Centos 6, php 5.6.40 with Zendguardloader 2.6.0

I tried to upgrade my FreePBX version 13 to 14 on CentOS release 6.10 (Final).
The upgrade option advised that I needed to upgrade my php which I did plus I then needed to upgrade zendguardloader. Now it’s broken and I can’t run freePBX

I get following error message:
[[email protected] ~]# php -a
Failed loading /usr/lib64/php/modules/ZendGuardLoader.so: /usr/lib64/php/modules/ZendGuardLoader.so: undefined symbol: zend_get_hash_value
Interactive shell

I suspected their is an incompatibility between php and ZendGuardLoader, but after several searches I can’t find anything that helps over come the problem.

Anybody got an idea on how the sort this out.

Wiping the machine and starting again isn’t an option as there are other live websites running.

php > echo "Zend engine version: " . zend_version();
Zend engine version: 2.6.0
php > quit

ZendGuard.ini

[Zend]
; Enable ZendGuard loader module
zend_extension=/usr/lib64/php/modules/ZendGuardLoader.so

; Enables loading encoded scripts. The default value is On
zend_loader.enable=1

; Disable license checks (for performance reasons)
zend_loader.disable_licensing=0

; The Obfuscation level supported by Zend Guard Loader. The levels are detailed in the official Zend Guard Documentation. 0 - no obfuscation is enabled
zend_loader.obfuscation_level_support=0

opcache.ini

; Enable Zend OPcache extension module
zend_extension=/usr/lib64/php/modules/opcache.so

; Determines if Zend OPCache is enabled
opcache.enable=1

; Determines if Zend OPCache is enabled for the CLI version of PHP
;opcache.enable_cli=0

; The OPcache shared memory storage size.
opcache.memory_consumption=128

; The amount of memory for interned strings in Mbytes.
opcache.interned_strings_buffer=8

; The maximum number of keys (scripts) in the OPcache hash table.
; Only numbers between 200 and 100000 are allowed.
opcache.max_accelerated_files=4000

; The maximum percentage of “wasted” memory until a restart is scheduled.
;opcache.max_wasted_percentage=5

; When this directive is enabled, the OPcache appends the current working
; directory to the script key, thus eliminating possible collisions between
; files with the same name (basename). Disabling the directive improves
; performance, but may break existing applications.
;opcache.use_cwd=1

; When disabled, you must reset the OPcache manually or restart the
; webserver for changes to the filesystem to take effect.
;opcache.validate_timestamps=1

; How often (in seconds) to check file timestamps for changes to the shared
; memory storage allocation. (“1” means validate once per second, but only
; once per request. “0” means always validate)
;opcache.revalidate_freq=2

; Enables or disables file search in include_path optimization
;opcache.revalidate_path=0

; If disabled, all PHPDoc comments are dropped from the code to reduce the
; size of the optimized code.
;opcache.save_comments=1

; If disabled, PHPDoc comments are not loaded from SHM, so “Doc Comments”
; may be always stored (save_comments=1), but not loaded by applications
; that don’t need them anyway.
;opcache.load_comments=1

; If enabled, a fast shutdown sequence is used for the accelerated code
opcache.fast_shutdown=1

; Allow file existence override (file_exists, etc.) performance feature.
;opcache.enable_file_override=0

; A bitmask, where each bit enables or disables the appropriate OPcache
; passes
;opcache.optimization_level=0xffffffff

;opcache.inherited_hack=1
;opcache.dups_fix=0

; The location of the OPcache blacklist file (wildcards allowed).
; Each OPcache blacklist file is a text file that holds the names of files
; that should not be accelerated.
opcache.blacklist_filename=/etc/php.d/opcache*.blacklist

; Allows exclusion of large files from being cached. By default all files
; are cached.
;opcache.max_file_size=0

; Check the cache checksum each N requests.
; The default value of “0” means that the checks are disabled.
;opcache.consistency_checks=0

; How long to wait (in seconds) for a scheduled restart to begin if the cache
; is not being accessed.
;opcache.force_restart_timeout=180

; OPcache error_log file name. Empty string assumes “stderr”.
;opcache.error_log=

; All OPcache errors go to the Web server log.
; By default, only fatal errors (level 0) or errors (level 1) are logged.
; You can also enable warnings (level 2), info messages (level 3) or
; debug messages (level 4).
;opcache.log_verbosity_level=1

; Preferred Shared Memory back-end. Leave empty and let the system decide.
;opcache.preferred_memory_model=

; Protect the shared memory from unexpected writing during script execution.
; Useful for internal debugging only.
;opcache.protect_memory=0

I assume this is a hand installed freepbx system. We don’t support zendgaurd on hand rolled systems. Nor do we support freepbx 14 on CentOS 6.

As I don’t have access to any form of boot device it had to be installed from a script that downloaded the required files etc.
It was working perfectly as FreePBX 13 but I decided to upgrade it to match a version we have running on a Ubantu machine, and basically it blew up in my face and I can’t see any way of undoing the damage.
Thank you for replying, and I regret that you can’t at least offer assistance on your excellent product.

Is this machine physical or virtual?

If the former, it can almost certainly boot from a USB flash drive. If you have some but they all have data on them, save the contents of a small one, copy the .iso file to it, boot FreePBX then restore the original data. Or buy one for $5 or less on Amazon, eBay, etc. Or (assuming that you are in a developed country) get one at a local store.

Almost all virtualization platforms support booting an ISO file.

If your system doesn’t require commercial modules, you don’t need ZendGuard.

For security and performance reasons, you shouldn’t be running FreePBX and general web services on the same machine. Running on the same hardware may be workable, with the two applications in separate virtual guests.

Machine is virtual, plus is 300 kms north of here.
I do need access to commercial modules, therefore ZendGuard.
Machine is being used as a test bed for a larger project.
FreePBX is running on port 8080 and general web on port 80 with separate version of apache for each.
The idea is is about 2 years to move everything to a dedicated cloud server, but cost prevents that at present.
If there is a way to completely eradicate asterisk, freePBX and zendGuard from the machine so I can then reinstore from scratch that would help as well.

Can you get a second VM on the same host?

Move the web server to a one-year free trial on AWS or GCP?

Set up FreePBX on an inexpensive instance on Vultr?

Get a really cheap VPS at https://lowendstock.com/ or https://lowendbox.com/ for one app or the other?

Run one or the other in a VM using an existing on-site machine as the host?

There may be other ways to skin this cat, but getting help with ZendGuard (or any other DRM software) isn’t one of them, as it would weaken the protection of Sangoma’s intellectual property.

Unfortunately that’s not an option as I’m tied in to this set up for 3 year.
I had wondered about using a second VM and setting up from scratch and then copying the relevant content back over the existing larger server.
Any thoughts on this approach or am I looking to simplistically at the problem.

FYI the server is 2 core, 15Gb ram, 2 x 4Tb HDD giving 3.54Tb

This entire setup already seems to be completely screwed up. FreePBX wants to own the machine. Having other things running on it, like web servers, isn’t going to be optimal at all. FreePBX wants ownership of Apache and the root Apache folders. It’s going to want ownership of a lot of things and expect things to be in proper places with proper permissions. You should not be running a web host off of this for other things. That’s just bad.

If you want/need commercial modules then the Distro is the best option for it. Nothing else guarantees that the commercial modules will work or be support outside of that. You really need to re-evaluate how you’re going to do this project.

Also I’m not sure how you’re going to setup a new VM then move over the relevant parts. You still need to make sure Apache, PHP and ZendGuardLoader are complied properly on the machine you’re going to be using them on. You just can’t copy parts over.

The ownership of Apache is taken care of by running two version, one running with FreePBX ownership, the other with normal ownership.
Both function happily together using different ports.
From what I can see the problem I’m faced with is that ZenGuard is in conflict with the release of PHP that is now installed on the machine, and if I could reverse both of those then I, in theory, be back where I started.
The nuclear approached is to talk to my hosting company and explain the problem and see if I can talk them in to them setting up a second machine and I (not exactly) simply start over and then abandon this machine.

Yes, unfortunately, that’s your problem. Please listen to people who know what they’re talking about. Just because you can’t see what the problems are, doesn’t mean that other people can’t. They can!

The way to do what you want is to use virtualisation. Whether it’s LXD, VMware, or KVM, the only way you can actually get commercial modules working reliably is to install FreePBX using the Distro.

Trying to hack around on it will NOT work. The commercial modules assume a lot of things about the host, that are only valid on Distro. Best case, nothing will work reliably. Worst case, FreePBX will take over your primary apache, break everything, and firewall you out of the machine because you’re doing things you shouldn’t be doing.

Please. Don’t follow the path that everyone is telling you not to follow.

3 Likes

Thanks Rob.
I guess I need to rethink what I’m trying to achieve here. To initial approach was to reduce costs, however as with try to reduce cost there is always a quality reduction and from what I’m being told here that quality reduction is not worth the pain.
So how to move forward.
I had a quick read through on the visualisation products you suggested last night. I’ll need to read up more later during the day, but for now can I ask a few questions to get a better understanding of where is is going to lead me.
Would I be right is guessing it’s more likely asterisk than FreePBX that is the machine hungry one. In the mean time I’ve stopped both.
Something I’m having trouble getting my head around, if I go down the visualisation route, surely I’m putting more overhead on the machine and therefore would slow things down further or does it share machine resources better even on a dual processor system.
From what I read last night I’m inclined towards the KVM option, can you point me at suitable reading material to further understand the product, or if you have an alternative favourite point me towards that in stead. I was thinking last night it must be at least 35 years since I’ve needed to work at such a the level of the OpSys, and then the machines were few less complex.
I’m assuming that the likes of KVM is something that loads on top of the OpSys and then requires individual IP addresses for each “partition” that is fired up.
Looking at my more immediate problem, my gut feeling is if I simply comment out all references to zendguard this would enable the present setup to run the php modules.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.