Using custom dialplan to run script


(Stuart Murtland) #1

Hi
I am not a programmer but do fiddle a bit but i am failing to get my head around this:
Being a fan of Freepbx for some years and needing to open an electric gate with a phone call, i decided it must be “easy” to setup a Pi with raspabx and a relay board - link to my cloud switch via IAX2 then dial a spare number on the cloud switch - transfers to raspabx which looks at its custom dialplan - runs my relay.py script and opens the gate. Failed at second step - can get script to run from console but really no idea how to make it run from Freepbx. Any replies should be step by step - as already stated i am not a programmer.
Thank you.


(Lorne Gaetz) #2

In its simplest form, something like this:

[unlock-gate]
exten => s,1,NoOp(Entering user defined context unlock-gate in extensions_custom.conf)
exten => s,n,TrySystem(/path/to/your/script.py)
exten => s,n,NoOp(Script status: ${SYSTEMSTATUS})
exten => s,n,Hangup

Then a Custom destination with a Goto string of unlock-gate,s,1 and if you need a dialable feature code, you can create it with a Misc Application. Script needs to be executable by the asterisk user.


#3

And

/path/to/your/script.py

must be a script that is readable and executable by the asterisk user , /var/lib/asterisk/bin , /home/asterisk/bin are likely places to put your script.py


(Stuart Murtland) #4

Thank you both very much for your swift replies. I am booked on-site for a few days - so will have a look when i am back in the office. Regarding permissions, i am not sure there is asterisk user on the “paired down” raspberry pi version - i could not see one when listing users.

Thanks again.
Regards
Stuart


(Lorne Gaetz) #5

Then use whatever user that Asterisk is running as.


(Stuart Murtland) #6

I think it is root.


#7

I doubt it, from a shell type

ps aux|grep asterisk


#8

Unless you have some other reason to run raspbx, this seems far more complex than necessary.

One approach is to make the Pi remotely accessible via ssh. Secure it to require authentication by public/private key pair (it won’t be possible to gain access with just a password). Forward an obscure port rather then 22, so hackers attempting to brute-force passwords won’t bloat your logs. If the Pi’s public IP is not static or de facto static, you’ll need to set up a dynamic DNS name (if you haven’t already done so).

Then, the unlock-gate context (running on the cloud PBX) can execute something like
TrySystem(ssh mypi script.py)
where mypi is defined in the .ssh/config file for Asterisk.


#9

Another thought: If your Pi is running a web server, you could just issue a curl command from the custom context on the cloud PBX.

The curl command would access a URL that runs script.py as a CGI script.


(Jared Busch) #10

I like ZeroTier for this. Nothing open to the public.


#11

I have no experience with ZeroTier but would reject it based on:

  1. Requires third-party root servers to operate.
  2. Requires installation of software packages at both ends.

With the ssh approach, one can add an iptables rule so it’s accessible from only the cloud PBX.

Or, one could run an OpenVPN connection (Pi as client, cloud PBX as server).

Neither of these require opening anything on the Pi to the public. OpenVPN does require an open port on the PBX, but a cloud PBX by definition requires open ports and OpenVPN is one of the most secure ways to do that.

I attempted to suggest methods that leverage software already installed on both FreePBX and Raspian, achieving the desired functionality with only fairly simple configuration.


(Stuart Murtland) #12

Hi Thanks for all the suggestions, my cloud switch has a fair few customers on it so i don’t want to risk “breaking it” - thats why i am trying to run the scripts on the pi.


(Stuart Murtland) #13

Cheers Dicko - looks like i was wrong.


(Stuart Murtland) #14

Hi
So i got an hour spare - did what Lorne suggested above - took note of Dickos comments - it would not work. So i changed console user to asterisk and tried running script - failed with “no-access-to-dev-mem-try-running-as-root” googled this and sorted by basically allowing asterisk permission to GPIO pins.
So i can run script as asterisk user, i have setup custom destination and added it to an IVR (dial1) setup all incoming to go to IVR - dial 7777 from handset (to access IVR) dail 1 when answered - call is hungup but relay is not activated…


#15

Paste the Asterisk log for a failed call at pastebin.freepbx.org and post the link here.


(Stuart Murtland) #16

https://pastebin.freepbx.org/view/015a6a1c

Cheers


#17

Perhaps you could post your script, it is returning an error, you could add some logging in the python script


#18

On line 106 of the log, it did attempt to run the script, so I assume that some error occurred.

Confirm that your script is not dependent on the current directory.

From a shell prompt and running as the asterisk user, what happens when you type
/var/lib/asterisk/bin/relay1.py

If that opens the gate ok, we can look at what’s different about the environment.


(Lorne Gaetz) #19
Script status: APPERROR

From the help for TrySystem:

APPERROR: Specified command successfully executed, but returned error code.


(Stuart Murtland) #20

no - i am sure it worked earlier - now getting pemission denied - will try altering permissions again.