Difference between revisions of "Freeside:Documentation:FAQ"

From Freeside
Jump to: navigation, search
m (Really Old Questions)
(add Q/A about PCI complience from jayce's mailing list reply)
Line 98: Line 98:
 
:Packages with no [[svc_acct]] type services are ignored.  Add the customer without a first package, then use "Order New Package" on the customer view page.
 
:Packages with no [[svc_acct]] type services are ignored.  Add the customer without a first package, then use "Order New Package" on the customer view page.
 
:Packages with more than one [[svc_acct]] type service need one of them set as the default service (it's a radio button during setup/configuring the package)
 
:Packages with more than one [[svc_acct]] type service need one of them set as the default service (it's a radio button during setup/configuring the package)
 +
 +
;Q. Is Freeside PCI Compliant?
 +
: It can be, but that mostly depends on how you set yours up individually.  What hardware you use, where your server is, who you allow access, how do any of your programs interact with freeside, and via what networks and protocols.  You need to setup and use [[Freeside:1.7:Documentation:Administration:Encrypted_Credit_Cards|encrypted credit cards]].
 +
: Freeside gives the tools necessary for its part, but much of PCI compliance is in your infrastructure.
  
 
= Configuration Questions =
 
= Configuration Questions =

Revision as of 16:55, 18 December 2008

General Questions

Q. What is Freeside's license?
As of Freeside 1.7.3, Freeside is licensed under the GNU Affero General Public License (AGPL), version three or later. Prior versions were licensed under the terms of the GNU General Public License (GPL), version two or later.
At your option, the client side of the self-service component (all files in fs_selfservice) may also be licensed under the GNU General Public License (GPL), version three or later.
Q. What databases are supported by Freeside?
PostgreSQL 7.x/8.x is recommended.
MySQL (v4.1 or later, v5 recommended) is supported starting with Freeside 1.7.3. DBIx::DBSchema 0.35 is required.
Note: the above only applies to the database used by the Freeside software itself. Freeside can integrate with RADIUS and other servers running a different database than the backend.

Installation Questions

Q. How do I avoid "Badly formed sub country data" errors from freeside-setup?
Before running freeside-setup, run:
   export LANG=C (sh, bash, zsh, etc. shells)
   setenv LANG C (csh or tcsh shell)
Q. Is mod_perl version 2 (and 1.99) (and its associated Apache 2.x) officially supported by Freeside?
mod_perl version 2 (and 1.99) are supported. Set APACHE_VERSION in the Makefile as appropriate.
Q. I'm trying to run Freeside on a VirtualHost, and I get "not running uid freeside" errors.
Your mod_perl-enabled Apache instance must run as user "freeside." This means that the entire server instance must be running as user "freeside," which is accomplished through a server-level User freeside directive. You cannot just put User freeside within a VirtualHost block (try running ps -auxwww and you'll see that the apache processes are owned by the server-level specified user, not the virtual host-level specified user).
Since "scripts" run under mod_perl are run in-process by the embedded perl interpreter and are not executed in a separate process as CGI scripts, you cannot use suEXEC to obtain a different username in VirtualHost context.
The recommended configuration is to run a separate, mod_perl-enabled Apache instance on a private, firewalled backend server, not on a public webserver.
Q. My Apache logs say (or a command says)
Can't locate <SomeModule>.pm in @INC (...)
Install the Perl module the error references. If the module is not listed in the installation instructions, edit the documentation and add it.
Q. After installing mod_perl, my Apache logs say: [error] Can't locate Apache.pm in @INC (...)
Install Apache::Request
Q. After installing mod_perl, my Apache logs say: "Can't locate mod_perl.pm in @INC" (...)
Include the path to mod_perl.pm by editing apachectl and specifying it.
An example is below (adjust to your needs):
-- near the top of apachectl --
PERL5LIB=$PERL5LIB:/more/paths/to/search:/directory/of/mod_perl:/even/more/places
export PERL5LIB
-- end of apachectl modifications --
Q. "Host Key Verification Failed" errors, how do I resolve these?
This error occurs when freeside tries an unattended login via ssh. The .ssh/known_hosts file on the freeside host must contain entries for the target host(s). You must ssh into the target host as users root and freeside using the IP or hostname/fqdn specified in the export and/or server commands (passwd, sign-up, self-service). You cannot have an IP based entry in the known_hosts file and then use a hostname for the exports etc., the verification will fail. Or you can change the sshd_config file directive IgnoreUserKnownHosts from no to yes. But caution, this will expose your system to security threats if your keys are compromised.
Q. I cannot add a user account. I see Error: Can't find svc_acct.domsvc in svc_domain.svcnum. What do I do?
Follow the directions in docs/admin.html exactly. You have failed to "Add your own domain." Create a package containing a svc_domain service. Sell it to yourself. Provision it with your domain. Edit the service definition for the svc_acct service and set it to Default or Fixed and your domain. Note: Freeside-setup in 1.7.X will have added the first domain already.
Q. What's causing this error running the self-service client and server?
Magic number checking on storable file failed at ../../lib/Storable.pm (autosplit into ../../lib/auto/Storable/fd_retrieve.al) line 349, at ...
  • Mismatched versions of Storable.
  • Something's not running as freeside.
    • Eg, the signup server script panics != freeside, returning 0 bytes of input back. Version appears undef, and doesn't match.
  • The remote machine is not in the known hosts file
    • ssh-keygen -F hostname no output means it's not found. Does not verify known key compares.
  • The ssh key used is either passphrase protected, or the key is not running in ssh-agent
  • Known or suspected issue with FreeBSD + Storable. Try FileCache instead.

Misc Questions

Q. freeside-daily emits warnings like
     WARNING:  Skipping "pg_group" --- only table or database owner can VACUUM it
Should I be concerned?
No. These messages are harmless.
Q. freeside-daily emits warnings like
     Use of uninitialized value in pattern match (m//) at /usr/share/perl5/Mail/Internet.pm line 535.
     Use of uninitialized value in sprintf at /usr/share/perl5/Mail/Internet.pm line 540.
Should I be concerned?
No.
Q. What's the purpose of the Self-Service Server and how does it work?
The Self-Service server is run on a separate, public box. The Freeside server connects to it via SSH. When a user comes to the Self-Service Server, he logs in and his username and password are authenticated against a Service (svc_acct) in a Package that is active for his Freeside customer record. The Self-Service Server then gets a session ID which it uses in communicating with the Freeside server for purposes of working on this user's customer record.
It is intended to provide, out of the box, a way to have users sign up for a package and cancel that package. Recent additions have begun to make it possible also to add packages to an existing user and list those packages that user has purchased. The Self-Service Server system comes with some ready-made CGIs that handle the most basic of these tasks for you. The main thing to realize about it is that the customer must have a Package with a Service of type account set up with a username and password so that he may log in.
Current additions have also added additional capabilities including a web services and PHP API, an example VoIP-focused implementation with voicemail, CDRs, etc. in addition to the usual selfservice features.
Q. Using Cisco NAS devices, RADIUS session history does not show IP addresses, and search by IP address does not work. What's wrong?
Use the "aaa accounting delay-start" command on Cisco NAS devices to instruct them to report IP addresses to RADIUS.
Q. HTML invoices have extra characters (typically boxes or diamond-shaped question marks). What is the cause and how do I fix this?
Remove the Apache configuration directive AddDefaultCharset UTF-8 from your configuration. Note that on current Debian installs (4.0/etch) this may have been added as a default in /etc/apache2/conf.d/charset</code>.
Q. Why are some packages unavailable as a first package for a new customer?
Packages with no svc_acct type services are ignored. Add the customer without a first package, then use "Order New Package" on the customer view page.
Packages with more than one svc_acct type service need one of them set as the default service (it's a radio button during setup/configuring the package)
Q. Is Freeside PCI Compliant?
It can be, but that mostly depends on how you set yours up individually. What hardware you use, where your server is, who you allow access, how do any of your programs interact with freeside, and via what networks and protocols. You need to setup and use encrypted credit cards.
Freeside gives the tools necessary for its part, but much of PCI compliance is in your infrastructure.

Configuration Questions

Q. How do I set a minimum UID/GID?
Edit /usr/local/etc/freeside/counters.[datasource]/svc_acct.uid . This is Freeside-wide, not specific to any export driver.
Q. How do I setup prepaid packages?
Minimum verison 1.5.8 is required.
To create a package with one hour of usage, set "seconds" in the service definition to "default" and "3600", OR, use prepaid cards with the desired duration. You also need to a usage-capable export setup (currently sqlradius, sqlradius_withdomain or radiator), and you need to make sure "freeside-sqlradius-radacctd" is running (uncomment the section that starts it in your init script).
To create a pacakge with one week of availability, set the package definition to the "Prepaid, flat rate" price plan, and set the Recurring fee frequence to "weekly".
These can be used separately or together.
Q. How do I limit the type of credit-cards displayed on the sign-up form (and elsewhere)?
  • Go to the Configuration -> Settings page
  • Click on Edit Configuration
  • Click on the Billing section
  • Edit the "card-types" configuration value (make sure not to edit the cvv2-save configuration value by accident)
  • On the Freeside machine, run "/etc/init.d/freeside restart"

Really Old Questions

Q. Using DBD::Pg 1.40, I receive an Use of uninitialized value in die or syntax error at or near "$1" error when running freeside-setup or after upgrading DBD::Pg
DBD::Pg 1.40 has a grave bug (http://rt.cpan.org/NoAuth/Bug.html?id=12004) which causes these errors. Please use 1.41 or later (1.32 is also okay).
Q. When building software prererquisites for Freeside, which combinations are known to break/fail?</b>
Any: DBD::Pg 1.32 with DBI 1.42 fails "make test". DBI 1.41 is ok. Update: Test failures are harmless, DBI::Pg 1.32 works fine with DBI 1.42.
FreeBSD ports sometimes has trouble with perl and modules:
  1. IPC::ShareLite (used in selfservice for 1.5.x) may coredump. Reported on FreeBSD 4 and 5 with various perl versions. Update: as of 1.5.7, "selfservice_server-session_module" configuration value can be set to "Cache::FileCache" instead and IPC::ShareLite will not be necessary.
  2. Storable may be broken due to the new "-D64bitint" flag that is compiled into perl. Reported on FreeBSD 4.10 and perl 5.8.4.
Q. What's the purpose of the Session Server?
It records sessions (ie. login + logout, etc), so that the database can tell who is logged on at any given time. These days, most folks use a RADIUS server such as FreeRADIUS which includes an SQL session database instead of using the Freeside session server.
Q. How do I enable a second address (service/shipping address) in an existing database?</b>
For 1.7.X, freeside-upgrade should enable shipping addresses automatically.
For older versions, apply the following changes to your database:
     ALTER TABLE cust_main ADD COLUMN ship_last varchar(80) NULL;
     ALTER TABLE cust_main ADD COLUMN ship_first varchar(80) NULL;
     ALTER TABLE cust_main ADD COLUMN ship_company varchar(80) NULL;
     ALTER TABLE cust_main ADD COLUMN ship_address1 varchar(80) NULL;
     ALTER TABLE cust_main ADD COLUMN ship_address2 varchar(80) NULL;
     ALTER TABLE cust_main ADD COLUMN ship_city varchar(80) NULL;
     ALTER TABLE cust_main ADD COLUMN ship_county varchar(80) NULL;
     ALTER TABLE cust_main ADD COLUMN ship_state varchar(80) NULL;
     ALTER TABLE cust_main ADD COLUMN ship_zip varchar(10) NULL;
     ALTER TABLE cust_main ADD COLUMN ship_country char(2) NULL;
     ALTER TABLE cust_main ADD COLUMN ship_daytime varchar(20) NULL;
     ALTER TABLE cust_main ADD COLUMN ship_night varchar(20) NULL;
     ALTER TABLE cust_main ADD COLUMN ship_fax varchar(12) NULL;
     CREATE INDEX cust_main4s ON cust_main ( ship_last );
     CREATE INDEX cust_main5s ON cust_main ( ship_company );
     ALTER TABLE h_cust_main ADD COLUMN ship_last varchar(80) NULL;
     ALTER TABLE h_cust_main ADD COLUMN ship_first varchar(80) NULL;
     ALTER TABLE h_cust_main ADD COLUMN ship_company varchar(80) NULL;
     ALTER TABLE h_cust_main ADD COLUMN ship_address1 varchar(80) NULL;
     ALTER TABLE h_cust_main ADD COLUMN ship_address2 varchar(80) NULL;
     ALTER TABLE h_cust_main ADD COLUMN ship_city varchar(80) NULL;
     ALTER TABLE h_cust_main ADD COLUMN ship_county varchar(80) NULL;
     ALTER TABLE h_cust_main ADD COLUMN ship_state varchar(80) NULL;
     ALTER TABLE h_cust_main ADD COLUMN ship_zip varchar(10) NULL;
     ALTER TABLE h_cust_main ADD COLUMN ship_country char(2) NULL;
     ALTER TABLE h_cust_main ADD COLUMN ship_daytime varchar(20) NULL;
     ALTER TABLE h_cust_main ADD COLUMN ship_night varchar(20) NULL;
     ALTER TABLE h_cust_main ADD COLUMN ship_fax varchar(12) NULL;
     CREATE INDEX h_cust_main4s ON h_cust_main ( ship_last );
     CREATE INDEX h_cust_main5s ON h_cust_main ( ship_company );
And run bin/dbdef-create username.
Q. Isn't it insecure to use rsync?
No.
I wonder who added this question in the first place. rsync has defaulted to using ssh for the connection for ages now.
Q. What should I do if a question in this section actually helped?
Be scared. It might me time for an upgrade.  :)