Download This Guide
Setting Up the Second SBR/Management Node in a Starter Kit
This section describes installing the software on the second SBR/management node host in a Starter Kit cluster, following the initial combined SBR/management node installation. (See Setting Up a Starter Kit’s First SBR/Management Node.)
 | Caution: If you have not installed the Cluster’s first server yet, do not proceed with the cluster installation. |
Populating the JNPRShare Directory
Before running the configure script, make a local copy of the configuration files that were created during installation on the first server. (In the following procedures, FTP is used to copy files. You may use whatever distribution mechanism you want to keep the share directories synchronized, so long as all /JNPRshare directories on all servers are readable and writable by the root and hadm accounts.)
To copy the cluster’s base configuration files to this target machine:
- Log in as hadm.
- Change directories to the install directory on the local
server.
Execute:
cd /opt/JNPRshare/install/ <cluster_name>For example:
cd /opt/JNPRshare/install/MyCluster - Use FTP binary mode to connect to the first server that was set up and navigate to the radius/install subdirectory of the directory in which the JNPRsbr package was installed (/opt/JNPRsbr/radius/install by default) on the source server.
- Execute a get command to transfer the configure <cluster name> .tar file to the local directory.
For example:
bin
get configure.MyCluster.tar - Extract the configuration files from the archive.
For example:
tar xvf configure.MyCluster.tarThe output display includes five files similar to this example:
$ tar xvf configure.MyCluster.tar x dbcluster.rc, 1925 bytes, 4 tape blocks x config.ini, 2435 bytes, 5 tape blocks x my.cnf, 1017 bytes, 2 tape blocks x dbclusterndb.gen, 33474 bytes, 66 tape blocks x dbcluster.dat, 921 bytes, 2 tape blocks
Configuring Host Software on the Second SBR Carrier and Management Node
Before starting this procedure, review Before You Install Software. In particular, review requirements for: Setting Up External Database Connectivity (Optional) and Installing the SIGTRAN Interface (Optional), as steps in this procedure require the server to be preconfigured for these capabilities.
To configure SSR software on the second SBR Carrier and management node host in a Starter Kit cluster:
- As root, navigate to the directory where you installed
the Steel-Belted Radius Carrier package. For information about directory
in which Steel-Belted Radius Carrier package is installed, see Unpacking Session State Register Software.
Navigate to the radius/install subdirectory and run:
Execute:
cd /opt/JNPRsbr/radius/install/ - Execute the configure script
to install the Steel-Belted Radius Carrier server software:
Execute:
./configure - Review and accept the Steel-Belted Radius Carrier license
agreement.
Press the spacebar to move from one page to the next. When you are prompted to accept the terms of the license agreement, enter y.
Do you accept the terms in the license agreement? [n] y
- From the menu of configuration tasks, enter 3 to specify Configure Cluster Node.
Configuring SBR Software
--------------------------------------------------------------------------- SBR 8.30.50006 cluster on SunOS 5.10 Generic_141444-09 node MyNode_2 is not configured and processes are down, needs to be configured ---------------------------------------------------------------------------
1. Unconfigure Cluster Node Not used when merely updating existing cluster definitions.2. Generate Cluster Definition Creates new or updates existing cluster definitions. Modifies the shared directory but does not modify this node.3. Configure Cluster Node To be preceded by ’Generate Cluster Definition’ on any node. Must be invoked on each and every node of the cluster.4. Reconfigure RADIUS Server Only on SBR nodes, updates the existing SBR configuration.5. Create Temporary Cluster Used to approximate a cluster using only this one machine. Intended for migration and demonstration purposes only.6. Upgrade From Restricted Cluster License Used to upgrade from restricted cluster to regular cluster. Removes database restriction on the number of concurrent sessions and enables the addition of an expansion kit licenseEnter number of desired configuration task, or q to quit [2]: 3
- Specify the name of the cluster.
Enter the name exactly as you specified it in Table 9.
Enter SBR cluster name [MyCluster]: MyCluster
You are prompted to verify whether you want to proceed, unless the script detects any unusual installation conditions (a pre-existing directory, for example). In some cases, you may be prompted to resolve or ignore them.
- The system reads the configuration files that you copied
to the server and prompts you to change some settings from the original
server’s to adapt them to this server. Enter y to proceed.
WARNING: You are about to make irreversible changes to this node. Are you sure that you wish to continue? [n]: y
Cleaning old directories /opt/JNPRhadm --------------------------------------------------------------------------- SBR 8.30.50006 cluster MyCluster{0s,2sm,0m,2d} on SunOS 5.10 Generic_141444-09 node MyNode_2(sm) Reviewing Configuration Files... ---------------------------------------------------------------------------/opt/JNPRsbr/radius/install/tmp/dbcluster.rc /opt/JNPRsbr/radius/install/tmp/config.ini /opt/JNPRsbr/radius/install/tmp/my.cnf /opt/JNPRsbr/radius/install/tmp/dbclusterndb.gen
View (v), accept (a), or reject (r) configuration files: a
- Enter a to accept the modified
configuration files and continue or v to
view them.
Caution: We recommend that you enter an r to reject them only if a serious error was made when you provided information. We recommend that you not edit these files.
- Specify whether you want to use the JRE installed in your
system to enable JDBC plug-ins and JavaScript implementation.
Do you want to configure Java Runtime Environment for JDBC Feature [n] :
- If no, press Enter to proceed to the next prompt. SBR Carrier does not support JDBC plug-ins unless you specify a valid JRE path.
- If yes, type y and press Enter.
You are prompted to specify the path where the JRE is installed in
your system. The Java Virtual Machine (JVM) architecture should be
compatible with SBR Carrier.
Note: Java 1.7.0 or a later version is required to access the Web GUI. To support both JDBC plug-ins and Web GUI, it is recommended to use Java 1.7.0 or a later version with the JVM architecture compatible with your SBR Carrier. For example, if you are using the 32-bit version of SBR Carrier, you must use the 32-bit version of Java 1.7.0 or later.
Enter 32-bit libjvm.so path (Ex: /opt/jvm/jre/lib/i386/client/ ) :
Note: If you enter an incorrect JVM path three times, SBR Carrier proceeds to the next step. In this case, you will not be able to use JDBC plug-ins. To specify the valid JVM path, you need to run the configure script again.
- Specify the server’s initial admin user.
Enter initial admin user (UNIX account must have a valid password) [root]:
Press Enter to accept the default, root.
- Specify whether you want to set up Centralized Configuration
Management (CCM).
Enable Centralized Configuration Management (CCM) for this SBR node? [n]: y
Then specify the server role.
Configure SBR node as CCM primary (p) or replica (r)? [r]: r
- Because this is not the first server to be installed, if CCM is used, this server cannot be the primary. Enter r to set the role as replica.
- Specify whether you want a local replica.ccmpkg file from
the primary server.
Have you got a local replica.ccmpkg file from the primary (y/n)? [y]:
- Specify the primary CCM server’s hostname.
Enter primary host name:
For example:
Enter primary host name: MyNode_1 - Specify the primary CCM server’s IP address.
Enter primary host IPv4 address [172.28.84.35]:
For example:
Enter primary host IPv4 address [172.28.84.35]: 198.168.0.1 - Specify the primary host secret string.
Enter primary host secret:
Type the secret string and press Enter.
- Confirm the host secret string.
Confirm primary host secret:
Type the secret string again and press Enter.
- Specify whether you want to use the auto-restart module
that automatically restarts the SBR Carrier server in case of an unexpected
shutdown.
Do you want to enable "Radius WatchDog" Process? [n]: Y Radius WatchDog feature set to Enable Please ensure that Perl 5 or better is installed.
Note: If Perl version 5 is not installed, the radiusd script will not run, even if enabled by configuration, and SBR Carrier will operate without the auto-restart module running.
- Specify whether you want to start the GWrelay process
while executing the ./sbrd start script.
Do you want to enable "GWrelay" Process? [n]: y GWrelay feature set to Enable
- Specify whether you want to configure SBR Carrier to provide
LDAP server emulation for configuration and statistics using the LCI.
Do you want to enable LCI? [n] :
- If no, press Enter to accept the default.
- If yes, enter y and press Enter.
You are prompted to provide information for LCI configuration.
- When you are prompted for the port number, enter the port
number that is used for communication between SBR Carrier and the
LDAP client.
Note: SBR Carrier uses port 667 as the default for LDAP emulation to avoid conflict with other LDAP servers.
Configure LCI Port [667]: 1026
- The script displays the interfaces available in the system.
When you are prompted to enter interface addresses on which Steel-Belted
Radius Carrier should listen for LCI requests, enter the addresses
you want to use from the Available Interfaces list.
LCI Interface Configuration : Available interfaces : 127.0.0.1 10.212.10.66 HELP : Enter one interface per line and an empty line when finished. Enter LCI interface addresses from the above list. Enter LCI interface address : 10.212.10.66 Enter LCI interface address : 127.0.0.1 Enter LCI interface address :
Note: SBR Carrier uses all interfaces for listening to LCI requests if you do not enter any interfaces.
- Specify whether you want to change the default LCI password
to prevent unauthorized LDAP clients from accessing your database.
Do you want to change LCI Password? [n]:
- If no, press Enter to accept the default password.
- If yes, enter y and press Enter.
You are prompted to enter a new password.
Do you want to change LCI Password? [n]: Y Password must meet the following requirements: 1. 6-8 Alphanumeric characters. 2. No Special characters other than underscore (’_’). Enter Password: Confirm Password: Password will be changed when SBR restarts.
Note: Make sure that the entered password is at least 6 alphanumeric characters and not more than 8 characters in length. The password should not include any special characters other than underscore (’_’).
Note: The configure script also checks whether the LDAP utilities (such as ldapdelete, ldapmodify, and ldapsearch) are installed in your system. For Linux, a warning message is displayed if you have not installed any of these utilities in your system. For Solaris, LDAP utilities are shipped with SBR Carrier package.
- When you are prompted for the port number, enter the port
number that is used for communication between SBR Carrier and the
LDAP client.
- Specify whether you want to configure Steel-Belted Radius
Carrier for use with an Oracle database.
To support this option, the server must already be configured as an Oracle client (See Setting Up External Database Connectivity (Optional).).
Configuring for use with generic database
Do you want to configure for use with Oracle? [n]:If no, press Enter.
If yes, type y and press Enter. You are prompted for version and path information for the Oracle library files.
Do you want to configure for use with Oracle? [n]: y
Supported Oracle versions: 10, 11
What version of Oracle will be used? [10]: 10
Configuring for use with Oracle 10
Setting the environment variable ORACLE_HOME
Enter ORACLE_HOME [/dbms/u10/app/oracle/product/10.2.0]:
Enter path for Oracle shared libraries
[/dbms/u10/app/oracle/product/10.2.0/lib32]:
Setting the environment variable TNS_ADMIN
Enter TNS_AMDIN
[/dbms/u10/app/oracle/product/10.2.0/network/admin]:
| Note: Starting with Oracle 11 release, Oracle began shipping 32-bit libraries with a 32-bit client that is separate from the 64-bit server. Do not specify the Oracle 11 /lib directory that is shipped with the 64-bit server. Specify the Oracle 11 /lib directory that is shipped with the 32-bit client. |
- Specify whether you want the Steel-Belted Radius Carrier
server to communicate with an SS7 system using SIGTRAN.
To support this option, the server must already be configured to support SIGTRAN using Signalware. (See Installing the SIGTRAN Interface (Optional) for an overview, and SIGTRAN Support for Steel-Belted Radius Carrier for specific instructions.)
Do you want to configure for use with SS7? [n]: y Configuring for use with SS7 Setting the environment variable OMNI_HOME Enter OMNI_HOME [/opt/JNPRss7]:
Caution: On a Linux machine that is installed with Signalware, do not enable SCTP protocol for Diameter connections. Enabling SCTP for both Signalware and Diameter could completely disable SCTP on the machine.
- Specify whether you want to install the optional SNMP
module to monitor your Steel-Belted Radius Carrier server from an
SNMP management station.
Do you want to configure SNMP? [n]:
- If no, press Enter to proceed to the next prompt.
- If yes, type y and press Enter.
The installer prompts you for the information it needs to configure
the jnprsnmpd.conf and startsnmp.sh files.
- When you are prompted for a community string, enter the
community string used to validate information sent from the SNMP subagent
on the Steel-Belted Radius Carrier server to your SNMP management
station.
Choose a community string: public
- When you are prompted for a range of IPv4 addresses, specify
a starting IP address in Classless Inter-Domain Routing format. To
specify that only one host may query the agent, enter the IP address
of the host followed by /32. To specify
that any host on a designated class C network may query the agent,
enter the starting address of the network followed by /24.
Specify the range of IPv4 addresses that may query this agent, such as 1.2.3.0/24.
Address range: 192.168.70.0/24 - If you are using SNMPv2, enter the DNS name or IP address
of the trap sink that you want to receive trap information from the
SNMP subagent on the Steel-Belted Radius Carrier server.
SNMPv2 trap sink: 192.168.70.86
- Set the SNMP agent port.
Although you may specify the default SNMP port, 161, we recommend that you specify a different port to avoid contention with other agents that are likely to already be using 161. If you choose an alternate port, make a note of it because your MIB browser needs to be configured to the same setting.
Specify SNMP agent listening port[161]: 24161
- Specify a trap sink address, if required.
Optionally specify a trap sink address that will receive SNMPv2 trap
[localhost]: 172.28.72.83 2
SNMPv2 trap sink port[162]:
Configuration of SNMP complete.
- When you are prompted for a community string, enter the
community string used to validate information sent from the SNMP subagent
on the Steel-Belted Radius Carrier server to your SNMP management
station.
- The script searches for the Java 1.7.0 or later version
in the default system path and displays a confirmation message if
found.
Configuring Admin GUI Webserver Compatible Java version found : 1.7.0_20
If the specific version is not found, the script prompts you to enter the path where the specific Java version is installed in your system.
Enter Java version 1.7 installed path :
- Specify whether you want to install a custom SSL certificate
for the Web GUI.
Do you want to install custom SSL certificate for Admin WebServer? [n]:
- If no, press Enter. A self-signed certificate is created and installed in your server.
- If yes, enter y and press Enter.
You are prompted to enter the absolute path where the SSL certificate
is available. For example, /opt/customSSLCert.pfx.
Enter the absolute path to certificate. Note: Only *.pfx files are accepted. (Example-/opt/customSSLCert.pfx):
When you are prompted for the password, enter the password to open the SSL certificate.
Enter the password to open the certificate :
- Specify whether you want to configure the Steel-Belted
Radius Carrier software (both RADIUS and SSR processes as appropriate
for the given node type) to autoboot (restart automatically when the
operating system is restarted). We recommend that you enable this
behavior.
Enable (e), disable (d), or preserve (p) autoboot scripts [e]: e
A local /radiusdir/radius/sbrd script is always created, and /opt/JNPRhadm/sbrd is always a symbolic link to this local copy.
- If you enter e (enable), the configure script copies the local sbrd script to /etc/init.d, where it is automatically invoked by the OS whenever the OS is stopped or started.
- If you enter d (disable), the configure script removes all copies of the sbrd script from /etc/init.d, thus, disabling autoboot for all versions of Steel-Belted Radius Carrier.
- If you enter p (preserve), the configure script does nothing, thereby leaving your previous autoboot scripts unchanged.
- When prompted, confirm that you want the installation
to proceed and to configure Steel-Belted Radius Carrier with the specified
settings. When the script finishes, it displays:
The SBR Admin Web GUI can be launched using the following URL: https://<servername>:2909 Configuration complete
- Configure the two data nodes in the Starter Kit using the procedure described in Setting Up Data Node Hosts Included with the Starter Kit.
