repo destination to another mirror. You can do easily using the following command

cd /etc/yum.repos.d/ ; mv CentOS-Base.repo CentOS-Base.repo.old ; wget the PBX web address ; mv CentOS-SCLo-scl.repo CentOS-SCLo-scl.repo.old ; wget the PBX web address ; mv CentOS-SCLo-scl-rh.repo CentOS-SCLo-scl-rh.repo.old ; wget the PBX web address ; yum clean all ; yum --security upgrade

I can't connect from a more recent server based on CentOS 9 to old servers

update-crypto-policies --set LEGACY

then reboot

How can I change the system hostname in CentOS 7

hostnamectl set-hostname host.example.com --static

When a conference is going to start, I get the message <nowiki>app_meetme.c:1296 build_conf: Unable to open DAHDI pseudo device</nowiki>

It seems the dahdi kernel module is not started or not compiled/available for your running kernel. It is possible you have upgraded your kernel and restarted your system. Try restarting the dahdi by using the command:

/etc/init.d/dahdi restart

If it doesn't fix the issue, try recompiling dahdi module, going in /usr/local/src/dahdi-linux-complete-*

and running:

make
make install
/etc/init.d/dahdi restart

How can I change the kernel to be booted?

Check the current running kernel with

grubby --default-kernel

Check the index it is running with

grubby --default-index

Check all the kernel installed with

grubby --info=ALL

You can change the booting kernel using the name with

grubby --set-default [kernel-filename]

or the index

grubby --set-default-index=[kernel-entry-index]

How can I install a specific kernel version?

You can check all the kernel version available using

yum --showduplicates list kernel

You can install an older version using:

yum -y install 5.14.0-391.el9

At boot time, the clock is wrong

It is possible your RTC (Realtime clock) is set on a different time. You can reset the RTC clock to the Local time using

hwclock --systohc

To check the status

timedatectl status

The web interface session is expiring too often, I need always to reauthenticate, how can I make it run longer?

You should change the session timeout value in php.ini and then restart the web server process, by default is 2880 seconds, set as long as you like

session.gc_maxlifetime = 2880

How can I upgrade to PHP 5.5 to use AWS S3 Storage?

System is now shipped with PHP 5.5 already installed, but previous installations were using the standard PHP version which is not suitable for AWS S3 because it requires PHP 5.5. On CentOS 6 64bit You can upgrade with the following steps:

rpm -Uvh https://mirror.webtatic.com/yum/el6/latest.rpm
yum -y install yum-plugin-replace
yum replace php-common --replace-with=php55w-common
yum install php55w-opcache
rpm --import https://mirror.webtatic.com/yum/RPM-GPG-KEY-webtatic-andy
service httpd restart

How can I change the server IP?

To change the server IP you need to refer to your OS documentation, but after you have changed your IP, there are a series of changes to be applied to MiRTA PBX:

  • /etc/odbc.ini, /var/www/html/pbx/include/db.the related application page and /var/lib/asterisk/agi-bin/include/db.the related application page – contain the IP for the database server. If you are running a cluster with MySQL multimaster replication, please refer to MySQL documentation on how to change a node IP and realign the replication.
  • /etc/asterisk/sip.conf – contains the server itself definition used to allow the server to call itself. If you are running your server behind a NAT, it can be needed to change also the externip parameter. Once changed, you need to reload SIP (asterisk -rx 'sip reload'). Please note all extensions will be deregistered.
  • /etc/asterisk/manager.conf – allows the web interface to access the manager interface. Once changed, you need to reload the manager interface (asterisk -rx 'manager reload')
  • /etc/hosts – it is important to have the server host to resolv correctly to the new IP. Please don't use 127.0.0.1 as server IP
  • /var/lib/asterisk/agi-bin/devstate.the related application page – lists the servers available in the pool to distribute the extension state. Status exchange is done over port 19771 using UDP protocol. Once the new IP has been inserted, you need to kill the related application page and the related application page processes, these will be automatically restarted.

Finally, you need to change the server IP defined in the web interface, using Admin/PBX Nodes. It can be a good idea to update the Always Allowed IP in the Admin/Security/GeoIP Fail2ban. It can be possible you need to request a new license for the server due to the change in IP. Please remember asterisk will still works and call will be processed normally even with an expired or not valid license.

I want to put an additional firewall, which ports need to be open?

You can identify three kinds of connections:

# Connections from outside: your clients will need to connect to port tcp/80 and tcp/443 for web interface, udp/5060, tcp/5060, udp/5080, tcp/5061, tcp/5081 for SIP and from udp/10000 to udp/20000 for RTP (audio). If you have enabled multimanager, open port tcp/5039

# Connections between multiple servers: your servers need to talk each other in several ports. In addition to the above ports, you'll need to open tcp/5038 for manager, tcp/3306 for MySQL, udp/19771 for devstate alignment

# Connections from management servers: please keep open port tcp/22 from my IP and port tcp/5666 from Nagios server, if service subscribed.

I am a bit worried about memory usage, I see the server has only few megabytes free

Just checking the availabile free memory is not enough to understand the health of a system. You should sum up the free and cached memory. On a real busy server with Voipmonitor pumping a lots of megabytes in the database, it is easy to see an high usage of cached memory. If you feel safer to leave some memory free, you can force the system to release all the cached memory with the command:

echo 3 > /proc/sys/vm/drop_caches

I have lots of connections in TIME_WAIT state

You can mitigate this problem by instructing Linux to recycle old connections:

echo 1 > /proc/sys/net/ipv4/tcp_tw_recycle
echo 1 > /proc/sys/net/ipv4/tcp_tw_reuse

My system is running very slow even if I have lots of RAM and lots of CPU

Your system can be running slow because you have power saving. You can check your CPU power saving mode with:

cat /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor

You can set all your CPU cores to "performance" by running

for CPUFREQ in /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor; do [ -f $CPUFREQ ] || continue; echo -n performance > $CPUFREQ; done

If you are running CentOS 6, your kernel can have problems in dealing with large memory. It can be good to disable the memory defrag with

echo 0 > /sys/kernel/mm/transparent_hugepage/khugepaged/defrag
echo never > /sys/kernel/mm/transparent_hugepage/defrag
echo never > /sys/kernel/mm/transparent_hugepage/enabled
echo never > /sys/kernel/mm/redhat_transparent_hugepage/defrag

You may want to try running on a newer kernel (but beware, dahdi may not compile) by installing a new kernel-ml repository using the following link

http://elrepo.org/tiki/the related application page

I can't connect to external services, like IBM Watson, it seems a certificate problem.

Like any other browser, your system needs to have a list of CA authorized to issue certificate. The one used by IBM Watson has been updated and you are not recognizing it. Please download the updated list of CA and then copy where curl is expecting it

curl-config --ca
wget --no-check-certificate https://curl.haxx.se/ca/cacert.pem
cp cacert.pem /etc/pki/tls/certs/ca-bundle.crt

How to configure a SFTP server

You can easily configure an SFTP server adding the user you want to use, adding a group sftpusers, putting the user in the group and then adding the following info in /etc/ssh/sshd_config

Subsystem sftp internal-sftp
# add follows to the end
Match Group sftp_users
  X11Forwarding no
  AllowTcpForwarding no
  ChrootDirectory /home
  ForceCommand internal-sftp

Which ports need to be open?

If you are running a single node, you need to open the following ports:

For SIP:

5060/udp

5060/tcp

5061/tcp

5080/udp

5080/tcp

5081/tcp

5082/tcp

For RTP:

From 10000 to 20000 udp

If you are running multiple nodes in cluster, you need to open also the following ports between the nodes:

For MySQL:

3306/tcp

For extension state replication:

19771/udp

For manager:

5038/tcp

I have restarted my server and now asterisk is crashing under the load

It may happen if you have too many chan_sip phones. Under normal circumstances, the system works great, but once restarted, all the phones are trying to register at the same time and asterisk crashes. In this case can be convenient to use the firewall to schedule the registration.

iptables -X

iptables -F

iptables -I INPUT -s 0.0.0.0/0 -j DROP

export i=1 ; while [ $i -lt 255 ]; do iptables -I INPUT -s $i.0.0.0/8 -j ACCEPT ; export i=$(($i+1)) ; sleep 3s ; netstat -nap | grep 5060 ; asterisk -rx 'sip show peers' | tail -10 ; done

The pdftk process is running endlessyat 100% CPU

Some older versions have this problem. Please upgrade to a newer one available from https://www.pdflabs.com/docs/install-pdftk-on-redhat-or-centos/

I can't load kernel modules due to "Key was rejected by service"

You have Secure Boot enabled, don't you? In that case it's working as designed. See the Secure Boot status with dmesg | grep -i secure .

If you need to load that module, you will need to disable Secure Boot from your firmware (BIOS). By doing that you will of course lose the protection provided by UEFI Secure Boot.

No comments to display

Back to top