MS Exchange functionality on Linux? Zimbra ties it all together.

The never-ending quest to put a bullet in the Microsoft Exchange server has just chambered another live-round in the form something called Zimbra. To be fair, the Exchange server I manage is very stable, and runs great. I just loath the price of licenses and dread the obscure solutions to seemingly easy tasks.

I don’t know where this product has been hiding, but it caught my eye last week as a result of a Stumble! click. It seems Yahoo! has spent some coin and bought out Zimbra but is continuing to offer the code and binaries under a variety of licensing models. This is all good news for IT departments and service providers everywhere!

There are a number of How-To documents on the Internet that describe implementing various services to support an Exchange’esque environment. I’ve tried it, it works, but it’s ugly and a devil to maintain. Zimbra provides all the necessary technologies in one suite and centralizes the configuration in a uniform interface. The clever folks at Zimbra did it RIGHT. Both the authentication and directory Services are user configurable and 3rd party supported. This means that Zimbra can leverage your existing directory systems such as Active Directory or any other LDAP server for that matter.

I needed to see this in action and judge for myself.

This was a perfect opportunity to use VMWare to stage an image and play around with the basics. I created a 10GB virtual disk and installed Fedora Core 7 x86 while I was downloading the Zimbra 4.5.8GA Binaries for Fedora Core 5 x86 (yes, for FC5). FC7 was installed with minimal options as the Zimbra docs state that services such as httpd, mysqld, slapd, and a few others be either un-installed or disabled. I wasn’t in the mood to fight, so I complied.

Once done, I copied the Zimbra tarball over to the fresh VM, untarred and ran the ./install.sh script. This script does a great job of telling you what you’re missing; in my case I had to add some symlinks for version compatibility in /usr/local for libcurl and libidn. Fetchmail, curl and libstdc++ needed to be installed as well.

I also configured a A and MX record for the DHCP provisioned VM that resolved to private LAN address; all for testing purposes of course. I managed to get Zimbra installed without too much mucking about and went with the default values for the most part. It completed the install and launched the Zimbra services.

Web Client

The web-client is pretty slick, it’s by far the best looking one I’ve yet to see!

It has everything you’d expect in a webclient including a handy search-launch across the top for both internal/Google searches, and built in shared Wiki style document manager. Users can manage multiple identities, POP accounts, Address books… there are lots of variables and settings!

Comparing functionality with that of the Exchange Web client, I don’t notice anything missing, in fact, there’s way more in Zimbra. Even with all the playing around and trying all sorts of options it never hung or crashed my browser; it just plowed through it all.

Web Admin

Like the webclient, the web administration is top-shelf. It offers a ton of configurable items that are often annoying or impossible to do under MS Exchange. For example, under Exchange getting a Resource to auto accept an available booking for something like a meeting room or projector is nuisance; last I checked a Micro$oft DLL was required to hook certain Exchange message and action the resource via script. This functionality is build right into Zimbra.

Spam and AV control; yep. Built right in too.

Separately it would be like managing OpenLDAP, Postfix, Spamassassin, Anomy, ClamAV, stats package, webserver, database, spell-check, CA, and an IMAP server (and more I’m sure)!

Migrating from Exchange seems to be straight-forward. I didn’t get the chance to try, but there are included tools that facilitate the process, mapping MAPI accounts to Zimbra accounts. The tools claim to migrate everything, and based on what I’ve seen so far, there is no reason to doubt this product either.

Given the opportunity (hardware) , I’d love to dedicate an environment to test Zimbra at the office to get an idea of what the day to day operation and maintenance is like and report back on the overall stability and workload.

The system requirements:

Evaluation and Testing
• Intel/AMD 32-bit or 64-bit CPU 1.5 GHz
• 1 GB RAM
• 5 GB free disk space for software and logs
• Temp file space for installs and upgrades*
• Additional disk space for mail storage

Production environments
• Intel/AMD CPU 32-bit 2.0 GHZ+. or large deployments (more than 2000 users), 64-bit OS is recommended.
• Minimum – 2 GB RAM Recommend – 4 GB
• Temp file space for installs and upgrades*
• 10 GB free disk space for software and logs (SATA or SCSI for performance, and RAID / Mirroring for redundancy)
• Additional disk space for mail storage

This is a great product, truly well done, congratulations to all involved!

- Paul

PHP 5 under IIS: It’s ready.

One of my first blog posts, PHP Installation: A myriad of options asserted that Windows and PHP 4 in ISAPI mode was a frustrating affair. I hereby offer a partial retraction in this regard as PHP 5 is MUCH different.

The folks at PHP recently announced the retirement of the 4.x version slated for December 2007. After which PHP 4 will continue to receive critical updates until August 2008. If you still run PHP 4, now is the time to starting thinking about getting everything up to version 5.

With that in mind, we’ve decided to upgrade all our development environments to PHP 5. Our standard development machines aren’t really all that fancy; 2 year old Dell P4 H/T based desktops running XP. Being a small group of developers, we’re liberal with the choice of IDE; some use PHPEdit, while I’m drawn between Zend IDE and Eclipse.

Our previous run-ins with PHP4 in ISAPI mode were not good. While PHP would usually run to some extent, we were often faced with segfault error message at the top of the output and often IIS would space out. Yes, we’d followed the lengthy install read-me on the site and still could not get PHP and IIS to play nicely. We pretty much gave up on PHP in ISAPI under IIS and settled with PHP in CGI mode for development purposes.

With the introduction of PHP 5.2 and the impending retirement date; we took the plunge and downloaded the latest PHP 5.2.3 Windows Binary Installer package from PHP.net.

To begin, we un-installed the PHP 4.4.x series CGI installation and removed all traces of PHP from IIS. The PHP.ini file was also backed-up and removed. Once complete, IIS was restarted and we moved on to the installation.

This was straight-forward; it’s a familiar MSI package loaded with all the extensions and required libraries. We stepped through the installation selecting ISAPI mode and the extensions we need for our application such as LDAP, MB_string and MSSQL. For the sake of path simplicity, we also overrode the default “C:\Program Files\PHP…” path with a more friendly “C:\PHP5″ folder. The installer recommended that we “Reboot” because well… it IS Windows after all, and it’s your duty to rebootie…

Once back up, a simple “test.php” was called up containing nothing more than a simple <?phpinfo();?> . Unfortunately this didn’t work. The content was dumped literally, unparsed in the browser; the ISAPI filter obviously didn’t render. A quick look in IIS revealed that in fact the ISAPI filter was NOT configured under the Application Configuration property pages. A few clicks and key strokes linked .PHP files with “C:\PHP5\PHP5ISAPI.DLL”; restarted IIS.

Tried the test page again with success! The phpinfo() method called confirmed we were now in ISAPI Server API;

We now have a working PHP 5 ISAPI installation under Windows XP!

In terms of our application’s compatibility with PHP5; there are many occurrences of about 4 different issues.

• mktime – called without setting a timezone
• strtotime – called without setting a timezone
• “Call-time pass-by-reference”
• Assigning the return value of new by reference is deprecated.

The main architecture of our application works as designed and most of the issues were fixed with a blanket search/replace within the application. The timezone stuff is a bit of a nuisance as we’d designed a great set of wrappers in PHP 4 to handle timezone adjustments. PHP5 handling of this sort of thing is vastly improved, but the list of available timezones is quite large and needs to be integrated into our app.

I look forward to exploring the new reflection classes and tightening up the OO model of our application to take advantage of the new PHP 5 class features. Check out PHP’s migration notes for more detailed information on the differences and changes between PHP 4 and 5.

- Paul

Basic Asterisk Configuration

I really like the stats package included with WordPress, it provides an excellent source of ideas for what I should write about next. Many of you reach me through a post titled Asterisk and Fedora Core 7 looking for more specifics on how to configure Asterisk. If you need to install Asterisk on FC7, read the Asterisk and Fedora Core 7 post first.

Alright, so you’ve got Asterisk installed but its not configured or has the default Asterisk sample configuration files.

The Asterisk configuration files are found in /etc/asterisk. If you are using Asterisk without telephony hardware, you really need to be concerned with 2 or 3 files. Of importance are the following files

1. sip.conf: this file contains everything to do with the SIP protocol, settings and authentication for Asterisk.
2. extensions.conf: At the most basic level, this file contains the call-plan; what happens on in-bound calls and how outgoing calls are to be treated.

You’re also going to need something to test Asterisk with. Either a soft-phone such as X-Lite or a handset device such as a Polycom 430, or a ATA device, such as the LinkSys PAP-2.

For the sake of this sample, we’re going to configure Asterisk to handle the SIP registration of 3 IP devices.

1. X-Lite Softphone [extension 203]
2. a Polycom 301 [extension 200]
3. a Linksys PAP-2 (Vonage un-locked) [extensions 201 and 202]

sip.conf is easy enough to get going; some advanced features found on some handsets may require additional settings but to keep things simple lets start with the softphone alone.

Backup your existing /etc/asterisk/sip.conf and go with something like this

[general]
port=5060
bindaddr=0.0.0.0
context=home
tos=0x18
nat=yes
externip=YOUR PUBLIC IP
disallow=all
allow=g729
allow=gsm
allow=ulaw

[203]
type=friend
host=dynamic
context=home
secret=agoodsippasswordgoeshere
callerid=CIA FBI ATF <1-555-555-5555>
dtmfmode=rfc2833
nat=yes
mailbox=200@home
disallow=all
allow=ulaw

Feel free to have some fun with the “callerid” parameter, you can have some great fun with your friends and family.

Make a backup of /etc/asterisk/extensions.conf and replace it with this

[general]

static=yes
writeprotect=no

[home]
exten => 55,1,Playback(demo-echotest) ; Let them know what's going on
exten => 55,2,Echo ; Do the echo test
exten => 55,3,Playback(demo-echodone) ; Let them know it's over

This bare bones configuration sets up extension 55 in the “home” context to be an echo server.

Get Asterisk to re-read the sip.conf and extensions.conf files (if already running, to start Asterisk, just run “asterisk” as root).

[root@athlon asterisk]# asterisk -r
Asterisk 1.2.20, Copyright (C) 1999 - 2007 Digium, Inc. and others.
Created by Mark Spencer <markster@digium.com>
Asterisk comes with ABSOLUTELY NO WARRANTY; type 'show warranty' for details.
This is free software, with components licensed under the GNU General Public
License version 2 and other licenses; you are welcome to redistribute it under
certain conditions. Type 'show license' for details.
=========================================================================
Connected to Asterisk 1.2.20 currently running on athlon (pid = 3193)
Verbosity is at least 42
athlon*CLI> sip reload
 Reloading SIP
  == Parsing '/etc/asterisk/sip.conf': Found
  == Parsing '/etc/asterisk/sip_notify.conf': Found
athlon*CLI> extensions reload
  == Parsing '/etc/asterisk/extensions.conf': Found
    -- Registered extension context 'home'
    -- Added extension '55' priority 1 to home
    -- Added extension '55' priority 2 to home
    -- Added extension '55' priority 3 to home
athlon*CLI>

Configure the X-Lite phone by adding a SIP account with the following details:

Save the settings and X-Lite should register with Asterisk. If watching the Asterisk CLI, you should see the following

Connected to Asterisk 1.2.20 currently running on athlon (pid = 3193)
Verbosity is at least 42
    -- Remote UNIX connection
    -- Registered SIP '203' at 10.10.50.198 port 14126 expires 3600
    -- Saved useragent "X-Lite release 1011s stamp 41150" for peer 203
athlon*CLI>

At this point you should be able to dial the echo server. Go ahead and dial “55″ and hit the green send button. You’ll connect with the “Echo Test”, basically just echoes whatever you say to it. It’s simple but a great way to get the basics right without having to deal with the large “sample” configuration files.

If your call to the echo server worked, the rest of the setup is basically the same as before, editing both the sip.conf and extensions.conf files.

Moving on, lets add the other extensions to the mix. We’ll have our own little PBX by the end of this!

Add the rest of the SIP devices to the sip.conf file

[general]
port=5060
bindaddr=0.0.0.0
context=home
tos=0x18
nat=yes
externip=YOUR PUBLIC IP
disallow=all
allow=g729
allow=gsm
allow=ulaw

[200]
type=peer
host=dynamic
context=home
secret=agoodsippasswordgoeshere
callerid= CITY MORGUE
dtmfmode=rfc2833
nat=yes
mailbox=200@home
disallow=all
allow=ulaw

[201]
type=friend
host=dynamic
context=home
secret=agoodsippasswordgoeshere
callerid= CITY MORGUE
dtmfmode=rfc2833
nat=yes
mailbox=200@home
disallow=all
allow=ulaw

[202]
type=friend
host=dynamic
context=home
secret=agoodsippasswordgoeshere
callerid= CITY MORGUE
dtmfmode=rfc2833
nat=yes
mailbox=200@home
disallow=all
allow=ulaw

[203]
type=friend
host=dynamic
context=home
secret=agoodsippasswordgoeshere
callerid=CIA FBI ATF
dtmfmode=rfc2833
nat=yes
mailbox=200@home
disallow=all
allow=ulaw

Now lets add the sip registrations to the extensions.conf file so that calls can be placed amongst the devices.

[general]

static=yes
writeprotect=no

[home]
exten => 55,1,Playback(demo-echotest) ; Let them know what's going on
exten => 55,2,Echo ; Do the echo test
exten => 55,3,Playback(demo-echodone) ; Let them know it's over

exten => 200,1,Dial(SIP/200,20)
exten => 201,1,Dial(SIP/201,60)
exten => 202,1,Dial(SIP/202,60)
exten => 203,1,Dial(SIP/203,60)

Reload sip.conf and extensions.conf and you should now be able to place calls between the registered devices and each device should be able to dial the echo server.

This is a very basic Asterisk configuration that should allow you to further explore other Asterisk options. In the next parts of this post, we’ll explore adding “trunking” with a VoIP provider, ZapTel hardware and voice mail with email notification (In no particular order).

Zend’s Yin and Yang…

Earlier this week I ran into an issue with Eclipse PDT (PHP Development Tools) after upgrading to the latest version (Europa 3.?). My development platform is Windows XP and IIS, 3.2 P4 1GB RAM, IIS, PHP 5 ISAPI, MySQL. We call this the WIMP configuration (Windows IIS MySQl PHP) .

Some of the scripts in our application are quite large and something happened with the PDT; it simply takes forever for Eclipse to parse the script and extract all the classes/variables to render the Outline perspective. This gets really frustrating as it goes through this process on regular intervals as you work through the script. I can’t really complain about Eclipse up until now, its been my development workhorse for the past while and will eventually get fixed in this regard. I have faith. What do you want for free after all?

This lead me down a path where I uncovered things I’d rather not know or have experienced…

About 8-12 months ago (maybe longer now), we need to encode/obfuscate our application for delivery to a client so that they could run it on their own server/intranet. The application is written in PHP and normally all files are in plain-text that obviously offers no copy or tamper protection. Part of selecting PHP for this project included the knowledge that “Zend Technologies” provides Zend Guard/Zend Encoder to suit this requirement.

Some time had past and we were ready to proceed with the order to Zend for the latest and greatest obfuscation gadget.

Having made a contact in sales at Zend during a previous trial of what was called Zend Encoder, I decided to call and pick things up where we left off, which was basically a “I’ll get back to you.” So I rang my sales rep and relayed that we were ready to go and that we needed to purchase Zend Encoder.

The representative proceeded to explain that Zend Encoder was being phased out and being replaced with something called Zend Guard, a whole new product that integrates with the Zend Studio IDE and offers a whole new level of protection through a subscription based service or full all-out purchase of the software. This software was not yet released, and was still being Beta tested. I inquired as to why Encoder was being replaced and that I wasn’t interested in spending money on a commercial beta (Microsoft does a great job of forcing us to buy Beta software in a “Production” wrapper) and could I still buy Zend Encoder.

The rep continued to explain that Zend Encoder had been “cracked”, allowing the source code to be viewed from a previously encoded file. This was obviously a very serious problem for Zend and I did appreciate heads up and that waiting might be worth while.

As promised, when Zend Guard was out of Beta, my rep contacted me and we proceeded with the transaction. As part of the Zend Guard, a license for Zend Studio was bundled as well. If you’re a developer, you no doubt have your favorite “daily-driver” IDEs and probably don’t like to change them up very often; I was happy with Eclipse and saw no reason to change it up to Zend Studio… I’d give it a whirl at some point in the future.

This brings us to some time last week…

Now while this may seem to deviate from the subject of this post, I think its important because it illustrates the general trend (with some exceptions) of software “crumminess” that comes out of Zend Technologies.

Zend Guard

Firstly, it seems that Zend spends more time on their copy protection and licensing schemes than it does trying to make a cohesive piece of software. This became apperent when first installing Zend Guard. It fussed and bitched about the license file that Zend had provided, resulting in a call to Zend where some voodoo was performed and eventually a new license worked.

The user interface on this product really isn’t too hot, the left pane is a tree and the remaining is pretty standard looking application with Tab style UI layouts. You create a project, add/exclude files, choose settings, and make it go. It spits out encoded PHP files out the other end.

When it comes to actually encoding files, its a bit disappointing. Our code uses a technique that groups classes of similar functionality into a salable “module”. When a client is sold a module of new functionality, the sale is recorded and the module is activated by adding a row to the “module info” table. The application checks which modules are installed for a particular client and via the architecture dynamically includes and instantiates the related classes into the PHP name space. Due to the way the related class names are stored in database fields grouped to a top-level module, Zend Guard cannot understand class names expressed in strings that are then evaluated. The top-level protection cannot be applied to this type of application, meaning that any encoding applied to the application must be of a reduced quality/crackability; essentially the same level of encoding that was found in the cracked Zend Encoder. Zend’s advice in this regard is for us to change our code so that the obfuscator will work at the maximal protection level and our type of problem is not in the cards for repair. I recall the suggestion was to wrap a test to a special Zend function in an “is_callable” or “method_exists” call, then actually call that function to encode or get the class name. We were in no position to make a bunch of application changes to support a vendor thats supposed to be transparent and seamless.

The Zend Guard licensing seems to foul up every once in a while too; I don’t use Zend Guard everyday, just when we have a release requiring encoding. Last time I used it, go figure, it bitches that my license is invalid. Another call to Zend was placed and of course their e-mail support is as helpful as a hangnail. I ended up canceling my existing license from the Zend Pickup depot and re-issuing another license for Zend Guard once someone at Zend approved the cancellation of the current license. Zend Technologies doesn’t really seem to care that their license scheme sucks large and I feel that venting via this post is the best vehicle to inform potential Zend users of this fact.

Now the friggin icing on the cake with this is what happens next. You copy the encoded files over to the target web server, configure and run… boom. PHP does not natively support Zend Guard encoded pages. You need to download and install Zend Optimizer. Zend Optimizer latches a library onto PHP that enables the decoding/execution of these scripts. This is so lame it boggles the mind. Zend, the company that contributes and is responsible for the core PHP engine won’t or can’t include this library as part of the standard PHP distribution?? Every time I install the encoded application at a clients’ site I need to jump through hoops of fire to get the permission/authority to proceed with changes to production environments. Sometimes it’s IT departments, other times it’s ISP themselves!! Its not so much a technical difficulty as applying willy-nilly changes to production server core software makes IT managers nervous, and rightly so.

Getting back to the original reason for this post, I’m in bad shape with Eclipse, I just can’t run it in PDT mode; its way too damn slow and I’m in a development mode working on a some nifty database binding tools for some form of “database-on-a-database” type of work allowing users to design and define their own forms to supplement our application’s OEM records.

Zend Studio

When we bought Zend Guard, the bundle included a license for Zend Studio. Having tried a demo, and liked it but been put off by the price, I thought it might be wise to give it another go. With the license cost issue out of the way, I had a great feeling when I launched the installer, I was seconds away from what I knew to be a good IDE!

I opted to not install the Zend Platform and its baggage because having read posts that describe the resulting massacre of your PHP and web server installations. I walk this plank a bit later, but first I’d like to finish with Zend Studio.

Zend Studio is a great IDE. It’s a Java app, its fast, and plows through all the scripts that would normally choke Eclipse. It has great code completion features and the code Outline (Eclipse calls it Outline, I’m away from my dev machine right now so I can’t get the right name) is very smart, walking included files and determining class types on the fly. It has a heap of really helpful tools like built in PHPDocumentor, CVS integration, Code Folding and really great contextual/syntax help to name a few.

Zend Studio has debugging capabilities too, I’ve seen them go and they are as good as (dare I say) Microsoft Visual Studio or .NET/ASP debugging with the ability to step lines of code and see and tweak your variables in state. I want(ed) this.

I don’t blame Zend Studio for what happened next.

I’ve been working on something mildly complex and I was having trouble obtaining the desired output as an object I was working with was getting its reference mangled at some point and I needed to see where. I thought this would be the perfect opportunity to use the debugging features included with Zend Studio. Right there, on the toolbar is an option to debug. I opt to try it and see how far off the installation is as I skipped the Zend Platform install. Yep, it wants to have Zend Platform installed first.

Alright, back to the Zend website for the Zend Platform. Unlike the previous Zend Platform, the latest wants something called Zend Core installed. Back to the website, and download Zend Core.

Zend Core gets installed, then everything goes to hell. My ISAPI PHP installation is now broken, but the web server is still answering PHP calls…. very slowly. Looking in the Task Manager reveals 5 to 10 “php-cgi.exe” processes. Trying to restart the IIS is a waste of time; it stalls and stops responding altogether. Reboots take forever, resulting in a big-red-button shutdown after 20 minutes of waiting.

Very little information exists about what exactly Zend Core does and what one should do to fix it when it goes wrong and I wasn’t really in the mood to start in on a support email conversation that would most likely drag on for weeks.

This is signals the end of my Zend debugging escapades, I don’t have the time or energy to devote in figuring out how Zend wants its fancy “cgi” PHP to be installed and why I should bother. I mean this PHP installation DOES work, but its the slowest thing ever, pages that would render in 0.05 seconds are now well past the 45 second mark which by even the worst standards is unacceptable. I’ve gone back to my PHP 5.2 in ISAPI mode on IIS for development purposes using Zend Studio as my daily-driver IDE and do my debugging using test-points and debug output from our home-brew inline debugger.

Zend, nobody outside your organization understands your product lines. They seem to make perfect sense to you but in my opinion the rest of the world does not really care nor do you try to make us care.

Zend, unify your products already. Get the Zend Optimizer in the PHP core… I mean it is you that wrote the PHP engine right? It’s not like you charge for it! Did someone screw up so bad that you need a separate product to optimize it? Have you deliberately added some inefficiencies that the Optimizer fixes? If so, SHAME and shenanigans on you. Zend Core, and Zend Platform … what’s next? Zend Framework? Uh! Oops! You beat me to it.

Zend, you need to fix the licensing scheme/software/mechanism on Zend Guard. You have to realize that this software is run by developers on development machines that are often changed, reformatted or have their partitions changed. I dread opening Zend Guard for fear that its license is invalid and I’ll have to deal with your support website.

Zend, your website is one of the slowest around. If your intent is to showcase Zend products for speed and efficiency then your website is not doing you any favors. Why do I need to login 2 or 3 times each visit? Have you not figured out how to pass authenticated sessions on between servers? I’d be more than happy to assess, explain and/or fix this for you under a consulting engagement.

Zend, Zend Studio is the best development IDE for PHP out there. If you really care about PHP, you need to cater to your developers. $299 is a bitter pill for many to swallow, don’t be so greedy with the tools that enable the people that keep you around. Microsoft is GIVING away its Express versions of it’s .NET IDE’s and they are quite good; too bad the language and OS aren’t my cup of tea.

I have a hard time being very critical of Zend as they are responsible for PHP and I make a good living as a PHP developer and application architect. Beyond the core Zend Engine and a debuggerless Zend Studio, Zend Technologies has done an excellent job of taking my money and killing my inner child. I’d love to get on-board with all this stuff, but just one thing after another leads to a certain reputation after awhile and it drives me bonkers!

- Paul

Asterisk and Fedora Core 7

Looking over my blog stats, most of you reach me via a Google search for FC7 and Asterisk. With that, this post will detail installing Asterisk on FC6-7 or any modern Linux distribution for that matter as nothing here is Fedora specific anyways.

Getting Asterisk compiled and installed is quite trivial, so I thought it would be wise to spend a few moments examining the hardware you intend to use with Asterisk. If you are using a PSTN interface card through ZapTel such as Digium TDM or something else, you need to be aware that these cards generate a tremendous number of interrupts during their operation and the target system must be able to handle these interrupts quickly.

I’ve deployed Asterisk at the office where it provides call queues, automatic attendant, voice-mail and telephony services for 30+ people. This particular setup runs on a Dell 2850 with 1GB of RAM at 3.0ghz with a Digium TDM2400 card to analog PSTN lines. This setup’s load average rarely peeks over 0.01 during the day and the only complaint is occasional echo on the PSTN lines. We will soon be ditching the PSTN lines in favour of SIP channels from Primus providing both a huge cost savings and improved call quality.

At home, I’ve run Asterisk on a PIII-800 with 256MB of RAM using SIP only (no PSTN hardware) and have never had a problem with load related glitching or call drops.

The point in all this is to ensure that you select hardware appropriate for the application; don’t expect that old surplus P-III550 to serve as a corporate PBX for very long; but for home purposes that’ll only ever have 1 or 2 concurrent calls, it’ll probably be fine.

If you go with PSTN hardware, make sure to run the “zaptest” (or other for non-Zaptel hardware) program to test the interrupt timings.

Getting on with the installation, you should probably start by making sure any distribution specific Asterisk packages or Asterisk look-a-like clones are removed before you start. On FC7, OpenPBX is an available package, but in my opinion isn’t worth wasting the download. Go and get Asterisk from Digium directly and build your own.

This assumes you have a working build environment; generally the development packages for your particular distribution should have installed the basics like “make” and “gcc”… You’re really on your own here.

We’re going to be compiling Asterisk 1.2 at this time. Although 1.4 is out and in reasonable shape, I only have 1.2 experience and I’m quite happy with it so far.

Download the following source packages:

Asterisk 1.2.23 The Asterisk Code

Add-Ons 1.2.7 Asterisk Add-ons

Asterisk Sounds Pre-Recorded PBX sounds.

If you are going to be using ZapTel hardware, you’re going to have to build a kernel module. Download ZapTel as well.

To make things really easy, I’m going to include the commands to get this done. Lets start with Asterisk. Get, untar and build.

[skin@borg ~]$ mkdir asterisk
[skin@borg ~]$ cd asterisk/
[skin@borg asterisk]$ ls
[skin@borg asterisk]$ wget http://ftp.digium.com/pub/asterisk/releases/asterisk-1.2.23.tar.gz
--21:22:42--  http://ftp.digium.com/pub/asterisk/releases/asterisk-1.2.23.tar.gz
Resolving ftp.digium.com... 216.27.40.102
Connecting to ftp.digium.com|216.27.40.102|:80... connected.
...downloading...
[skin@borg asterisk]$ tar -xzvf asterisk-1.2.23.tar.gz
... lots of files...
[skin@borg asterisk]$ cd  asterisk-1.2.23
[skin@borg asterisk-1.2.23]$ make
...compiling...
 +--------- Asterisk Build Complete ---------+
 + Asterisk has successfully been built, but +
 + cannot be run before being installed by   +
 + running:                                  +
 +                                           +
 +               make install                +
 +-------------------------------------------+
[skin@borg asterisk-1.2.23]$ su root -c "make install"
[skin@borg asterisk-1.2.23]$ su root -c "make samples"

If everything worked out, you are the proud owner of a new Asterisk installation. There are a couple more things that need to be done though.

Lets do the sounds next.

[skin@borg asterisk-1.2.23]$ cd ..
[skin@borg asterisk]$ wget http://ftp.digium.com/pub/asterisk/releases/asterisk-sounds-1.2.1.tar.gz
[skin@borg asterisk]$ tar -xzvf asterisk-sounds-1.2.1.tar.gz
[skin@borg asterisk]$ cd asterisk-sounds-1.2.1
[skin@borg asterisk-sounds-1.2.1]$ su root -c "make install"

Lets do the add-ons now. If you want to use MySQL for CDR support, you need to make sure the MySQL-devel packages are installed for your distro before you run this. It going to look for mysql.h, errmsg.h and mysql_version.h.

[skin@borg asterisk]$ cd ..
[skin@borg asterisk]$ wget http://ftp.digium.com/pub/asterisk/releases/asterisk-addons-1.2.7.tar.gz
[skin@borg asterisk]$ tar -xzvf asterisk-addons-1.2.7.tar.gz
[skin@borg asterisk]$ cd asterisk-addons-1.2.7
[skin@borg asterisk-addons-1.2.7]$  make
[skin@borg asterisk-addons-1.2.7]$  su root -c "make install"

At this point, you should have a fully installed, ready for configuration Asterisk PBX. The installation gets a little more complicated if you need ZapTel for some PSTN hardware. If you’re planning to use the Conference Room feature, you’re going to need a ZapTel timer even if you don’t have hardware. It probably a good idea to build ZapTel anyways.

Like above, Get, untar, and build ZapTel.

[skin@borg asterisk-addons-1.2.7]$ cd ..
[skin@borg asterisk]$ wget http://ftp.digium.com/pub/zaptel/releases/zaptel-1.2.19.tar.gz
[skin@borg asterisk]$ tar -xzvf zaptel-1.2.19.tar.gz
[skin@borg asterisk]$ cd zaptel-1.2.19
[skin@borg asterisk]$ make
[skin@borg asterisk]$ su root -c "make install"
Building /etc/modprobe.d/zaptel...
***
*** WARNING:
*** If you had custom settings in /etc/modprobe.d/zaptel,
*** they have been moved to /etc/modprobe.d/zaptel.bak.
***
*** In the future, do not edit /etc/modprobe.d/zaptel, but
*** instead put your changes in another file
*** in the same directory so that they will not
*** be overwritten by future Zaptel updates.
***

Now we can try the ZapTel basics. Become root and try:

[root@borg ~]# modprobe zaptel
[root@borg ~]# lsmod
Module                  Size  Used by
wctdm                  37056  0
zaptel                183972  1 wctdm
crc_ccitt               6337  1 zaptel
.
.
.

The lsmod should show ZapTel loaded. This doesn’t imply that your hardware is configured, just that the ZapTel basics are in place. You’ll have to reference the specific module and configuration for your hardware, but the basics should be in place to get you going.

PHP Installation: A myriad of options

I suppose that a site that discusses PHP and Linux affairs should probably have some sort of documentation or links to reasonable how-tos on the subject. However, the thought of detailing a PHP/Apache/MySQL installation doesn’t appeal to me much either, so I’ll take a different slice on this. Rather than regurgitating the same steps as every other PHP How-To, I’ll talk about some configuration choices based on the machine’s role.

Alright then, you want to install PHP on your PC or “server” type machine. I’d hazard that you’re either already running Linux or have the misfortune of running Windows. While PHP runs on just about on hardware and OS combo, the Unix flavours perform better and seem to be more stable, not to mention there is less voodoo involved in making it work right.

In a nutshell, PHP is typically run in one of two different modes, either in CGI mode or SAPI mode.

In CGI mode, when a PHP page is called the webserver invokes the PHP executable to evaluate and execute the named script. The PHP binary is read into memory each time effectively isolating the execution. This mode is popular with certain ISP’s as it allows PHP to be further secured to client web home and configured to constrain to certain policies such memory and execution restrictions. There is some overhead performance cost with the CGI mode, but it is reliable and unlikely to knock over a shared host when properly configured. Most Windows IIS installations will run in CGI mode.

In SAPI mode things are a little different. The PHP code is complied into both a CGI and library form. This library is configured for use within the webserver and when PHP pages are being rendered, the in-memory library is used instead of an isolated process such as CGI mode. Under Apache, this seems to work great both on Linux and Windows. SAPI under Windows IIS tends to be a frustrating, futile exercise. PHP in SAPI mode tends to perform very well, less disk I/O overhead is achieved by taking full advantage of webserver caches, and optional PHP OpCode caches that further boost performance. In a shared environment it can be somewhat more complicated to configure some client restrictions and access rights, but there are many resources dedicated to locking-down PHP in these such configurations.

If you are a Windows user running IIS, don’t waste your time. Go with the standard CGI installation and save yourself the agony of running the SAPI module. PHP in CGI mode under Windows is bomb-proof and is very easy to install. Getting the SAPI to work under IIS isn’t all that difficult but it never seems to be very stable; no matter what, it will begin to complain about exception errors, and will open pop-up windows on the server complaining about something or other, sometimes locking up the webserver altogether. It just doesn’t seem to be very robust or clear if PHP is supposed to be production quality under IIS.

If you’re a Linux user, life is good for you in this regard. Check the details of your distribution, chances are there is a PHP package that can installed with only a few clicks of your mouse. Recently, Fedora Core has been my distro of choice and its PHP packages are great; they come compiled with all sorts of extras such as GD, LDAP and a few other neat-o extensions.

The next question that may come up is which version of PHP to install? PHP is currently being developed in 3 major versions, both  4, 5 and 6. At this time, PHP 4 support will be discontinued by the end of 2007 with only critical security fixes applied on a case-by-case basis until August 2008. PHP 5 is the way to go, its stable, production quality and has a future.

Compiling PHP from scratch is a good way to go on Linux but can be nuisance if it gets installed along side a pre-packaged file such as an RPM or if you have a lot of dependencies for extensions you need to include.

If you decide to roll-your-own PHP, I recommend starting from scratch; remove any repackaged webserver and PHP if already installed. Acquire the sources for PHP, Apache and any additional (-devel) dependencies for the extensions you want to build. I can’t really speak to compiling PHP under Win32 as I’ve never attempted it; there just doesn’t seem to be a good reason to do so, most extensions are precompiled and available from PHP.net directly.

Recommendations?

For a Windows based PHP developer, the PHP CGI under IIS works great and is easy to install and upgrade while not performing as well as similar hardware under Linux and Apache. Every time someone uses a Windows IIS MySQL PHP (WIMP) configuration in production, God kills a kitten. Just don’t do it.

For a Linux based PHP developer. You most likely have it the easiest of all. Depending on your distribution, it’ll probably only take you a few clicks using the package manager. If not, roll-your-own.

For Production purposes, a scratch built Apache 2.x and PHP5 SAPI running on Solaris/BSD/Linux compiled with only the required extensions. This is then optimized with an OpCode cache such as APC (Alternative PHP Cache) providing a robust and extremely fast PHP server capable of making short work of even the most complex PHP scripts.

Where to get platform specific installation info? Go straight to the horse’s mouth: PHP Installation Documentation

Blog Moved to the hosted WordPress…

Why the heck not? Its one less thing to worry about. I had installed the WordPress that came with Fedora core 7 but have since had some trouble with the i2o disk controllers. I basically lost everything on a RAID-5 array. Nothing aside from the few posts I made were really at risk of being lost, everything was just backed up prior to the system shuffling anyways.

The cause of this bizarre failure still escapes me.

I’d been tinkering with some new 100mm fans that I picked up at the local automotive/everything surplus store. The plan was to stuff as any of these as possible throughout both my desktop PC case and the server. 5 fans at $2.49ea…. great deal. I started with my desktop PC; in there is an eVGA 8800 GTS that idled in the mid 60C and would peak into the 80’s under load. 2 intake fans were added to it as well as an intake fan directly over the video card mounted on the case door. This did a great job of bringing the idle temps down to the mid-50’s and does a great job dissipating the heat under load.

Anyways, this is where it started to go wrong. After completing the fan install on my Desktop PC, I shelled into the FC7 box and issued a ‘halt’. Usually, the system crunches around, kills off all the processes and preps the system for shutdown. The usually finishes with a message like “System Halted. Power down”. 15 minutes have gone by and the shutdown process seems to have stalled; its not doing anything. I think this sort of thing happens on all Linux installs occasionally; perhaps due to some process that was killed manually and the PID file stays behind perhaps making the init script wait for a process that has already ended… It really could be anything and there is no way of knowing after-the-fact what it was.

So I gave it the “Big Red Button”. Powered-off, unplugged it and installed a few case fans. The fan went onto the PSU lead with the other fans using a full 12volt line. (There will be a rant about Antec’s “Fan Only” PSU lead in a future post). Checked my work, closed up the case and reconnected everything. Flicked the power switch…

It passes POST as usual but this time, instead of booting off the Adaptec 2400, it fell through and tried to boot off the CD, then tried to PXE off of each NIC. “No biggie” I thought; on rare occasions CMOS data can get reset when tampering inside a case… it does happen. So, power on again, mash the [DEL] key. Immediately I recognize that the settings are fine, as I left them.

Try to boot again… same deal.

Boot again and access the Adaptec hardware configuration, no problem, the array is still there. The tool only lets you manage the array, nothing configurable about the card such as boot interrupts or memory addresses.

Alrighty…. I don’t quite have the “Oh No!” feeling yet, so I boot off the FC7 DVD to see if I can determine if the card is still working on the Linux side; I can get my data off or even repair over-top. So I boot the Recover option from the DVD. The I2o drivers come up, the card is seen, capacity of the drives listed… but NO PARTITION TABLE! WtF? I break out of the installer to the first available console and try ‘fdisk’ for myself…. yup, its a big old empty partition table.

The “Oh No!” feeling sets in.

Fu-diddly-ck.

Having let FC7 configure the partition table when first installed, I didn’t note the specific partition sizes and disk layout. I’m no expert with the guts of the FC installer so manually invoking the partition tool escapes me. So I began to evaluate the old “diminishing returns” formula… RAID controllers tend to re-initialize when partition tables are written, so either way it looks like this installation is up-the-creek.

FC only takes a few minutes to re-install and I’d only be “out” 2 things, my WordPress installation/posts (a bit of searching later yields an XML file. w00t) and my latest configuration of Asterisk, Samba and such. So rather than messing around for hours on end, I quickly re-installed and got things going again.

At this point, I’m entertaining wild theories and ideas about what might have happened here and what I could have done to recover from this. Something mangled the partition table, I know that much. I’d suggest something about the RAID superblocks… but nothing hinted that the array was ever broken, its like something just blew away the partition table.

I suppose the lesson is, no matter how young and installation is, its never going to be immune from a good backup regime. Back-it-up or else!!

Fedora Core 7: Distro Review

My first ever WordPress blog entry… goodbye cherry!

Starting off with a few notes and observations of Fedora Core 7 seems appropriate as it (used to, I moved to WordPress.com) powers this site and some supporting elements for my home network.

Someone looking in might think I’m crazy, but my job and interests keep my stables quite full of computers. My wife and I each have our desktops, as well as one older HP NetServer 2U server as a firewall/ LAMP install and finally a PIII-800 with about 200GB of disk space that serves as my file dumpster and SAMBA NT domain controller.

Eco-concerns being what they are, it makes sense on a few fronts to combine the best of left over parts and build something to replace the HP and the PIII clone.

The target machine is my old desktop: (only the hydro company would reboot it)

• an AMD XP Athlon 3200+,
• 512 MB RAM and
• 140GB of IDE disks on an Adaptec 2400 RAID controller
• 8x DVD Burner
• Nvidia GeForce2 TI 64MB AGP
• Intel E1000 NIC

The obvious challenge in this configuration is an install kernel thats aware of the Adaptec 2400. Trustix 3.1.x supports this and if it was a lesser machine I’d certainly have gone with it; however I found it wasteful to dedicate such hardware to the menial task of packet forwarding. This naturally lead me down the path of an X based distro and my previous experiences with Fedora Core 6 being quite good I opted to try FC version 7.

The ISO was downloaded from ibiblio in record time and committed it to DVD.

The installation was seamless. It detected all the hardware! A Web Server configuration with a GNOME desktop was selected and the install was invoked. The format took a little while, but the disk array had not fully synced; not that it hurts anything, it just slows things down. The installer went about its business and rebooted.

The GUI came up in an optimal 1600×1200 resolution and I logged in as root.

Strangely, eth0 (e1000) would not get an IP address from my current DHCP server. After reviewing the message log, I discovered that the onboard 1394 controller was being aliased as eth0 during boot up. You’d have to own a 1394 device in order to need a 1394 adapter, so I took the coward’s way out and disabled it in the BIOS. Surprise, surprise, eth0 came right up and got an IP.

Once the YUM update manager did its thing and if memory serves me correctly, there were a 104 updates. The server was left to update the software and the installation continued the next day.

Next article we’ll look at FC7’s OpenPBX package and why it should be avoided.

All in all, this is a good distribution.  It hasn’t given me much grief and I’ve been able to accomplish everything I needed it to do.  Nothing new really seems to jump up at you, and everything is where you’d expect it to be found.

Fedora Core 7: OpenPBX

Following the theme of my previous post on Fedora Core 7, I really wanted to touch on my experience with OpenPBX.

Just for a bit of background, we’ve opted out of traditional telephone in favour of a SIP based VoIP, provided by a Montreal area re-seller named BabyTel. I had figured out and configured BabyTel to run under Asterisk 1.2 on my HP NetServ machine where it was happily doing its job answering the phone and taking messages etc… However, with all this swapping and upgrading, the HP NetServ is being retired.

So, looking through the FC7 package manager I see a listing for OpenPBX; I dig a bit deeper. OpenPBX is built on Asterisk and is somewhat different. Here’s what the authors claim make it different.

• OpenPBX.org has built-in STUN support for SIP NAT traversal
• OpenPBX.org uses SpanDSP which means better codecs and full T.38 fax over IP support
• OpenPBX.org uses Sqlite instead of Berkeley DB as its internal database
• OpenPBX.org has a universal jitterbuffer for use with any channel type
• OpenPBX.org uses POSIX timers which means there are no Zaptel timing dependencies
• OpenPBX.org has much faster and more efficient dialplan execution because it uses hashing
• OpenPBX.org evaluates correctness and integrity of configuration data (work in progress)
• OpenPBX.org runs well under a virtual machine such as Xen or VMware

Looking at this list, one assumes that the basics work and the folks at OpenPBX are diligently working on icing and candy. Sounds pretty good right? Prepackaged solution, easy to install, standard Asterisk config? What could go wrong?

So I embarked on the journey; OpenPBX installed via the FC7 Package Manager and then configuration began…

Having working extension.conf, sip.conf and voicemail.conf files, the theory is you should be able to drop these files in and basically start OpenPBX and life should go on. So, I grabbed the files off the old Asterisk server and copied them to /etc/openpbx.org/ on the new rig.

The copy was immediately followed by a service openpbx start.

Lo and behold, OpenPBX did start and did register the SIP channel with BabyTel. So I proceeded with a test call to the local talking clock (613-745-1576); great success! The call was answered and I was told the time.

Next and finally I moved onto voicemail. My callplan has the * key linked with VoiceMailMain; so to access any voicemail that was left, one would simply dial * and follow the prompts.

As soon as I tried the * key from a desktop phone; “click” the call was dropped. Looking through the logs the problem seems obvious; OpenPBX doesn’t ship with sound files.

Right around here is where OpenPBX begins to resemble a jet engine, in that it concurrently sucks and blows. I begin to search of a tarball of sound files for OpenPBX. OpenPBX seems to be a product without a real identity; searching for OpenPBX yields a sparse wiki and something much worse called CallWeaver. It would seem that OpenPBX is now something called CallWeaver. Take your pick, documentation for both packages is just plain terrible.

After searching and following countless 404’s the sound files were eventually fished out of svn://svn.openpbx.org/openpbx-sounds/trunk/sounds/ using svn. These files included a Make that ran each WAV through SOX for formatting presumably. Once complete the files were copied to the sound path specified in OpenPBX’s config files.

So, I try again. Dial voicemail using “*”. Click… hangup.

In the log again, this time its bemoaning the fact that it cannot find a codec to handle the translation of ulaw to g729. Which I suppose is fine as there is no g729 codec installed under OpenPBX. I deal with this by removing all references to g729 from SIP.conf to see if that helps.

Reloaded OpenPBX and tried again… A similar error this time; Unable to find a codec translation path.

mmmmkay. So now its bitching about codec paths that aren’t even configured. I figured a “reload” was enough, so I stopped and started OpenPBX. During the subsequent start-up it complained about the g729 codec. Loader.c: /usr/lib/openpbx.org/modules/codec_g729.so: undefined symbol: ast_log.

Assuming that an Asterisk compatible module would work in OpenPBX was a mistake. Based on the error one can only assume that in the process of “making” OpenPBX the authors did a wholesale “Find and Replace” on certain “asterisk” like words that resulted in breaking binary compatibility all over the place.

With a sour mouthful of OpenPBX tainting my palette, enoughs enough. YUM was called in to remove OpenPBX with extreme prejudice. I visited the Asterisk home page, downloaded the latest version of Asterisk and the supporting files and rolled-my-own build of Asterisk. I copied my configuration and g729 codec over and rigged up an init.d script based on the stock proftpd script.

First try, the talking clock worked.

Second try, the voicemail worked.

Given the 5 minutes of effort it took to download, compile, install and configure it took to get Asterisk going, I feel I’m way ahead of the 2 hours I’ve been tooling around with OpenPBX.

Why I can’t recommend OpenPBX to anyone:

1. Its a package looking for an identity. Not very clear what it is… or who is in charge of it.
2. The name change from OpenPBX to Callweaver further skews this identity.
3. Documentation is piss-poor. You might as well look up Asterisk how-to docs or use voip.info.org .
4. Binary compatibility with Asterisk is broken
5. Doesn’t seem to persist SIP registration between shutdowns. All the devices need to re-register. There may be a setting for this… but Asterisk does this out-of-the-box
6. Uses SQLite… but it doesn’t work nor is there any documentation to help.
7. Installation does not work out-of-the-box. There are a number of obscure downloads and builds required.

What does it have going for it?

1. Its a FC7 package. Maybe the worst one, but its easy to install but easy stops there!

Recommendation? Stay away. Get the real-deal from Asterisk. It works and has a future.

LightScribe Impressions

Having recently replaced my desktop PC with an Intel E6600 based rig, I’m finally getting around to trying out all the new toys. Yes, I have been hiding under a rock, having only ever heard about LightScribe, this is really my first exposure to this feature.

As part of the upgrade kit, I had requested a new DVD burner. The order wasn’t very specific but my contact at Elco system did his best call to fill the order. A Samsung Model SH-S182 was selected.

I opted against the bundled Samsung Nero software and went with my Nero version. Using the Cover Page designer I was able to Copy and Paste some FC7 logos and a screen shot of the Gnome desktop to the layout and “print” to the label side of the LightScribe discs. Yeah, you need special LightScribe discs too.

The process took 17 minutes to complete but the resulting label is really pretty neat. This particular label was somewhat complex which is presumably why it took so long to process.

Label Close-Up

Features like this are great for me… my Sharpies are constantly being stolen or lost leading to my evil stack of unlabeled media. I guess I’m a slave to LightScribe media now!

Its gonna take some getting used to, but I can really see this being useful. Way to go HP!