...
Here, you may populate/ change name, select authentication method from drop down menu, and the linked authentication database
Yarnman Management/ Utilities/ Specifications
Yarnman Manual Log Collection
If log collection option as described in previous chapters is not available/ can not be accessed, log collection may be performed manually by ssh access to Yarnman
Please send screenshot of error encountered and detailed steps to reproduce and time stamp from ssh via date command
run command via ssh to collect logs
tar -czvf yarnman-logs.tar.gz --exclude='*.tar.gz' /var/log/yarnman
Then sftp file and send to support as required
Upgrade Yarnman - Apply a patch
| Note |
|---|
Take a VMware snapshot before applying patch |
Process to apply patch in Yarnman
Copy the patch file: yarnman-app-<version>.tar.gz.sig to /opt/yarnlab/install via SFTP
ssh into the server
Run command: cd /opt/yarnlab/yarnman
Run the upgrade script: ./scripts/install-yarnman-app.sh yarnman-app-<version>.tar.gz.sig
| Info |
|---|
If you are supplied an unsigned patch that does not have .sig suffix step 4 is replaced with ./scripts/install-yarnman-app.sh yarnman-app-<version>.tar.gz -i There will also be an error Package is not signed use --ignore-verification |
Upgrade Yarnman – Linux Deps upgrade
| Note |
|---|
Take a VMware snapshot before applying deps upgrade |
Process to upgrade the Linux Deps. It is recommended to take a snapshot prior to update
Copy the update file: yarnman-linux-bundle-master-<version>.tar.gz.sig to /opt/yarnlab/install via SFTP
ssh into the server
Run command: cd /opt/yarnlab/yarnman
Run the upgrade script: ./scripts/ install-linux-deps.sh yarnman-linux-bundle-master-<version>.tar.gz.sig
Note that all download links all have a corresponding .md5 and linux-deps upgrade also have optional md5 verification
Upgrade Yarnman – Linux Version 18 upgrade
Process to upgrade Linux to version 18. It is strongly recommended to take a snapshot prior to upgrade
Download Linux Upgrade Script + Application Patch from Yarnlab web site
https://yldev.blob.core.windows.net/packages/yarnman-app-<Ver>-master-<Build>.tar.gz.sig
SFTP file on to yarnman server - place in install directory /opt/yarnlab/install
Take a Snapshot
ssh to yarnman server
CD /opt/yarnlab/yarnman
Run The application patch
./scripts/install-yarnman-app.sh yarnman-app-<Ver>-master-<Build>.tar.gz.sig
Note: this command may require -i at the end depending on source version. It would then be ./scripts/....tar.gz -i
Verify that app installed correctly in Yarnman Administration App Web GUI
Run the OS upgrade file from ssh directory /opt/yarnlab/yarnman
sudo ./scripts/upgrade-baseos18.sh yarnman-linux-upgrade18-bundle-<Ver>-master-<Build>.tar.gz.sig
Note: this command may require -i at the end depending on source version. It would then be ./scripts/....tar.gz -i
During the upgrade you will be prompted if you want to run a backup - select Y to perform backup
On completion - Y to reboot
Local Firewall Configuration
Configure on each host as required using ufw
sudo ufw allow ssh
sudo ufw allow http
sudo ufw allow https
sudo ufw enable
Additional rules are required on the core node for each arm deployed
sudo ufw allow from <ip address of arm> to any proto tcp port 5984,5986
sudo ufw allow from <ip address of arm> to any proto tcp port 6379,6380
Default Terminator Configuration (Testmate)
sudo ufw allow from any proto udp port 6700:6799
External Firewall Ports
ARM → Core
Couchdb tcp/5984 tcp/5986 tcp/6984 Redis tcp/6379 tcp/6380SSH tcp/22
Core → Arm – Patch transfer
SSH tcp/22
User → Yarnman – Access to Yarnman
SSH tcp/22HTTPS tcp/443
Customer → Arm - PWreset/Yarndoor/PrattlerHTTPS tcp/443
Prattler upload
tcp/8444Prattler WS tcp/8081
RTP udp/6700-6799 – required for Media
Arm → Customer UC Apps - T
estmateCTI/QBE. TCP 2748LDAP tcp/389 tcp/636
RTP udp/6700-6799 (configurable)
WS AXL/RIS HTTP tcp/80 tcp/443 tcp/8443
SSH tcp/22
Core ↔ Core - HA only
Couchdb cluster tcp/9100-9200
Redis Cluster tcp/1000
Other AppsArm → CUCDM8 WS tcp/8181 Arm → VOSS4UCWS tcp/443Arm → KurmiWS tcp/443
Certificates
From Yarnman Menu - Select "Certificates"
...
To add a new Certificate - Select "Add New Certificate"
...
Name the Certificate, then "Select a certificate file to upload"
Then select the file to upload → then "Add"
...
To Add a new Certificate Authority, CA
From Yarnman Menu select "Certificates", then from Certificates page, select "Add New Certificate Authority"
...
Type the name of the CA → "Add"
...
Yarnman SSL Certificates - Generate CSR
To acquire a new certificate you must generate a CSR (Certificate Signing Request). This may be done initially after creating private key or when a certificate expires
Certificate Locations /opt/yarnlab/yarnman/config
/ssl-cert.cert - Standard certificate sent to clients
/ssl-key.pem - Private key file for checking response
Open ssh session to server – go to /opt/yarnlab/yarnman/config
Open Editor 'nano cert.cnf'
In the editor – complete following info
| Code Block |
|---|
[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req
[ req_distinguished_name ]
emailAddress = Email Address (emailAddress_max = 64)
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names (Recommend using DNS name here)
[alt_names]
DNS.1 = <DNS name> |
Backup and Restore
To Backup Yarnman Open SSH session Run command: cd /opt/yarnlab/yarnmanRun the backup script: ./scripts/backup-yarnman.sh -b Backup script will create Backup Directory /opt/yarnlab/backup and create backup file Restoring BackupOpen SSH sessionEnsure that the backup directory /opt/yarnlab/backup exist with backup file Run command: cd /opt/yarnlab/yarnmanRun the restore script: ./scripts/backup-yarnman.sh -rThe backup script will identify the latest backup in the backup directory and restore from there
...
External Firewall Ports
User Access to Yarnman
From (Sender) | To (Listener) | Destination Port | Purpose |
|---|---|---|---|
user segment | Yarnman node | TCP/443 | HTTPS |
user segment | Yarnman node | TCP/80 | HTTP redirect to HTTPS |
user segment | Yarnman node | TCP/22 | SSH - Support |
Yarnman to Other Systems
From (Sender) | To (Listener) | Destination Port | Purpose |
|---|---|---|---|
Yarnman node | CUCM/UCXN/EXPW |
| HTTP Webservices (AXL,RIS,Perfmon) |
Yarnman node | CUCM | TCP/2748 | CTI/QBE JTAPI (test_mate & orca_mate) |
UC Services (CUCM/MTP/Phone) | Yarnman node | UDP/6700-6799 (configurable in Yarnman) | Receive RTP ports (test_mate) |
Yarnman node | UC Services (CUCM/MTP/Phone) | UDP/16384 - 32767 (configurable in CUCM) | Transmit RTP ports (test_mate) |
Yarnman node | CUCM/UCXN/EXPW | TCP/22 | SSH proxy (yarn_gate) |
Yarnman node | CUCDM8 | TCP/8181 | Webservice |
Yarnman node | CUCDM10/11/VOSS4UC | TCP/443 | Webservice |
Yarnman node | Kurmi | TCP/443 | Webservice |
Arm deployment
From (Sender) | To (Listener) | Destination Port | Purpose |
|---|---|---|---|
Yarnman Arm node | Yarnman Core node |
| Database |
Yarnman Arm node | Yarnman Core node |
| Message Bus |
Yarnman Arm node | Yarnman Core node | TCP/22 | SSH - Support |
Yarnman Core node | Yarnman Arm node | TCP/22 | SSH - Patch Transfer |
High Avalilbity deployment
From (Sender) | To (Listener) | Destination Port | Purpose |
|---|---|---|---|
Yarnman Core node | Yarnman Core node | TCP/9100-9200 | Database Clustering |
Yarnman Core node | Yarnman Core node |
| Database Clustering |
Yarnman Core node | Yarnman Core node |
| Message Bus Clustering |
Yarnman Core node | Yarnman Core node | TCP/1000 | Message Bus Clustering |
Certificates
From Yarnman Menu - Select "Certificates"
...
To add a new Certificate - Select "Add New Certificate"
...
Name the Certificate, then "Select a certificate file to upload"
Then select the file to upload → then "Add"
...
To Add a new Certificate Authority, CA
From Yarnman Menu select "Certificates", then from Certificates page, select "Add New Certificate Authority"
...
Type the name of the CA → "Add"
...