...
Here, you may populate/ change name, select authentication method from drop down menu, and the linked authentication database
External Firewall Ports
User Access to Yarnman
From (Sender) | To (Listener) |
|---|
Yarnman Management/ Utilities/ Specifications
Yarnman Manual Log Collection
If log collection option as described in previous chapters is not available/ can not be accessed, log collection may be performed manually by ssh access to Yarnman
Please send screenshot of error encountered and detailed steps to reproduce and time stamp from ssh via date command
run command via ssh to collect logs
tar -czvf yarnman-logs.tar.gz --exclude='*.tar.gz' /var/log/yarnman
Then sftp file and send to support as required
Upgrade Yarnman - Apply a patch
| Note |
|---|
Take a VMware snapshot before applying patch |
Process to apply patch in Yarnman
Copy the patch file: yarnman-app-<version>.tar.gz.sig to /opt/yarnlab/install via SFTP
ssh into the server
Run command: cd /opt/yarnlab/yarnman
Run the upgrade script: ./scripts/install-yarnman-app.sh yarnman-app-<version>.tar.gz.sig
| Info |
|---|
If you are supplied an unsigned patch that does not have .sig suffix step 4 is replaced with ./scripts/install-yarnman-app.sh yarnman-app-<version>.tar.gz -i There will also be an error Package is not signed use --ignore-verification |
Upgrade Yarnman – Linux Deps upgrade
| Note |
|---|
Take a VMware snapshot before applying deps upgrade |
Process to upgrade the Linux Deps. It is recommended to take a snapshot prior to update
Copy the update file: yarnman-linux-bundle-master-<version>.tar.gz.sig to /opt/yarnlab/install via SFTP
ssh into the server
Run command: cd /opt/yarnlab/yarnman
Run the upgrade script: ./scripts/ install-linux-deps.sh yarnman-linux-bundle-master-<version>.tar.gz.sig
Note that all download links all have a corresponding .md5 and linux-deps upgrade also have optional md5 verification
Upgrade Yarnman – Linux Version 18 upgrade
Process to upgrade Linux to version 18. It is strongly recommended to take a snapshot prior to upgrade
Download Linux Upgrade Script + Application Patch from Yarnlab web site
https://yldev.blob.core.windows.net/packages/yarnman-app-<Ver>-master-<Build>.tar.gz.sig
SFTP file on to yarnman server - place in install directory /opt/yarnlab/install
Take a Snapshot
ssh to yarnman server
CD /opt/yarnlab/yarnman
Run The application patch
./scripts/install-yarnman-app.sh yarnman-app-<Ver>-master-<Build>.tar.gz.sig
Note: this command may require -i at the end depending on source version. It would then be ./scripts/....tar.gz -i
Verify that app installed correctly in Yarnman Administration App Web GUI
Run the OS upgrade file from ssh directory /opt/yarnlab/yarnman
sudo ./scripts/upgrade-baseos18.sh yarnman-linux-upgrade18-bundle-<Ver>-master-<Build>.tar.gz.sig
Note: this command may require -i at the end depending on source version. It would then be ./scripts/....tar.gz -i
During the upgrade you will be prompted if you want to run a backup - select Y to perform backup
On completion - Y to reboot
Local Firewall Configuration
Default local firewall rules
| Code Block |
|---|
sudo ufw allow ssh
sudo ufw allow http
sudo ufw allow http
ssudo ufw enable |
Additional rules are required on the core node for each arm deployed
| Code Block |
|---|
sudo ufw allow from <ip address of arm> to any proto tcp port 5984,5986
udo ufw allow from <ip address of arm> to any proto tcp port 6379,6380 |
Default Terminator Configuration (Testmate)
| Code Block |
|---|
sudo ufw allow from any proto udp port 6700:6799 |
External Firewall Ports
User Access to Yarnman
...
From (Sender)
...
To (Listener)
...
Destination Port
...
Purpose
...
user segment
...
Yarnman node
...
TCP/443
...
HTTPS
...
user segment
...
Yarnman node
...
TCP/80
...
HTTP redirect to HTTPS
...
user segment
...
Yarnman node
...
TCP/22
...
SSH - Support
Yarnman to Other Systems
...
From (Sender)
...
To (Listener)
...
Destination Port
...
Purpose
...
Yarnman node
...
CUCM/UCXN/EXPW
...
TCP/80
TCP/443
TCP/8443
...
HTTP Webservices (AXL,RIS,Perfmon)
...
Yarnman node
...
CUCM
...
TCP/2748
...
CTI/QBE JTAPI (test_mate & orca_mate)
...
UC Services (CUCM/MTP/Phone)
...
Yarnman node
...
UDP/6700-6799 (configurable in Yarnman)
...
Receive RTP ports (test_mate)
...
Yarnman node
...
UC Services (CUCM/MTP/Phone)
...
UDP/16384 - 32767 (configurable in CUCM)
...
Transmit RTP ports (test_mate)
...
Yarnman node
...
CUCM/UCXN/EXPW
...
TCP/22
...
SSH proxy (yarn_gate)
...
Yarnman node
...
CUCDM8
...
TCP/8181
...
Webservice
...
Yarnman node
...
CUCDM10/11/VOSS4UC
...
TCP/443
...
Webservice
...
Yarnman node
...
Kurmi
...
TCP/443
...
Webservice
Arm deployment
...
From (Sender)
...
To (Listener)
...
Destination Port
...
Purpose
...
Yarnman Arm node
...
Yarnman Core node
...
TCP/5984
TCP/5986
TCP/6984
...
Database
...
Yarnman Arm node
...
Yarnman Core node
...
TCP/6379
TCP/638
...
Message Bus
...
Yarnman Arm node
...
Yarnman Core node
...
TCP/22
...
SSH - Support
...
Yarnman Core node
...
Yarnman Arm node
...
TCP/22
...
SSH - Patch Transfer
High Avalilbity deployment
...
From (Sender)
...
To (Listener)
...
Destination Port
...
Purpose
...
Yarnman Core node
...
Yarnman Core node
...
TCP/9100-9200
...
Database Clustering
...
Yarnman Core node
...
Yarnman Core node
...
TCP/5984
TCP/5986
...
Database Clustering
...
Yarnman Core node
...
Yarnman Core node
...
TCP/6984
TCP/6379
TCP/6380
...
Message Bus Clustering
...
Yarnman Core node
...
Yarnman Core node
...
TCP/1000
...
Message Bus Clustering
Certificates
From Yarnman Menu - Select "Certificates"
...
To add a new Certificate - Select "Add New Certificate"
...
Name the Certificate, then "Select a certificate file to upload"
Then select the file to upload → then "Add"
...
To Add a new Certificate Authority, CA
From Yarnman Menu select "Certificates", then from Certificates page, select "Add New Certificate Authority"
...
Type the name of the CA → "Add"
...
Yarnman SSL Certificates
Configuring Intermediate Certificates
Typical format for standard SSL.
/opt/yarnlab/yarnman/config
ssl-cert.cert - Standard certificate sent to clients
ssl-key.pem - Private key file for checking response
In order to enable intermediate certificates we must create new folder in /config.
| Code Block |
|---|
~/config
/ca
1-name.crt
2-name.crt
3-name.crt |
The /ca folder contains the intermediate certificates that will be loaded in order. The easiest way to achieve this is to use the naming conventions 1-, 2- etc. Each certificate must end in .crt in order to be loaded.
Once the folder is created and at least one certificate is added in the format indicated the services on the node must be restarted.
Generate CSR
To acquire a new certificate you must generate a CSR (Certificate Signing Request). This may be done initially after creating private key or when a certificate expires
Certificate Locations /opt/yarnlab/yarnman/config
ssl-cert.cert - Standard certificate sent to clients
ssl-key.pem - Private key file for checking response
Open ssh session to server – go to /opt/yarnlab/yarnman/config
To generate CSR
...
| Code Block |
|---|
[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req
[ req_distinguished_name ]
emailAddress = Email Address (emailAddress_max = 64)
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names (Recommend using DNS name here)
[alt_names]
DNS.1 = <DNS name> |
Backup and Restore
Backup Yarnman
Open SSH session
Run command: cd /opt/yarnlab/yarnman
Run the backup script: ./scripts/backup-yarnman.sh -b
Backup script will create Backup Directory /opt/yarnlab/backup and create backup file
Restoring Backup
Open SSH session
Ensure that the backup directory /opt/yarnlab/backup exists with backup file
Run command: cd /opt/yarnlab/yarnman
Run the restore script: ./scripts/backup-yarnman.sh -r
The backup script will identify the latest backup in the backup directory and restore from there
...
Destination Port | Purpose | ||
|---|---|---|---|
user segment | Yarnman node | TCP/443 | HTTPS |
user segment | Yarnman node | TCP/80 | HTTP redirect to HTTPS |
user segment | Yarnman node | TCP/22 | SSH - Support |
Yarnman to Other Systems
From (Sender) | To (Listener) | Destination Port | Purpose |
|---|---|---|---|
Yarnman node | CUCM/UCXN/EXPW |
| HTTP Webservices (AXL,RIS,Perfmon) |
Yarnman node | CUCM | TCP/2748 | CTI/QBE JTAPI (test_mate & orca_mate) |
UC Services (CUCM/MTP/Phone) | Yarnman node | UDP/6700-6799 (configurable in Yarnman) | Receive RTP ports (test_mate) |
Yarnman node | UC Services (CUCM/MTP/Phone) | UDP/16384 - 32767 (configurable in CUCM) | Transmit RTP ports (test_mate) |
Yarnman node | CUCM/UCXN/EXPW | TCP/22 | SSH proxy (yarn_gate) |
Yarnman node | CUCDM8 | TCP/8181 | Webservice |
Yarnman node | CUCDM10/11/VOSS4UC | TCP/443 | Webservice |
Yarnman node | Kurmi | TCP/443 | Webservice |
Arm deployment
From (Sender) | To (Listener) | Destination Port | Purpose |
|---|---|---|---|
Yarnman Arm node | Yarnman Core node |
| Database |
Yarnman Arm node | Yarnman Core node |
| Message Bus |
Yarnman Arm node | Yarnman Core node | TCP/22 | SSH - Support |
Yarnman Core node | Yarnman Arm node | TCP/22 | SSH - Patch Transfer |
High Avalilbity deployment
From (Sender) | To (Listener) | Destination Port | Purpose |
|---|---|---|---|
Yarnman Core node | Yarnman Core node | TCP/9100-9200 | Database Clustering |
Yarnman Core node | Yarnman Core node |
| Database Clustering |
Yarnman Core node | Yarnman Core node |
| Message Bus Clustering |
Yarnman Core node | Yarnman Core node | TCP/1000 | Message Bus Clustering |
Certificates
From Yarnman Menu - Select "Certificates"
...
To add a new Certificate - Select "Add New Certificate"
...
Name the Certificate, then "Select a certificate file to upload"
Then select the file to upload → then "Add"
...
To Add a new Certificate Authority, CA
From Yarnman Menu select "Certificates", then from Certificates page, select "Add New Certificate Authority"
...
Type the name of the CA → "Add"
...