(14.0) Installation Steps VRS HA
Internet should be available on the machine where the application is being installed and connections on port 9242 should be allowed in the network firewall to carry out the installation steps.
All the commands start with a # indicating that root user privileges are required to execute these commands. The symbol "#" is not a part of the command.
1- Allow ports in the firewall
Depending on the installation, we have to allow certain ports in the firewall of both machines.
If the firewalld daemon is installed on the system then we have to start it.
# systemctl enable firewalld # systemctl start firewalld
To allow the ports on firewall, you can execute the following commands. (Run on both machines in case of HA).
# firewall-cmd --add-port=443/tcp --permanent # firewall-cmd --add-port=8088/tcp --permanent # firewall-cmd --add-port=5060/tcp --permanent # firewall-cmd --add-port=16386-32768/udp --permanent # firewall-cmd --reload
In case of IPtables (the default firewall), we need to execute the following commands.
# sudo iptables -I INPUT -p tcp -m tcp --dport 443 -j ACCEPT # sudo iptables -I INPUT -p tcp -m tcp --dport 8088 -j ACCEPT # sudo iptables -I INPUT -p tcp -m tcp --dport 5060 -j ACCEPT # sudo iptables -I INPUT -p udp --match multiport --dports 16386:32768 -j ACCEPT # sudo iptables-save
2 - Freeswitch Installation
Follow this guide to install and configure Freeswitch.
3 - Deployment and Install Scripts
First, download/create the deployment script deployment.sh and place it in the user home or any desired directory. This script will:
- Delete the recording-solution directory if it exists.
- Clone the required files for deployment
To execute the script, give it the execute permissions and execute it. This command will clone the skeleton project for recording solution. the recording-solution directory contains all the required files for deployment.
# chmod 755 deployment.sh # ./deployment.sh
When the script finishes running, it should automatically take you inside the recording-solution
directory. In case it doesn't, navigate to it and execute the following commands.
# chmod 755 install.sh # ./install.sh
4 - Keycloak Setup
Check if the keycloak container is healthy by running the "docker ps"
command. If it is not healthy or if it continously restarting, kill (docker rm keycloak) and remove (docker rm keycloak) the keycloak container then run ./install.sh again. Wait for keycloak container to become healthy.
Once the health check is complete, Set up keycloak by following this guide.
Once keyclaok is set up, update below environment variables in recording-solution/docker/config.env
file.
Name | Description |
---|---|
VRS_URL | Update the IP in this variable's value. It should be VRS machine IP. |
LOCAL_MACHINE_IP | VRS machine IP (same as above) |
FINESSE_URL | UCCX Finesse URL with port |
KEYCLOAK_REALM_NAME | Realm name created in step 4 of keycloak setup |
KEYCLOAK_CLIENT_ID | Keycloak client id from step 6 of keycloak setup |
KEYCLOAK_CLIENT_SECRET | Keycloak client secret from step 8 of keycloak setup |
KEYCLOAK_URL | keep default |
KEYCLOAK_PERMISSION_GROUP | Keycloak Group from step 12 of keycloak setup |
CCX_PRIMARY_IP | Primary/Publisher UCCX IP |
CCX_SECONDARY_IP | Secondary/Subscriber UCCX IP |
CCX_ADMIN_USERNAME | UCCX admin username |
CCX_ADMIN_PASSWORD | UCCX admin password |
TRUST_STORE_PATH | The SSL truststore path, the truststore on this path must have the Finesse SSL certificate imported. Do not change this, instead place the created/updated truststore inside recording-solution/ssl folder. |
TRUST_STORE_PASSWORD | The password for the truststore that has the Finesse certificate imported. |
To update the self signed certificates for VRS, get the public authority or domain signed certificate .crt and .key files, name them server.crt and server.key and replace the files in /recording-solution/config/certificates with these two new files. Names should be exactly same.
Run ./install.sh again
Run the following command to ensure that all the components are up and running.
# docker ps
Go to https://VRS-IP/#/login to access the application.
Steps 2,3 and 4 should be run on both machines.