The following properties can be defined inside the
announcementRepositoryUsername: The username to retrieve voice portal audio and video files from for migration procedures.
announcementRepositoryPassword: The password to retrieve voice portal audio and video files from for migration procedures.
authenticationPasswordChangeable: When randomizing a user's authentication password, the user's access device type must match the provided regular expression.
authenticationUsernameChangeable: When randomizing a user's authentication username, the user's access device type must match the provided regular expression.
deviceRebootDelayMillis: The delay in milliseconds between rebooting the device and performing the migration procedure.
htmlEncodeExports: When performing an export, special characters will be escaped if this option is turned on. Characters include
blf-caching-enabled: When BLF caching is enabled, Alpaca will parse through all BLF entries and keep an updated database of monitoring users. This can cause startup to take a little longer but it will improve the speed of migrations.
ignore-line-port-transforming: Only applies to line ports with the source default domain. If set to true, line ports with the source default domain, will not have their domain transformed to the destination default domain.
deviceFileMigrationRuleList: Migration file rules consist of device types matched to the files that should be migrated with the device. There can be any number of file rules that specify the desired files to be migrated. If no rules are provided, no device files will be migrated during any type of migration.
deviceFileMigrationRuleList/deviceTypeRegex: This defines the file rule device type, as specified by regular expression.
deviceFileMigrationRuleList/fileRegexes: Any number of files can be specified by exact name.
alpaca: migration: announcement-repository-username: "BoNjOuRlEsAmIs049" announcement-repository-password: "viveLEROILouis14" html-encode-exports: true device-reboot-delay-millis: 5000 authentication-username-changeable-regex: ".*(Polycom|Linksys|Cisco).*" authentication-password-changeable-regex: ".*(Polycom|Linksys|Cisco).*" blf-caching-enabled: true ignore-line-port-transforming: false device-file-migration-rule-list: - device-type-regex: ".*(Polycom|Linksys|Cisco).*" file-regexes: [ "%BWMACADDRESS%-directory.xml", "%BWMACADDRESS%-calls.xml", ]
location: The absolute or relative location on the filesystem where exported files will be stored.
cleanup-interval: The number of days between file store cleanups.
alpaca: file-store: location: filestore cleanup-interval: 90
max-file-size: Max file size. Values can use the suffixes "MB" or "KB" to indicate megabytes or kilobytes, respectively. Defaulted to 1000MB. Setting to -1, makes the file size unlimited.
max-request-size: Max request size. Values can use the suffixes "MB" or "KB" to indicate megabytes or kilobytes, respectively. Defaulted to 1000MB. Setting to -1, makes the request size unlimited.
location: Intermediate location of uploaded files.
spring: servlet: multipart: max-file-size: 1000MB max-request-size: 1000MB location: tmp
fire-alerts-for-tasks: If disabled, Alpaca will not fire alerts for audit logs that are the result of a task that Alpaca started, i.e. Enterprise Migration.
alpaca: audit-logs: fire-alerts-for-tasks: false
encoding: The encoding to use for the outgoing and incoming parsing of BroadWorks messages.
max-requests-per-second: The maximum number of requests to send per second through a single BroadWorksServer object. This is a blocking operation that will limit the overall speed of the code if attempting to perform too many operations per second.
validate-requests-on-fire: Sets if JSR 303 Bean Validation will be used to verify that a request is valid per the XML spec before sending it to BroadWorks. The Request will not be sent if invalid.
auto-fire-millis: When using a
RequestBundlerthis timeout controls how long to wait before firing a request with less than 15 entries.
ssl-permissive: Whether to disable SNIExtension and use a universal trust strategy for SSL.
number-of-sockets-per-server: How many sockets will be opened per BroadWorksServer connection.
connection-reconnect-attempts: How many times to attempt a reconnect to BroadWorks once a connection is lost.
connection-reconnect-delay-millis: How long after a connection lost to attempt to reconnect.
asynchronous-timeout-millis: Timeout for asynchronous calls.
synchronous-timeout-millis: Timeout for synchronous calls.
max-retries-for-system-error: The number of times to retry a request if it comes back as a System Error.
broadworks: ssl-permissive: true connection-reconnect-attempts: 4 connection-reconnect-delay-millis: 500 max-requests-per-second: 40 connection-timeout-millis: 5000 validate-requests-on-fire: false encoding: "ISO-8859-1" number-of-sockets-per-server: 1 asynchronous-timeout-millis: 12000 synchronous-timeout-millis: 60000 auto-fire-millis: 1000 max-retries-for-system-error: 3
File Repository Configuration
cluster: The nickname of the cluster configured in Alpaca.
file-repo: The file repository name in BroadWorks.
username: The username of the file repository admin.
password: The password of the file repository admin.
broadworks: profile-server: - cluster: Production file-repo: ProfileServer username: fileadmin password: P@ssw0rd -cluster: Lab file-repo: ProfileServer username: fileadmin password: P@ssw0rd
Spring Email Configuration
host- The server to connect to.
port- The port to connect to. Defaults to 25.
username- The email account to use to send emails from.
password- The password for the email account that is being used.
protocol- The protocol to use to send the email, i.e. SMTP, POP3, IMAP.
properties.mail.smtp- Mail properties if using SMTP.
auth- If true, attempt to authenticate the user using the AUTH command. Defaults to false.
starttls.enable- If true, enables the use of the STARTTLS command (if supported by the server) to switch the connection to a TLS-protected connection before issuing any login commands. Note that an appropriate trust store must be configured so that the client will trust the server's certificate. Defaults to false.
ssl.trust- If set to "*", all hosts are trusted. If set to a whitespace separated list of hosts, those hosts are trusted. Otherwise, trust depends on the certificate the server presents.
Sample Spring Email configuration
mail: host: smtp.gmail.com port: 587 username: firstname.lastname@example.org password: "emailPassword!" protocol: smtp properties.mail.smtp: auth: true starttls.enable: true ssl.trust: smtp.gmail.com
Alpaca Email Configuration
from- The email address to send emails from.
base-url- The URL of the Alpaca server that the emails will be sent from.
Sample Alpaca Email configuration
mail: from: email@example.com base-url: http://127.0.0.1:8080
The MongoDB configuration can be put in the
data portion of your
application-prod.yaml configuration file.
uri- The address of the local Mongo installation. This is typically
database- The name of the database to use for Alpaca. This should always be
Sample MongoDB configuration
data: mongodb: uri: mongodb://localhost:27017 database: alpaca
To configure Alpaca to run via SSL, start by enabling the
https profile. See Profile Configuration. Once enabled, the
application-https.yaml needs to be configured.
Generating a Key Store
To enable SSL you need a valid Java keystore configured. This first requires a valid certificate.
wget https://dl.eff.org/certbot-auto chmod a+x certbot-auto ./certbot-auto certonly
After the certificate has been created use
openssl to create a keystore file.
cd /etc/letsencrypt/live/<domain> openssl pkcs12 -export -in fullchain.pem -inkey privkey.pem -out keystore.pkcs12
To verify that the certificate was correctly imported:
keytool -list -keystore config/keystore.pkcs12 -storetype pkcs12 -alias 1
Now the keystore can be copied to the Alpaca configuration directory for usage.
cp keystore.pkcs12 /opt/alpaca/config/ chown alpaca:alpaca /opt/alpaca/config/config/keystore.pkcs12
These configurations assume that necessary keys, key stores, and certificates have already been generated.
key-store- Path to the key store that holds the SSL certificate (typically a jks or pem file).
key-store-password- Password used to access the key store.
key-store-type- Type of the key store.
key-alias- Alias that identifies the key in the key store.
key-password- Password used to access the key in the key store.
protocol- SSL protocol to use.
ciphers- Supported SSL ciphers.
Sample SSL configuration
server: port: 8443 ssl: key-store: config/keystore.pkcs12 key-store-password: myStorePassword! key-store-type: PKCS12 key-alias: 1 key-password: myKeyPassword! protocol: TLSv1.2 ciphers: ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
prod- This is the primary configuration for production.
https- Enables ssl. See the SSL Configuration.
Profile selection can be done in the
alpaca-server script using the
--profiles option followed by a comma-separated list of profiles. They can be configured on service startup in the
alpaca service script using the
Configure AlpacaStore Cleanup Process
Alpaca is configured to remove older JSON files from migrations and exports after 90 days by default. If the default needs to be changed, review the following steps.
In the application-prod.yml configuration file, locate the file-store configuration under alpaca.
alpaca: file-store: location: /opt/alpaca/store cleanup-interval: 90
Change the cleanup-interval value to the desired number of days to retain files within the configured location.
BroadWorks Clusters Configuration
Initial Setup / Adding Clusters
After the installation process has been completed, you will need to configure Alpaca to be able to communicate with your BroadWorks Cluster(s). Find the steps to do this below.
- Navigate to your Alpaca server via a web browser.
- Log in using the default credentials:
- username: admin
- password: admin
- It is recommended to immediately change the password upon login.
- From the navigation bar, expand the "Admin" drop-down and navigate to the "BroadWorks Clusters" page.
- To add a cluster, click the "Add Cluster" button and complete the form.
- Cluster Nickname - This is the nickname that will be used to describe the cluster. All clusters must have a unique nickname. Examples: "ECG Production" or "ECG Lab1".
- OCI Hostname - The address to send OCI calls to. This is the address of the XSP or EWS.
- BroadWorks Admin Username - This account is used by Alpaca to perform background information retrieval for items such as the searchable database and licensing information.
- BroadWorks Admin Password - The password for the account above.
- Audit Log Directories - The location of the audit logs for the particular cluster. i.e.
/opt/alpaca/auditlogs/ECG_Production/. More than one directory can be provided.
- Once the form has been completed, click the "Create" button and a success or error message will appear. If an error has occurred, please check and verify that the credentials and addresses provided are correct.
- Repeat for each cluster.
Cluster information can be edited at any time by following the instructions below.
- Navigate the BroadWorks Cluster page. All BroadWorks Clusters that Alpaca has a connection with will appear here.
- Click on the cluster that needs to be edited.
- Modify that fields that need editing and click the "Update" button on the button right of the page. Note that the password field must be re-entered each time an edit is made.
Clusters can be removed from Alpaca at any time but please note that once a cluster has been removed its data will no longer be accessible via Alpaca.
- Navigate the BroadWorks Cluster page.
- Click on the cluster that needs to be deleted.
- Click the "Delete" button.
Spring Boot offers a wide variety of pre-defined configurations. The complete list of configurations can be found here.