Installing the SIP Server for Evergreen

Author: Bill Erickson
This is a rough intro to installing the SIP server for Evergreen.

NOTE: This documentation is also available in the Evergreen documentation at http://docs.evergreen-ils.org/1.6/draft/html/. In github: http://github.com/rsoulliere/Evergreen-DocBook/blob/master/1.6/admin/sip.xml.

Current SIP code lives at http://git.evergreen-ils.org:

cd /opt
git clone git://git.evergreen-ils.org/SIPServer.git SIPServer

1. $ sudo su opensrf
   $ cd /openils/conf
   $ cp oils_sip.xml.example oils_sip.xml

2. Edit oils_sip.xml. Change the commented out <server-params> section to this:

       <server-params
           min_servers='1' 
           min_spare_servers='1'
           max_servers='25'
       />

3. max_servers will directly correspond to the number of allowed SIP clients. Set the number accordingly, but bear in mind that too many connections can exhaust memory. On a 4G RAM/4 CPU server (that is also running evergreen), I would recommend not exceeding 100 SIP client connections, give or take.

1. in the <accounts> section, add SIP client login information. Make sure that all <login>s use the same institution attribute, and make sure the institution is listed in <institutions>. All attributes in the <login> section will be used by the SIP client.
2. In Evergreen, create a new profile group called SIP. This group should be a sub-group of Users (not Staff or Patrons). Set Editing Permission as "group_application.user.sip_client" and give the group the following permissions:

COPY_CHECKIN
COPY_CHECKOUT
RENEW_CIRC
VIEW_CIRCULATIONS
VIEW_COPY_CHECKOUT_HISTORY
VIEW_PERMIT_CHECKOUT
VIEW_USER
VIEW_USER_FINES_SUMMARY
VIEW_USER_TRANSACTIONS

OR use SQL like:

INSERT INTO permission.grp_tree (id,name,parent,description,application_perm) 
VALUES (8, 'SIP', 1, 'SIP2 Client Systems', 'group_application.user.sip_client');
 
INSERT INTO
  permission.grp_perm_map (grp, perm, depth, grantable)
SELECT
  g.id, p.id, 0, FALSE
FROM
  permission.grp_tree g,
  permission.perm_list p
WHERE
  g.name = 'SIP' AND
  p.code IN (
    'COPY_CHECKIN',
    'COPY_CHECKOUT',
    'RENEW_CIRC',
    'VIEW_CIRCULATIONS',
    'VIEW_COPY_CHECKOUT_HISTORY',
    'VIEW_PERMIT_CHECKOUT',
    'VIEW_USER',
    'VIEW_USER_FINES_SUMMARY',
    'VIEW_USER_TRANSACTIONS'
);
 
-- VERIFY:
SELECT * 
  FROM permission.grp_perm_map JOIN permission.perm_list ON 
       permission.grp_perm_map.perm=permission.perm_list.id 
  WHERE grp=8;

Keep in mind that the id (8) may not necessarily be available on your system.

1. For each account created in the <login> section of oils_sip.xml, create a user (via the staff client user editor) that has the same username and password and put that user into the SIP group.

Note: The expiration date will affect the SIP users' connection, you might want to make a note of this somewhere.

$ sudo su opensrf
$ oils_ctl.sh -d /openils/var/run -s /openils/conf/oils_sip.xml -a [start|stop|restart]_sip

It is useful to log SIP requests to a separate file especially during initial setup by modifying your syslog config file.

1. Edit syslog.conf.

   $ sudo vi /etc/syslog.conf  # maybe /etc/rsyslog.conf

2. Add this:

   local6.*                -/var/log/SIP_evergreen.log

3. Syslog expects the logfile to exist so create the file.

   $ sudo touch /var/log/SIP_evergreen.log

4. Restart sysklogd

   $ sudo /etc/init.d/sysklogd restart

1. Edit logging config

   sudo vi /etc/syslog-ng/syslog-ng.conf

2. Add:

   # SIP2 for Evergreen
   filter    f_eg_sip { level(warn, err, crit) and facility(local6); };
   destination eg_sip { file("/var/log/SIP_evergreen.log"); };
   log { source(s_all); filter(f_eg_sip); destination(eg_sip); };

3. Syslog-ng expects the logfile to exist so create the file.

   $ sudo touch /var/log/SIP_evergreen.log

4. Restart syslog-ng

   $ sudo /etc/init.d/syslog-ng restart

Use this configuration in the destination server's syslog-ng.conf to filter incoming remote SIP logs into a daily unified SIP.log. Be sure to modify paths according to your environment.

# --------------------------------------------------------------------------------
# Destination
# --------------------------------------------------------------------------------

destination d_external_sip {                             # f_sip
file("/var/log/remote/prod/$YEAR/$MONTH/$DAY/SIP.log",
        template("$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC $HOST $MSG\n") owner(nagios) group(nagios) perm(0644) template-escape(no)); };

		
# --------------------------------------------------------------------------------
# Filter
# --------------------------------------------------------------------------------

filter f_sip { match("acs-server"); };	

# --------------------------------------------------------------------------------
# Log Statement
# --------------------------------------------------------------------------------

log { source(s_external); filter(f_sip); destination(d_external_sip); };

Add the lines below to the syslog-ng.conf on the remote server you wish to forward logs from.

#SIP
source s_file_sip { file("/var/log/SIP.log" follow_freq(1)); };
log { source(s_file_sip); destination(d_ext); };

• In the top level CVS checkout of the SIPServer code

$ cd SIPServer/t

• Edit SIPtest.pm, change the $instid, $server, $username, and $password variables. This will be enough to test connectivity. To run all tests, you'll need to change all the variables in the Configuration section

$ PERL5LIB=../ perl 00sc_status.t

• This should produce something like:

1..4
ok 1 - Invalid username
ok 2 - Invalid username
ok 3 - login
ok 4 - SC status

• Don't be dismayed at "Invalid Username". That's just one of the many tests that are run.

Once you have opened up either the SIP OR SIP2 ports to be accessible from outside you can do some testing via telnet. You can try this with localhost if you so wish, but we want to prove that SIP2 works from non-localhost. Replace $instid, $server, $barcode, $username, and $password variables below as necessary. Note: We are using 6001 here which is associated with SIP2 as per our configuration.

$ telnet $server 6001
Connected to $server.
Escape character is '^]'.
9300CN**$username**|CO**$password**|CP**$instid**

You should get back.

941

Now just copy in the following line (with variables replaced) you don't need to hit enter, just paste!

2300120080623    172148AO**$instid**|AA**$barcode**|AC$password|AD**$password**

You will get back the patron information for $barcode (something similar to the what's below).

24  Y           00120100113    170738AEFirstName MiddleName LastName|AA**$barcode**|BLY|CQY|BHUSD|BV0.00|AFOK|AO**$instid**|

The response declares it is a valid patron (BLY) with a valid password (CQY) and shows the user's $name.