====== Installer Asterisk et FreePBX sur CentOS 7 ======

<note important>En cours de rédaction, à vos risques et périls</note>

===== Configuration des dépôts =====

Le dépôt tucny contient les RPMS nécessaires:

<code bash>
cat <<'_EOF' > /etc/yum.repos.d/tucny-asterisk.repo
[asterisk-common]
name=Asterisk Common Requirement Packages @ tucny.com
#baseurl=https://ast.tucny.com/repo/asterisk-common/el$releasever/$basearch/
mirrorlist=https://ast.tucny.com/mirrorlist.php?release=$releasever&arch=$basearch&repo=asterisk-common
enabled=1
gpgcheck=1
gpgkey=https://ast.tucny.com/repo/RPM-GPG-KEY-dtucny

[asterisk-13]
name=Asterisk 13 Packages @ tucny.com
#baseurl=https://ast.tucny.com/repo/asterisk-13/el$releasever/$basearch/
mirrorlist=https://ast.tucny.com/mirrorlist.php?release=$releasever&arch=$basearch&repo=asterisk-13
enabled=1
gpgcheck=1
gpgkey=https://ast.tucny.com/repo/RPM-GPG-KEY-dtucny
_EOF
rpm --import https://ast.tucny.com/repo/RPM-GPG-KEY-dtucny
</code>

===== Installation des paquets =====

  * Asterisk et ses composants

<code bash>
yum install asterisk asterisk-voicemail-plain asterisk-pjsip asterisk-mysql asterisk-ael asterisk-iax2 asterisk-sip
</code>

  * Dépendances pour FreePBX

<code bash>
yum install mariadb-server php-mysql php-fpm httpd mod_ssl php-mbstring php-xml php-cli php-pear tftp-server nmap
</code>
<code bash>
pear install Console_Getopt
</code>

  * Démarrer les services

<code bash>
systemctl start mariadb
systemctl enable mariadb
systemctl start httpd
systemctl enable httpd
systemctl start php-fpm
systemctl enable php-fpm
</code>

  * Désactiver SELinux

<code bash>
sed -i -e "s/SELINUX=.*/SELINUX=disabled/" /etc/selinux/config
setenforce 0
</code>
<note tip>Voir pour créer une politique de sécurité au lieu de désactiver SELinux entièrement</note>

  * Configurer la partie web
<code bash>
mkdir /var/lib/php/ast-sessions
chown asterisk:asterisk /var/lib/php/ast-sessions
chmod 770 /var/lib/php/ast-sessions
chown asterisk:asterisk /var/log/php/www/
chmod 770 /var/log/php/www/
cat <<'_EOF' > /etc/php-fpm.d/www.conf
[www]
listen = /run/php-fpm/www.sock
listen.owner = apache
listen.group = apache
listen.mode = 0660
user = asterisk
group = asterisk
pm = dynamic
pm.max_children = 50
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.max_requests = 500
php_admin_value[error_log] = /var/log/php/www/error.log
php_admin_flag[log_errors] = on
php_value[session.save_handler] = files
php_value[session.save_path] = /var/lib/php/ast-sessions
php_admin_value[memory_limit] = 256M
_EOF
cat <<'_EOF' > /etc/httpd/conf.d/php-fpm.conf
<FilesMatch \.php$>
  SetHandler "proxy:unix:/run/php-fpm/www.sock|fcgi://localhost"
</FilesMatch>
cat <<'_EOF' > /etc/httpd/conf.d/freepbx.conf
# Pour forcer le SSL, décommenter les 2 lignes suivantes
# RewriteEngine on
# RewriteRule /(.*|$) https://%{HTTP_HOST}/$1 [L]
Timeout 600
<Directory /var/www/html>
  DirectoryIndex index.php
  Options +FollowSymlinks
  AllowOverride All
  # En cas d'utilisation de Lemonldap::NG pour l'authentification
  # PerlHeaderParserHandler Lemonldap::NG::Handler
  # SetEnvIfNoCase Auth-User "(.*)" PHP_AUTH_USER=$1
</Directory>
_EOF
systemctl restart httpd
systemctl restart php-fpm
</code>
</code>

  * Configurer MariaDB

<code bash>
mysql_secure_installation
</code>

  * Créer le rep pour le provisioning

<code bash>
mkdir -p /tftpboot/{contacts,logs,overrides,licenses,bmp}
chown asterisk:asterisk /tftpboot
mkdir -p /tftpboot/config_bkp/contacts
chown -R asterisk:asterisk /tftpboot/config_bkp
chmod 750 /tftpboot
chmod 770 /tftpboot/{contacts,logs,overrides,bmp}
chown PlcmSpIp:asterisk /tftpboot/{contacts,logs,overrides,licenses,bmp}
</code>
<code bash>
yum install vsftpd
</code>
<code bash>
useradd PlcmSpIp -d /tftpboot
usermod -a -G asterisk PlcmSpIp
passwd PlcmSpIp
</code>
<note tip>Configurer un mot de passe au compte PlcmSpIp, il sera utilisé par les téléphone au démarrage pour récupérer leur configuration</note>
<code bash>
systemctl enable vsftpd
systemctl start vsftpd
</code>
<code bash>
cat <<'_EOF' > /etc/vsftpd/user_list
PlcmSpIp
_EOF
cat <<'_EOF' >> /etc/vsftpd/vsftpd.conf
userlist_deny=NO
_EOF
sed -i -e "s/anonymous_enable=.*/anonymous_enable=NO/" \
       -e "s/local_umask=.*/local_umask=007/" \
       /etc/vsftpd/vsftpd.conf
cat <<'_EOF' > /etc/vsftpd/chroot_list
PlcmSpIp
_EOF
</code>

  * Télécharger FreePBX

<code bash>
cd /usr/src
wget http://mirror.freepbx.org/modules/packages/freepbx/freepbx-13.0-latest.tgz
tar xfz freepbx-13.0-latest.tgz
rm -f freepbx-13.0-latest.tgz
cd freepbx
</code>

  * Les répertoires pour les packs de voix
<code bash>
mkdir -p /var/lib/asterisk/sounds/custom
mkdir -p /var/lib/asterisk/moh
pushd /var/lib/asterisk/sounds/
popd
BASE=http://downloads.asterisk.org/pub/telephony/sounds/
for F in alaw g722 g729 gsm siren7 siren14 sln16 ulaw wav; do
  for L in en fr; do
    [ -d /var/lib/asterisk/sounds/$L ] || mkdir /var/lib/asterisk/sounds/$L
    for V in core extra; do
      wget -O - $BASE/asterisk-$V-sounds-$L-$F-current.tar.gz | tar xzv -C /var/lib/asterisk/sounds/$L
    done
    [ -l /usr/share/asterisk/sounds/$L ] || ln -s /var/lib/asterisk/sounds/$L /usr/share/asterisk/sounds/$L
  done
  wget $BASE/asterisk-moh-opsound-$F-current.tar.gz -O - | tar xzv -C /var/lib/asterisk/moh/
done
chown -R asterisk:asterisk /var/lib/asterisk/{sounds,moh}
</code>

  * Créer les bases de données
<code bash>
mysql
</code>
<code sql>
create database freepbx;
create database asteriskcdrdb;
grant all privileges on freepbx.* to 'freepbx'@'localhost' identified by 'p@ssw0rd';
grant all privileges on asteriskcdrdb.* to 'freepbx'@'localhost' identified by 'p@ssw0rd';
</code>

  * Éditer /etc/asterisk/asterisk.conf et enlever **(!)** sur la première ligne

  * Lancer l'installation

<code bash>
systemctl start asterisk
./install
</code>