Alpaca CLI 5.3

Installation for CentOS & RedHat

Prerequisites

  • Java JDK 1.8
    • The newest release can be found on Oracle's webpage.
  • Oracle TimesTen
    • See below for specific instructions.
  • The IP address of the Alpaca system must be in an access control list on the BroadWorks profile server.
    • Login to the Profile Server.
    • In the BWCLI navigate to /Applications/BroadworksFileRepos/NetworkAccessLists/WebDav
      • q all ; Applications;BroadworksFileRepos;NetworkAccessLists;WebDav
    • Add the IP address from which the Alpaca migration tools will be connecting.
      • add {IP} description {description}
      • E.g., if there's no NAT and you're running Alpaca on 192.168.25.200, you could do:
        add 192.168.25.200 "Alpaca workstation"

Application Server Open Client Server External Authentication ACL

Alpaca uses the XSPs to communicate via OCI to the Application Server. If the Application Server has an ACL configured for the OCS External Authentication, the XSPs must be listed.

  1. Login to the Application Server.
  2. In the BWCLI, login as an administrator and navigate to /Applications/OpenClientServer/ExternalAuthentication/AccessControlList
  3. Use the get command to confirm if an ACL is configured.
    • If an ACL is configured, ensure the XSP which Alpaca will send OCI requests to is listed.
      • Otherwise, if the XSP is not listed in the output, add the XSP using the following format.
        • add <xsp ip address> description xsp
    • If no IPs are listed, then BroadWorks allows external authentication by default and no adjustments are necessary.

TimesTen Installation

  • Download the TimesTen installation archive from here.
  • Extract the archive.
  • Run the setup.sh script in the extracted directory.
  • Follow the setup instructions. TimesTen can be installed in client only mode. Most other items can be default.
  • The TimesTen lib directory must be set in the ALPACA_TT_LIB environment variable for Alpaca to retrieve.
    • echo "export ALPACA_TT_LIB=/opt/TimesTen/tt1122/lib" >> /etc/bashrc
    • To add the path to the current shell run source /etc/bashrc
  • Add TimesTen lib directory to the linux library linking path.
    • echo "/opt/TimesTen/tt1122/lib" > /etc/ld.so.conf.d/timesten.conf
    • Verify that the TimesTen library is loaded by ldconfig -v | grep TimesTen -A 20. The output should display the library links being created.
  • Remove obsolete jdbc driver.
    • In your TimesTen lib directory you will find multiple ttjdbc*.jar files. Alpaca only needs the latest.
    • Create a backup directory and move all of the ttjdcb*.jar files except for the newest (the one with the highest number) into this directory.

Alpaca Setup

  • Download the Alpaca tarball (.tar.gz), e.g., to /tmp/alpaca-core-<VERSION>-bin.tar.gz
  • Extract the archive in /opt.
    • cd /opt
    • tar xzvf /tmp/alpaca-core-<VERSION>-RELEASE-bin.tar.gz
  • Create a symlink from the new alpaca directory.
    • ln -s alpaca-core-<VERSION> /opt/alpaca
  • Create alpaca user with home directory of /opt/alpaca.
    • useradd -m -d /opt/alpaca alpaca
  • Change the ownership of the /opt/alpaca directory and all of its children
    • chown -R alpaca:alpaca /opt/alpaca/
  • Change the permissions to allow the alpaca group to modify all files
    • chmod -R g+rw /opt/alpaca/
  • Move your license file (named by default ecg.license.txt) into the conf directory of the extracted archive.
    • For example, if the file is in /tmp, you would do mv /tmp/ecg.license.txt /opt/alpaca/conf
  • Edit the conf/alpaca.properties.json file to configure the BroadWorks cluster element for the desired BroadWorks install. See the configuration guide for additional information.
  • Verify installation by running ./check. See Check Tool
  • Run via ./alpaca

AlpacaCLI user setup

Alpaca can be run by root or the alpaca user by default, however if other Unix user accounts need access to Alpaca, the following options are supported. Either option or a mix of both may be used to supply the desired access and security. 1. The first option, Alpaca Administrators, is for administrators to use Alpaca and be able to edit or view the alpaca configuration file. - This includes access to see the default BroadWorks System Administrator configured in the Alpaca configuration. 2. The second option, Alpaca Users, provides security in the event your users do not require access to edit or view the Alpaca configuration. - This option can also be used to provide a single BroadWorks System Administrator login for Alpaca, which the users configured on the server will utilize.

Setup Example: Alpaca Administrators "alice" and "bob"

These users will be able to edit and view the alpaca configuration files in addition to using Alpaca. - Add the user to the Alpaca group. This allows them to run alpaca within the alpaca group. - usermod -G alpaca,alice alice - usermod -G alpaca,bob bob

Setup Example: Alpaca Users who cannot read configuration file

These users will not possess the ability to edit or view the Alpaca configuration files. Alpaca requires a BroadWorks System Administrator to perform Migrations and other features. If you require the ability have users share the same System Administrator without knowing the credentials, or limit access to Alpaca's configuration files, use the following.

  1. Configure the BroadWorks System Administrator in the Alpaca configuration file and ensure the autoconnect feature is enabled for the BroadWorks cluster.
  2. Adjust the permissions for the alpaca configuration files to limit access to the alpaca user and group.
    • Adjust the permissions for the files within the alpaca configuration directory
    • chmod -R 660 /opt/alpaca/conf/*
    • Adjust the permissions for the alpaca config directory
    • chmod 770 /opt/alpaca/conf
  3. Next create a Linux group which the unprivileged users will be added to. Below is an example, however you can adjust the group configuration to fit your naming conventions and guidelines.
    • groupadd alpaca_unprivileged
  4. In the /etc/sudoers file, add the following to the environment section:
    • Defaults env_keep += "ALPACA_TT_LIB"
  5. Now execute the following to add the alpaca_unprivileged group to the /etc/sudoers file with access to use sudo to launch alpaca and its tools.
    • echo "%alpaca_unprivileged ALL=(alpaca) /opt/alpaca/alpaca" >> /etc/sudoers
      • The above will limit access to use sudo to launch the alpacaCLI to members within the alpaca_unprivileged group.
      • However, if access to the other alpaca commands is required the following should be used instead as it uses a * (wildcard) to allow access to all /opt/alpaca/alpaca* commands.
        • echo "%alpaca_unprivileged ALL=(alpaca) /opt/alpaca/alpaca*" >> /etc/sudoers
        • For example, this allows execution of not only the alpacaCLI, but alpaca-check, alpaca-runner, and etc.
  6. Add the user to the unprivileged Alpaca group. This allows the users to use sudo to launch alpaca.
    • usermod -G alpaca_unprivileged,betty betty
    • usermod -G alpaca_unprivileged,frank frank
  7. The following is an example of the command betty and frank will use to launch the AlpacaCLI and other alpaca tools
    • sudo -u alpaca /opt/alpaca/alpaca

Tools

Configuration Check Tool

A tool to check and verify the configurations of Alpaca.

  • Run after configuring Alpaca.
  • Run via ./alpaca-check
  • Checks:
    • License file
    • Times Ten Configuration
    • Times Ten connection to Application Server
    • Connection to Broadworks
    • Profile Server Access

Upgrade Tool

A tool to copy Alpaca configurations from one Alpaca installation to another.

  • Copies properties file, license file, log4j configuration file, and cache configuration file.
  • Run via ./alpaca-upgrade <Previous Alpaca Configuration Path>
  • Compatible with Alpaca version 4.1.0 and above.
  • If you are not using the alpaca group for your Alpaca installation, update the ALPACAGROUP setting in the alpaca-runner file to the appropriate group.