Document toolboxDocument toolbox

(14.0) Installation Steps VRS HA

Internet should be available on the machine where the application is being installed and connections on port 9242 should be allowed in the network firewall to carry out the installation steps. 

All the commands start with a # indicating that root user privileges are required to execute these commands. The symbol "#" is not a part of the command.


1- Allow ports in the firewall

Depending on the installation, we have to allow certain ports in the firewall of both machines.

If the firewalld daemon is installed on the system then we have to start it.

# systemctl enable firewalld
# systemctl start firewalld

To allow the ports on firewall, you can execute the following commands. (Run on both machines in case of HA).

# firewall-cmd --add-port=443/tcp --permanent
# firewall-cmd --add-port=8088/tcp --permanent
# firewall-cmd --add-port=5060/tcp --permanent 
# firewall-cmd --add-port=16386-32768/udp --permanent 
# firewall-cmd --reload

In case of IPtables (the default firewall), we need to execute the following commands.

# sudo iptables -I INPUT -p tcp -m tcp --dport 443 -j ACCEPT
# sudo iptables -I INPUT -p tcp -m tcp --dport 8088 -j ACCEPT
# sudo iptables -I INPUT -p tcp -m tcp --dport 5060 -j ACCEPT
# sudo iptables -I INPUT -p udp --match multiport --dports 16386:32768 -j ACCEPT 
# sudo iptables-save

2 - Freeswitch Installation

Follow this guide to install and configure Freeswitch.

3 - Deployment and Install Scripts

First, download/create the deployment script deployment.sh and place it in the user home or any desired directory. This script will:

    1. Delete the recording-solution directory if it exists.
    2. Clone the required files for deployment

To execute the script, give it the execute permissions and execute it. This command will clone the skeleton project for recording solution. the recording-solution directory contains all the required files for deployment.

# chmod 755 deployment.sh
# ./deployment.sh

When the script finishes running, it should automatically take you inside the recording-solution directory. In case it doesn't, navigate to it and execute the following commands. 

# chmod 755 install.sh
# ./install.sh

4 - Keycloak Setup

Check if the keycloak container is healthy by running the "docker ps" command. If it is not healthy or if it continously restarting, kill  (docker rm keycloak) and remove (docker rm keycloak) the keycloak container then run ./install.sh again. Wait for keycloak container to become healthy.

Once the health check is complete, Set up keycloak by following this guide.

Once keyclaok is set up, update below environment variables in recording-solution/docker/config.env file.

NameDescription
VRS_URL

Update the IP in this variable's value. It should be VRS machine IP.

https://192.168.1.106

LOCAL_MACHINE_IPVRS machine IP (same as above)

FINESSE_URL

UCCX Finesse URL with port

https://FINESSE-FQDN:8445

KEYCLOAK_REALM_NAMERealm name created in step 4 of keycloak setup
KEYCLOAK_CLIENT_IDKeycloak client id from step 6 of keycloak setup
KEYCLOAK_CLIENT_SECRETKeycloak client secret from step 8 of keycloak setup
KEYCLOAK_URLkeep default
KEYCLOAK_PERMISSION_GROUPKeycloak Group from step 12 of keycloak setup

CCX_PRIMARY_IP

Primary/Publisher UCCX IP

CCX_SECONDARY_IP

Secondary/Subscriber UCCX IP

CCX_ADMIN_USERNAME

UCCX admin username

CCX_ADMIN_PASSWORD

UCCX admin password

TRUST_STORE_PATH

The SSL truststore path, the truststore on this path must have the Finesse SSL certificate imported.

Do not change this, instead place the created/updated truststore inside recording-solution/ssl folder.

TRUST_STORE_PASSWORD

The password for the truststore that has the Finesse certificate imported.

To update the self signed certificates for VRS, get the public authority or domain signed certificate .crt and .key files, name them server.crt and server.key and replace the files in /recording-solution/config/certificates with these two new files. Names should be exactly same.

Run ./install.sh again

Run the following command to ensure that all the components are up and running. 

# docker ps

Go to https://VRS-IP/#/login to access the application.


Steps 2,3 and 4 should be run on both machines.