Step | Documentation section | Result | Note |
---|---|---|---|
1. Checking the hardware requirements for the system | |||
1.1 The latest software versions of internal devices and server controllers (BIOS, RAID, iDRAC, iLO, etc.) are installed | See the documentation for the server that is used | ||
1.2 The presence of at least a dual-core CPU in the system | Development of the system project | Defined by the system project | |
1.3 The presence of at least 8 GB of RAM in the system | Development of the system project | Defined by the project depending on the required load. For test purposes, a reduction of up to 4 GB is allowed | |
1.4 Enough disk space | Creating disk partitions | ||
1.5 Partitioning done correctly | Creating disk partitions | ||
1.6 SWAP file is NOT used in the system | |||
2. Checking the software requirements for the system | |||
2.1 The correct version and bit depth of the operating system are set (Ubuntu Server 18.04.x LTS 64bit) | Ubuntu Server 18.04 x64 | ||
2.2 The correct hostname is set: ecss1 or ecss2 | When using redundancy | ||
2.3 Current updates are installed in the system | |||
2.4 The recommended software is installed in the system | |||
2.5 The ECSS-10 repository has been added to the system and is accessible | System update | ||
2.6 The network interfaces are configured correctly: | |||
- addresses of network interfaces are static and do not change dynamically via DHCP | Configuring network interfaces | ||
- the keepalived service (VRRP) is configured and running | When using redundancy | ||
- IPv6 support is enabled at least on lo interfaces | Example: ssw@ecss1:~$ ip -6 addr show lo 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1 inet6 ::1/128 scope host valid_lft forever preferred_lft forever | ||
2.7 The eToken/RuToken key is connected to the USB port of the server: | Checking Token operation | ||
- The eToken/RuToken key has been defined in the system (lsusb) | |||
- Checking the eToken/RuToken key | Checking Token operation | ||
2.8 Checking network availability between ecss1 and ecss2 hosts: | When using redundancy | ||
- ping delay between hosts does not exceed 100 ms | It is necessary to minimize traffic delays between hosts as much as possible | ||
- no packet loss during data exchange between hosts | The ping command is run for a few minutes, after which the statistics are removed by a combination of keys: CTRL+| Example: ssw@ecss1:~$ ping -q -c 200 ecss2 PING ecss2 (192.168.1.22) 56(84) bytes of data. 177/177 packets, 0% loss, min/avg/ewma/max = 0.062/0.131/0.117/0.489 ms | ||
- hosts are accessible to each other by DNS name (as written in /etc/hosts/ and in accordance with the license) | Checking ping from ecss1 to ecss2 and vice versa | ||
- key authentication between hosts is configured | Generate ssh key and transfer it to another server: ssh-keygen ssh-copy-id ssw@ecss2 Similarly from ecss2 to ecss1 | ||
2.9 Time synchronization with the NTP server is running on the server: | Time synchronization on servers | Check the status: ntpq -p | |
- the correct time zone is set | Check: date +%Z | ||
- time synchronization in orphan mode or synchronization with a single NTP is configured on ecss1 and ecss2 hosts | Time synchronization on servers | When using redundancy | |
2.10. Glusterfs-server of the recommended version is installed: | Configuring RestFS | Software version 3.13.2 and later | |
3. Checking the correctness of the ECSS-10 installation | |||
3.1 Installation of system component packages was completed successfully without errors: | dpkg -l | grep ecss | ||
- ecss-mysql | |||
- ecss-node | |||
- ecss-media-resources | ecss-media-resources installation | ||
- ecss-media-server | |||
- ecss-restfs | |||
- ecss-user | |||
- ecss-web-conf | |||
- ecss-dns-env | DNS | ||
- additional optional packages according to the project | Additional packages optional installation | ||
4. Checking the performance of the ECSS-10 system | |||
4.1 Checking the installed ECSS-10 license: | System start and activation | ||
- pcscd service is operating | Software Installation and Token Connection | pkcs11-tool --module $(find /usr/lib/ecss/ecss-ds/lib/ -name librtpkcs11ecp.so | head -n1) -L | |
- the correct passport is installed in the system | System start and activation | CoCon command: /cluster/storage/ds1/licence/show-passport | |
- the current license is installed in the system | System start and activation | CoCon command: /cluster/storage/ds1/licence/current-limits | |
4.2 The dnsmasq service is up and running: | |||
- if the system is redundant, the correct primary addresses are registered in the dnsmasq configuration.broker.ecss and secondary.broker.ecss | Cluster system installation features | Note that the content is the same on both servers. address=/primary.broker.ecss/<ecss1 address> address=/secondary.broker.ecss/<ecss2 address> | |
- addresses are available by DNS name | DNS | ping -c1 cocon.mysql.ecss ping -c1 dialer.mysql.ecss ping -c1 statistics.mysql.ecss ping -c1 tc.mysql.ecss ping -c1 tts.mysql.ecss ping -c1 controlchannel.zmq.ecss ping -c1 system.restfs.ecss | |
4.3 Listen interfaces for the epmd service are registered on ecss1 and ecss2 hosts | Configuring listen interface for epmd service | sudo systemctl cat epmd.service | |
4.4 MySQL Database server is up and running: | sudo systemctl status mysql.service | ||
- it is possible to connect to the MySQL server by DNS name | mysql -uroot -p -h ecss1 | ||
- when using redundancy, database replication is started and working correctly | MySQL master-master replication deployment scheme using keepalive | mysql -uroot -p -e 'show slave status \G;' On both servers: Slave_IO_Running: Yes Slave_SQL_Running: Yes | |
- mysql port should listen on 0.0.0.0. | netstat -nl | grep 3306 | ||
4.5 The cluster name is registered in the system with redundancy (not undefined) | Cluster system installation features | cat /etc/ecss/ecss-mycelium/mycelium1.config | grep name | |
4.6 ecss services are up and running (in the running state):
| Checking the status of services | Examples: systemctl list-units --type service --all | grep ecss The status should show "active" systemctl status <service name> Same for the is-active key: sasha@ecss1:~$ systemctl is-active ecss-core ecss-ds ecss-pa-sip ecss-mycelium ecss-pa-megaco ecss-media-server ecss-web-conf ecss-restfs active active active active inactive active active active | |
- The CoCon "system-status" command outputs an empty Alarms list | |||
4.7 The MSR media server is configured and connected to ECSS-10: | Configuring a software media server | ||
- configuring the MSR to connect to ECSS-10 | Configuring the MSR configuration file | From shell servers: cat /etc/ecss/ecss-media-server/config.xml | |
- MSR is declared in system media resources | CoCon: /system/media/resource/list /system/media/registrar/info If the system is redundant, check if it is connected to both cores. | ||
- MSR is configured on the ecss2 host in the same way | When using redundancy | ||
4.8 Restfs is configured and accessible from the ECSS-10 server: | |||
- RestFS is available for recording and downloading media files | From shell servers: wget http://ecss1:9990/system/sounds/ai_you.wav wget http://ecss2:9990/system/sounds/ai_you.wav | ||
4.9 The TTS service (text to voice message conversion) is configured and running: | If tts is selected when installing ecss-restfs | ||
- The service returns the voice file after converting from text | From shell servers: wget http://ecss1:9990/generate?key=<Key>&text=<Text>&format=wav&lang=ru-RU&speaker=alyss&emotion=good&quality=hi wget http://ecss2:9990/generate?key=<Key>&text=<Text>&format=wav&lang=ru-RU&speaker=alyss&emotion=good&quality=hi where: | ||
4.10 Users, their rights and roles are configured | CLI: cocon/list users Web - "User manager" | ||
4.11 Subscriber service restriction rules are configured | CLI: /domain/<DOMAIN>/access-group/ /domain/<DOMAIN>/access-type/ /domain/<DOMAIN>/regime/ Web - "User manager" | ||
5. Checking the correctness of the domain configuration in ECSS-10 | CLI: /domain/ /domain/<DOMAIN>/ Web - "Domains" | ||
5.1 SIP transport (ip-set) is configured in the domain | |||
- Addresses (node_ip) and ports (listen_port) are set in accordance with the project | CLI /cluster/adapter/sip1/sip/network/info Web - "Clusters" | ||
- node_ip addresses are assigned on both nodes of the SIP adapter ecss1 and ecss2 | When using redundancy /cluster/adapter/sip1/sip/network/info Web - "Clusters" | ||
- node_ip addresses match the addresses of the reserved interfaces configured in keepalived | When using redundancy /cluster/adapter/sip1/sip/network/info Web - "Clusters" | ||
- ipset is set on the domain | CLI /domain/<DOMAIN>/sip/network/info Web - "Domains" | ||
5.2 The necessary services have been added to the domain: | |||
- installation into the service system has been performed | CLI: cluster/storage/ds1/ss/install ds1@ecss1 * Web - "SS install" | ||
- the domain is added to the services to the access-list | View services installed in domains: /cluster/storage/ds1/ss/access-list show To add services on a domain: /cluster/storage/ds1/ss/access-list add <DOMAIN> <SS> Web - "SS install" | ||
- CDR collection system is configured (if necessary) | CLI: /domain/<DOMAIN>/cdr/ Web - "CDR manager" | ||
5.3 The routing context has been configured: | Virtual PBX. Telephone calls routing | CLI: /domain/<DOMAIN>/routing/list /domain/<DOMAIN>/routing/show <CTX> Web - "Routing manager" | |
- the necessary trunks are configured | If necessary. /domain/<DOMAIN>/trunk/sip/info /domain/<DOMAIN>/trunk/info Web - "Trunk manager" | ||
- the necessary bridges are configured | If necessary. /bridge/info Web - "Bridge manager" | ||
- routes are processed both in enblock set and overlap modes | CLI: /domain/<DOMAIN>/routing/trace Web - "Routing manager" | ||
5.4 Correct settings of the SIP subscriber(s) have been made: | Virtual PBX. Connecting and configuring SIP subscribers | CLI: /domain/<DOMAIN>/sip/user/ | |
- subscribers have been created | CLI: domain/<DOMAIN>/sip/user/list Web - "Subscriber card" | ||
- a reliable SIP login/password have been installed | domain/<DOMAIN>/sip/user/info * * or filter (from shell): ssh admin@ecss1 -p8023 '/domain/<DOMAIN>/sip/user/info * *' | grep '(ds)' | ||
- trusted ip is installed | If SIP registration is required without authorization domain/<DOMAIN>/sip/user/info Web - "Subscriber card" | ||
- the subscriber has the correct routing context installed | CLI: domain/<DOMAIN>/sip/user/info or cluster/storage/ds1/iface/list <DOMAIN> * <GROUP> routing_context (select the preferred) Web - "Subscriber card" | ||
- the correct terminal type is set (basic/smart) | CLI: /cluster/storage/ds1/iface/list <DOMAIN> * <GROUP> terminal_type ~ smart (or basic) Web - "Subscriber card" | ||
- the subscriber has the necessary services activated | CLI: /domain/<DOMAIN>/ss/info Web - "Subscriber card" | ||
5.5 Setting routing contexts for system interfaces: | /domain/<DOMAIN>/iface/user-set .system .system system:ivr routing.context | ||
- system:ivr is configured | If it is necessary to use the IVR service. In most cases, only the routing context is written: /domain/<DOMAIN>/iface/info .system .system system:ivr | ||
- system:teleconference is configured | If it is necessary to use the Teleconference service. In most cases, only the routing context is written: /domain/<DOMAIN>/iface/info .system .system system:teleconference |
ф