SARK V6.2.0 install

From sailpbx
Jump to: navigation, search

back to SARK contents

SARK V6.2.0 Install

V6 can be installed onto X86 or ARM platforms. Only 64 bit architectures are supported. It will happily install on bare-metal or in virtual and it has additional support for AWS EC2 instances. SARK is developed on Ubuntu but can also be installed on Debian.

  • It will work with most modern browsers.
  • It will NOT work on any browser that doesn't support jquery or has it disabled.
  • It will NOT work on any browser that does not support HTML5 or CSS3.

Before you begin

Upgrading from a previous release
  • N.B!! - IMPORTANT! - V6 uses HTTPS so, before you begin an upgrade you must ensure your SARK 4.x firewall has a rule for HTTPS (TCP 443). Otherwise you will lock yourself out and you will need to manually add a rule using SSH or a glass screen attached to the server.
  • If you are upgrading from V4.0 or V3.x, the SARK browser application will force you to change your password. This will change BOTH the browser AND root passwords.
  • If you are upgrading from 4.1 and you are still using the default browser password, the SARK browser application will force you to change your password. This will change BOTH the browser AND root passwords.
New install
  • V6 is designed to run as an appliance, it must not be installed onto a multi-purpose system that has other software already installed on it. If you try you will likely break both the existing systems and SARK. You must begin with a Debian or Ubuntu minimal install which contains nothing but an SSH server.
  • The first time you log in, the SARK browser application will force you to change your password. This will change BOTH the browser AND root passwords.

SARK/SAIL 6.2 Installation

6.2 uses a new public repo so the installation procedure is a little different to earlier releases

Proceed as follows;

Login to the linux console on your box and run the following command

curl -s https://packagecloud.io/install/repositories/aelintra/SARK/script.deb.sh | sudo bash

Ubuntu users only

The latest SARK 6.2 will install on Ubuntu 20.04LTS (Focal Fossa) or Ubuntu 22.04LTS (Jammy Jellyfish). It may install on other releases but these are the two which we currently test with and have packages for.

Debian users only

Debian has been a little bit of a rollercoaster ride for SARK and Asterisk over the last few years.-

  • Debian 10 (Buster) did not include the package for our preferred mail agent (ssmtp). As far as we know this was because ssmtp was unmaintained at that time. It was later re-included in Debian 11. Also, in Buster, Debian changed from using iptables to nftables. The problem for SARK is that we use the shorewall firewall which only runs with iptables. Furthermore, iptables can do packet searching whereas nftables can not. In spite of these changes, SARK/SAIL will install fine on Buster but you will need to use an alternative mail agent if you wish to do things like voicemail-to-email and you will need to set iptables as your preferred filter (see below).
  • Debian 11 (Bullseye) installs without issue but you still need to select iptables as your filter.
  • Debian 12 (Bookworm) does not include the Asterisk PBX package at all (you're kidding me, right? - Nope) Again, this appears to be due to a lack of resource to maintain it within the Debian group. If you want to know more then you can look at this thread..

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031046

It may be that the next release - Debian 13 (Trixie) will have the necessary work done to include Asterisk but for now, if you want to run Asterisk under Debian12, then you'll likely need to install it from sources or from a third party package.

As we noted above; If you are installing on buster or higher, then you'll need to choose iptables (rather than nftables) as your default netfilter frontend. N.B. You will also need to ensure that iptables is installed (it may not be if you did a minimal install). Install it with

apt install iptables

Now, switch to iptables for your firewall

update-alternatives --set iptables /usr/sbin/iptables-legacy
update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy

Finally, check that all is well by listing your tables

root@deb12-1:~# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination       

Installing a Mail agent

If this is a new install, you should install a mail agent. SARK has on-board support for a lightweight mail agent called ssmtp. If you install it then SARK will provide a tab in the networking section for you to configure it. Install it now (so that SARK can set the correct perms) with...

apt install ssmtp

N.B. Ubuntu creates the ssmtp directory with secure access perms. You must fix it by doing


chmod +x /etc/ssmtp

There is a setup guide for Asterisk vmail to email HERE
N.B. Debian 10 (buster) does not provide SSMTP. Therefore we suggest you install and configure EXIM4 if you wish to send mail from a buster system.

Installing/upgrading the SARK/SAIL deb

apt install sail

The install will take a good few minutes depending upon the speed of the donor box and your internet link. During the install you may be asked to enter root passwords for MySQL and LDAP (make a note of them, you'll need them later). It will also ask about dumpcap but just take the default (No).

Let the install run to its conclusion and then reboot

reboot

upgrading the SARK HPE deb

If you are upgrading from an older release then you should also upgrade the HPE

apt install sailhpe

Install Asterisk extra sounds package

If this is a new install then SARK requires the Asterisk extra sounds package.
If you want UK English, there is a deb on the repo

apt install ast-en-gb-gpl-gsm-sounds

If you want "Alison" (US American), there is no deb available for this but it's pretty easy to install. At the linux CLI do the following

cd /usr/share/asterisk/sounds
wget http://downloads.asterisk.org/pub/telephony/sounds/asterisk-extra-sounds-en-gsm-current.tar.gz
tar xvfz asterisk-extra-sounds-en-gsm-current.tar.gz
rm asterisk-extra-sounds-en-gsm-current.tar.gz


Clean up

You're done - reboot it

reboot

your sail app will be at https://your.server.ip.address but you can just type the bare address (e.g. 172.16.5.123) and Apache will figure it out.

  • UID - admin
  • PWD - sarkadmin

Close your browser and re-open it if you were previously running an earlier version of SARK. If you don't, you'll get odd looking output as the cached jquery code fights with the new V6 output.

Unless you are upgrading from 4.1, AND you have changed the default browser password, then the first time you login, the SARK browser application will force you to change your password. This will change BOTH the browser AND root passwords.

OK, you're done; unless of course you'd like to run the ldap directory feature, in which case read on...

LDAP install

Assuming LDAP is already installed on your SARK/SAIL box (it will have been installed by the SARK install), proceed as follows;

Check the LDAP Base Name (Base DN)

You can check by running slapcat as follows:-

:~# slapcat

dn: dc=nodomain
objectClass: top
objectClass: dcObject
objectClass: organization
o: nodomain
dc: nodomain

The base name appears in the first line of output. In the above example it is "dc=nodomain". We've used "nodomain" as an example because you'll likely see it a lot, particularly when you are spinning up LXC instances and the like. It just means that LDAP couldn't find the FQDN, probably because it wasn't set. It's no big deal, you can just go ahead and use dc=nodomain if you like. In any event, you should enter whatever YOUR base name is into the Globals=>LDAP panel along with the LDAP password you chose during the install.

If "dc=nodomain" bothers you then you'll need to enter a domain name in SARK, issue a commit and then do a reconfigure for slapd (the LDAP daemon).

dpkg-reconfigure slapd

This will allow it to have another look.

Adding the contacts OU

Now we need to add an organizationalUnit(ou) for the address book. If you are already a whiz with ldap then just go ahead and do it, using the base name. If you don't know ldap then proceed as follows...

You will find a file on your SARK box at /opt/sark/cache/ldapcontactou.ldif

dn: ou=contacts,dc=sark,dc=aelintra,dc=com
objectClass: organizationalUnit
objectClass: top
ou: contacts

Without getting into the details (you can read about ldap elsewhere); in the first line of the file is the name of the organizationalUnit we want to create. In our example it is "contacts". The remainder of the line (dc=sark,dc=aelintra,dc=com) is the base name we discussed earlier. You must edit the file to make the file match your base name from the slapcat you did a couple of steps back. If, for example, you have a base name of dc=splodge,dc=soap,dc=com then you should make your file look like this

dn: ou=contacts,dc=splodge,dc=soap,dc=com
objectClass: organizationalUnit
objectClass: top
ou: contacts

Ok, lets add it, we are going to use the LDAP slapadd utility, which is old fashioned nowadays, but easy to use.

service slapd stop
slapadd -l /opt/sark/cache/ldapcontactou.ldif
service slapd start


Refresh your browser and navigate to SARK. You should see a "Directory" option when you click on the "Settings" drop-down. In this page you can add and modify your telephone book entries or upload a vcard file you have exported from Google contacts or whatever. You can also have your phones browse your contacts if you have SIP phones which are LDAP aware (many are). You'll need to add a couple of entries to your SARK firewall for TCP ports 389 and 686 (restrict them to net:$LAN) to allow the phones to query the database - don't forget to restart the firewall.

Set up your phones to use LDAP

Most major SIP Phone types can use LDAP however, the implementation varies from type to type.

Snom, Panasonic (KX-HDV), Yealink and Fanvil all support LDAP and have on-board provisioning already set-up for openLDAP on SARK.

Cisco small business phones (SPA) support LDAP and Provu have a section on their website showing how to set them up http://blog.provu.co.uk/item/234

Polycom phone set-up is more complex (isn't it always?), however there is good documentation provided by Polycom so you should be able to get it running with a little work although we don't show it here.

Gigaset professional (N series) phones support LDAP and there is documentation on their website