How to deploy SAS

How to deploy SAS

Network and Server Requirements

  • A CentOS 7 server VM: min 4 CPU, 16Gb RAM, 32Gb Storage
  • Public access to ports:
    • web portals and API's: 80, 443, 8333, 8443, 8243
    • XMPP: 9090, 5223, 5222, 5263, 5262, 5269, 7777, 7070, 7443
    • MQTT: 1883, 8883
    • SIP: 10000-10300/udp, 5061/tls
    • Ldap: 389, 636 
    • NTP: 123
    • DNS: 53
  • Restricted access to ports. Ideally limited to only your corporate IP range:
    • SSH: 22
    • Management portals: 3143, 8843, 9043, 9091
  • Root user
  • DNS records (for server domain and account domain):
    • A: management.domain
    • CNAME: conference.management.domain
    • CNAME: pubsub.management.domain
    • CNAME: search.management.domain
    • CNAME: keys.management.domain
    • SRV: _api._tcp.management.domain 8333 management.domain
    • SRV: _secureapi_v2._tcp.management.domain 8333 management.domain
    • SRV: _sips._tcp.management.domain 5061 management.domain
    • SRV: _xmpp-client._tcp.management.domain 5223 management.domain
    • SRV: _xmpp-server._tcp.management.domain 5269 management.domain
    • SRV: _xmpp-server._tcp.conference.management.domain 5269 management.domain
    • SRV: _xmpp-server._tcp.pubsub.management.domain 5269 management.domain

Before you start

  1. Verify your firewall rules and DNS records: Test A, CNAME's and SRV's records propagation with a tool like Google Toolbox.
  2. Update your server packages if it's possible: sudo yum update -y
  3. Upgrade your server kernel if you want to use VOIP Server.

Step By Step

1. Download deployment script from the link provided to you.
2. Save it to your server in a temporary directory. Example: /tmp/deployment
3. Unpack it with tar:
Extract files
  1. mkdir -p /tmp/deployment && cd /tmp/deployment && tar -xzvf enterprise-deployment-*.tar.gz
4. Check your external firewall one more time  - at least these ports 80,443,8333,9043,9091(if you have a plan to use an Openfire) should be opened otherwise the deployment will fail.

5. Start deployment script

Start deployment
  1. cd /tmp/deployment/ && ./install.sh
6. Follow the step by step quiz to finish your deployment. There is only 1 required attribute  - your domain name.

*Management account and passwords
During the deployment, make note of the accounts and passwords you setup. You will need these secrets so you can access the management interfaces moving forward. Save the Encryption password, Robot account credentials and SAS account credentials

*Public and Local IP
In case your domain name resolves to an IP, that is different from your Local IP  - the script will show you a warning with confirmation (expected result)
*Special Characters
Please do not use special characters for ENV attributes or at least escape them. Example for registry robot account:    robot$community-account -> robot\\\$community-account

*Validation
We don't have validation for the "Please specify..." questions in this version. Please recheck your input before answering y or n on "Do you want to start SAS deployment? (y/n)"

*Case with update
This script supports the "UPDATE" scenario in 3 modes:
  1. clean deployment = remove all previously installed stacks, databases, secrets, certificates, configuration files, and images and deploy a new instance of SAS.
  2. update mode (save all data and update images and service configuration):
    1. remove all  stacks and configuration files (all changes, which were made from Portainer or on the host will be removed);
    2. save all data (sas data; openfire database; SM  data; sim and main logs, etc) and database passwords
    3. new SAS and Portainer password
    4. save previous SSL certificates.
  3. compatibility mode (safe mode - all changes,which were made from Portainer, different build plans, etc, will be saved ):
    1. use docker stack configuration, which already  deployed on the host
    2. use configuration files, which already  deployed on the host
    3. do not update configuration 
    4. update images if there is an update( images and code updates for sas,voip,openfire,etc)

Post installation procedures

Update environment variables

After successful deployment and verifying all services are Running, please change the below ENV variables in the docker services and make sure the services are Running again after they restart:
  1. Disable debug and installation mode for Openfire in the openfire_server docker service:
    1. DEBUG_MODE: false
    2. LDAP_DEBUG: false
    3. FORCE_PROVISION: false
  2. Disable debug mode for VOIP in voip_kamailio docker service:
    1. LOG_STDERROR: no
    2. DEBUG_MODE: -1
  3. Disable provision mode for sas_console. Also remove the "sas.environment"  config file from the service: 
    1. FORCE_PROVISION: false
  4. Generate master PGP certificate in SAS (Settings→ PGP Server → Generate button), copy "FINGERPRINT" and add it as ENV  variable to sas_console, sas_sas, sas_api  services:
    1. SAS_KEYSERVER_CERTIFICATE :  <your keyserver certificate>

Possible Issues

1. Script stopped working without throwing an error on step "[Step 10.3] Requesting lets-encrypt certificate"
      1. verify that port 80 on this server is opened to public net and open it
      2. check logs in "generate-status.log" (in the same folder as install.sh).  If there is a message with lets-encrypt server verification error and ports are opened  - you should retry deployment one more time (temporary bug with proxy access to internal services - proxy disconnecting before SAS, api and portainer are ready ):
      3. Try to re-deploy
        Remove certbot
        1. docker rm certbot
        Remove docker stacks using the SSL cert
        1. docker stack rm sas proxy portainer logs monitoring homer voip openfire
        Wait a bit and start deployment again
        1. ./install.sh

2. Portainer doesn't work after successful deployment

Restart Portainer and Proxy from the host:

  1. docker service update -d --force portainer_agent
  2. docker service update -d --force portainer_portainer
  3. docker service update -d --force proxy_proxy

3. Script stopped working on "[Step 4] Login to registry..."  step.
  1. verify that your registry account is OK.
  2. check that you've properly formated (escaped) registry account (or try to use default)

4. Can't login to Openfire with the default  'master@manager.private' account:
exec bash shell for "sas_ldap" and run the following command:
  1. ./cli-app change-password master@Manager.Private <your public password>












    • Related Articles

    • How to configure and test SAS post-deployment

      Log in to SAS a. Open the SAS portal page by entering your management domain URL in the browser b. Click the Admin login button at the bottom-right c. Enter the admin credentials setup during the deployment process Create test Accounts and Groups 1. ...