Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation  Back up to About Overview 
  
[+] Expand All
[-] Collapse All

Setting Up a Starter Kit’s First SBR/Management Node

This section describes installing software on the first server in a Starter Kit cluster, usually a server that you want to host a SBR node/management node (sm). The procedure for this first server is unique because it includes creating configuration files for all nodes in the cluster.

Tip: If you are going to use centralized Configuration Management (CCM) to share SBR Carrier configuration files between SBR nodes, remember that the primary server must be installed before replicas. You want the first server you work on in the cluster to be the CCM primary server.

Configuring the Host Software on the First Server in the Cluster

Before starting this procedure, review Before You Install Software. In particular, review requirements for: Setting Up External Database Connectivity (Optional) and Installing the SIGTRAN Interface (Optional), as steps in this procedure require the server to be preconfigured for these capabilities.

To install software on the first server in a cluster, which you want to host a SBR Carrier and a Management Node:

  1. As root, navigate to the directory where you installed the Steel-Belted Radius Carrier package. For information about directory in which Steel-Belted Radius Carrier package is installed, see Unpacking Session State Register Software.

    Then, navigate to the radius/install subdirectory and run:

    Execute:
    cd /opt/JNPRsbr/radius/install/

  2. Run the configure script:

    Execute:
    ./configure

  3. Review and accept the Steel-Belted Radius Carrier license agreement.

    Press the spacebar to move from one page to the next. When you are prompted to accept the terms of the license agreement, enter y.

    Do you accept the terms in the license agreement? [n] y

  4. From the menu of configuration tasks, enter 2 to specify “Generate Cluster Definition.”
    Configuring SBR Software
    ---------------------------------------------------------------------------
    SBR 8.30.50006 cluster 
    on SunOS 5.10 Generic_141444-09 node MyNode_1
    is not configured and processes are down, needs to be configured
    ---------------------------------------------------------------------------
    1.  Unconfigure Cluster Node
            Not used when merely updating existing cluster definitions.
    2.  Generate Cluster Definition
            Creates new or updates existing cluster definitions.
            Modifies the shared directory but does not modify this node.
    3.  Configure Cluster Node
            To be preceded by ’Generate Cluster Definition’ on any node.
            Must be invoked on each and every node of the cluster.
    4.  Reconfigure RADIUS Server
            Only on SBR nodes, updates the existing SBR configuration.
    5.  Create Temporary Cluster
            Used to approximate a cluster using only this one machine.
            Intended for migration and demonstration purposes only.
    6.  Upgrade From Restricted Cluster License
            Used to upgrade from restricted cluster to regular cluster.
            Removes database restriction on the number of concurrent
            sessions and enables the addition of an expansion kit license
    Enter number of desired configuration task, or q to quit [2]: 2
    
  5. Specify the name of the cluster.

    Enter the name exactly as you specified it in Table 9.

    Enter SBR cluster name [MyCluster]: MyCluster

  6. Enter SSR license numbers and the number and type of nodes in the cluster.

    If a Restricted Cluster license is provided as input for a Starter Kit license, you are not prompted for an Expansion Kit license. By default, you have a minimal cluster of two SBR nodes, two management nodes, and two data nodes.

    The SBR Cluster Starter Kit license allows you to create a minimal
    cluster of 2 SBR nodes, 2 management nodes, and 2 data nodes.  When
    each node is installed on a separate machine the cluster topology is
    denoted as {2s,2m,2d}.  When SBR nodes are paired with management
    nodes on the same machines the cluster topology is denoted as {2sm,2d}.
    An optional SBR Cluster Management Expansion Kit allows you to add a
    third management node for {2sm,1m,2d} and an optional Data Expansion
    Kit allows you to add 2 more data nodes for {2sm,1m,4d} clusters.
    Additional SBR licenses allow you to add up to 18 more SBR nodes to
    obtain a maximal cluster {18s,2sm,1m,4d} and/or enable extra features.
    While it is not difficult to add management and/or SBR nodes to an
    existing cluster, adding data nodes is more difficult and may require
    you to shutdown the entire cluster as opposed to a rolling restart.
    Enter Starter Kit license: 1234 5678 9100 1234 5678 9100 0050
    Enter Management Expansion Kit license, if any: 
    Enter Data Expansion Kit license, if any: 
    Enter total number of SBR nodes to be configured [2]: 2
    Enter number of management nodes to be paired with SBR nodes [2]: 2
    
  7. Verify the configuration that you specified is accurate, and enter y to continue.
    Creating cluster cambridge{0s,2sm,0m,2d}
    will require 4 machines total.  Do you wish to continue? [y]:y
    All cluster nodes will share the same Session State Register (SSR).
    Setting password for SSR admin account hadmsql
    Password:
    Again:
    Setting password for SSR software account hadmsbr
    Password:
    Again:
    Information will now be gathered for each machine in the cluster.
    You will have a chance to review all information at least once
    before any machines are modified.
  8. Enter, for each node:
    • The node name
    • Type of node
    • Node ID
    • SBR Carrier license numbers (if required)
    • The IP address for each node

    The information you need is in Table 9.

    Information will now be gathered for each machine in the cluster.
    You will have a chance to review all information at least once
    before any machines are modified.
    ---------------------------------------------------------------------------
    SBR 8.30.50006 cluster MyCluster{0s,2sm,0m,2d}
    on SunOS 5.10 Generic_141444-09 node MyNode_1
    Partial configuration at present is {0s,0sm,0m,0d} of {0s,2sm,0m,2d}
    ---------------------------------------------------------------------------
    Enter node name [MyNode_1]: MyNode_1
    Enter node type (sm) [sm]: sm
    Enter SBR node ID (30-59) [30]: 
    Enter SBR node IP address by which it is known to management nodes.
    Enter SBR node IP address: 192.168.0.1
    Enter SBR licenses meant only for this particular SBR node.
    Enter one license per line and an empty line when finished.
    Enter SBR full license: 1234 5678 9100 1234 5678 9100 0050
    Enter SBR feature license: 
    Enter MGMT node ID (1-3) [1]: 
    Enter MGMT node IP address by which it is known to other nodes.
    Enter MGMT node IP address: 192.168.0.1
    ---------------------------------------------------------------------------
    SBR 8.30.50006 cluster MyCluster{0s,2sm,0m,2d}
    on SunOS 5.10 Generic_141444-09 node MyNode_1(sm)
    Partial configuration at present is {0s,1sm,0m,0d} of {0s,2sm,0m,2d}
    ---------------------------------------------------------------------------
    Enter node name [MyNode_2]: MyNode_2
    Enter node type (sm,d) [sm]: sm
    Enter SBR node ID (30-59) [31]: 
    Enter SBR node IP address by which it is known to management nodes.
    Enter SBR node IP address: 192.168.0.2
    Enter SBR licenses meant only for this particular SBR node.
    Enter one license per line and an empty line when finished.
    Enter SBR full license: 1234 0000 0012 0001 0050 0832 5678
    Enter SBR feature license: 
    Enter MGMT node ID (1-3) [2]: 
    Enter MGMT node IP address by which it is known to other nodes.
    Enter MGMT node IP address: 192.168.0.2
    ---------------------------------------------------------------------------
    SBR 8.30.50006 cluster MyCluster{0s,2sm,0m,2d}
    on SunOS 5.10 Generic_141444-09 node MyNode_2(sm)
    Partial configuration at present is {0s,2sm,0m,0d} of {0s,2sm,0m,2d}
    ---------------------------------------------------------------------------
    Enter node name [MyNode_3]: MyNode_3
    Enter node type (d) [d]: 
    Enter DATA node ID (10-19) [10]: 18
    Enter DATA node IP address by which it is known to management nodes.
    Enter DATA node IP address: 192.168.0.18
    ---------------------------------------------------------------------------
    SBR 8.30.50006 cluster MyCluster{0s,2sm,0m,2d}
    on SunOS 5.10 Generic_141444-09 node MyNode_3 (sm)
    Partial configuration at present is {0s,2sm,0m,1d} of {0s,2sm,0m,2d}
    ---------------------------------------------------------------------------
    Enter node name [MyNode_4]: MyNode_4
    Enter node type (d) [d]: 
    Enter DATA node ID (10-19) [11]: 19
    Enter DATA node IP address by which it is known to management nodes.
    Enter DATA node IP address: 192.168.0.19
    ---------------------------------------------------------------------------
    SBR 8.30.50006 cluster MyCluster{0s,2sm,0m,2d}
    on SunOS 5.10 Generic_141444-09 node MyNode_4
    Generated configuration is {0s,2sm,0m,2d} of {0s,2sm,0m,2d}
    ---------------------------------------------------------------------------
  9. The system generates the required configuration files and prompts you to view, accept, or reject them. Enter a to accept them and continue or v to view them.

    Caution: We recommend that you enter an r to reject them only if a serious error was made when you provided information. We recommend that you not edit these files.

    Reviewing Configuration Files...
    ---------------------------------------------------------------------------
    /opt/JNPRsbr/radius/install/tmp/dbcluster.rc
    /opt/JNPRsbr/radius/install/tmp/config.ini
    /opt/JNPRsbr/radius/install/tmp/my.cnf
    /opt/JNPRsbr/radius/install/tmp/dbclusterndb.gen
    View (v), accept (a), or reject (r) configuration files: a
  10. From the menu of configuration tasks, enter 3 to specify “Configure Cluster Node.”
    ---------------------------------------------------------------------------
    SBR 8.30.50006 cluster 
    on SunOS 5.10 Generic_141444-09 node MyNode_2
    is not configured and processes are down, needs to be configured
    ---------------------------------------------------------------------------
    1.  Unconfigure Cluster Node
            Not used when merely updating existing cluster definitions.
    2.  Generate Cluster Definition
            Creates new or updates existing cluster definitions.
            Modifies the shared directory but does not modify this node.
    3.  Configure Cluster Node
            To be preceded by ’Generate Cluster Definition’ on any node.
            Must be invoked on each and every node of the cluster.
    4.  Reconfigure RADIUS Server
            Only on SBR nodes, updates the existing SBR configuration.
    5.  Create Temporary Cluster
            Used to approximate a cluster using only this one machine.
            Intended for migration and demonstration purposes only.
    6.  Upgrade From Restricted Cluster License
            Used to upgrade from restricted cluster to regular cluster.
            Removes database restriction on the number of concurrent
            sessions and enables the addition of an expansion kit license
    Enter number of desired configuration task, or q to quit [2]: 3
    
  11. Specify the name of the cluster.

    Enter the name exactly as you specified it in Table 9.

    Enter SBR cluster name [MyCluster]: MyCluster

  12. Specify whether you want to use the JRE installed in your system to enable JDBC plug-ins and JavaScript implementation.
    Do you want to configure Java Runtime Environment for JDBC Feature [n] : 
    • If no, press Enter to proceed to the next prompt. SBR Carrier does not support JDBC plug-ins unless you specify a valid JRE path.
    • If yes, type y and press Enter. You are prompted to specify the path where the JRE is installed in your system. The Java Virtual Machine (JVM) architecture should be compatible with SBR Carrier.

      Note: Java 1.7.0 or a later version is required to access the Web GUI. To support both JDBC plug-ins and Web GUI, it is recommended to use Java 1.7.0 or a later version with the JVM architecture compatible with your SBR Carrier. For example, if you are using the 32-bit version of SBR Carrier, you must use the 32-bit version of Java 1.7.0 or later.

      Enter 32-bit libjvm.so path (Ex: /opt/jvm/jre/lib/i386/client/ ) : 

      Note: If you enter an incorrect JVM path three times, SBR Carrier proceeds to the next step. In this case, you will not be able to use JDBC plug-ins. To specify the valid JVM path, you need to run the configure script again.

  13. The script prompts for the type of installation, either a new installation or a migration from an earlier release:
    Please enter backup or radius directory from which to migrate.
    Enter n for new configuration, s to search, or q to quit
    [n]: n
    • For a new installation, enter n.
    • If you are migrating an existing Steel-Belted Radius Carrier installation and have copied a previous release’s files to the Release 8.3.0 server (in Creating a Copy of Existing SBR Server Release Files for Migration), enter the directory path to the copy of the old installation.

      For example:

      [/opt/JNPRsbr/PreviousInstall]:
    • If you want to search well known locations in the file system for pre-existing installations or backups of SBR software, enter s. You are presented with a list of directories from which you may choose to migrate, if any are found.
  14. Specify the username of the UNIX account that you intend to use to gain access to this machine using the Web GUI. The UNIX account must be defined on this machine (for example by /etc/passwd or NIS) and must have a valid, non-empty password. Additional accounts may be specified using the Web GUI.
    Enter initial admin user (UNIX account must have a valid password) [root]: 

    Press Enter to accept the default, root.

  15. Specify whether you want to set up Centralized Configuration Management (CCM).

    CCM allows you to replicate substantial portions of a particular SBR node's configuration across multiple SBR nodes. The SBR node to be replicated is known as the primary and the SBR nodes on which the primary configuration is replicated are known as replicas. The entire set of an SBR primary and all of its replicas are known as an SBR replication group. Although any given SBR replication group typically includes all SBR nodes in a particular SSR cluster, an SBR replication group can span multiple clusters (including standalone SBR nodes) or can span only a few SBR nodes in a cluster. SBR nodes for which CCM is not enabled are known as autonomous because they are configured independently of one another.

    The rest of this task assumes that you want to configure a typical SBR replication group that includes all SBR nodes in this cluster. If you do not want to enable CCM then skip the rest of this task.

    Enable Centralized Configuration Management (CCM) for this SBR node? [n]: y
    
  16. Specify the server role.
    1. When CCM is enabled, configure this first SBR/management (sm) node as an SBR primary.
      Configure SBR node as CCM primary (p) or replica (r)? [r]: p
    2. You are prompted to configure the primary secret you want to use on this SBR replication group:
      Enter primary host secret:

      Type the secret string and press Enter.

    3. You are prompted to confirm the primary secret.

      Confirm primary host secret:

      Type the secret string again and press Enter.

  17. Specify whether you want to use the auto-restart module that automatically restarts the SBR Carrier server in case of an unexpected shutdown.
    Do you want to enable "Radius WatchDog" Process? [n]: Y
    Radius WatchDog feature set to Enable
    Please ensure that Perl 5 or better is installed.
    

    Note: If Perl version 5 is not installed, the radiusd script will not run, even if enabled by configuration, and SBR Carrier will operate without the auto-restart module running.

  18. Specify whether you want to start the GWrelay process while executing the ./sbrd start script.
    Do you want to enable "GWrelay" Process? [n]: y
    GWrelay will be started with sbrd
  19. Specify whether you want to configure SBR Carrier to provide LDAP server emulation for configuration and statistics using the LCI.
    Do you want to enable LCI? [n] :
    • If no, press Enter to accept the default.
    • If yes, enter y and press Enter. You are prompted to provide information for LCI configuration.
      1. When you are prompted for the port number, enter the port number that is used for communication between SBR Carrier and the LDAP client.

        Note: SBR Carrier uses port 667 as the default for LDAP emulation to avoid conflict with other LDAP servers.

        Configure LCI Port [667]: 1026
        
      2. The script displays the interfaces available in the system. When you are prompted to enter interface addresses on which Steel-Belted Radius Carrier should listen for LCI requests, enter the addresses you want to use from the Available Interfaces list.
        LCI Interface Configuration :
        Available interfaces :
        127.0.0.1
        10.212.10.66
        
        HELP : Enter one interface per line and an empty line when finished.
        
        Enter LCI interface addresses from the above list.
        
        Enter LCI interface address : 10.212.10.66
        Enter LCI interface address : 127.0.0.1
        Enter LCI interface address :
        

        Note: SBR Carrier uses all interfaces for listening to LCI requests if you do not enter any interfaces.

      3. Specify whether you want to change the default LCI password to prevent unauthorized LDAP clients from accessing your database.
        Do you want to change LCI Password? [n]:
        • If no, press Enter to accept the default password.
        • If yes, enter y and press Enter. You are prompted to enter a new password.
          Do you want to change LCI Password? [n]: Y
          
          Password must meet the following requirements:
          
          1. 6-8 Alphanumeric characters.
          2. No Special characters other than underscore (’_’).
          
          Enter Password:
          Confirm Password:
          Password will be changed when SBR restarts.
          

        Note: Make sure that the entered password is at least 6 alphanumeric characters and not more than 8 characters in length. The password should not include any special characters other than underscore (’_’).

        Note: The configure script also checks whether the LDAP utilities (such as ldapdelete, ldapmodify, and ldapsearch) are installed in your system. For Linux, a warning message is displayed if you have not installed any of these utilities in your system. For Solaris, LDAP utilities are shipped with SBR Carrier package.

  20. Specify whether you want to configure Steel-Belted Radius Carrier for use with an Oracle database.

    To support this option, the server must already be configured as an Oracle client. (See Setting Up External Database Connectivity (Optional).)

    Configuring for use with generic database
    Do you want to configure for use with Oracle? [n]:

    If no, press Enter to accept the default.

    If yes, type y and press Enter. You are prompted for version and path information for the Oracle library files.

    Do you want to configure for use with Oracle? [n]: y
    Supported Oracle versions:  10, 11
    What version of Oracle will be used? [10]: 10
    Configuring for use with Oracle 10
    Setting the environment variable ORACLE_HOME
    Enter ORACLE_HOME [/dbms/u10/app/oracle/product/10.2.0]:
    Enter path for Oracle shared libraries
    [/dbms/u10/app/oracle/product/10.2.0/lib32]
    Setting the environment variable TNS_ADMIN
    Enter TNS_AMDIN [/dbms/u10/app/oracle/product/10.2.0/network/admin]:

Note: Starting with the Oracle 11 release, Oracle began shipping 32-bit libraries with a 32-bit client that is separate from the 64-bit server. Do not specify the Oracle 11 /lib directory that is shipped with the 64-bit server. Instead, specify the Oracle 11 /lib directory that is shipped with the 32-bit client.

  1. Specify whether you want the Steel-Belted Radius Carrier server to communicate with an SS7 system using SIGTRAN.

    If your SBR Carrier is using the optional SIM authentication module, or the WiMAX module with the EAP-AKA protocol, or the server is interfacing with a UMA or Femtocell network, you need to have Signalware installed to communicate with the SS7 network.

    To support this option, the server must already be configured to support SIGTRAN using Signalware. (See Installing the SIGTRAN Interface (Optional) for an overview, and SIGTRAN Support for Steel-Belted Radius Carrier for specific instructions.)

    Do you want to configure for use with SS7? [n]: y
    Configuring for use with SS7
    Setting the environment variable OMNI_HOME
    Enter OMNI_HOME [/opt/JNPRss7]: 

    Caution: On a Linux machine that is installed with Signalware, do not enable SCTP protocol for Diameter connections. Enabling SCTP for both Signalware and Diameter could completely disable SCTP on the machine.

  2. Specify whether you want to install the optional SNMP module to monitor your Steel-Belted Radius Carrier server from an SNMP management station.

    Do you want to configure SNMP? [n]:

    • If no, press Enter to proceed to the next prompt.
    • If yes, type y and press Enter. The installer prompts you for the information it needs to configure the jnprsnmpd.conf and startsnmp.sh files.
      1. When you are prompted for a community string, enter the community string used to validate information sent from the SNMP subagent on the Steel-Belted Radius Carrier server to your SNMP management station.

        Choose a community string: public

      2. When you are prompted for a range of IPv4 addresses, specify a starting IP address in Classless Inter-Domain Routing format. To specify that only one host may query the agent, enter the IP address of the host followed by /32. To specify that any host on a designated class C network may query the agent, enter the starting address of the network followed by /24.

        Specify the range of IPv4 addresses that may query this agent, such as 1.2.3.0/24.
        Address range: 192.168.70.0/24

      3. If you are using SNMPv2, enter the DNS name or IP address of the SNMP management station to receive trap information from the SNMP subagent on the Steel-Belted Radius Carrier server.

        SNMPv2 trap sink: 192.168.70.86

      4. Set the SNMP agent port.

        Although you may specify the default SNMP port, 161, we recommend that you specify a different port to avoid contention with other agents that are likely to already be using 161. If you choose an alternate port, make a note of it because your SNMP management station needs to be configured to the same setting.

        Specify SNMP agent listening port[161]: 24161

      5. Specify a trap sink address, if required.

        Optionally specify a trap sink address that will receive SNMPv2 trap
        [localhost]: 172.28.72.83 2
        SNMPv2 trap sink port[162]:
        Configuration of SNMP complete.

  3. The script searches for the Java 1.7.0 or later version in the default system path and displays a confirmation message if found.
    Configuring Admin GUI Webserver
    Compatible Java version found : 1.7.0_20
    

    If the specific version is not found, the script prompts you to enter the path where the specific Java version is installed in your system.

    Enter Java version 1.7 installed path : 
    
  4. Specify whether you want to install a custom SSL certificate for the Web GUI.
    Do you want to install custom SSL certificate for Admin WebServer? [n]:
    • If no, press Enter. A self-signed certificate is created and installed in your server.
    • If yes, enter y and press Enter. You are prompted to enter the absolute path where the SSL certificate is available. For example, /opt/customSSLCert.pfx.
      Enter the absolute path to certificate.
      Note: Only *.pfx files are accepted. (Example-/opt/customSSLCert.pfx):
      

      When you are prompted for the password, enter the password to open the SSL certificate.

      Enter the password to open the certificate :
  1. Specify whether you want to configure the Steel-Belted Radius Carrier software (both RADIUS and SSR processes as appropriate for the given node type) to autoboot (restart automatically when the operating system is restarted). We recommend that you enable autoboot behavior.

    Enable (e), disable (d), or preserve (p) autoboot scripts [e]: e

    A local radiusdir/radius/sbrd script is always created, and /opt/JNPRhadm/sbrd is always a symbolic link to this local copy.

    • If you enter e (enable), the configure script copies the local sbrd script to /etc/init.d, where it is automatically invoked by the OS whenever the OS is stopped or started.
    • If you enter d (disable), the configure script removes all copies of the sbrd script from /etc/init.d, thus disabling autoboot for all versions of the Steel-Belted Radius Carrier.
    • If you enter p (preserve), the configure script does nothing, thereby leaving your previous autoboot scripts unchanged.

    When you finish entering settings, the script configures Steel-Belted Radius Carrier with the specified settings and then displays:

    The SBR Admin Web GUI can be launched using the following URL:
    https://<servername>:2909
    
    Configuration complete
  2. Configure the second SBR/management node in the Starter Kit by following the procedure described in Setting Up the Second SBR/Management Node in a Starter Kit.

Modified: 2017-03-07