Versions Compared

Version Old Version 1 New Version Current
Changes made by

Fran Vicente

Albert Boada

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of contents

Table of Contents

1. Introduction

This technical note provides the installation and update instructions required for the new OpenGate environments based on containers, as well as other interesting technical information.

This new OpenGate version differs from other versions mainly in the use of containers for services running in Linux machines. The new version makes use of the following containers:

Changes other than the above mentioned must also be considered:

  • The port for OpenSSH Server is changed to 2222.

  • New versioning compatible with Presence Suite 12.3 and 13.0. Presence OpenGate Proxy and Presence Unified Manager must be upgraded.

  • New mount point for Presence Recording.

    • This is no longer required to be /var/lib/asterisk/recserver.

    • Better use an absolute path (such as /recordings).

    • The paths in Presence Recording Server Configuration must be changed → In the Channels tab, specify the directories to store recordings and retrieved recordings as an absolute path (for example /recordings/rec and /recordings/ret).

  • Changes on how to get trace logs. Use the following command: docker logs.

    • For example, if you wish to export all tracing from the previous day: docker compose logs -t --since 48h --until 24h | gzip -c > yesterdaylogs.gz.

  • The High Availability installation mode of the OpenGate Master is dicontinued.

2. Installation

2.1. Prerequisites

To complete a successful installation and ensure a proper operation as described in this guide, the following must be met:

  • Have a “host” machine with a recent version of Docker Engine and Docker Compose installed.

  • The “host” machine must have the network properly configured.

    • In case of a Master node configured with a SIP Registrar, two IPs are required.

  • The “host” machine should not execute other services which may clash with the ports used in your services.

    • Exception: The Master node should have an MTA installed, such as “postfix” to send emails from mailboxes.

    • When a “SMTP relay" server is being used, it must be configured as detailed in this /wiki/spaces/PRSPS/pages/177045505.

  • The “host” machine must not limit the connection to your services through a firewall.

Info

Containers allow that any operating system can be used as a “host”. However, not all operating systems can be tested and supported. The Presence R+D team recommends Rocky Linux 9.

Rocky Linux 9 requires only the following steps:

Code Block
# accessing the network configuration in text mode:
sudo nmtui
# disabling the firewall:
sudo systemctl disable firewalld
sudo systemctl stop firewalld
# sending voicemails through email (Master node only):
sudo dnf install postfix
sudo systemctl --now enable postfix
# installing docker:
sudo dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
sudo dnf -y install docker-ce docker-ce-cli containerd.io docker-compose-plugin
sudo usermod -a -G docker $(whoami)
sudo systemctl --now enable docker
exit

2.2. Installation process

There are different types of environments which require different services to be started (Master, Node, WebRTC, and combinations of these), and therefore a help script is provided that automates the following steps: Creating the docker-compose.yml and .env files, creating the secrets, connecting to the registry and pulling the images. This script can be launched directly using the following command:

Code Block
bash -c "$(curl -s ftps://OpenGate_Update:Op3nG3t3@ftp.emea.enghouseinteractive.com/install.sh )" MODE

Replace MODE with one of the following:

  • master: Installs postgresql, ssh-server, webservices, kamailio and asterisk.

  • masterwebrtc: Same as master, but adds freeswitch to use as WebRTC Gateway.

  • masteronlywebrtc: Does not include kamailio,, which allows you to use it in environments with a single IP with WebRTC phones. However, no Agent/SIP user extensions can be registered.

  • node: Installs asterisk and ssh-server.

  • nodewebrtc: Same as node, but adds freeswitch to use as WebRTC Gateway.

  • webrtc: Installs freeswitch and ssh-server.

After executing this command, the following screen will prompt you to configure the environments in the.env file, and will also show the instructions to create secrets. Something like this:

Code Block
Please edit .env file with the appropriate values. Current .env contents:
TZ=Europe/Madrid
SSH_USERNAME=opengate
DATA_BINDADDR=10.X.X.X
VOICE_BINDADDR=10.X.X.X
SIP_REGISTRAR_IP=10.X.X.X
WSS_BINDADDR=10.X.X.X
WSS_EXTERNAL_IP=99.X.X.X
# DB_NAME MUST be opengate (hardcoded at OpenGate Proxy)
DB_NAME=opengate
DB_USER=opengaterw
RECORDING_SHARE=//X.X.X.X/recording
RECORDING_SHARE_USER=Administrator
RECORDING_SHARE_PASSWORD=PASSWORD
RECORDING_MOUNT_POINT=/recordings
# set to true to restore from a backup
RESTORE_MODE=false

Generate the secrets using the following commands and instructions:
 - DB password: echo "MYPASSWORD" > secrets/db_password.txt
 - SSH Key: ssh-keygen -f secrets/ssh_key
 - TLS certificates (generate self-signed): openssl req -x509 -nodes -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 3650
    or copy your own to the apropriate files:
      cat key.pem cert.pem > secrets/asterisk.pem
      cat key.pem cert.pem > secrets/freeswitch.pem

When done, start the environment by executing:  docker compose up -d

Finally, start with the command below:

Code Block
docker compose up -d

3. Update

  1. Edit the docker-compose.yml file and check tags from all images.

    1. Tags pointing to :latest will automatically download the latest version.

    2. Alternatively, indicate a specific version.

  2. Run the following commands to update and start the environment again:

    Code Block
    docker compose pull
docker compose up -d

  3. The above commands will cause that containers with changes (and also depending containers) to restart.

Once the environment is up and running, old images can be cleared using docker image prune.

4. Restoring from backup

Info

This restore process may be used for backup copies of versions 11.0 to 13.0 in order to migrate an environment previously installed from the old softappliance with CentOS 7.

  1. Edit the .env file in the Master node to set the variable RESTORE_MODE=true.

  2. Stop Presence OpenGate Proxy Server and any other applications that may be using the database. Apply the changes using the following command: docker compose up -d.

  3. Wait for the environment to get started again. Then, access the Master node IP from a web browser.

    1. Load the backup copy and follow the steps.

    2. If the restore process is performed using a backup copy generated with another database user (e.g., for 12.3 or 13.0 updates), you may expect many changes related to permissions in the above first step.

  4. When all the steps are completed, edit the .env file in the Master node. Set the variable RESTORE_MODE=false and apply using the following command: docker compose up -d.

5. Considerations

Certain technical details are important to keep in mind:

  • You MUST NOT change the database username once the environment has been started for the first time. The PostgreSQL official container creates the database for the user specified in the first boot. If you subsequently change that user, the database will not start successfully.

  • Docker compose does not update the configuration of CIFS volumes (such as the recordings volume of Presence Recording). If you wish to modify this configuration once the volume has been created, you must first delete the volume using the following command: docker volume rm VOLUME_NAME.

  • If you make a change that results in the creation of a new container (e.g. a change to the image, one environment variable or volume), then the previous trace logs will be lost.

  • In case of a core dump in a service that is running in a container, the kernel configuration of the host machine is inherited, which means that this configuration will be saved in the host as specified. For Rocky Linux 9, these are stored in /var/lib/systemd/coredumps.

5.1. Changing the mount directory of recordings

Because of the change made to set absolute paths, it is important to update the configuration of Presence Recording Server so that the new absolute paths will be used as shown below:

image-20240619-092709.pngImage Removed

6. Additional technical information

6.1. Connecting to services

First, verify the containers using the following command: docker ps -a . This will show a list similar to this:

Code Block
[opengate@localhost ~]$ docker ps -a
CONTAINER ID   IMAGE                                           COMMAND                  CREATED       STATUS                 PORTS                                       NAMES
15b0c01516eb   devopengate.azurecr.io/dev/kamailio:latest      "/bin/sh -c 'kamaili…"   11 days ago   Up 11 days                                                         kamailio_og
c999ff8ac61f   devopengate.azurecr.io/dev/webservices:latest   "/setup/entrypoint.sh"   11 days ago   Up 11 days (healthy)                                               webservices_og
ab7e655d73fe   devopengate.azurecr.io/dev/freeswitch:latest    "/docker-entrypoint.…"   11 days ago   Up 11 days (healthy)                                               freeswitch_og
4d4230f3d3c4   devopengate.azurecr.io/dev/asterisk:latest      "/entrypoint.sh"         11 days ago   Up 11 days                                                         asterisk_og
204aa182b9e8   devopengate.azurecr.io/dev/postgres:latest      "docker-entrypoint.s…"   11 days ago   Up 11 days             0.0.0.0:5432->5432/tcp, :::5432->5432/tcp   postgres_og
3c716da20711   devopengate.azurecr.io/dev/ssh-server:latest    "/init"                  11 days ago   Up 11 days             0.0.0.0:2222->2222/tcp, :::2222->2222/tcp   ssh_og

To connect to each container, use the following command: docker exec -it CONTAINER_NAME bash. This runs bash and shows a console inside the container where you can execute the standard commands (asterisk -rvvv, fs_cli, kamctl, etc.). However, you must be careful when changing files as you might modify their permissions (please, check this with the ls -ln command, and restore the original permissions if required).

Info

A special scenario: When you reuse an IP address from a Node or WebRTC Gateway, the SSH connection will fail because their fingerprint will have changed. As a result, you will be warned of a possible security failure (a connection against a known host is expected, but instead the found host is another). You can see an error in the trace logs of Presence OpenGate web services. To fix this problem, connect to this module and clear the entry which causes this conflict in the /var/lib/ua/known_hosts file. If the listed hosts are known to you and you are sure that this is not a security issue, you can execute the following command: docker exec -it webservices_og rm /var/lib/ua/known_hosts. This will clear all known hosts and the new hosts will automatically be accepted.

6.2. Environment variables of containers

Variables allow you to customize the configuration of containers. Many variables are commonly used in the docker-compose.yml and .env files to configure the environment, but some of them have a very specific use only. Below is the full list of variables:

...

PostgreSQL: Check the official documentation at https://github.com/docker-library/docs/blob/master/postgres/README.md#environment-variables.

...

SSH Server: Check the official documentation at https://github.com/linuxserver/docker-openssh-server?tab=readme-ov-file#parameters.

...

Web services:

  • DB_HOST=localhost Used to set the IP or hostname of the database.

  • DB_NAME=opengate Used to set the database name.

  • DB_USER=opengate Used to set the database user.

  • DB_PASSWORD_FILE=/run/secrets/db_password Used to set the “secret” path, which contains the database connection password.

  • SIP_REGISTRAR_IP=127.0.0.1 Used to set the IP address used to configure the SIP Registrar.

  • MASTER_ASTERISK_IP=127.0.0.1 Used to set the IP address of the interface connected to the data network of the Master node. This must match the DATA_BINDADDR value of the master Asterisk.

  • RECORDING_MOUNT_POINT Used to set the mount point of Presence Recording. This information is required to generate the configuration that Asterisk uses to record user extensions.

  • LOG_TO_DEFAULT=True Used to set the traces to be logged in the standard location. If set to “False”, traces will be logged in a file.

  • SSH_USERNAME=opengate Used to set the username of SSH. This must match the username configured in the SSH host. All Nodes and WebRTC Gateways of an environment must also have the same.

  • SSH_PORT=2222 Used to set the SSH port. This must match the port configured in the SSH host. All Nodes and WebRTC Gateways of an environment must also have the same.

  • SSH_KEY_FILE=/run/secrets/ssh_key Used to set the “secret” path, which contains the SSH private key.

  • SSH_KEY_PUB_FILE=/run/secrets/ssh_key.pub Used to set the “secret” path, which contains the SSH public key.

  • RESTORE_MODE=False Allows you to enable the restore mode to load a previous backup copy when the value is set to “True”.

...

Asterisk:

  • DATA_BINDADDR="0.0.0.0" Used to set the IP address of the data network.

  • SIP_BINDADDR="0.0.0.0" Used to set the IP address of the SIP server.

  • LOG_TO_DEFAULT=True Used to set that traces to be logged in the standard location. If set to “False”, traces will be logged in a file.

  • RUN_CONVERTER=False Used to set whether or not the audio format converter is to run. This is only set to “True” in the Master node.

  • SIP_TLS_PEM_FILE=/run/secrets/tls_pem Used to set the “secret” path, which contains the TLS certificate for SIP.

  • ASTERISK_ARGS="-fpvvvg" Used to set the parameters that are used to launch the Asterisk exec file.

  • CHECK_FILE="/etc/asterisk/presence-scripts/create_conf_files.sh" Used to set the file that is to be checked before you start Asterisk. This check is to make sure that the Unified Administration has successfully loaded the configuration prior to the Asterisk startup.

FreeSWITCH:

...

FS_EXTIP=127.0.0.1 Used to set the external IP address of FreeSWITCH (public IP).

...

FS_PRIVIP=127.0.0.1 Used to set the IP address of the network interface connected to the private network. This network is used to connect to the nodes and to the rest of the OpenGate system.

...

FS_DMZIP=$FS_PRIVIP Used to set the IP address of the network interface connected to the DMZ network. If there is no separation between the private / DMZ networks, then the network is the same and there is no need to be specified.

...

FS_UA_ACL=$FS_PRIVIP/24 Used to set an ACL (Access Control List) of IPs from which Presence OpenGate web services can connect to FreeSWITCH (to make change in the configuration). By default, let’s assume this is the private network in a subnetwork /24. If the Master node falls outside this range, you have to update this variable to match the network address of OpenGate web services.

...

FS_WSSPORT=7443 Used to set the WSS Port (WebSocket Secure) used to establish the WebRTC connections.

...

FS_RTPSTARTPORT=22000 and FS_RTPENDPORT=24600 Used to set the range of ports used for RTP.

...

FS_TLS_PEM_FILE=/run/secrets/tls_pem Used to set the “secret” path, which contains the TLS certificate for WSS and SRTP.

About Enghouse Interactive

Enghouse Interactive (www.enghouseinteractive.com) delivers technology and expertise to maximize the value of every customer interaction. The company develops a comprehensive portfolio of customer interaction management solutions. Core technologies include contact center, attendant console, predictive outbound dialer, knowledge management, IVR and call recording solutions that support any telephony environment, on premise or in the cloud. Enghouse Interactive has tens of thousands of customers worldwide, supported by a global network of partners and more than 1,000 dedicated staff across the Company’s international operations.

 Enghouse Interactive is a subsidiary of Enghouse Systems Limited, a software and services company traded on the Toronto Stock Exchange (TSX) under the symbol “ENGH.” Founded in 1984, Enghouse Systems is a consistently profitable company, which has grown both organically and through the acquisition of well-regarded specialists including AndTek, Arc, CosmoCom, Datapulse, IAT, IT Sonix, Presence Technology, , Reitek, Safeharbor, Survox, Syntellect, Telrex, Trio, Voxtron and Zeacom. Learn more at:  http://www.enghouseinteractive.es/ The OpenGate Containers module allows you to manage VoIP connections in an OpenGate environment, as well as to configure extensions, trunks, etc. This guide explains how to perform a quick installation. Please refer to the Presence Installation Guides for more information about the different modules and architectures.

This documentation is updated for OpenGate Containers release-03.

2. Installation

2.1. Prerequisites

To complete a successful installation and ensure a proper operation as described in this guide, the following must be met:

  • Have a “host” machine with a recent version of Docker Engine and Docker Compose installed.

  • The “host” machine must have the network properly configured according to the network architecture.

    • In case of a Master node configured with a SIP Registrar, at least two IPs are required.

  • The “host” machine should not execute other services which may clash with the ports used in your services.

    • Exception: The Master node should have an MTA installed, such as “postfix” to send voicemail emails.

    • When a “SMTP relay" server is required, it must be configured as detailed in Configuring email relay for voicemails .

  • The “host” machine must not limit the connection to your services through a firewall.

Refer to the following quick guide: Rocky Linux 9 (or Red Hat 9) quick installation with Docker

2.2. General installation process

There are different types of environments which require different services to be started (Master, Node, WebRTC, and combinations of these), and therefore a help script is provided that automates the following steps: Creating the docker-compose.yml and .env files, creating the secrets, connecting to the registry and pulling the images. This script can be launched directly using the following command:

Code Block
bash -c "$(curl -s ftps://OpenGate_Update:Op3nG3t3@ftp.emea.enghouseinteractive.com/install.sh )" MODE [-norecording]

Replace MODE with one of the following:

  • master: Installs postgresql, ssh-server, webservices, kamailio and asterisk.

  • masterwebrtc: Same as master, but adds freeswitch to use as WebRTC Gateway.

  • masteronlywebrtc: Does not include kamailio, which allows you to use it in environments with a single IP with WebRTC phones. However, no Agent/SIP user extensions can be registered.

  • node: Installs asterisk and ssh-server.

  • nodewebrtc: Same as node, but adds freeswitch to use as WebRTC Gateway.

  • webrtc: Installs freeswitch and ssh-server.

  • turn: Installs coturn server.

The optional parameter -norecording configures an environment without integration with Presence Recording, eliminating the need to set up a shared folder for recordings.

If you run this command on a previous existing environment, you will be prompted to proceed before replacing the docker-compose.yml and .env files. A backup copy of these files (ending in .bak) will be created, so you can review them if you choose to overwrite. This could be useful if you want to convert a previous installation (e.g. a master to masterwebrtc).

2.3. Additional technical information

Refer to this document: Additional technical OpenGate Containers information

3. Installing a sample Master + Node + WebRTC

3.1. Installing the OpenGate Master

Run the install command, specifying the master option.

Code Block
bash -c "$(curl -s ftps://OpenGate_Update:Op3nG3t3@ftp.emea.enghouseinteractive.com/install.sh )" master

After executing this command, connection to the registry will be automatically established and images will be pulled.

...

When done, the following screen will prompt you to configure the environments in the.env file, and will also show the instructions to create secrets. Something like this:

Code Block
languagenone
Please edit .env file with the appropriate values. Current .env contents:
TZ=Europe/Madrid
SSH_USERNAME=opengate
DATA_BINDADDR=10.X.X.X
VOICE_BINDADDR=10.X.X.X
SIP_REGISTRAR_IP=10.X.X.X
# DB_NAME MUST be opengate (hardcoded at OpenGate Proxy)
DB_NAME=opengate
DB_USER=opengaterw
RECORDING_SHARE=//X.X.X.X/recording
RECORDING_SHARE_USER=Administrator
RECORDING_SHARE_PASSWORD=PASSWORD
RECORDING_MOUNT_POINT=/recordings
# set to true to restore from a backup
RESTORE_MODE=false

Generate the secrets using the following commands and instructions:
 - DB password: echo "MYPASSWORD" > secrets/db_password.txt
 - SSH Key: ssh-keygen -N "" -f secrets/ssh_key
 - TLS certificates (generate self-signed): openssl req -x509 -nodes -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 3650
    or copy your own to the apropriate files:
      cat key.pem cert.pem > secrets/asterisk.pem

When done, start the environment by executing:  docker compose up -d

Edit the .env file using your preferred editor, and configure at least the following lines:

  • DATA_BINDADDR: Set the IP address of the data network.

  • VOICE_BINDADDR: Set the IP address of the voice network. If you do not set up voice/data separation, use the same as before.

  • SIP_REGISTRAR_IP: Set the IP address of the SIP Registrar. This cannot be one of the previous IPs. Make sure to configure two IP addresses in the host operating system.

  • RECORDING_SHARE, RECORDING_SHARE_USER y RECORDING_SHARE_PASSWORD: Set the parameters for the shared recordings folder.

Filenames starting with a dot (such as .env) are hidden in Linux. If you connect using a graphical interface, please make sure to enable the option to show those files.

image-20240927-130201.pngImage Added

Next, execute the steps to create the secrets:

  • Replace MYPASSWORD with the password you want:

    Code Block
    echo "MYPASSWORD" > secrets/db_password.txt

    (warning)This password and the value of the DB_USER variable (opengaterw, by default) must match the configuration set up in the Presence OpenGate Proxy Server Configuration program.

  • Generate the SSH keys:

    Code Block
    ssh-keygen -N "" -f secrets/ssh_key
    image-20240926-101049.pngImage Added

  • Generate self-signed certificates if you do not have your own (if you have one, place it in secrets/asterisk.pem):

    Code Block
    openssl req -x509 -nodes -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 3650
    image-20240926-101145.pngImage Added

    • Then, concatenate the two resulting files into a single one at the corresponding path:

      Code Block
      cat key.pem cert.pem > secrets/asterisk.pem

Finally, start with the command below:

Code Block
docker compose up -d

...

Info

If you want to migrate an environment from a previous OpenGate version, follow the restore process described below.

3.2. Installing the OpenGate Node

Run the install command, specifying the node option.

Code Block
bash -c "$(curl -s ftps://OpenGate_Update:Op3nG3t3@ftp.emea.enghouseinteractive.com/install.sh )" node

After executing this command, connection to the registry will be automatically established and images will be pulled.

When done, a screen will prompt you to configure the environments in the.env file, and will also show the instructions to create secrets.

Edit the .env file using your preferred editor, and configure at least the following lines:

  • DATA_BINDADDR: Set the IP address of the data network.

  • VOICE_BINDADDR: Set the IP address of the voice network. If you do not set up voice/data separation, use the same as before.

  • RECORDING_SHARE, RECORDING_SHARE_USER y RECORDING_SHARE_PASSWORD: Set the parameters for the shared recordings folder.

Next, execute the steps to create the secrets:

  • Copy the SSH public key you generated on the Master server. You can do this either by manually using a graphical SFTP/SCP client or by executing the following command on the node:

    Code Block
    scp opengate@MASTERIP:secrets/ssh_key.pub secrets/ssh_key.pub

    Where opengate is the user you configured on the operating system of the Master server, and MASTERIP is its IP address. You will need to correctly enter the password for the opengate user of the Master machine when prompted.

    image-20240926-100755.pngImage Added

  • Generate self-signed certificates if you do not have your own (if you have one, place it in secrets/asterisk.pem):

    Code Block
    openssl req -x509 -nodes -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 3650

    • Then, concatenate the two resulting files into a single one at the corresponding path:

      Code Block
      cat key.pem cert.pem > secrets/asterisk.pem

Finally, start with the command below:

Code Block
docker compose up -d

3.3. Installing the OpenGate WebRTC Gateway

Run the install command, specifying the webrtc option.

Code Block
bash -c "$(curl -s ftps://OpenGate_Update:Op3nG3t3@ftp.emea.enghouseinteractive.com/install.sh )" webrtc

After executing this command, connection to the registry will be automatically established and images will be pulled.

When done, a screen will prompt you to configure the environments in the.env file, and will also show the instructions to create secrets.

Edit the .env file using your preferred editor, and configure at least the following lines:

  • WSS_BINDADDR: Set the IP address of the DMZ network (if you don’t have DMZ/Private network separation, enter the Private network IP).

  • WSS_EXTERNAL_IP: Set the public external IP address of the system.

Next, execute the steps to create the secrets:

  • Copy the SSH public key you generated on the Master server. You can do this either by manually using a graphical SFTP/SCP client or by executing the following command on the node:

    Code Block
    scp opengate@MASTERIP:secrets/ssh_key.pub secrets/ssh_key.pub

    Where opengate is the user you configured on the operating system of the Master server, and MASTERIP is its IP address. You will need to correctly enter the password for the opengate user of the Master machine when prompted.

  • Generate self-signed certificates if you do not have your own (if you have one, place it in secrets/freeswitch.pem):

    Code Block
    openssl req -x509 -nodes -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 3650

    • Then, concatenate the two resulting files into a single one at the corresponding path:

      Code Block
      cat key.pem cert.pem > secrets/freeswitch.pem

Finally, start with the command below:

Code Block
docker compose up -d

4. Update

  1. Edit the docker-compose.yml file and check tags from all images.

    1. Tags pointing to :latest will automatically download the latest version.

    2. Alternatively, indicate a specific release (example: release-01). Please, check https://enghouseglobal.atlassian.net/wiki/spaces/PSRN.

  2. Run the following commands to update and start the environment again:

    Code Block
    docker compose pull
docker compose up -d

  3. The above commands will cause that containers with changes (and also depending containers) to restart.

...

Once the environment is up and running, old images can be cleared using docker image prune.

5. Restoring from backup

Info

This restore process may be used for backup copies of versions 11.0 to 13.0 in order to migrate an environment previously installed from the old softappliance with CentOS 7.

Make sure you have deployed the same number of Nodes and WebRTC gateways as in the environment that you have generated the backup.

  1. Edit the .env file in the Master node to set the variable RESTORE_MODE=true.

  2. Stop Presence OpenGate Proxy Server and any other applications that may be using the database. Apply the changes using the following command: docker compose up -d.

  3. Wait for the environment to get started again. Then, access the Master node IP from a web browser.

    image-20240925-162600.pngImage Added

    1. Load the backup copy and follow the steps.

    2. If the restore process is performed using a backup copy generated with another database user (e.g., for 12.3 or 13.0 updates), you may expect many changes related to permissions in the above first step.

      image-20240925-163326.pngImage Added

  4. When all the steps are completed, edit the .env file in the Master node. Set the variable RESTORE_MODE=false and apply using the following command: docker compose up -d.

6. IMPORTANT

Certain technical details are important to keep in mind:

  • You MUST NOT change the database username once the environment has been started for the first time. The PostgreSQL official container creates the database for the user specified in the first boot. If you subsequently change that user, the database will not start successfully.

  • Docker compose does not update the configuration of CIFS volumes (such as the recordings volume of Presence Recording). If you wish to modify this configuration once the volume has been created, you must first stop the environment, then delete the volume using the following command: docker compose down; docker volume rm VOLUME_NAME, and start the environment with docker compose up -d.

  • If you make a change that results in the creation of a new container (e.g. a change to the image, one environment variable or volume), then the previous trace logs will be lost.

    • Make a backup if you deem it necessary. For example, a backup of the last 48 hours: docker compose logs -t --since 48h | gzip -c > 48hlogs.gz.

  • In case of a core dump in a service that is running in a container, the kernel configuration of the host machine is inherited, which means that this configuration will be saved in the host as specified. For Rocky Linux 9, these are stored in /var/lib/systemd/coredumps.

6.1. Directory of recordings

Because of the change made to set absolute paths, it is important to update the configuration of Presence Recording Server so that the new absolute paths will be used as shown below:

...

Note that the /recordings part of the path must match the RECORDING_MOUNT_POINT=/recordings variable. If you change this to another value, then the path configured in the Recording Server must be modified accordingly.