This section explains how to install Evolve ® Call Intercept (CIN). CIN can be installed online or offline.
If you have connectivity to the Internet or a Linux repository, follow the instructions in Install CIN Using the Application Manager.
Otherwise, follow the instructions in Install CIN with No Internet Access.
Access the Customer Portal.
Log in with your User Name and Password.
Click Software Downloads on the portal’s main menu.
Locate the application package imsworkx-cin-x.x-x.noarch.rpm in the software list.
Click the link to download the file.
The xpressworkx-platform and audio files have been installed on each machine.
Application Manager 1.4 or greater has been installed on both NIUs.
The NIU hostname needs to be resolvable on the machines within the cluster.
Ensure that the password-less SSH works from the NIUs to all AS machines.
Ensure Ansible (any version 2.4 through 2.8) is installed on each NIU. Once Ansible is installed, you will want to “pin” the version.
Note
You may need to enable the centos-release-ansible repo to find a required version of Ansible.
Log in as root on the primary NIU.
Copy the downloaded file to the primary NIU.
Run the following command to install the CIN installer.
yum install imsworkx-cin-x.x-x.noarch.rpm
Use the following command to install the CIN application.
xpressworkx_app_manager install cin x.x-x
Where x.x-x is the version of CIN to be installed. There will be output showing on the screen as CIN is installed, and any errors will be clearly indicated.
The Ansible tasks will try to go out to the Internet to find and install the necessary RPM dependencies and Python dependencies. The Python dependencies need to be installed using PIP.
Log in as root on the primary NIU.
Copy the downloaded RPM to the primary NIU.
Since application installation procedures run over SSH, configure the SSH daemon with the required PIP environment variables. To do this, run the following commands on each machine in the cluster.
echo AcceptEnv PIP_FIND_LINKS >> /etc/ssh/sshd_config
echo AcceptEnv PIP_NO_INDEX >> /etc/ssh/sshd_config
service sshd restart
Configure Ansible to install dependencies from the disk instead of the Internet using environment variables. To do this, run the following commands on each machine in the cluster.
export PIP_FIND_LINKS=/root/python_dependencies
export PIP_NO_INDEX=true
export ANSIBLE_SSH_ARGS="-C -o ControlMaster=auto -o ControlPersist=60s -o SendEnv=PIP_FIND_LINKS -o SendEnv=PIP_NO_INDEX"
source ~/.bashrc
Optional. This step will change the overall behavior of Python and may help improve the speed of the installation. Add the following to /etc/hosts on each machine in the cluster in order to block (with immediate errors) unreachable repositories:
127.0.1.1 yum.postgresql.org pypi.python.org
Optional. This step will change the overall behavior of Python and may help improve the speed of the installation. Add the disabled repository setting to /etc/yum.conf on each machine in the cluster:
[postgres]
enabled=0
Ensure all dependencies are installed on each NIU and AS. See the Knowledge Base for the full list of dependencies.
Python dependencies can be downloaded from the Python Package Index. When downloading the dependencies, be sure to download the exact version specified if a version is provided. Otherwise, download the latest version supporting Python 2.7 for CentOS/RHEL 7 machines. To easily gather the dependencies, create a text file with a list of the following Python dependencies and name it requirements.txt.
MarkupSafe
Jinja2
psycopg2
importlib
Django==1.6
WebOb
chardet
Place all of the downloaded Python dependencies in the following directory on the primary NIU using the requirements.txt file that you created.
`/root/python_dependencies`
pip download -r requirements.txt
Run the following command to install the CIN installer.
yum install imsworkx-cin-x.x-x.noarch.rpm
Use the following command to install the CIN application.
xpressworkx_app_manager install cin x.x-x
Where x.x-x is the version of CIN to be installed. There will be output showing on the screen as CIN is installed, and any errors will be clearly indicated.
Upon installation, the following jobs are added to the crontab:
xpressworkx-cdr-partition cin
xpressworkx-cdr-synchronize cin
xpressworkx-cdr-cleanup-database cin
restworkx-cin clean
cin-clear-expired-jobs
The following configuration needs to be added to the ps_init section of ps_master_config in order to run Web Services. Additional steps are necessary if using HTTPS.
<process name="xpressworkx_web_services"
run-offline="1"
stop-script="/usr/sipxpress/bin/stop_web_services" />
Note
These firewall ports are required for web services: tcp/80 tcp/443
The following configuration needs to be added to the ps_init section of ps_master_config in order to run Data Services.
Note
When creating or obtaining the certificate, please request and use X509 extensions to incorporate the DNS alternative name ‘niu’.
<process name="xpressworkx_data_services"
run-offline="1"
run-as="postgres"
wait-to-start="120"
stop-script="/usr/sipxpress/bin/stop_data_services"
offline-script="/usr/sipxpress/bin/offline_data_services"
online-script="/usr/sipxpress/bin/online_data_services"
notify-cluster-changes="1" />
The cdr_synchronization_config.yml file is used to set the retention values for Call Detail Records (CDR), and the size of the files that will be copied over during synchronization.
Typically, only the maximum_backup_age is edited. This value sets the number of days that CDRs are kept in the database.
Refer to the comments in the cdr_synchronization_config.yml file for more information on the other values:
use_app_manager_config: True
maximum_backup_age: 7
page_size: 1000
thread_count: 3
synchronization_throttle: 0
host: 127.0.0.1
user: root
password: pass
CDRs are collected on each AS individually and then pulled into the main database to view in the web interface or access in the JSON API. This process occurs by default every night at midnight, and is done by two separate cron jobs.
The first cron job is run on each AS individually and prepares the CDRs collected on the AS for shipment to the NIU.
xpressworkx-cdr-partition cin
The second cron job is run on the primary NIU and pulls the partitioned CDRs from each AS into the main database.
xpressworkx-cdr-synchronize cin
To configure CDRs to be collected on the NIU more or less frequently, edit crontab on each NIU and AS machine. Make sure that the partition process on each AS runs at least as frequently as the synchronize process on each NIU.
There are a number of automatic database maintenance tasks that run on the NIU. These tasks are installed as cron jobs in the root user’s crontab.
Evolve recommends that the schedule for these tasks remain unmodified unless otherwise directed by Evolve support.
The following log files are written to on the NIU by the CIN service. Each file should be rotated using your method of choice. Common options are cron jobs, rsyslog/syslog configuration, and logrotated.
/var/log/xpress.log
/var/log/xpressworkx/app-manager/web/access_log
/var/log/xpressworkx/app-manager/web/error_log
/var/opt/xpressworkx/app-manager/cin/logs/cin-apache.log
/var/opt/xpressworkx/app-manager/cin/logs/cin-apache-ssl.log
/var/opt/xpressworkx/app-manager/cin/logs/cin-django.log
/var/opt/xpressworkx/app-manager/cin/logs/cin.log
The following configuration needs to be added to the ps_init section of ps_master_config if CDR service is not already present.
<process name="xpressworkx_cdr_services"
control-queue="xpressworkx_cdr_services" />
The following configuration needs to be added to the JVM server classpath section of ps_master_config.
<ps-jvm>
<ps-jvm
class-path="/usr/sipxpress/jars/pt-mutables.jar::/usr/sipxpress/jars/cin-interface.jar"
jvm-start-size="-Xms16m"
jvm-max-size="-Xmx32m"
num-threads="9" />
</ps-jvm>
Routing Rules tell the AS which events should be processed by an application. For more information about routing rules, see the Application Server User’s Guide.
The following are the events that CIN can process that can be configured in the routing rules:
- XpressWorkXIN.EveInfoAnalyzed.1
For AIN queries to CIN using the Info_Analyzed trigger.
- XpressWorkXIN.EveInfoCollected.1
For AIN queries to CIN using the Info_Collected trigger.
- XpressWorkXIN.EveTerminationAttempt.1
For AIN queries to CIN using the Termination_Attempt trigger.
- XpressSIP.EveSipMsgOutsideDialog.1
For responding to OPTIONS packets as part of a SIP Trunk Up or Active operation.
- XpressSIP.EveSessionRequest.1
For new calls or queries to CIN using SIP.
It is recommended to complete this procedure to configure syslog to listen for both Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) messages. These steps should be performed on every NIU and AS.
Uncomment the following lines in the /etc/rsyslog.conf file. By default, these lines are typically found under the MODULES section of the file. If the lines are not already present, they will need to be added.
# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514
# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514
Run the service rsyslog restart command to restart rsyslog and apply the changes.
These steps are required to use secure communications via the web UI and/or API with the application. Our SSL implementation uses TLS with certificate exchange.
Add the private key to the configuration on both NIUs. Edit the /root/xpressworkx-ssl-vars and add the following:
CERTIFICATE_FILE=/root/easy-rsa/pki/issued/<hostname>.crt
KEY_FILE=/root/easy-rsa/pki/private/<hostname>.key
CA_FILE=/root/easy-rsa/pki/ca.crt
HOSTNAME=<hostname>
Run the configure-ssl command on both NIUs.
Note
This script requires the Python packages semantic_version, requests, and pyopenssl.
Running this command will stop and restart the HTTP server (httpd), which will briefly affect any system traffic. Also, this command will start a test process (test-httpd) which will check that the configured certificates are working at a basic level.
After running this command, further modifications to HTTP configuration should be made only if instructed to do so by Customer Support.
To launch CIN automatically on startup, add the following to the <ps-appexec> section of the ps_master_config on each AS:
<ps-appexec>
<application sessions="nnn" iterations="0">cin.xml</application>
</ps-appexec>
Where nnn is the number of simultaneous sessions of CIN to launch.
Now, you can start provisioning screening rules.
If CIN is not configured to automatically launch on startup, follow these steps to launch CIN using the Console:
Launch Console.
Add Platform Services Host.
Right-click Applications in the Object panel.
Select Start Application from the menu.
Select the required application from the Application Name list.
Enter the number of sessions that you want to run.
Click OK.
For more information on starting and stopping an application through the Console, see Working with Applications.
When uninstalling CIN, you can either maintain or purge the database.
To uninstall and maintain the CIN database:
Log in as root on the primary NIU.
Run the following command to uninstall the CIN application.
xpressworkx_app_manager uninstall cin
To uninstall and purge the CIN database:
Log in as root on the primary NIU.
Run the following command to uninstall the CIN application.
xpressworkx_app_manager purge cin
Warning
Using the purge command will remove everything of CIN from the system, including the database.
Updating CIN is as simple as installing CIN with the new version. This update should be performed at a time when call traffic is minimal or during a maintenance window.
To gracefully restart CIN on an AS, complete the following steps:
Stop an Application
In Console, right-click the application in the Object panel and select Stop.
Select the Stop Application Gracefully check box to allow each running session to complete its current iteration.
Click Yes.
Start an Application
Right-click Applications in the Object panel.
Select Start Application from the menu.
Select the required application from the Application Name list.
Tip
The application must reside in the apps subdirectory of the /usr/sipxpress/apps directory or in one of the repositories specified in the Current Repositories window (see Setting Up Application Repositories).
Enter the number of sessions that you want to run.
If you want to generate a trace file, select the associated check box. The trace file is logged to the /usr/sipxpress/logs directory.
In the Stopping Instructions section, specify whether the application should run until it is manually stopped or for a specified number of iterations.
Click OK.
Tip
To verify that an application has started and successfully completed, select the service host on the Object panel, expand the Logs folder, and select PS_SysLog.txt.
For more information on starting and stopping an application through the Console, see Working with Applications.
Security-Enhanced Linux (SELinux) is a security architecture for Linux systems that defines access controls for applications, processes, and files.
For this application, SELinux uses the default targeted policy installed by enterprise Linux packages. The policy is a set of rules that enforces what can or cannot be accessed.
SELinux is supported in enforcing, permissive, or disabled mode, and the current mode is checked during an install.
Contact Customer Support if you want to change the SELinux mode after an application has been installed. The installer may need to be run again to ensure permissions and contexts are correct.
For more configuration information, see the SELinux User’s and Administrator’s Guide.