Ubuntu 14.04+ Server: Install Asterisk 13

Updated: 2017/08/20 – Fixed a few typos, changed apt-get instructions to apt, re-did the recommendations section, and removed Google Voice prerequisite section (since it’s been broken a lot lately, it will be a new separate post when I get it to work).

These instructions are a modification of my earlier FreePBX instructions. I ended up not liking FreePBX installed mostly because it makes Asterisk configuration non-standard, and for module compatibility, makes it produce a lot of errors. These errors could be ignored, but my OCD won’t let me personally ignore them. The huge advantage to FreePBX however is the GUI, which makes configuring things a lot easier. The downside to that though is that troubleshooting is a lot harder. Basically it boils down to forcing myself to learn Asterisk the correct way, through the various configuration files.

This assumes you are starting from a clean empty box and you are installing Ubuntu fresh from CD/USB. This is strongly recommended so that there are no other issues. The instructions install a very basic Asterisk install, but gets it ready for databases and other additions.

Note: These instructions are meant to be followed top down. Skipping non-optional sections will have dire consequences.

Recommendations

Run as root

I recommend following the instructions below “as root”, otherwise you will have to put sudo in front of each command.

sudo -i

Keep sources

Keep the sources you download. If you have to make a change, such as add a DAHDI card or update Asterisk, you can recompile/reinstall Asterisk easily from source after making low level changes. Same if you need to change DAHDI itself at that level. The sources don’t take that much room anyway. Keep in mind though, when re-compiling don’t run the commands that generate example configuration files that will overwrite yours.

BACK UP YOUR CONFIGS!

Always back up your configuration files, and off machine. There are a LOT of options out there for Linux to back up file/machines to other machines. It’s worth it to spend some time making always up to date backups that are off your machine so you don’t lose the configs you spent hours and hours on when the drive dies or something else happens to the machine. I speak from personal experience here where I lost my extensions.conf that I spent several full days on to get just right because I was too lazy to make backups. I said “oh I will get around to it”. Don’t “get around to it”, do it NOW. My favorite is a short shell script that tarballs the /etc directory and scp every day, or week depending.

 

Install Ubuntu Server

Install:

You can install 14.04 or 16.04. However, as of this update of the article the mysql driver for CDR reports is broken in 16.04.

During the installation process, select the OpenSSH server option during Software Selection. The rest of the needed packages will be installed later. Otherwise, run the setup as normal.

Setting up the new installation:
At this point, I strongly recommend setting up a static IP address for your Asterisk, but this is optional:
See: Ubuntu 14.04+: Changing to Static IP (Opens in new tab)

Make sure DNS works (and you can resolve names outside of your network):

ping www.google.com

If not, then troubleshoot your network connectivity before continuing.

Update using apt, upgrade the system, and install dependencies then reboot (Make sure to scroll over to get the whole command):

apt update; apt dist-upgrade -y; apt install -y build-essential git-core pkg-config subversion libjansson-dev sqlite autoconf automake libtool libxml2-dev libncurses5-dev unixodbc unixodbc-dev libasound2-dev libogg-dev libvorbis-dev libneon27-dev libsrtp0-dev libspandsp-dev uuid uuid-dev sqlite3 libsqlite3-dev libgnutls-dev libtool-bin python-dev texinfo; reboot

Optional Asterisk Prerequisites

 

DAHDI (if you have/will have physical hardware):

cd /usr/src
wget http://downloads.asterisk.org/pub/telephony/dahdi-linux-complete/dahdi-linux-complete-current.tar.gz
tar xvfz dahdi-linux-complete-current.tar.gz
cd dahdi-linux-complete-*
make all && make install && make config
cd tools
make install-config
dahdi_genconf modules

Note: You will see a bunch of messages like “Can’t read private key”. These can be ignored and are non-critical.

Reboot and re-run “sudo -i”.

 

LIBPRI (if you have/will have physical E1/T1/J1/ISDN cards):

cd /usr/src
wget http://downloads.asterisk.org/pub/telephony/libpri/libpri-1.4-current.tar.gz
tar xvfz libpri-1.4-current.tar.gz
cd libpri-*
make && make install

 

pjproject (if you need PJSIP, which you probably don’t):

cd /usr/src
git clone https://github.com/asterisk/pjproject.git
cd pjproject
./configure --enable-shared --disable-sound --disable-resample --disable-video --disable-opencore-amr
make dep && make && make install

 

Install Asterisk

Compile and install Asterisk:

cd /usr/src
wget http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-13-current.tar.gz
tar xvfz asterisk-13-current.tar.gz
cd asterisk-*
./configure
./contrib/scripts/get_mp3_source.sh #If you want mp3 support
make menuselect

You will be prompted at the point to pick which modules to build. Most of them will be enabled, but if you want to have MP3 support, you need to manually turn on ‘format_mp3’ on the first page. Also, select app_meetme if the MeetMe conference bridge is desired. I also recommend selecting a package from “Extras Sound Packages” for some more cool sounds to play with.

Selecting ‘Save & Exit’ to continue.

make && make install && make config && make samples
ldconfig

Optional: Install Asterisk-Extra-Sounds:
Note that this installs the (8khz) ‘wav’ sound files. If you’re planning on running G722 (High Definition ‘Wideband’) audio, you also want to download the 722 codec pack, which is the second part. If you’re not planning on using Wideband, you can skip that part.

cd /var/lib/asterisk/sounds
wget http://downloads.asterisk.org/pub/telephony/sounds/asterisk-extra-sounds-en-wav-current.tar.gz
tar xvfz asterisk-extra-sounds-en-wav-current.tar.gz
rm -f asterisk-extra-sounds-en-wav-current.tar.gz
# Wideband Audio download (Optional)
wget http://downloads.asterisk.org/pub/telephony/sounds/asterisk-extra-sounds-en-g722-current.tar.gz
tar xfz asterisk-extra-sounds-en-g722-current.tar.gz
rm -f asterisk-extra-sounds-en-g722-current.tar.gz

Start Asterisk and enjoy!

asterisk

Check out the console:

asrterisk -r

Console with a lot of feedback (very useful for troubleshooting):

asterisk -rvvvvvv

Note: If you don’t plan on connecting Asterisk up to LDAP (or don’t know what LDAP is), you can unload that module now and remove some non-critical startup errors:

In /etc/asterisl/modules.conf, add the following to the bottom:

noload => res_config_ldap.so

This module is loaded by default, and can be re-loaded when needed by removing or commenting this line.

 

Have a physical card? Check my article to configure DAHDI next: Setting Up DAHDI

I also recommend checking out my article on securing Asterisk: Securing Asterisk 13

FreePBX/Asterisk DAHDI_ATTACH_ECHOCAN failed on channel 1

 

DAHDI_ATTACH_ECHOCAN failed on channel 1: Invalid argument (22)

Currently, on a new install of the latest FreePBX, the DAHDI module has some problems with echo cancellation on FXO/FXS cards. This will cause the module to not load correctly. This may be fixed in the future.

First and foremost, reboot. I’ve had it to where I run dahdi_cfg and it produce this error when setting hwec as the canceler. A reboot fixes it.

DAHDi seems to want to use oslec echo canceler by default, however it’s not a module that’s normally loaded. There are 2 solutions to this issue. First is to use the MG2 echo canceler. This is the easiest, however, the oslec echo canceler is actually better. I will go through both:

Change to MG2 Echo Canceler:

sudo vi /etc/dahdi/system.conf

Change the line:

echocanceller=oslec,1,2

to:

echocanceller=mg2,1,2

You’re line may vary based on how many channels you have.

Run the config again with some output, it should work now:

sudo dahdi_cfg -vvvvv

 

Fix OSLEC Echo Canceler:

I haven’t been able to get it work yet… stay tuned.

Raspbian: VIM Syntax Highlighting

I always install VIM, it’s easier to use than VI, however for some reason in Raspbian, syntax highlighting is not enabled by default. It’s such a useful feature I don’t know who wouldn’t want it on. Anyway, to enable it:

sudo vim /etc/vim/vimrc

Remove the quotes from the line: “syntax on

Write and Quit, done!

Raspbian: Going on a Diet (Remove X11)

I recently set up a pi to act as a dedicated headless server with a default install of Raspbian (from NOOBS). It is solely to serve information and a couple services. In that case, there are a lot of things that aren’t needed for a headless server. One of those things (and the biggest) is X11. On a headless server, you don’t need graphical interfaces 99% of the time. I also don’t need sound or printing capability (although you could share a printer with it). Below are some suggestions on freeing up some of that already thin SD card space:

First, it’s important to understand what is installed so you can see what you have, and what might be a candidate for removal:

dpkg --get-selections | grep -v deinstall

This will get you a very long list of what’s all installed. It’s great software, but in my case, completely unneeded. X11 has processes running, and everything I didn’t need took up about 2GB of space. Sure, on a desktop hard-drive that’s just a drop in the bucket these days, but SD cards are still cramped for space. Below are just suggestions on what can be removed.

Note: Be sure to scroll to the right, as these commands are very long.

 

Removing X11:

apt-get --purge remove x11-*

Doing this command will free up the most space and resources by far. About 2GB will be freed, and several running processes will be stopped, freeing up memory and CPU. All 3 of the most restricted and important resources on a pi. This does however remove every GUI piece on the Pi, which means console only from here on out.

 

Removing Extra Multimedia:

sudo apt-get remove alsa-base alsa-utils gstreamer1.0-alsa:armhf gstreamer1.0-libav:armhf gstreamer1.0-omx gstreamer1.0-plugins-base:armhf gstreamer1.0-plugins-good:armhf gstreamer1.0-x:armhf

I don’t plan on listening to music on my pi server, so all of this was also removed.

 

Removing Printing:

sudo apt-get remove cups-common

I don’t plan on doing any printing, or sharing any printers (my printer is networked anyway), so CUPS was removed.

 

After removing everything:

sudo apt-get --purge autoremove

This will remove any leftover packages (usually mostly libraries) from other stuff that was removed above.

sudo apt-get clean;sudo apt-get autoclean

I ran these commands after just to clean up apt-get, so I don’t run into any problems in the future.

After doing all of the above, I ended up with only 879MB of SD card space used, which is fantastic for a still fully functioning and working pi. You will probably end up with even more free space, as I have other stuff installed. Remember, everything you remove can always be put back.

Samba: Simple and Secure File Sharing

Samba can be overwhelming. Especially since unless you use the help of tools like SWAT, you basically are staring at a huge and complicated looking smb.conf in /etc/samba. I’ve been messing with Samba for many years, and I still learn a bunch every time I mess with it. I was talking to an IRC friend earlier and Samba came up as he wanted to make his shares useable to Windows, readable to everyone, but writable only to logged in users. In the past, because of my poor understanding of Samba, I always got frustrated and just made it completely open and writable by the world. To accomplish this, I even had to make the entire folder structure open to everyone, by setting the permissions to 777 (readable, writable, and executable by EVERYONE!). After our conversation I figured now is as good as any time to learn how to implement at least a little bit of security, as what he wanted to do makes complete and total sense. So after doing some Google-ing, I figured it out!

First, some prerequisites:

  1. I recommend setting all of your sub directories to be mapped to a user and group of a non-privileged user and a user that is not a human. In my case, I ran chmod to my entire file server (a little bit over 1TB of bad permissions worth) so that everything is owned by the user ftp, and the group ftp. I will show the command later.
  2. Every user you want to have write access to the folders must be a member of the same group that you set the file permissions to. I use the group “ftp” to accomplish this. All the files however, do not have to be owned by the user “ftp”.
  3. I decided to have one directory that is still available to everyone for writing called “Inbox”. That way I can open it up via sftp or what have you for any convenience reasons.
  4. Understand Windows behavior. If you map a drive as a user, even if you disconnect, Windows will still authenticate as that user even without re-mapping the drive. I am still trying to figure out how to remove those cached credentials. In the mean time, for testing I used a second “virgin” Windows machine, one that has never logged in as a Samba user so I can make sure my one public folder is writable and test different configurations.
  5. When logging into the share with Windows (e.x. mapped drive), use: serverhostname\username and then the password as normal.
  6. I strongly recommend making a backup copy of the current smb.conf. You never know. I have been beating that habit into my head when it comes to configuration files. Always back it up! I will also show that later.
  7. I completely removed printer sharing from the Samba config. I personally never will share a printer from my file server for various reasons. If you do want to share a printer, don’t forget to leave the printer shares in.

The following instructions are based on sudo usage of Debian type machines (my server is Ubuntu Server 14.04). You may not need sudo. I also use vim which is just an enhanced version of vi. Any editor will do of course. Your mileage will vary, so take the following as a guide, and not as “type these in exactly”, unless you happen to have your server setup exactly the same as mine, which would be weird.

The following also assumes /mnt/data is where all of my files that I serve are. This is actually a mount point to a RAID array. Inside of that, I have a folder called Inbox.

Part 1: Setting up Users, Groups, and the File System

The first bit will be users. Following my case, I did the following to set everything to owner and group to “ftp”. Now, you may not have either, which just means you will need to create the user and group first. Of course, it doesn’t matter what you name it. The ftp user/group is usually created upon installation of an FTP server, so I just use that.

To create ftp user and group (if you don’t already have it, cat /etc/passwd will show you all of the users):

sudo adduser --home /mnt/data --no-create-home --disabled-login -shell /bin/false ftp

Note: You will need to change /mnt/data (that’s just my file serving location). Login is disabled with this command though, so it won’t matter too much.

To set the permissions and ownership correctly (if you have existing files), I ran the following:

sudo chmod -R 775 /mnt/data
sudo chown -R ftp:ftp /mnt/data

Note: I always use full paths with cmod and chown if I am changing more than one object, even if I am already in the folder, because these commands are so powerful. You can easily damage beyond economic repair your entire system with these. Always use extreme caution! My personal rule is “If I use -R, I use full path”.

Setting 775 and running chown on everything allows read, write, and execute by the user ftp, and anyone in the group ftp. It only allows read and execute access to everyone else. This allows the anonymous user to read and execute, but not modify for security. Samba will be set similarly, but having it set correctly file system wise will make it secure against any Samba mis-configurations or other attacks.

Now, there if you have a lost+found folder in your path, you will need to fix it so that root owns it again, and permissions are back to normal:

sudo chown -R root:root /mnt/data/lost+found
sudo chmod -R 700 /mnt/data/lost+found

Now, one thing to keep in mind, as my point #2 above stated, every user you want to have write access to these folders and files must be a member of the group you just put on them. Simply run (usermod -G group user):

usermod -G ftp JoeAverageUser

The user will now have modification rights on any folder that has the ftp group on it, with write permissions set for groups (e.x. 775).

Note: If you add a system user, and your non-Ubuntu specific distribution does not have a package called “libpam-smbpass”, you will need to either install that package, or also add the user to the Samba database manually with:

pdbedit -a -u NewUserHere

(Thanks to Mr. Wiebe for pointing that out with his Debian install)

Part 2: Setting Up Samba

Setting up the configuration of course depends entirely on what you want to do exactly. For instance, I want to be able to share everything in /mnt/data for public read and execute. I also want a place for any guest or anonymous user to place new files for me to sort through later. I called this location /mnt/data/Inbox. On top of that, I want logged in users to be able to read and write /mnt/data. This way I can mount a drive as another user in Windows and modify, delete, and change things at will. I personally took the default Samba config file, made a backup copy of it, and almost wiped it clean. Sure the comments are really useful, but reading a file with a million comments is more of a pain than just searching Google for what I really need.

Make a backup!

cd /etc/samba
cp smb.conf smb.orig

Now, here is what mine looks like as it might be easier to understand it after seeing it all in one place. Some key entries will be explained below:

vim /etc/samba/smb.conf
[global]
   workgroup = WORKGROUP
   server string = %h server (Samba, Ubuntu)
   security = user
   dns proxy = no
   log file = /var/log/samba/log.%m
   max log size = 1000
   syslog = 0
   panic action = /usr/share/samba/panic-action %d
   encrypt passwords = true
   passdb backend = tdbsam
   obey pam restrictions = yes
   unix password sync = yes
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
   pam password change = yes
   map to guest = bad user
   usershare allow guests = yes

[data]
        path=/mnt/data
        available=yes
        read only=yes
        browsable=yes
        guest ok=yes
        guest account=nobody
        write list=@ftp
        create mask=0775
        directory mask=0775
        hide unreadable=yes
        force group=ftp

[inbox]
        path=/mnt/data/Inbox
        available=yes
        read only=no
        browsable=yes
        guest ok=yes
        guest account=nobody
        create mask=0775
        directory mask=0775
        force group=ftp

Starting from the top, these are what I feel to be the most important options to understand, and also deviate from default:

[global]
security=user – This allows Samba to use local Linux system users to control file/folder access. There other available levels of course, mostly dealing with external means of authentication.
usershare allow guests=yes – This allows non-authenticated users access to the shares defined.

Note: Everything in between is default from the original configuration file. The directives mostly handle authenticating users and logging.

[data] – The first share I define. This is the name of the folder that appears to clients.
path=/mnt/data – The path to the files for this share. Since I try to keep things simple, this is the path to everything.
available=yes – Makes this available to clients. For example, if you want to temporarily make the share unavailable, you can change it to no and keep the configuration in place.
read only=yes – Makes the share read only to everyone, except anyone in the write list, seen below.
browsable=yes – Announces the share in browse lists. This is especially important for Windows.
guest ok=yes – Allows guests to see folders and files inside the share.
guest account=nobody – Maps the guest account to “nobody”. This way guests can’t impersonate a user.
write list=@ftp – A comma separated list of users that are allowed to write to files and folders in the share. Using the @ symbol, you can specify entire groups.
create mask=0775 – The file creation permissions. This does the same as discussed in part 1 above. Change this to match how you control permissions on your file share. This is what gets applied when a logged in user creates a new file. 775 gives permission to read, write, and delete to the user and group, but not everyone.
directory mask=0775 – Same as create mask for files, but for directories.
hide unreadable=yes – I use this specifically to hide the lost+found folder, however it is also useful to hide directories that the logged in user has no access to (not even read). This can be useful for user directory lists too.
force group=ftp – Forces new files/folders to belong to the group ftp which keeps the files available as originally designed. If you omit this option, new files and folders will only be available to the primary group of the user who wrote them.

[inbox] – This is the “public” guest writable share I have defined.
There are only 4 differences from the above entry. Both “write list” and “hide unreadable” are not present. The following directives are modified:
path=/mnt/data/Inbox – The path to the share that will be available for writing to guest.
read only=no – Opens the share to be writable from anyone, including guests..

The Inbox works for guest because using the “force group=ftp” directive allows new files and folders to be created under that group, but as the “nobody” user. This is akin to running “chmod nobody:ftp” after adding the object. Because my Inbox folder is a sub folder of the data share, there is one idiosyncrasy to keep in mind with this setup. If a guest goes to \\server\inbox, they will be able to write and modify, however, if they go through \\server\data\Inbox, they will not be able to modify even though it’s really the same folder. This is because the data share itself is locked down to guests. If this is bothersome, just make sure it is not a sub folder of another further locked down share.

After editing, remember to restart the service:

sudo service smbd restart

 

A great quick reference source for configuration options can be found here: http://www.oreilly.com/openbook/samba/book/appc_01.html. Otherwise, don’t forget to check out https://www.samba.org/ and https://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/. And remember, just have fun and play around with all of the options to see what the results are. The best way to learn is to do.

Ubuntu 14.04+: Changing Login Messages

The login messages you get when you log into SSH or the console are actually a bunch of bash scripts in /etc/update-motd.d. You can modify these and customize them as you would like. For example, all of my Ubuntu servers include a line advertising landscape.canonical.com, which would be fine, but I’m just a home user and that’s a pay for service, so I’m not interested. It also has a link to documentation which I also don’t need to be reminded of every time.

Here is what the default server version login looks like:

Welcome to Ubuntu 14.04.1 LTS (GNU/Linux 3.13.0-39-generic x86_64)

 * Documentation:  https://help.ubuntu.com/

  System information as of Fri Nov 14 11:23:17 MST 2014

  System load:  0.0               Processes:           124
  Usage of /:   44.4% of 4.06GB   Users logged in:     0
  Memory usage: 6%                IP address for eth0: ip.address.here
  Swap usage:   0%

  Graph this data and manage this system at:
    https://landscape.canonical.com/

Last login: Fri Nov 14 11:17:28 2014 from blahblah

The following instructions assume you are in the directory:

cd /etc/update-motd.d

To pare the long message down, I first started by moving the script that barks out the documentation link to my home directory (just in case I need it back, but it can also be deleted). You can move it wherever you want of course, but I don’t use my home directory in my servers for anything.

sudo mv 10-help-text ~

To remove some of the extra returns in the system information section, I edited 50-landscape-sysinfo and commented some of the echos:

sudo vim 50-landscape-sysinfo
#echo
echo -n "  System information as of "
/bin/date
#echo
/usr/bin/landscape-sysinfo

(# means comment, the script will ignore those lines).

To remove the “Graph this data and manage this system at:” lines, we will need to edit landscapelink.py instead (note, your path may very. It might also be python2.5 instead of python 2.7. use “locate landscapelink.py” to find it for sure).

sudo vim /usr/lib/python2.7/dist-packages/landscape/sysinfo/landscapelink.py

Change the following lines:

self._sysinfo.add_footnote(
    "Graph this data and manage this system at:\n"
    "    https://landscape.canonical.com/")

to:

#self._sysinfo.add_footnote(
#    "Graph this data and manage this system at:\n"
#    "    https://landscape.canonical.com/")

That wasn’t too bad. Now we have this upon login:

Welcome to Ubuntu 14.04.1 LTS (GNU/Linux 3.13.0-39-generic x86_64)

  System information as of Fri Nov 14 12:31:55 MST 2014
  System load:  0.0               Processes:           110
  Usage of /:   51.8% of 5.54GB   Users logged in:     0
  Memory usage: 7%                IP address for eth0: ip.address.here
  Swap usage:   0%

Last login: Fri Nov 14 12:31:56 2014 from blahblahmachine

Much better, and much less screen taken up by extra crud. Of course, if you don’t care about the pretty information block, you can just move or delete the 50-landscape-sysinfo file from the directory.

Ubuntu 14.04+: Automatically Start a Script as a User

There are several different ways to start a script as root, in rc.d, crontab, etc. Starting a script as a user however can be just as easy in crontab:

sudo vim /etc/crontab

and then add:

@reboot usernamehere /path/to/script/here

So, why do this? Security. In my case I had a public service that I run (an IRC bot) that refuses to run as root for good reason. The program will only run as a user to prevent any hacking attempts getting root easily. Never run public services as root.

Ubuntu 14.04+: ia32-libs

ia32-libs isn’t an installable package by default anymore, thankfully a kind poster over at stackoverflow posted a simple solution to get the libraries installed. This is useful if you are running an older 32bit application in a 64bit only Linux.

sudo -i
cd /etc/apt/sources.list.d
echo "deb http://old-releases.ubuntu.com/ubuntu/ raring main restricted universe multiverse" >ia32-libs-raring.list
apt-get update
apt-get install ia32-libs
rm ia32-libs-raring.list

Note: Others on that same page say this isn’t a good idea, although they don’t clarify exactly why. So, this is your warning, works for me, may break things, your mileage may vary, etc.

Ubuntu 14.04: ‘no talloc stackframe’ Error

Update (12/2/14): This is still a problem in Ubuntu, however the bug has been fixed in Samba itself since version 4.1.10. The latest version in Ubuntu’s repositories for some reason is still 4.1.6, which mean the bug still exists for us.

no talloc stackframe at ../source3/param/loadparm.c:4864, leaking memory

I have been getting this error whenever I set up an Ubuntu 14.04 machine with Samba, also when I upgraded a 12.04 LTS with Samba. This apparently is a bug problem between Samba and PAM authentication. Hopefully soon a fix will come out and get this resolved, because even the work around is not good.

Basically, the work around is to run “sudo pam-auth-update” and uncheck “SMB password synchronization”. This prevents Samba from getting updated passwords from PAM and vice-versa. This also prevents Samba from getting new passwords/accounts. If you have an existing Samba server, don’t upgrade until this problem has been resolved.

To add a user to Samba, use:

pdbedit -a -u samba_user

See the reported bug at: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1257186

XenServer 6: Adding a New Ubuntu 14.04 Template

Currently XenServer does not have a template for the new Ubuntu 14.04. This will most likely be fixed in a future update, but for now it’s a really easy to add a new template. Thanks to http://virantha.com/2014/05/21/ubuntu-14-04-trusty-on-xenserver-62/ for the quick instructions.

In XenCenter, head over to the console of the server and log in.

Run the following 3 commands (I chose to name it the full name Trusty Tahir instead of just Trusty):

TEMPLATE_UUID=`xe template-list name-label="Ubuntu Lucid Lynx 10.04 (64-bit)" params=uuid --minimal`
NEW_TEMPLATE_UUID=`xe vm-clone uuid=$TEMPLATE_UUID new-name-label="Ubuntu Trusty Tahir 14.04 (64-bit)"`
xe template-param-set other-config:default_template=true other-config:debian-release=trusty uuid=$NEW_TEMPLATE_UUID

These three commands basically just copy the template from Lucid Lunx 10.04 and renames it. Simples!