Cisco CNS Network Registrar Installation Guide, 6.1.1
2 - Installing and Upgrading
Downloads: This chapterpdf (PDF - 258.0KB) The complete bookPDF (PDF - 781.0KB) | Feedback

Installing and Upgrading Network Registrar

Table Of Contents

Installing and Upgrading Network Registrar

Checklist

Installation and Upgrade Procedure

Entering License Keys

Uninstalling Network Registrar

Uninstalling Network Registrar on Windows

Uninstalling Network Registrar on Solaris

Uninstalling Network Registrar on Linux

Starting and Stopping Servers

Starting and Stopping Servers on Windows

Starting and Stopping Servers on Solaris or Linux

Troubleshooting the Installation


Installing and Upgrading Network Registrar


This chapter describes how to install Network Registrar 6.1.1 on Windows, Solaris, or Linux systems. The chapter includes these sections:

Checklist

Installation and Upgrade Procedure

Entering License Keys

Uninstalling Network Registrar

Starting and Stopping Servers

Troubleshooting the Installation

Checklist

Before you perform the installation or upgrade, determine the following:

Does the system meet the minimum system requirements? (See the "System Requirements" section on page 1-4.)

On Windows, are other applications closed, especially virus scanning or automatic backup software programs?

Are the software license keys available? (Review the "License Keys" section on page 1-3.)

Am I authorized for the administrative privileges needed to install the software?

Do the desired installation servers have enough disk space?

Is this a new installation or an upgrade?

Is this a regional or local cluster installation?

Is the installation for a client and server, or client only?

Is Java installed and what is the current installation location?

Should the Web UI use an HTTP or secure HTTPS connection, or both?

Installation and Upgrade Procedure

Follow this procedure to install or upgrade Network Registrar. The procedure is essentially the same for a new installation or upgrade, except that the upgrade requires a few additional steps.


Step 1 Log in to the target machine using an account that has administrative privileges:

Windows—Account in the Administrators group.

Solaris and Linux—su (superuser) or root account.

Windows—Close all open applications, including any antivirus software. Also ensure that the visual notification setting is unchecked. This option prevents the servers from restarting automatically if a failure occurs unless you respond to a pop-up dialog box. The Visual Notification check box in Dr. Watson is usually enabled by default. Execute DRWTSN32.exe (normally in C:\\WINNT\system32), uncheck the Visual Notification check box, then click OK. (You can perform this step after installation.)

Step 2 Download and install the Java Runtime Environment (JRE) 1.3.1 or later, or the equivalent Java Development Kit (JDK). These are available from Sun Microsystems at their website. Proceed to the following steps based on the version of the Java you install and if you want secure login:

If you install JRE 1.4 or later and are configuring secure login, skip to Step 4.

If you install a Java version earlier than JRE 1.4 and are configuring secure login, go to Step 3.

If you do not want to configure secure login, skip to Step 5.

Step 3 To configure secure login with a Java version earlier than JRE 1.4, you must also download and install the Java Secure Socket Extension (JSSE) 1.0.2 or later, which is available from the Sun Microsystems website. This is the default JSSE installation directory:

Windows—C:\jsse1.0.2

Solaris and Linux—/jsse1.0.2

Step 4 To configure secure login, create a keystore file by using the Java keytool utility. This utility is located in the bin subdirectory of the Java installation. Use it either to (1) define a self-signed certificate or (2) point to a file for a certificate that you obtained from an external signing authority:

To create a keystore file containing a self-signed certificate that is valid for one year, run this command and respond to the prompts:

> java_home/bin/keytool -genkey -alias tomcat -keyalg RSA -validity 365 
-keystore keystore-file 
Enter keystore password: changeit 
What is your first and last name? 
[Unknown]: j doe 
What is the name of your organizational unit? 
[Unknown]: engineering 
What is the name of your organization? 
[Unknown]: example company 
What is the name of your City or Locality? 
[Unknown]: san jose
What is the name of your State or Province? 
[Unknown]: ca 
What is the two-letter country code for this unit? 
[Unknown]: us 
Is CN=j doe, OU=engineering, O=example company, L=san jose, ST=ca, C=us correct? 
[no]: yes 
Enter key password for <tomcat> 
(RETURN if same as keystore password): 

To create a keystore file and import a certificate file that you obtained from an external signing authority, run the keytool utility, as follows, and respond to the prompts:

> java_home/bin/keytool -genkey -alias tomcat -file certificate.cer 
-keystore keystore-file 
... 

The keystore-file is the fully qualified path to the keystore file you are creating. You will be entering the keystore path and password later in Step 12.


Caution The keystore password is stored in the server.xml file in the install-path\tomcat\conf directory, which is protected to have superuser access only. Because the password is visible as plain text in this file, do not change the file and directory permissions to make this file generally accessible.


Tip If you are planning multiple installations or upgrades at your site, you may want to prepare a silent installation or upgrade response file at this point. See Appendix A, "Performing a Silent Installation."


Step 5 Load the installation CD, or browse to the network resource where the Network Registrar software is located. If you download a distribution file from the Cisco website, run it from a different directory than where you will install Network Registrar.

Windows—The cnr_6_1_1-nt.exe file is a self-extracting executable file that places the setup file and other files in the directory where you run it. (If you are not configured for Autostart, run the setup.exe file in that directory.) The Welcome to Cisco Network Registrar window appears.

Click Next. The second welcome window introduces the setup program and reminds you to exit all current programs, including virus scanning software. If any programs are running, click Cancel, close these programs, and return to the start of Step 5. If you already exited all programs, click Next.

Solaris and Linux—Be sure that the gzip and gtar utilities are available to uncompress and unpack the installation files (see the GNU organization website for information). Follow these steps:

Download the distribution file.

Navigate to the directory to use for uncompressing and extracting the installation files.

Uncompress and unpack the gtar.gz file. Use gtar with the -z option:

gtar -zxpf cnr_6_1_1-linux.gtar.gz

To unpack the .gtar file that was already uncompressed using gunzip, omit the -z option:

gtar -xpf cnr_6_1_1-linux.gtar 

Run this command or program:

Solaris—Run the pkgadd command. Use the -d option to specify the directory from which you are installing. Use the -a option to allow two copies of the package to be present when you want to upgrade from a previous release. The name of the Network Registrar package is nwreg2:

pkgadd -a install-path/solaris/nwreg2/install/cnradmin -d install-path/solaris 
nwreg2 

Linux—Run the install_cnr script from the directory containing the installation files:

install-path./install_cnr 

The install-path is the CD-ROM directory with the installation files or the directory with the extracted Network Registrar installation files if they were downloaded electronically.

Step 6 Specify whether you want to install Network Registrar in local or regional cluster mode (see the "Overview" section on page 1-1):

Windows—Keep the default Network Registrar Local or choose Network Registrar Regional. Click Next. The Select Program Folder appears, where you determine the folder to store the program shortcuts in the Windows 2000 Start menu. Accept the default, enter another name, or choose a name from the Existing Folders list. Click Next.

Solaris and Linux—Enter 1 for local, or 2 for regional. The default mode is 1.

Step 7 Note these Network Registrar installation directories and make appropriate changes to meet your needs:

Windows default locations:

Local cluster—C:\Program Files\Network Registrar\Local

Regional cluster—C:\Program Files\Network Registrar\Regional

If you are upgrading, the process autodetects the installation directory from the previous release.

Solaris and Linux default locations:

Local cluster:

Program files—/opt/nwreg2/local

Data files—/var/nwreg2/local/data

Log files—/var/nwreg2/local/logs

Temporary files—/var/nwreg2/local/temp

Regional cluster:

Program files—/opt/nwreg2/regional

Data files—/var/nwreg2/regional/data

Log files—/var/nwreg2/regional/logs

Temporary files—/var/nwreg2/regional/temp

Step 8 If you are upgrading from a previous release, see the "Before Upgrading" section on page 1-3, then continue with the following steps. If you are performing a new installation, skip to Step 9.

a. Choose whether to keep the previous configuration or choose a new one:

Windows—Keep the default Upgrade configuration database, or choose Create new configuration database. Click Next.

Solaris and Linux—Enter y to upgrade the previous configuration database, or n to create a new one.

If the upgrade process cannot determine the database version, you can choose 5.0, 5.5, or 6.0 (or later).

b. Choose whether or not you want to archive the existing binaries and database. The default and recommended choice is Yes or y:

If you choose to archive the files, specify the archive directory. These are the default directories:

Windows—Local cluster (C:\\Program Files\Network Registrar\Local.sav); Regional cluster (C:\\Program Files\Network Registrar\Regional.sav). Click Next.

Solaris and Linux—Local cluster (/opt/nwreg2/local.sav); Regional cluster (/opt/nwreg2/regional.sav)

Step 9 Choose the appropriate installation type—server and client (the default), or client only:

Windows—Choose Both server and client (default), or Client only. Click Next. The Select Port window appears.

Solaris and Linux—Enter 1 to install the server and client (the default), or 2 to install the client only.

Step 10 Choose the CCM management SCP port number. (You can change this port number on your target system.) These are the default port numbers:

Local cluster—1234

Regional cluster—1244

On Windows, click Next.

Step 11 Enter the location of the Java installation (see Step 2). (The process tries to detect the location.)

Windows—A dialog box reminds you of the Java requirements. Click OK and then choose the default Java directory or another one. Click OK. The Select Connection Type window appears.

Solaris and Linux—Enter the Java installation location.


Note Do not include the bin subdirectory in the path. If you install a new Java version or change its location, rerun the Network Registrar installer, and specify the new location in this step. Rerunning the installer for the same release, using the same directory settings, does not affect the server configuration or data.


Step 12 Choose whether you want to use a nonsecure (HTTP) or secure (HTTPS) connection for Web UI logins. Enabling the secure HTTPS port configures security for connecting to the Apache Tomcat 4.0 web server by using a preconfigured JSSE installation (see Step 2). (To change the connection type, rerun the installer, and then make a different choice at this step.) For:

Windows—Choose Non-secure/HTTP (default), Secure/HTTPS (requires JSSE), or Both HTTP and HTTPS, then click Next.

Solaris and Linux—Enter an HTTP port, a secure HTTPS port, or both HTTP and HTTPS ports.

Continue as follows:

If you choose HTTPS or both HTTP and HTTPS, continue with Step 13.

If you choose the default HTTP connection, skip to Step 14.

Step 13 If you enabled HTTPS Web UI connectivity, you are prompted for the location of the necessary .jar files:

If you want to use a different JSSE installation than the default set in Step 2 for the .jar files, enter it.

For the keystore location, specify the fully qualified path to the keystore file that contains the certificate(s) to be used for the secure connection to the Apache Tomcat web server. This is the keystore-file that you specified in Step 4.

For the keystore password, specify the password given when creating the keystore file. The default password is changeit. On Windows, click Next.

Step 14 Enter a port number for the Web UI connection. These are the defaults:

HTTP local cluster—8080

HTTP regional cluster—8090

HTTPS local cluster—8443

HTTPS regional cluster—8453

On Windows, click Next.

The Network Registrar installation process begins. (Solaris prompts you to verify that you want to continue with the installation.) Status messages report that the installer is transferring files and running scripts. This process may take a few minutes. On:

Windows—The Setup Complete window appears. Choose Yes, I want to restart my computer now or No, I will restart my computer later and then click Finish.

Solaris and Linux—Successful completion messages appear.

Step 15 Verify the status of the Network Registrar servers:

Windows—In the Services control panel, verify that the Network Registrar Local Server Agent or Network Registrar Regional Server Agent is running after rebooting the system when the installation has completed successfully.

Solaris and Linux—Use the install-path/usrbin/cnr_status command to verify status. See the "Starting and Stopping Servers" section.


Entering License Keys

To administer the local and regional clusters that you installed, you must enter at least one license key. Running the regional cluster may require multiple keys.

Ensure that you have read the "License Keys" section on page 1-3 for critical information about license keys, including a description of each license type and which keys you need.

Follow this procedure to enter license keys.


Step 1 Start the Network Registrar Web UI or command line interface (CLI):

To access the Web UI, open the Web browser and use the HTTP (nonsecure login) or HTTPS (secure login) website:

http://hostname:port-at-install 
https://hostname:port-at-install 

where:

The hostname is the actual name of the target host.

The port-at-install is the port that is specified during installation (see the installation procedure, Step 12).

On Windows, you can access the Web UI from the Windows 2000 Start menu if you access the Web UI from the local host:

Local cluster—Start > Programs > Network Registrar 6.1 > Network Registrar 6.1 local Web UI (or Network Registrar 6.1 local Web UI (secure) if you enabled secure login).

Regional cluster—Start > Programs > Network Registrar 6.1 > Network Registrar 6.1 regional Web UI (or Network Registrar 6.1 regional Web UI (secure) if you enabled secure login).

To start the CLI:

Windows—Navigate to the install-path\bin directory and enter this command:

nrcmd -C clustername -N admin -P changeme 

Solaris and Linux—Navigate to the install-path\usrbin directory and enter this command:

install-path/usrbin/nrcmd -C clustername -N admin -P changeme 

Step 2 Enter the username admin and the password changeme. (Cisco recommends that you change this password as soon as possible to maintain system security.)

Step 3 Enter the license key:

Web UI—Enter the license key on the Add License page. Click Add. The License Type column indicates what kind of license has been entered.

CLI—You can enter the local cluster license only. Enter this command to define the key:

nrcmd> license set key=keystring 


Uninstalling Network Registrar

Follow the appropriate procedure to uninstall Network Registrar in the following sections. The procedure differs based on which operating system you are using. (You must have administrator or superuser privileges to uninstall Network Registrar, just as you must to install it.)

To back up your database before uninstalling Network Registrar, see the Network Registrar User's Guide for the procedure. (You cannot convert the 6.1 databases back to the 6.0. 5.5, 5.0, or 3.5 formats.)


Note Uninstallation stops the Network Registrar server agents first. If you find that the server processes are not shutting down, see the "Starting and Stopping Servers" section.


Uninstalling Network Registrar on Windows

Follow this procedure to uninstall Network Registrar on Windows.


Step 1 Use either the Add/Remove Program function from the Windows control panel, or the Uninstall Network Registrar choice from the Windows Start menu shortcut folder. The uninstallation program removes the server and user interface components but does not delete user data files.

Step 2 Delete all Network Registrar data by uninstalling the software and then deleting the Network Registrar folder.

Step 3 Reboot after the uninstallation completes to finish the uninstall process.


Uninstalling Network Registrar on Solaris

To uninstall Network Registrar on Solaris, from the root account, use the pkgrm program to remove the nwreg2 package:

pkgrm nwreg2 

The uninstallation procedure removes the server and user interface components but does not delete user data, such as the log and data files. You can optionally delete the database and log files associated with Network Registrar, as mentioned in the instructions displayed at the end of the pkgrm process.

Uninstalling Network Registrar on Linux

To uninstall Network Registrar on Linux, run the uninstall_cnr program from the install-path/usrbin directory:

./uninstall_cnr 
Stopping Server Agent...
Deleting startup files...
Removing Network Registrar...
cannot remove /opt/nwreg2/usrbin - directory not empty
cannot remove /opt/nwreg2/conf - directory not empty
package optnwreg2 not found in file index
Note that any files that have been changed (including your database) have _not_ been 
uninstalled. You should delete these files by hand when you are done with them, before you 
reinstall the package.

The cannot remove warnings mean that although the uninstall program removes the server and user interface components, it cannot delete directories that are not empty. Certain configuration and data files created during installation remain deliberately after uninstallation.

Optionally, delete the database and log files associated with Network Registrar, as mentioned in the instructions displayed at the end of the uninstall_cnr script execution.

Starting and Stopping Servers

You can stop and start the Network Registrar server agent from the Services feature of the Windows Control Panel. If the installation completed successfully and you enabled the servers, the Network Registrar DNS and DHCP servers start automatically each time you reboot the machine.

For the TFTP server, you must use this Network Registrar CLI command to enable it to restart on bootup:

nrcmd> tftp enable start-on-reboot 

All servers in the cluster are controlled by the Network Registrar local server agent. You can stop or start the servers by stopping or starting the server agent.

For additional information on stopping and starting servers, see the Cisco Network Registrar User's Guide.

Starting and Stopping Servers on Windows

Follow this procedure to start and stop servers on Windows.


Step 1 Choose Start > Settings > Control Panel > Administrative Tools > Services.

Step 2 From the Service list, choose Network Registrar Local Server Agent or Network Registrar Regional Server Agent.

Step 3 Click Restart or Stop, as required, and then click Close.


Starting and Stopping Servers on Solaris or Linux

Follow this procedure to start and stop servers on Solaris or Linux.


Step 1 Log in as superuser.

Step 2 Start the server agent by running the nwreglocal or nwregregion script with the start argument:

# /etc/init.d/nwreglocal start ;for the local cluster
# /etc/init.d/nwregregion start ;for the regional cluster

Step 3 Enter the cnr_status command to check that the servers are running:

# install-path/usrbin/cnr_status 

Step 4 Stop the server agent by running the nwreglocal or nwregregion script with the stop argument:

# /etc/init.d/nwreglocal stop ;for the local cluster
# /etc/init.d/nwregregion stop ;for the regional cluster


Troubleshooting the Installation

The Network Registrar installation process creates a log file, install_cnr_log, in the Network Registrar log file directory. For upgrades, two additional log files are created: mcdupgrade_log and lease_upgrade_log. The log directory is set to these locations by default:

Windows:

Local cluster: C:\Program Files\Network Registrar\Local\logs

Regional cluster: C:\Program Files\Network Registrar\Regional\logs

Solaris and Linux:

Local cluster: /var/nwreg2/local/logs

Regional cluster: /var/nwreg2/regional/logs

If the installation or upgrade does not complete successfully, first check the contents of these log files to help determine what might have failed. These are examples of possible causes for failure:

An incorrect version of Java is installed.

Insufficient disk space is available.

Inconsistent data exists for an upgrade.

If the log messages do not clearly indicate the failure, you can gather additional debug information by using the debug_install utility script. This script only appears if the installation failed, and is located by default in the Network Registrar program files directory:

Windows:

Local cluster: C:\Program Files\Network Registrar\Local\debug_install.cmd

Regional cluster: C:\Program Files\Network Registrar\Regional\debug_install.cmd

Solaris and Linux:

Local cluster: /opt/nwreg2/local/debug_install.sh

Regional cluster: /opt/nwreg2/regional/debug_install.sh

If you still need help determining the cause or resolution of the failure, forward the output of this script to Cisco Systems for further analysis. To contact Cisco for assistance, see the "Obtaining Technical Assistance" section on page vi.