After installing the BSF server and NAF filter, you’ll need to update the XCAP server, configure HTTP port mapping and optionally create init.d scripts
Update the XCAP server
To configure the XCAP Server for the Sentinel Authentication Gateway, you need to populate XCAP server settings and MMTel service data.
Populate XCAP server settings and MMTel service data
There are several configuration pages in REM for XCAP connectivity and MMTel service data mappings that must be populated, including the required settings to connect to the Sh Cache Microservice.
his can be done using the script sentinel-volte-mappings-config
.
This file is located in the build/bin
directory of the Sentinel Authentication Gateway SDK.
This can be executed from your Sentinel Authentication Gateway’s command line, provided the Java Runtime Environment (v 7+) is installed. The command must be given these arguments:
Argument | What it specifies |
---|---|
-u (--username) |
Your Rhino Element Manager (REM) username. |
-pw (--password) |
Your Rhino Element Manager (REM) password. |
-h (--hostname) |
The hostname or IP address of your Rhino Element Manager (REM). |
-p (--port) |
The port of your Rhino Element Manager (REM). |
-n (--network-operator) |
The network operator name. |
-r (--rhino-instance-id) |
The Rhino Instance ID. |
-s (--serverurl-shcm) |
The URL for the Sh Cache Microservice (required) |
-sph (--shcm-proxy-host) |
The proxy host used to connect to the Sh Cache Microservice (optional) |
-sph (--shcm-proxy-port) |
The proxy port used to connect to the Sh Cache Microservice (optional) |
-im (--include-mappings) |
Explicitly designate what Subscriber Data and XCAP mappings to include in a comma delimited list while implicitly excluding other mappings. Valid options include 'msw' = Metaswitch-TAS-Services, 'odb' = IMS-ODB-Information, 'mmtel' = MMTEL-Services (optional) |
-ah (--additional-host-mappings) |
Additional XCAP host names (in addition to the one specified with -h or --hostname), can be specified multiple times |
The hostname value must match your NAF server, e.g. naf.home1.net. |
The rhino-instance-id value equates to the Rhino instance where your BSF is deployed, e.g. Local if you have Rhino and REM on the same host. |
Here is an example command:
cd ~/sentinel-gaa/sentinel-gaa-sdk ./build/bin/sentinel-volte-mappings-config -u emadm -pw password -h naf.home1.net -p 8080 -r Local -n OpenCloud -s http://localhost:8088/shcache/v1
To see a listing of the required arguments, from the command line, execute the script without any arguments. |
Configure HTTP port mapping (non-standard deployments)
The BSF Server receives HTTP requests via the HTTP Resource Adaptor (HTTP RA) running on Rhino.
In the default BSF configuration, the HTTP RA listens on port 8001
; however for a production deployment it needs to receive requests on port 80
, the standard HTTP port.
By default, an nginx reverse proxy is set up to forward these requests.
If this is not desirable, or if not using the supplied MAG node images, the following process can be used.
Use iptables to redirect port 80
On Unix systems, only processes running as the super user (root) can listen on ports below 1024. Rhino is a multi-purpose platform, running potentially many different kinds of services, so running it as root is not recommended. Instead, we can use the operating system’s port translation features to redirect traffic on port 80 to a different port where the HTTP RA is listening.
Most Linux distributions have iptables preinstalled. This is a program for configuring the Linux kernel’s firewall, including port translation.
Below are the iptables
commands for redirecting port 80 traffic to port 8001. These include procedures to:
Add rules to redirect port 80 traffic
$ sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8001 $ sudo iptables -t nat -A OUTPUT -p tcp -d 127.0.0.0/8 --dport 80 -j REDIRECT --to-port 8001
Redirects connections to port 80 from external hosts. | |
Redirects connections to port 80 from processes on the same host. |
To delete these rules, simply replace -A
with -D
in the above commands.
Remove redirection rules
$ sudo iptables -t nat -D PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8001 $ sudo iptables -t nat -D OUTPUT -p tcp -d 127.0.0.0/8 --dport 80 -j REDIRECT --to-port 8001
The Linux firewall’s nat
(network address translation) tables can be viewed with the iptables -L
command.
With the HTTP port translation applied as above, you should see something like the example below.
View the nat tables
$ sudo iptables -t nat -L -n Chain PREROUTING (policy ACCEPT) target prot opt source destination REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 8001 Chain INPUT (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination REDIRECT tcp -- 0.0.0.0/0 127.0.0.0/8 tcp dpt:80 redir ports 8001 Chain POSTROUTING (policy ACCEPT) target prot opt source destination
The -n parameter disables name service lookups. |
Create init.d scripts
There are two init.d
scripts for Ubuntu Linux which make starting and stopping Rhino and REM easier:
Note: These are illustrative and useful for Proof of concept rather than production environments.
To set these up:
1 |
Copy the script to the host server’s sudo cp rhino /etc/init.d sudo cp rem /etc/init.d |
---|---|
2 |
Make the script executable: |
3 |
Refresh, with the sudo update-rc.d rhino defaults 99 sudo update-rc.d rem defaults 99 |