This post is at: ForumFeatures Wanted
19 posts / 0 new
Last post
mattdarnell
mattdarnell's picture
Joined: 2007/10/25
Points: 20

Is there a way to have the configs for each tenant in a separate sub-directory.

i.e.
/home/ftproot/cust1
/home/ftproot/cust2
/home/ftproot/cust3

You can use the ftp program to send the ftpuser appropriate sub-directory.

-Matt

dozment
dozment's picture
Joined: 2007/11/20
Points: -10

I want to second this one. Great idea.

eeman
eeman's picture
Joined: 2007/11/06
Points: 260

I would suggest taking even one step further and separate the templates in /etc/asterisk/provisioning to be tenant specific also. Many times tenants request something unique to be defined for their polycom that perhaps another tenant wants defined differently. A really easy example for illustration could be the digitmap or alertInfo ring tones or even different logos on their polycom displays.

technically you could get away with a single FTP repository as long as the local-settings.cfg file were perhaps renamed to local-${tenant}.cfg so that each tenant had their own unique settings.

Erik Smith
dCAP
Thirdlane/Asterisk Support available
esmith.bgnv@gmail.com

dozment
dozment's picture
Joined: 2007/11/20
Points: -10

I ran into a situation yesterday that made me think of this new feature suggestion again. I had changed an aastra.cfg file to add something for a customer, and I accidentally overwrote the file while provisioning another customer's phones last night. If the files were written to a tenant specific directory that would not happen as easily.

thirdlane
thirdlane's picture
Joined: 2007/02/07
Points: 440

When I find a free moment :) I'll think about this and what else in provisioning may have to be (optionally) configurable on the tenant level.

Any suggestions welcome.

Alex Epshteyn
Third Lane Technologies
Multi Tenant Asterisk PBX

George
George's picture
Joined: 2007/10/31
Points: 0

I disagree, this will make management and support a total nightmare..

if there is a problem thats affecting other users in the config it would seem this is a problem that needs to be looked at instead..

G

thirdlane
thirdlane's picture
Joined: 2007/02/07
Points: 440

I already implemented a few things along these lines:

1) User provisioning directory - user can define new models, override existing models with their own templates, and this does not get overwritten during upgrades etc (this is not per tenant).

2) ${TENANT} variable that gets substituted so that different provisioning files can be generated for different tenants - e.g. one could define a model called Polycom tenant 1 and Polycom Tenant 2 and pull in different templates and generate different files.

3) User defined variables that get substituted with specified values

4) Command to execute after a device is provisioned

All this will be available in the upcoming release.

Anything I missed?

Alex

Alex Epshteyn
Third Lane Technologies
Multi Tenant Asterisk PBX

dozment
dozment's picture
Joined: 2007/11/20
Points: -10

Alex, I'm trying to come up with a way to keep the Polycom directory files seperate for each tenant. Adding the ${TENANT} variable is exactly what I need. Is it available in 5.1.2? Any major concerns with upgrading from 5.0.51 to 5.1.2?

thirdlane
thirdlane's picture
Joined: 2007/02/07
Points: 440

I am about to release 6.0 which has support for ${TENANT} and also allows to create tenant directories under /user_provisioning/ as /user/provisioning/tenant1, user_provisioning/tenant2 and place tenant specific templates there.

6.0 is almost ready - please watch the announcements.

Best regards,

Alex

Alex Epshteyn
Third Lane Technologies
Multi Tenant Asterisk PBX

mattdarnell
mattdarnell's picture
Joined: 2007/10/25
Points: 20

Anyone got this to work?

I booted up the ISO and added the directory /tftpboot/thirdlane

I always get "Error saving settings : Configuration files directory does not exist" I tried to change the setting to /tftpboot/${TENANT} but I get the error.

-Matt

thirdlane
thirdlane's picture
Joined: 2007/02/07
Points: 440

The way it is supposed to work is that it uses templates from /user_provisioning/tenant directories but still puts all the output files in the same directory for all the tenants.

Do you actually need separate provisioning directories for each tenant? I guess that may be useful, but I don't think it is currently implemented.

Best regards,

Alex

Alex Epshteyn
Third Lane Technologies
Multi Tenant Asterisk PBX

mattdarnell
mattdarnell's picture
Joined: 2007/10/25
Points: 20

Alex,

Yes, we would like different provisioning directories for each tenant.

Something like /home/phone/${TENANT} would put the files in

/home/phone/cust1

/home/phone/cust2

etc.

We use the FTP program to direct the ftp user to the correct directory on the file system.

Thanks!

-Matt

dozment
dozment's picture
Joined: 2007/11/20
Points: -10

Matt, I'm doing something sort of like that, but not exactly. I, too, wish there was a clean way to write files to seperate directories. I added a tenant specific settings file to my {mac}.cfg files for polycoms. This is the template for my {mac}.cfg.

<?xml version="1.0" standalone="yes"?>

I never touch sip.cfg, and local-settings.cfg is for global configs that are set for all of my customers. Tenant-settings.cfg is per tenant.

I also create a tenant specific contact_directory for directory.xml files.

The big problem with the way I'm doing this is that I have to manually create the tenant-settings.cfg file and the contacts directory. I originally set it up so that MTE's provisioning created the tenant-settings files, but, the template would have to be different for each tenant to make this file do what I want.

There's a little pain in running it this way, but it helps meet my needs.

Dan

eeman
eeman's picture
Joined: 2007/11/06
Points: 260

I do something similar with my polycom phones in MTE except I do it with models.txt

[polycom-550]

label=Polycom 550

lines=4

phone_template=polycom_phone.cfg

line_template=polycom_line.cfg

output=${mac}-registration.cfg

input_1=polycom_mac.cfg

output_1=${mac}.cfg

input_2=polycom_local.cfg

output_2=${TENANT}-settings.cfg

required_1=sip.cfg

required_2=phone1.cfg

then my polycom_mac.cfg looks like this (for SIP 3.0.2 firmware)

<?xml version="1.0" standalone="yes"?>

<!-- SIP Application Configuration File -->

<!-- $Revision: 1.100.4.15 $ $Date: 2006/01/23 19:36:38 $ -->

<APPLICATION APP_FILE_PATH="sip.ld"

CONFIG_FILES="${mac}-registration.cfg,${TENANT}-settings.cfg,phone1.cfg,sip.cfg"

MISC_FILES=""

LOG_FILE_DIRECTORY="/LOGS/"

OVERRIDES_DIRECTORY="/OVERRIDES/"

CONTACTS_DIRECTORY="/CONTACTS/"

LICENSE_DIRECTORY="/LICENSE/"/>

<APPLICATION_SPIP300 APP_FILE_PATH_SPIP300="sip_212.ld" CONFIG_FILES_SPIP300="${mac}-registration.cfg, ${TENANT}-settings.cfg, phone1_212.cfg, sip_212.cfg"/>

<APPLICATION_SPIP500 APP_FILE_PATH_SPIP500="sip_212.ld" CONFIG_FILES_SPIP500="${mac}-registration.cfg, ${TENANT}-settings.cfg, phone1_212.cfg, sip_212.cfg"/>

</APPLICATION>

i can then use a vanilla configuration in /etc/user_provisoining/ that will work for most tenants. IF, and only if, I have to define something different for a tenant will I create that file in /etc/user_provisioning/tenant. In such cases I might only need to create /etc/user_provisioning/polycom_local.cfg and let everything else run the /etc/user_provisioning versions.

Erik Smith
dCAP
Thirdlane/Asterisk Support available
esmith.bgnv@gmail.com

agibson
agibson's picture
Joined: 2009/03/11
Points: 0

Bumping this as this is one feature I would like to see added.

The main issue for me is security. It would be nice to provide a unique ftp username and password to each tenant. Each username locks the user to their own provisioning directory. The idea is to provide them their own username and password so that they can provision their own phones. If all configs for all tenants are stored in the same directory, it allows them to ftp into the server and obtain information about other tenants, sip passwords etc with basic ftp knowledge.

Otherwise we will still have to be responsible for programming all of our tenants phones, which is a major task that we would like to have offloaded to the client.

Thanks,

Andy

eeman
eeman's picture
Joined: 2007/11/06
Points: 260

if you would read up about unix permissions you would realize you wouldnt need seperate logins to ensure user A doesnt see user B's configs (unless and of course he had knowlege of their mac addresses). This can and easily corrected by appropriate file ownership and user permissions. Set correctly you cant even get a listing of the files in the directory as the ftp user.

Also this request does not require any work on the part of PBX Manager, this is entirely possible with the current infrastructure of models.txt as long as you make each ftp site a sub directory of the main directory provisioned in pbx manager. If you wish to put configs into seperate directories, alter models.txt and do it, nothing is needed in Perl to accomplish this.

Erik Smith
dCAP
Thirdlane/Asterisk Support available
esmith.bgnv@gmail.com

dozment
dozment's picture
Joined: 2007/11/20
Points: -10

Erik, you're talking about setting permission on the ftp home directory to 333, right? That works for me. If someone ftp's to the serrver using the username/password of the phone and does an "ls" they don't see anything. I have to be root to see a list of files in the directory. Acceptable solution for me.

eeman
eeman's picture
Joined: 2007/11/06
Points: 260

dir owned by root:root

user grp can be 7 but world/other is read no execute and no write

dwrxwrx-r-

Erik Smith
dCAP
Thirdlane/Asterisk Support available
esmith.bgnv@gmail.com

eeman
eeman's picture
Joined: 2007/11/06
Points: 260

backwards.. i was on my iphone when i typed it..

drwxr-x--x 8 root root 20480 Aug 24 16:56 PlcmSpIp

chmod 751 will do the trick (or 771)

the x bit lets them go into the dir, the 'r' bit lets them get a directory index. So we deny the world the ability to read the directory, just go into it.

then for each file inside they are owned by root but chmod 644

Erik Smith
dCAP
Thirdlane/Asterisk Support available
esmith.bgnv@gmail.com