SARK V6.2.0 install
Contents
SARK V6.2.0 Install
V6 can be installed onto X86 or ARM platforms. Only 64 bit architectures are supported. It will happily install on bare-metal or in virtual and it has additional support for AWS EC2 instances. SARK is developed on Ubuntu but can also be installed on Debian.
- It will work with most modern browsers.
- It will NOT work on any browser that doesn't support jquery or has it disabled.
- It will NOT work on any browser that does not support HTML5 or CSS3.
Before you begin
Upgrading from a previous release
- N.B!! - IMPORTANT! - V6 uses HTTPS so, before you begin an upgrade you must ensure your SARK 4.x firewall has a rule for HTTPS (TCP 443). Otherwise you will lock yourself out and you will need to manually add a rule using SSH or a glass screen attached to the server.
- If you are upgrading from V4.0 or V3.x, the SARK browser application will force you to change your password. This will change BOTH the browser AND root passwords.
- If you are upgrading from 4.1 and you are still using the default browser password, the SARK browser application will force you to change your password. This will change BOTH the browser AND root passwords.
New install
- V6 is designed to run as an appliance, it must not be installed onto a multi-purpose system that has other software already installed on it. If you try you will likely break both the existing systems and SARK. You must begin with a Debian or Ubuntu minimal install which contains nothing but an SSH server.
- The first time you log in, the SARK browser application will force you to change your password. This will change BOTH the browser AND root passwords.
SARK/SAIL 6.2 Installation
6.2 uses a new public repo so the installation procedure is a little different to earlier releases
Proceed as follows;
Login to the linux console on your box and run the following command
curl -s https://packagecloud.io/install/repositories/aelintra/SARK/script.deb.sh | sudo bash
Buster/Bullseye/bookworm users only
If you are installing on buster, or higher, then you'll need to choose iptables (rather than nftables) as your default netfilter frontend. N.B. You will also need to ensure that iptables is installed (it may not be on a base install of Deb12 bookworm). Install it with
apt install iptables.
update-alternatives --set iptables /usr/sbin/iptables-legacy update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
Installing a Mail agent
If this is a new install, you should install a mail agent. SARK has on-board support for a lightweight mail agent called ssmtp. If you install it then SARK will provide a tab in the networking section for you to configure it. Install it now (so that SARK can set the correct perms) with...
apt install ssmtp
N.B. Ubuntu creates the ssmtp directory with secure access perms. You must fix it by doing
chmod +x /etc/ssmtp
There is a setup guide for Asterisk vmail to email HERE
N.B. Debian 10 (buster) does not provide SSMTP. Therefore we suggest you install and configure EXIM4 if you wish to send mail from a buster system.
Installing/upgrading the SARK/SAIL deb
apt install sail
The install will take a good few minutes depending upon the speed of the donor box and your internet link. During the install you may be asked to enter root passwords for MySQL and LDAP (make a note of them, you'll need them later). It will also ask about dumpcap but just take the default (No).
Let the install run to its conclusion and then reboot
reboot
upgrading the SARK HPE deb
If you are upgrading from an older release then you should also upgrade the HPE
apt install sailhpe
Install Asterisk extra sounds package
If this is a new install then SARK requires the Asterisk extra sounds package.
If you want UK English, there is a deb on the repo
apt install ast-en-gb-gpl-gsm-sounds
If you want "Alison" (US American), there is no deb available for this but it's pretty easy to install. At the linux CLI do the following
cd /usr/share/asterisk/sounds wget http://downloads.asterisk.org/pub/telephony/sounds/asterisk-extra-sounds-en-gsm-current.tar.gz tar xvfz asterisk-extra-sounds-en-gsm-current.tar.gz rm asterisk-extra-sounds-en-gsm-current.tar.gz
Clean up
You're done - reboot it
reboot
your sail app will be at https://your.server.ip.address but you can just type the bare address (e.g. 172.16.5.123) and Apache will figure it out.
- UID - admin
- PWD - sarkadmin
Close your browser and re-open it if you were previously running an earlier version of SARK. If you don't, you'll get odd looking output as the cached jquery code fights with the new V6 output.
Unless you are upgrading from 4.1, AND you have changed the default browser password, then the first time you login, the SARK browser application will force you to change your password. This will change BOTH the browser AND root passwords.
OK, you're done; unless of course you'd like to run the ldap directory feature, in which case read on...
LDAP install
Assuming LDAP is already installed on your SARK/SAIL box (it will have been installed by the SARK install), proceed as follows;
Check the LDAP Base Name (Base DN)
You can check by running slapcat as follows:-
:~# slapcat dn: dc=nodomain objectClass: top objectClass: dcObject objectClass: organization o: nodomain dc: nodomain
The base name appears in the first line of output. In the above example it is "dc=nodomain". We've used "nodomain" as an example because you'll likely see it a lot, particularly when you are spinning up LXC instances and the like. It just means that LDAP couldn't find the FQDN, probably because it wasn't set. It's no big deal, you can just go ahead and use dc=nodomain if you like. In any event, you should enter whatever YOUR base name is into the Globals=>LDAP panel along with the LDAP password you chose during the install.
If "dc=nodomain" bothers you then you'll need to enter a domain name in SARK, issue a commit and then do a reconfigure for slapd (the LDAP daemon).
dpkg-reconfigure slapd
This will allow it to have another look.
Adding the contacts OU
Now we need to add an organizationalUnit(ou) for the address book. If you are already a whiz with ldap then just go ahead and do it, using the base name. If you don't know ldap then proceed as follows...
You will find a file on your SARK box at /opt/sark/cache/ldapcontactou.ldif
dn: ou=contacts,dc=sark,dc=aelintra,dc=com objectClass: organizationalUnit objectClass: top ou: contacts
Without getting into the details (you can read about ldap elsewhere); in the first line of the file is the name of the organizationalUnit we want to create. In our example it is "contacts". The remainder of the line (dc=sark,dc=aelintra,dc=com) is the base name we discussed earlier. You must edit the file to make the file match your base name from the slapcat you did a couple of steps back. If, for example, you have a base name of dc=splodge,dc=soap,dc=com then you should make your file look like this
dn: ou=contacts,dc=splodge,dc=soap,dc=com objectClass: organizationalUnit objectClass: top ou: contacts
Ok, lets add it, we are going to use the LDAP slapadd utility, which is old fashioned nowadays, but easy to use.
service slapd stop slapadd -l /opt/sark/cache/ldapcontactou.ldif service slapd start
Refresh your browser and navigate to SARK. You should see a "Directory" option when you click on the "Settings" drop-down. In this page you can add and modify your telephone book entries or upload a vcard file you have exported from Google contacts or whatever. You can also have your phones browse your contacts if you have SIP phones which are LDAP aware (many are). You'll need to add a couple of entries to your SARK firewall for TCP ports 389 and 686 (restrict them to net:$LAN) to allow the phones to query the database - don't forget to restart the firewall.
Set up your phones to use LDAP
Most major SIP Phone types can use LDAP however, the implementation varies from type to type.
Snom, Panasonic (KX-HDV), Yealink and Fanvil all support LDAP and have on-board provisioning already set-up for openLDAP on SARK.
Cisco small business phones (SPA) support LDAP and Provu have a section on their website showing how to set them up http://blog.provu.co.uk/item/234
Polycom phone set-up is more complex (isn't it always?), however there is good documentation provided by Polycom so you should be able to get it running with a little work although we don't show it here.
Gigaset professional (N series) phones support LDAP and there is documentation on their website