Is there a way to have the configs for each tenant in a separate sub-directory.
i.e.
/home/ftproot/cust1
/home/ftproot/cust2
/home/ftproot/cust3
You can use the ftp program to send the ftpuser appropriate sub-directory.
-Matt
include the templates
I would suggest taking even one step further and separate the templates in /etc/asterisk/provisioning to be tenant specific also. Many times tenants request something unique to be defined for their polycom that perhaps another tenant wants defined differently. A really easy example for illustration could be the digitmap or alertInfo ring tones or even different logos on their polycom displays.
technically you could get away with a single FTP repository as long as the local-settings.cfg file were perhaps renamed to local-${tenant}.cfg so that each tenant had their own unique settings.
Seperate Sub-Directories
I ran into a situation yesterday that made me think of this new feature suggestion again. I had changed an aastra.cfg file to add something for a customer, and I accidentally overwrote the file while provisioning another customer's phones last night. If the files were written to a tenant specific directory that would not happen as easily.
Tenant specific provisioning
When I find a free moment :) I'll think about this and what else in provisioning may have to be (optionally) configurable on the tenant level.
Any suggestions welcome.
FTP directory
I disagree, this will make management and support a total nightmare..
if there is a problem thats affecting other users in the config it would seem this is a problem that needs to be looked at instead..
G
Provisioning enhancements
I already implemented a few things along these lines:
1) User provisioning directory - user can define new models, override existing models with their own templates, and this does not get overwritten during upgrades etc (this is not per tenant).
2) ${TENANT} variable that gets substituted so that different provisioning files can be generated for different tenants - e.g. one could define a model called Polycom tenant 1 and Polycom Tenant 2 and pull in different templates and generate different files.
3) User defined variables that get substituted with specified values
4) Command to execute after a device is provisioned
All this will be available in the upcoming release.
Anything I missed?
Alex
Provisioning enhancements
Alex, I'm trying to come up with a way to keep the Polycom directory files seperate for each tenant. Adding the ${TENANT} variable is exactly what I need. Is it available in 5.1.2? Any major concerns with upgrading from 5.0.51 to 5.1.2?
tenant level provisioning
I am about to release 6.0 which has support for ${TENANT} and also allows to create tenant directories under /user_provisioning/ as /user/provisioning/tenant1, user_provisioning/tenant2 and place tenant specific templates there.
6.0 is almost ready - please watch the announcements.
Best regards,
Alex
Anyone got this to work? I
Anyone got this to work?
I booted up the ISO and added the directory /tftpboot/thirdlane
I always get "Error saving settings : Configuration files directory does not exist" I tried to change the setting to /tftpboot/${TENANT} but I get the error.
-Matt
tenant level provisioning
The way it is supposed to work is that it uses templates from /user_provisioning/tenant directories but still puts all the output files in the same directory for all the tenants.
Do you actually need separate provisioning directories for each tenant? I guess that may be useful, but I don't think it is currently implemented.
Best regards,
Alex
Alex, Yes, we would like
Alex,
Yes, we would like different provisioning directories for each tenant.
Something like /home/phone/${TENANT} would put the files in
/home/phone/cust1
/home/phone/cust2
etc.
We use the FTP program to direct the ftp user to the correct directory on the file system.
Thanks!
-Matt
Matt, I'm doing something
Matt, I'm doing something sort of like that, but not exactly. I, too, wish there was a clean way to write files to seperate directories. I added a tenant specific settings file to my {mac}.cfg files for polycoms. This is the template for my {mac}.cfg.
<?xml version="1.0" standalone="yes"?>
I never touch sip.cfg, and local-settings.cfg is for global configs that are set for all of my customers. Tenant-settings.cfg is per tenant.
I also create a tenant specific contact_directory for directory.xml files.
The big problem with the way I'm doing this is that I have to manually create the tenant-settings.cfg file and the contacts directory. I originally set it up so that MTE's provisioning created the tenant-settings files, but, the template would have to be different for each tenant to make this file do what I want.
There's a little pain in running it this way, but it helps meet my needs.
Dan
I do something similar with
I do something similar with my polycom phones in MTE except I do it with models.txt
[polycom-550]
label=Polycom 550
lines=4
phone_template=polycom_phone.cfg
line_template=polycom_line.cfg
output=${mac}-registration.cfg
input_1=polycom_mac.cfg
output_1=${mac}.cfg
input_2=polycom_local.cfg
output_2=${TENANT}-settings.cfg
required_1=sip.cfg
required_2=phone1.cfg
then my polycom_mac.cfg looks like this (for SIP 3.0.2 firmware)
<?xml version="1.0" standalone="yes"?>
<!-- SIP Application Configuration File -->
<!-- $Revision: 1.100.4.15 $ $Date: 2006/01/23 19:36:38 $ -->
<APPLICATION APP_FILE_PATH="sip.ld"
CONFIG_FILES="${mac}-registration.cfg,${TENANT}-settings.cfg,phone1.cfg,sip.cfg"
MISC_FILES=""
LOG_FILE_DIRECTORY="/LOGS/"
OVERRIDES_DIRECTORY="/OVERRIDES/"
CONTACTS_DIRECTORY="/CONTACTS/"
LICENSE_DIRECTORY="/LICENSE/"/>
<APPLICATION_SPIP300 APP_FILE_PATH_SPIP300="sip_212.ld" CONFIG_FILES_SPIP300="${mac}-registration.cfg, ${TENANT}-settings.cfg, phone1_212.cfg, sip_212.cfg"/>
<APPLICATION_SPIP500 APP_FILE_PATH_SPIP500="sip_212.ld" CONFIG_FILES_SPIP500="${mac}-registration.cfg, ${TENANT}-settings.cfg, phone1_212.cfg, sip_212.cfg"/>
</APPLICATION>
i can then use a vanilla configuration in /etc/user_provisoining/ that will work for most tenants. IF, and only if, I have to define something different for a tenant will I create that file in /etc/user_provisioning/tenant. In such cases I might only need to create /etc/user_provisioning/polycom_local.cfg and let everything else run the /etc/user_provisioning versions.
Bumping this as this is one
Bumping this as this is one feature I would like to see added.
The main issue for me is security. It would be nice to provide a unique ftp username and password to each tenant. Each username locks the user to their own provisioning directory. The idea is to provide them their own username and password so that they can provision their own phones. If all configs for all tenants are stored in the same directory, it allows them to ftp into the server and obtain information about other tenants, sip passwords etc with basic ftp knowledge.
Otherwise we will still have to be responsible for programming all of our tenants phones, which is a major task that we would like to have offloaded to the client.
Thanks,
Andy
if you would read up about
if you would read up about unix permissions you would realize you wouldnt need seperate logins to ensure user A doesnt see user B's configs (unless and of course he had knowlege of their mac addresses). This can and easily corrected by appropriate file ownership and user permissions. Set correctly you cant even get a listing of the files in the directory as the ftp user.
Also this request does not require any work on the part of PBX Manager, this is entirely possible with the current infrastructure of models.txt as long as you make each ftp site a sub directory of the main directory provisioned in pbx manager. If you wish to put configs into seperate directories, alter models.txt and do it, nothing is needed in Perl to accomplish this.
Erik, you're talking about
Erik, you're talking about setting permission on the ftp home directory to 333, right? That works for me. If someone ftp's to the serrver using the username/password of the phone and does an "ls" they don't see anything. I have to be root to see a list of files in the directory. Acceptable solution for me.
dir owned by root:root user
dir owned by root:root
user grp can be 7 but world/other is read no execute and no write
dwrxwrx-r-
backwards.. i was on my
backwards.. i was on my iphone when i typed it..
drwxr-x--x 8 root root 20480 Aug 24 16:56 PlcmSpIp
chmod 751 will do the trick (or 771)
the x bit lets them go into the dir, the 'r' bit lets them get a directory index. So we deny the world the ability to read the directory, just go into it.
then for each file inside they are owned by root but chmod 644
I want to second this one. Great idea.