FreePBX 15 reload takes a long time on some non-distro platforms


#1

@darrenhollick @reraikes @miken32

I thought it might be good to bring the issue https://issues.freepbx.org/browse/FREEPBX-20559 to the forum for discussion. Maybe community troubleshooting will help.

I experienced the issue a while back on my self-installed Debian 10 FreePBX 15 server but after updating the framework module at the time the issue was discussed, the problem went away. What platforms and software versions (including gpg tools) are you running?


(Darren Hollick) #2

I do not think this has been resolved. You may have resolved it on a custom install but I think it’s fair to say that most people are running FreePBX on a FreePBX distro from Sangoma. On a fully updated Sangoma distro the issue is still very much there.

PBX Version:
15.0.16.78

PBX Distro:
12.7.8-2008-1.sng7

Asterisk Version:
16.13.0

As always I could be wrong but I’ve now tested this on at least 4 systems and can also confirm that it doesn’t happen on FreePBX 13 systems. (which makes sense considering they are running an older centOS)


#3

I have installed numerous 15 Distro systems and haven’t seen it. I thought the issue was related to custom builds. What amount of delay are you seeing?


(Jared Busch) #4

The Distro, on a $5 Vultr, instance takes forever to reload via the GUI compared to command line.
I forgot about that ticket. I’ve done no troubleshooting. But on a new turn up, I do the reloads all form CLI as I make changes.


#5

Also observed .

Disable signature checking it’s quick, enable it , it’s slow.

My guess also its using poisoned keyservers first which result in delays as a legitimate one is found, probably only Sangoma can fix that if you want signature checking enabled. Pragmatically, don’t press the orange bar, use the console until then :wink:


#6

Very interesting; I don’t understand why I am not seeing this on my servers.


#7

Also interesting, I basically use your buster install scripts, also using your concise nginx ‘hack’ because I like haproxy infront of the web services and so far apache2 doesn’t pass muster, time to look into nginx/haproxy gpg setup


(TheJames) #8

"In Theory" it only reaches out to the GPG server if the key is not already added.

Keys can be added manually from the CLI

gpg --import /var/www/html/admin/libraries/BMO/*.key

#9

Thanks, I will add that to my diagnostics . . .


(TheJames) #10

you may have to run that as the asterisk user thinking about it…


#11

no shit :wink:


#12

yet

su asterisk -c 'gpg --import  /var/www/html/admin/libraries/BMO/*.key'
gpg: WARNING: unsafe permissions on homedir '/home/asterisk/.gnupg'
gpg: key 1588A7366BD35B34: "FreePBX Module Signing (This is the master key to sign FreePBX Modules) v2 <modules@freepbx.org>" not changed
gpg: key 3DDB2122FE6D84F7: "FreePBX Mirror 1 (Module Signing - 2016/2017) <security@freepbx.org>" not changed
gpg: key 86CE877469D2EAD9: "FreePBX Mirror 1 (Module Signing - 2014/2015) <security@freepbx.org>" not changed
gpg: key 9F9169F4B33B4659: 1 signature not checked due to a missing key
gpg: key 9F9169F4B33B4659: "FreePBX Module Signing (This is the master key to sign FreePBX Modules) <modules@freepbx.org>" not changed
gpg: key B53D215A755231A3: "FreePBX Mirror Servers <security@freepbx.org>" not changed
gpg: Total number processed: 5
gpg:              unchanged: 5
. . .

#13

This provides no resolution of the problem:

asterisk@FreePBX:/root $ gpg --import /var/www/html/admin/libraries/BMO/*.key
gpg: key 1588A7366BD35B34: “FreePBX Module Signing (This is the master key to sign FreePBX Modules) v2 modules@freepbx.org” not changed
gpg: key 3DDB2122FE6D84F7: “FreePBX Mirror 1 (Module Signing - 2016/2017) security@freepbx.org” not changed
gpg: key 86CE877469D2EAD9: “FreePBX Mirror 1 (Module Signing - 2014/2015) security@freepbx.org” not changed
gpg: key 9F9169F4B33B4659: 1 signature not checked due to a missing key
gpg: key 9F9169F4B33B4659: “FreePBX Module Signing (This is the master key to sign FreePBX Modules) modules@freepbx.org” not changed
gpg: key B53D215A755231A3: “FreePBX Mirror Servers security@freepbx.org” not changed
gpg: Total number processed: 5
gpg: unchanged: 5


#14

You are doing that as root

chmod 700 /home/asterisk/.gnupg
chmod 600 /home/asterisk/.gnupg/*
su asterisk -c 'gpg --import  /var/www/html/admin/libraries/BMO/*.key'

would be more appropriate, but still not good.


#15

No difference:

root@FreePBX:~# chmod 700 /home/asterisk/.gnupg
root@FreePBX:~# chmod 600 /home/asterisk/.gnupg/*
root@FreePBX:~# su asterisk -c ‘gpg --import /var/www/html/admin/libraries/BMO/*.key’
gpg: key 1588A7366BD35B34: “FreePBX Module Signing (This is the master key to sign FreePBX Modules) v2 modules@freepbx.org” not changed
gpg: key 3DDB2122FE6D84F7: “FreePBX Mirror 1 (Module Signing - 2016/2017) security@freepbx.org” not changed
gpg: key 86CE877469D2EAD9: “FreePBX Mirror 1 (Module Signing - 2014/2015) security@freepbx.org” not changed
gpg: key 9F9169F4B33B4659: 1 signature not checked due to a missing key
gpg: key 9F9169F4B33B4659: “FreePBX Module Signing (This is the master key to sign FreePBX Modules) modules@freepbx.org” not changed
gpg: key B53D215A755231A3: “FreePBX Mirror Servers security@freepbx.org” not changed
gpg: Total number processed: 5
gpg: unchanged: 5

The only solution I’ve found is to disable signature checking and update modules using the following script instead of using the GUI Module admin:

#!/bin/bash

fwconsole ma download framework
fwconsole ma installlocal
fwconsole ma upgradeall
fwconsole setting SIGNATURECHECK 0
fwconsole reload


#16

indeed , my work around also, but not satisfactory for me , the keyservers need fixing at source and the signatures fixed to suit. . .


(Darren Hollick) #17

Without module signature checking… 2 seconds. With signature checking 1 minute.


#18

Consider yourself lucky.

More times than not, I’m stuck with a ‘Reloading’ dialog box forever with signature checking enabled.

With signature checking disabled, the ‘Reloading’ dialog box goes away in a couple of seconds.


#19
# gpg -h
gpg (GnuPG) 2.2.12
libgcrypt 1.8.4

and

Package: php-gnupg
Version: 1.4.0-3

This is what I have on buster and get a 3-4 second reload from the GUI with sig checking on.

edit: also,

# fwconsole ma list | grep framework
| framework        | 15.0.16.78 | Enabled | GPLv2+     |

Let me know what you have.


#20

root@FreePBX:~# gpg -h
gpg (GnuPG) 2.2.12
libgcrypt 1.8.4

root@FreePBX:~# fwconsole ma list | grep framework
| framework | 15.0.16.78 | Enabled | GPLv2+ |

Package php-gnupg is not installed and never has been. A simulated install reveals that PHP 7.3 packages would also be installed (I’m using PHP 5.6 as prescribed by Sangoma).

I went ahead and installed php-gnupg and it broke FreePBX: Can Not Connect to Asterisk