Creating a Transition Server
To set up a transition server to temporarily take the place of your existing cluster, you need to prepare the server, install software, and configure the database.
Preparing the Transition Server
Preparing the Transition Server
To prepare the transition server:
Select the server.
The server must meet all the Release 8.6.0 hardware and software requirements listed in Before You Install Software.
If the server is part of your existing cluster:
We recommend using the most powerful (the most RAM and greatest number of processors) server available because it processes a heavier-than-normal load during the transition.
We recommend using an SBR or management node, rather than a data node, to reduce front end processing on the old cluster and to maintain data redundancy.
If the server is acting as the transition server to be reconfigured as part of the new SSR Starter Kit cluster when it is reconfigured, it must be a combined SBR Carrier/management node host in a four-server cluster.
If you use Centralized Configuration Management to replicate SBR Carrier node configurations among a group of like nodes, the transition server cannot assume the role of primary CCM server in the new cluster because it is not the first SBR Carrier node to be configured.
Four-Server Strategy Only
If the transition server is one of the existing cluster’s SBR (S) or management (M) nodes:
Navigate to the radius/install subdirectory of the directory where the server package was installed. As root, stop the RADIUS processes:
Execute:
sbrd stop radiusAs root, identify and kill the ndb_mgmd and mysql processes.
Execute:
Ps –ef|grep ndb_mgmd
kill -9 <Ndb_mgmd process_id>Ps –ef|grep mysql
kill -9 <mysql process_id>Remove the Admin node and SBR node from the server.
Execute:
InstallAdminNode.sh – u
pkgrm JNPRsbrPerform all other tasks required to make the server conform to all installation prerequisites listed in Before You Install Software.
Unpacking and Configuring the New Software on the Transition Server
Unpacking and Configuring the New Software on the Transition Server
Before starting this procedure, review Before You Install Software. In particular, review requirements for Setting Up External Database Connectivity (Optional) and Installing the SIGTRAN Interface (Optional). Steps in this procedure require the server to be preconfigured for these capabilities.
To unpack and configure the software on the transition server:
Log in as root.
Download, unpack, and install (pkgadd -d) the Steel-Belted Radius Carrier software package.
See Unpacking Session State Register Software for complete instructions.
Navigate to the radius/install subdirectory of the directory in which the JNPRsbr package was installed (/opt/JNPRsbr/radius/install by default):
Execute:
cd /opt/JNPRsbr/radius/install/Execute the configure script to set up the Steel-Belted Radius Carrier server software:
Execute:
./configureReview and accept the Steel-Belted Radius Carrier license agreement.
Press the spacebar to move from one page to the next. When you are prompted to accept the terms of the license agreement, enter y.
Do you accept the terms in the license agreement? [n] y
From the menu of configuration tasks, enter 5 to specify the type of installation as the Create Temporary Cluster.
Configuring SBR Software
--------------------------------------------------------------------------- SBR 8.60.50006 cluster on SunOS 5.10 Generic_141444-09 node sbrha-4 is not configured and processes are down, needs to be configured ---------------------------------------------------------------------------
1. Unconfigure Cluster Node Not used when merely updating existing cluster definitions.
2. Generate Cluster Definition Creates new or updates existing cluster definitions. Modifies the shared directory but does not modify this node.
3. Configure Cluster Node To be preceded by ’Generate Cluster Definition’ on any node. Must be invoked on each and every node of the cluster.
4. Reconfigure RADIUS Server Only on SBR nodes, updates the existing SBR configuration.
5. Create Temporary Cluster Used to approximate a cluster using only this one machine. Intended for migration and demonstration purposes only.
6. Upgrade From Restricted Cluster License Used to upgrade from restricted cluster to regular cluster. Removes database restriction on the number of concurrent sessions and enables the addition of an expansion kit license
Enter the number of the desired configuration task or quit (2,q): 5
Specify the name of the cluster.
Enter the name exactly as you specified it in Table 9.
Enter SBR cluster name [MyCluster]: MyCluster
A warning prompt is displayed that explains the terms and limitations of the transition node.
Enter the SSR Starter Kit license number, the license number for one SBR node, and a blank line.
While migrating to the new cluster, you are permitted to use the same licenses for the transition server as for the new cluster.
Enter Starter Kit license: xxxx xxxx xxxx xxxx Enter SBR licenses meant only for this particular SBR node. Enter one license per line and an empty line when finished. Enter SBR full license: xxxx xxxx xxxx xxxx Enter SBR feature license:
Enter passwords for two internal accounts. The password input is not echoed to the screen; the fields appear to be blank.
All cluster nodes will share the same Session State Register (SSR). Setting password for SSR admin account hadmsql Password: Again: Setting password for SSR software account hadmsbr Password: Again:
The system generates the required configuration files and prompts you to view, accept, or reject them. Enter a to accept them and continue or v to view them.
Caution We recommend that you enter an r to reject them only if a serious error was made when you provided information. We recommend that you not edit these files.
Reviewing Configuration Files... ---------------------------------------------------------------------------
/opt/JNPRsbr/radius/install/tmp/dbcluster.rc /opt/JNPRsbr/radius/install/tmp/config.ini /opt/JNPRsbr/radius/install/tmp/my.cnf /opt/JNPRsbr/radius/install/tmp/dbclusterndb.gen
View (v), accept (a), or reject (r) configuration files: a
Specify whether you want to use the JRE installed in your system to enable JDBC plug-ins and JavaScript implementation.
Do you want to configure Java Runtime Environment for JDBC Feature [n] :
If no, press Enter to proceed to the next prompt. SBR Carrier does not support JDBC plug-ins unless you specify a valid JRE path.
If yes, type y and press Enter. You are prompted to specify the path where the JRE is installed in your system. The Java Virtual Machine (JVM) architecture should be compatible with SBR Carrier.
Note Java 1.8.0 or a later version is required to access the Web GUI. To support both JDBC plug-ins and Web GUI, it is recommended to use Java 1.8.0 or a later version with the JVM architecture compatible with your SBR Carrier. For example, if you are using the 64-bit version of SBR Carrier, you must use the 64-bit version of Java 1.8.0 or later.
Enter 64-bit libjvm.so path (Ex: /opt/jvm/jre/lib/amd64/server/ ) :
Note If you enter an incorrect JVM path three times, SBR Carrier proceeds to the next step. In this case, you will not be able to use JDBC plug-ins. To specify the valid JVM path, you need to run the configure script again.
Supply the name of the initial admin user, root.
Enter initial admin user (UNIX account must have a valid password) [root]:
Press Enter to accept the default, root.
Do not set up centralized configuration management (CCM).
Enable Centralized Configuration Management (CCM) for this SBR node? [n]:
Specify whether you want to use the auto-restart module that automatically restarts the SBR Carrier server in case of an unexpected shutdown.
Do you want to enable "Radius WatchDog" Process? [n]: Y Radius WatchDog feature set to Enable Please ensure that Perl 5 or better is installed.
Note If Perl version 5 is not installed, the radiusd script will not run, even if enabled by configuration, and SBR Carrier will operate without the auto-restart module running.
Specify whether you want to configure SBR Carrier to provide LDAP server emulation for configuration and statistics using the LCI.
Do you want to enable LCI? [n] :
If no, press Enter to accept the default.
If yes, enter y and press Enter. You are prompted to provide information for LCI configuration.
When you are prompted for the port number, enter the port number that is used for communication between SBR Carrier and the LDAP client.
Note SBR Carrier uses port 667 as the default for LDAP emulation to avoid conflict with other LDAP servers.
Configure LCI Port [667]: 1026
The script displays the interfaces available in the system. When you are prompted to enter interface addresses on which Steel-Belted Radius Carrier should listen for LCI requests, enter the addresses you want to use from the Available Interfaces list.
LCI Interface Configuration : Available interfaces : 127.0.0.1 10.212.10.66 HELP : Enter one interface per line and an empty line when finished. Enter LCI interface addresses from the above list. Enter LCI interface address : 10.212.10.66 Enter LCI interface address : 127.0.0.1 Enter LCI interface address :
Note SBR Carrier uses all interfaces for listening to LCI requests if you do not enter any interfaces.
Specify whether you want to change the default LCI password to prevent unauthorized LDAP clients from accessing your database.
Do you want to change LCI Password? [n]:
If no, press Enter to accept the default password.
If yes, enter y and press Enter. You are prompted to enter a new password.
Do you want to change LCI Password? [n]: Y Password must meet the following requirements: 1. 6-8 Alphanumeric characters. 2. No Special characters other than underscore (’_’). Enter Password: Confirm Password: Password will be changed when SBR restarts.
Note Make sure that the entered password is at least 6 alphanumeric characters and not more than 8 characters in length. The password should not include any special characters other than underscore (’_’).
Note The configure script also checks whether the LDAP utilities (such as ldapdelete, ldapmodify, and ldapsearch) are installed in your system. For Linux, a warning message is displayed if you have not installed any of these utilities in your system. For Solaris, LDAP utilities are shipped with SBR Carrier package.
Specify whether you want to configure Steel-Belted Radius Carrier for use with an Oracle database.
To support this option, the server must already be configured as an Oracle client. (See Setting Up External Database Connectivity (Optional).)
Configuring for use with generic database Do you want to configure for use with Oracle? [n]:
If no, press Enter to accept the default.
If yes, type y and press Enter. You are prompted for version and path information for the Oracle library files.
Do you want to configure for use with Oracle? [n]: y
Supported Oracle versions: 10, 11, 12
What version of Oracle will be used? [10]: 10
Configuring for use with Oracle 10
Setting the environment variable ORACLE_HOME
Enter ORACLE_HOME [/dbms/u10/app/oracle/product/10.2.0]:
Setting the environment variable LD_LIBRARY_PATH
Enter path for Oracle shared libraries [/dbms/u10/app/oracle/product/10.2.0/lib]:
Setting the environment variable TNS_ADMIN
Enter TNS_AMDIN [/dbms/u10/app/oracle/product/10.2.0/network/admin]:Note You must configure 64-bit Oracle client for 64-bit SBR Carrier.
Specify whether you want the Steel-Belted Radius Carrier server to communicate with an SS7 system using SIGTRAN.
To support this option, the server must already be configured to support SIGTRAN using Signalware. (See Installing the SIGTRAN Interface (Optional) for an overview, and SIGTRAN Support for Steel-Belted Radius Carrier for specific instructions.)
Do you want to configure for use with SIGTRAN? [n]: y Configuring for use with SIGTRAN Setting the environment variable OMNI_HOME Enter OMNI_HOME [/opt/JNPRss7]:
Specify whether you want to start the GWrelay process while executing the ./sbrd start script.
Do you want to enable "GWrelay" Process? [n]: y GWrelay will be started with sbrd
Specify whether you want to install the optional SNMP module to monitor your Steel-Belted Radius Carrier server from an SNMP management station.
Do you want to configure SNMP? [n]:
If no, press Enter to proceed to the next prompt.
If yes, type y and press Enter. The installer prompts you for the information it needs to configure the jnprsnmpd.conf and startsnmp.sh files.
When you are prompted for a community string, enter the community string used to validate information sent from the SNMP subagent on the Steel-Belted Radius Carrier server to your SNMP management station.
Choose a community string: public
When you are prompted for a range of IPv4 addresses, specify a starting IP address in Classless Inter-Domain Routing format. To specify that only one host may query the agent, enter the IP address of the host followed by /32. To specify that any host on a designated class C network may query the agent, enter the starting address of the network followed by /24.
Specify the range of IPv4 addresses that may query this agent, such as 1.2.3.0/24.
Address range: 192.168.70.0/24If you are using SNMPv2, enter the DNS name or IP address of the trap sink to receive trap information from the SNMP subagent on the Steel-Belted Radius Carrier server.
SNMPv2 trap sink: 192.168.70.86
Set the SNMP agent port.
Although you may specify the default SNMP port, 161, we recommend that you specify a different port to avoid contention with other agents that are likely to already be using 161. If you choose an alternate port, make a note of it because your MIB browser needs to be configured to the same setting.
Specify SNMP agent listening port[161]: 24161
Specify a trap sink address, if required.
Optionally specify a trap sink address that will receive SNMPv2 trap
[localhost]: 172.28.72.83 2
SNMPv2 trap sink port[162]:
Configuration of SNMP complete.
The script searches for the Java 1.8.0 or later version in the default system path and displays a confirmation message if found.
Configuring Admin GUI Webserver Compatible Java version 1.8.0_66 found in: /usr/java/jdk1.8.0_66
If the specific version is not found, the script prompts you to enter the path where the specific Java version is installed in your system.
Enter Java version 1.8 installed path :
Specify whether you want to install a custom SSL certificate for the Web GUI.
Do you want to install custom SSL certificate for Admin WebServer? [n]:
If no, press Enter. A self-signed certificate is created and installed in your server.
If yes, enter y and press Enter. You are prompted to enter the absolute path where the SSL certificate is available. For example, /opt/customSSLCert.pfx.
Enter the absolute path to certificate. Note: Only *.pfx files are accepted. (Example-/opt/customSSLCert.pfx):
When you are prompted for the password, enter the password to open the SSL certificate.
Enter the password to open the certificate :
Specify whether you want to configure the Steel-Belted Radius Carrier server to autoboot (restart automatically when the operating system is restarted). We recommend that you enable autoboot behavior.
Enable (e), disable (d), or preserve (p) autoboot scripts [e]: e
A local /radiusdir/radius/sbrd script is always created, and /opt/JNPRhadm/sbrd is always a symbolic link to this local copy.
If you enter e (enable), the configure script copies the local sbrd script to /etc/init.d, where it is automatically invoked by the OS whenever the OS is stopped or started.
If you enter d (disable), the configure script removes all copies of the sbrd script from /etc/init.d, thus, disabling autoboot for all versions of Steel-Belted Radius Carrier.
If you enter p (preserve), the configure script nothing, thereby leaving your previous autoboot scripts unchanged.
When you finish entering settings, the script configures Steel-Belted Radius Carrier with the specified settings and then displays:
The SBR Admin Web GUI can be launched using the following URL: https://<servername>:2909 Configuration complete
Enter q to end the script.
--------------------------------------------------------------------------- SBR 8.60.50006 temporary cluster cambridge on SunOS 5.10 Generic_141444-09 node sbrha-4(smdt) is configured and processes are down, may be reconfigured if desired ---------------------------------------------------------------------------
1. Unconfigure Cluster Node Not used when merely updating existing cluster definitions.
2. Generate Cluster Definition Creates new or updates existing cluster definitions. Modifies the shared directory but does not modify this node.
3. Configure Cluster Node To be preceded by ’Generate Cluster Definition’ on any node. Must be invoked on each and every node of the cluster.
4. Reconfigure RADIUS Server Only on SBR nodes, updates the existing SBR configuration.
5. Create Temporary Cluster Used to approximate a cluster using only this one machine. Intended for migration and demonstration purposes only.
6. Upgrade From Restricted Cluster License Used to upgrade from restricted cluster to regular cluster. Removes database restriction on the number of concurrent sessions and enables the addition of an expansion kit license
READY: last operation succeeded, created temporary cluster. Enter the number of the desired configuration task or quit (4,q): q
Configuring the Transition Server
Configuring the Transition Server
After the new software is configured, you need to configure the transition server as a temporary replacement for your existing cluster. All cluster traffic is ultimately switched to this single transition server temporarily, while you take the other nodes in the existing cluster down and upgrade and reconfigure them. So, you need to configure the temporary transition server as close to your existing configuration as possible. To do this, you need to configure the server configuration files on the temporary transition server for you environment.
We recommend that you complete the configuration of all server initialization (.ini) files, authentication (.aut) files, accounting (.acc) files, as well as configure any proxy setup you may require. Carefully review the SBR Carrier Reference Guide and configure all files for you environment prior to starting the temporary transition server.
Also review the SBR Carrier Administration and Configuration Guide, and plan the configuration steps for your particular environment. You cannot connect to the transition server with Web GUI until the RADIUS process is started; however, we recommend you plan out the administration of the server before starting the RADIUS process.
After you have completed the configuration of the various configuration files described in the SBR Carrier Reference Guide, remember to come back and complete this procedure.
Start the ssr process.
As root, execute:
cd /opt/JNPRsbr/radius
./sbrd start ssrStatus messages are displayed as the programs start:
Starting ssr management processes Starting ssr auxiliary processes Starting ssr data processes
Create the session database.
Log on as hadm and execute:
./CreateDB.shIf you need to customize the sessions database to match your existing session database, see Customizing the SSR Database Current Sessions Table.
(Optional) If you are using IP address pools in your existing cluster, you may need to either configure new IP address ranges, or taper off the use of a range from your existing cluster by removing a range and waiting for the addresses to be released to avoid giving out conflicting IP addresses to multiple users. For details on setting up IP address pools and ranges using the SSR Administration Scripts, see the SBR Carrier Administration and Configuration Guide.
Note We recommend you check with the Juniper Networks Technical Assistance Center (JTAC) if you are using IP address pools and setting up a transition server.
Navigate to the radius/install subdirectory of the directory in which the JNPRsbr package was installed (/opt/JNPRsbr/radius/install by default), and start the RADIUS process:
As root, execute:
sbrd start radiusStatus messages are displayed as the programs start:
Starting radius server processes RADIUS: Process ID of daemon is 13224 RADIUS: Starting DCF system RADIUS: Configuration checksum: 2D D6 38 1D RADIUS started . . . RADIUS: DCF system started
Finish configuring the transition server using Web GUI. Follow the steps outlined in Basic SBR Carrier Node Configuration. For complete details, see the SBR Carrier Administration and Configuration Guide.
After you have finished configuring the temporary transition server and you are sure it is configured properly to handle all traffic, you can switch all traffic to the transition server. See Switching Traffic to the Transition Server.
Switching Traffic to the Transition Server
Switching Traffic to the Transition Server
After the transition server is set up and tested, and a working database created, reconfigure the site’s routers to gradually direct traffic to the transition server instead of to the existing cluster’s SBR servers.
When the transition server is handling all traffic, back up your existing cluster servers and take them offline.