Pre-requisitos¶
It is assumed that we have an instance of CentOS-7 or Amazon Linux, on which the installation will run. But before this we must carry out a series of necessary steps, therefore through an SSH connection to the host we proceed with:
Hostname configuration¶
Before proceeding with the installation do not forget to configure the hostname of the host. OMniLeads uses this value as a parameter when configuring some services related to the SIP (Telephony) part.
Disabled firewalld and SELinux¶
systemctl disable firewalld
sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/sysconfig/selinux
sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config
Run upgrades and install kernel-devel paq.¶
yum update && yum install kernel-devel git -y
reboot
Important
Check that the kernel-devel package matches the kernel.
Run the commands
uname -r
rpm -qa |grep kernel-devel
Provide reliable SSL Certificates¶
OMniLeads is deployed with SSLv3 certificates for HTTPS conecction between the browser and web server (Nginx), using a self-signed cert/key in PEM format. The issued certificate uses SHA-512 with RSA encryption as the signing algorithm and a key size of 4096 bits. As it is a self-signed certificate, it produces an Unsure Site Warning in the browser when accessing the system for the first time (since the certifying authority or CA is not within the Repository of Trusted CAs of the Browser). Once the exception is added to trust it securely, the certificate is now configured for acceptance.
However, it is recommended to load your trusted SSL certificates during the installation of the App. You must locate your cert and key files in .pem format inside the ominicontacto/ansible/deploy/certs folder. To add the certificates, you must erase the cert.pem and key.pem files in the folder and place yours. During the deploy process, the files are detected in this location and therefore they are provided at the web and webtrc levels, so that when the deploy ends, the platform is available and using its own trusted certificates.
Ansible Installation¶
Lets begin whith Ansible installation. Is mandatory to install the packages pip and python. Mostly all Linux distros come with these packages installed. Other way you must install them.
Centos7 - Selfhosted¶
- Install python3-pip and python3 in case they are not installed:
yum install epel-release -y && yum install python3-pip pyton3 -y
- Install ansible:
(con el usuario root)
# pip3 install --upgrade pip
# pip3 install 'ansible==2.9.2' --user
All Ansible’s binaries are available in /root/.local/bin/
Other Linux distros - Host Node¶
Install ansible using pip¶
Install python2 and pip in case you don’t have them installed.
$ sudo pip install 'ansible==2.9.2' --user
Note
Some actual distros of Ubuntu and Debian doesn’t allow to install python2 and pip, in that case, you can install using python3 and pip3.
All Ansible’s binaries are available in /root/.local/bin/
Use Ansible dockerized image¶
Freetech Solutions maintains a docker image of ansible, you can downolad and use this image to make OMniLeads installations. Follow these steps:
- Install docker in deployer machine. For that, follow the steps of Docker installation for your distro/SO.
- Run script run_ansible.sh. This script will make pull of the latest Ansible image builded by us and will raise up the container.
cd ./ominicontacto/ansible/
./run_ansible.sh
Note
Type ctrl + D to exit the container. This will be destroyed automatically
Run deploy.sh¶
Once the host is available, the installation proceeds. This is where we must choose the type of OMniLeads installation and architecture to deploy.
OMniLeads behind NAT¶
OMniLeads behind NAT is when the agents connect to an URL formed by https://external_hostname:external_port, from Internet.
How you can see in image, the remote users access the App with the URL (domain, port) that resolves in the public IP of WAN interface of router/firewall.
Then, the firewall must redirect voice and data traffic to UDP ports: 20000-30000 and TCP: 443 of the host hosting the App.
Important
You must insert two inbound and un outbound firewall rules:
- Forward incoming traffic from ports 20,000 to 30,000 UDP to ports 20,000 to 30,000 on the OMniLeads host
- Forward traffic from the chosen external port to port 443 of the OMniLeads host
- Permit outbound traffic from OMniLeads to internet, port range: 10000-30000 UDP
Note
You can use public IP instead of hostname