Skip to main content

Multi Tenant Provisioning

Posted by dozment on Tue, 05/06/2008

I'm going to try to summarize where I am with provisioning Polycom phones in a multi tenant PBX Mgr. I think I have something that will work, but I'm interested in comments.

PROBLEM
Most of the settings in sip.cfg and local-settings.cfg work for all of my tenants. But, sometimes there is a slight change for a tenant, and I would like to be able to make that change one time for all extensions in a tenant. For example, the majority of my customers use 1xx for local extensions. I have a new customer who wants to use 3xx. My dial string in local-settings.cfg is built around 1xx being the internal extensions.

Another problem is the contacts directory file. I need a different contacts directory for each tenant.

SOLUTION
Both of these problems can be solved by tweaking the {mac}.cfg file, but I don't want to have to do that for each phone. Over in the "seperate ftp directory for each tenant" thread Alex mentioned something about adding ${TENANT} to the provisioning setup. I tried it with version 6.0.1.36, and it works beautifully.

In /etc/asterisk/provisioning/models.txt I have created the following phone definition. Notice, there is no reference to local-settings.cfg and sip.cfg. I took them out because I don't want them overwritten every time I provision a phone. I manage local-settings.cfg manually (it's really more of a global-settings.cfg in my case) and I leave sip.cfg as it comes from Polycom.

[polycom-test]
label=Polycom Test
lines=2
phone_template=polycom_phone.cfg
line_template=polycom_line.cfg
output=${mac}-registration.cfg
input_1=polycom_mac.cfg
output_1=${mac}.cfg

Then, I edited /etc/asterisk/provisioning/polycom_mac.cfg as follows:

<?xml version="1.0" standalone="yes"?>

Notice the new "tenant-settings-${TENANT}.cfg file that gets created and the CONTACTS_DIRECTORY setting.

I will manage the tenant-settings-${TENANT}.cfg file manually for each tenant. By default it will be empty (or missing?), but I will have the option of adding settings there that get applied across all phones at a customer site.

I will have to create a directory for each tenant for the contacts file in my provisioning directory and manually create a directory.xml file there (hoping to do that with the same spreadsheet I use to provision the phones).

I've gone through the motions of creating all of the files on my test system, but I haven't used this to actually provision a phone yet.

Thoughts?


Submitted by dozment on Tue, 05/06/2008 Permalink

Couple of corrections. First, this is for POLYCOM PHONES ONLY. But, I'm sure the same kind of thing can be done for other phones.

Secondly, the forum seems to be eating my polycom_mac.cfg file changes. I can't seem to make the complete file display here.

I changed the CONFIG_FILES setting as from this

CONFIG_FILES="${mac}-registration.cfg,local-settings.cfg,sip.cfg"

to this

CONFIG_FILES="${mac}-registration.cfg,tenant-settings-${TENANT}.cfg,local-settings.cfg,sip.cfg"

Submitted by dozment on Thu, 05/08/2008 Permalink

No, if it puts the configs in different directories I will not need to do this. But, it's still nice to have that one config file that is global. I may end up liking it better this way. And, I don't think it is able to split it to tenant-based directories yet.

Submitted by ckung on Thu, 09/25/2008 Permalink

I have no problem with Linksys SPA 941, 942 by using the built-in templates.

Recently a client request us to support Polycom IP 550 and I can't make it work for auto provisioning.

Can someone help me with step by step instruction?

Those are the files in the system and wonder if I need to setup bootrom TFTP server as always.

polycom_line.cfg

polycom_local.cfg

polycom_mac.cfg

polycom_phone.cfg

Thanks!

Charles

Submitted by eeman on Thu, 09/25/2008 Permalink

polycom's perform best using ftp so that they can also upload user-based changes to the site. There are quite a few steps in getting polycom phones auto-provisioning, but once completed work better than just about any phone ive seen. There are sooooo many things you can adjust with polycom configurations.

Submitted by dozment on Sat, 09/27/2008 Permalink

Erik is right. FTP is the best way, and there are a good many steps to be documented. It would be nice if someone had the time to document it. Polycom has a short white paper called Configuration File Management on SountPoint IP Phones that does a good job of describing the files. The Administrator's Guide for the SoundPoint IP/SoundStation IP Family describes all of the settings that go in the config files. I just printed (yeah, I'm a paper guy) the version for SIP 3.0.0.

Polycom doesn't seem to distribute their documentation directly to the public, so I'm not comfortable posting their work. I got my copies from my wholesaler. You might check with the people you buy from to see if they can get you copies.

Submitted by olekaas on Mon, 10/20/2008 Permalink

Hi,

This is my attempt to do multitenant provisioning:

models.txt

[polycom-330/320]

label=Polycom 330/320

lines=2

phone_template=polycom_phone.cfg

line_template=polycom_line.cfg

output=${TENANT}/${mac}-registration.cfg

input_1=polycom_mac.cfg

output_1=${TENANT}/${mac}.cfg

input_2=polycom_local.cfg

output_2=${TENANT}/local-settings.cfg

command_1=/etc/asterisk/user_provisioning/polycom.sh ${path} ${TENANT} ${mac}-custom.cfg

To copy static files (sip.cfg, phone1.cfg) and create a per phone custom settings file if absent, I've made a q'n'd shell script:

polycom.sh

#!/bin/sh

[ ! -e $1/$2/$3 ] && /bin/cp /etc/asterisk/user_provisioning/polycom-custom.cfg $1/$2/$3

/bin/cp /etc/asterisk/user_provisioning/sip.cfg $1/$2/

/bin/cp /etc/asterisk/user_provisioning/phone1.cfg $1/$2/

The mac.cfg file:

[APPLICATION APP_FILE_PATH="sip.ld"

CONFIG_FILES="${mac}-custom.cfg,${mac}-registration.cfg,local-settings.cfg,phone1.cfg,sip.cfg"

MISC_FILES=""

LOG_FILE_DIRECTORY="log"

OVERRIDES_DIRECTORY="custom"

CONTACTS_DIRECTORY="directory"

LICENSE_DIRECTORY=""

/>

Each tenant have their subdirectory set as root when they log in via ftp. Couple of things to figure out: Create the tenant subdirectory if absent (maybe let the script do it and move command_1 up front - will probably work if params is executed in order listed). Put ftp user and password in mysql. The username will be the tenant name - so that easily done in the shell script. The password however.... Well, I'll just have to go to phpmyadmin.

This way each tenant have their own complete provisioning directory. They can even have their own firmware if needed (in that case the shell scritp need to be modified to copy the sip.cfg and phone1.cfg files in user_provisiong/tenant that should match the firmware).

My next step was to wrap it all up in TLS for security. But the bootrom does not support TLS - only the sip app. does. So we need to fetch sip.ld and mac.cfg with no tls and then grab those configs with sip credentials using tls once the sip app. is running. Thats ok. It's just when downloading sip.ld and mac.cfg we exposed our ftp user/pass - so we can just skip the tls stuff. Or am I missing something?

Another thing: The phones only supports implicit TLS which seems to be deprecated by RFC. So you need either two ftp servers or a server that will listen on both 21 and 990. I have chosen to use proftpd which will only listen on one port and only supports explicit TLS. With the above issue in mind, I'll let this TLS stuff rest for now...

Explicit TLS is supposed to be fixed in an subsequent release. But dont hold your breath - it was noted as outsanding issue for release 2.0.0 Beta 2 years ago.

/Ole