Cisco CNS Network Registrar Installation Guide, 6.1
Installing and Upgrading Network Registrar
Downloads: This chapterpdf (PDF - 279.0KB) The complete bookPDF (PDF - 805.0KB) | Feedback

Installing and Upgrading Network Registrar

Table Of Contents

Installing and Upgrading Network Registrar

Installation Checklist

Installation and Upgrade

License Keys

Uninstalling Network Registrar

Starting and Stopping the Servers

Troubleshooting


Installing and Upgrading Network Registrar


This chapter describes how to install Cisco CNS Network Registrar 6.1 on Windows, Solaris, and Linux systems. The topics are:

Installation Checklist

Installation and Upgrade

License Keys

Uninstalling Network Registrar

Starting and Stopping the Servers

Troubleshooting

Installation Checklist

Before you run the installation or upgrade program, determine:

That the minimum system requirements are met (see "Overview")

On Windows, that other applications are closed, including virus protection programs

That software license keys are in hand

That administrative privileges are associated with the system account used to install the software

The type of cluster operation (regional or local)

That the desired installation locations include enough disk space

If this is to be a new installation or an upgrade


Note To upgrade from Network Registrar 3.5 or earlier, first upgrade to the latest release of Network Registrar 6.0, then upgrade again to 6.1.


If this is to be a client-and-server installation or client-only installation

The current Java installation location

If the Web UI should use an HTTP or HTTPS connection, or both

Installation and Upgrade

A new installation and an upgrade from a previous release follow essentially the same process, except that the upgrade includes a few additional steps. If Network Registrar release 6.0. 5.5, or 5.0 is already installed, you can upgrade to Release 6.1 while preserving the earlier configuration, or you can replace the configuration. The steps for an installation and upgrade are:


Step 1 In preparation:

a. Obtain one or more new software license keys for this release—You cannot use keys from a release prior to Network Registrar 6.0. Each license key addresses a separate group of operations:

Local cluster key—Manages the local cluster servers in the Web UI or command line interface (CLI). If you have Network Registrar 6.0 installed, you can upgrade using the key from that release. The evaluation version of this license is for a given time period only.

Regional central configuration key—Manages multiple local clusters at the regional cluster, in the Web UI only. The evaluation version of this license is for a given time period only.

Regional address space key—Manages the address space (address blocks and subnets) in the multiple local clusters at the regional cluster, in the Web UI only. The evaluation version of this license is for a given time period only.

Router management key—Manages the Router Interface Configuration (RIC) server at the regional cluster, in the Web UI only. The evaluation version of this license is for a given time period only.

Node count key—Manages a certain number of managed IP addresses, at the regional or local cluster. The evaluation version of this license is for a given time period only.

You enter these license keys either in the Web UI or CLI (which accepts the local cluster key only), or during an upgrade installation.

b. Log on to the target machine using an account that has administrative privileges:

Windows—Account in the Administrators group

Solaris and Linux—su (superuser) or root account

c. Windows—Close all open applications, including any antivirus software. Also, ensure that Visual Notification is turned off in Dr. Watson to allow automatic server restarts in case of failures. Access the Dr. Watson control dialog box, usually in C:\WINNT\system32\drwtsn32.exe, then uncheck the Visual Notification option and OK the change.

d. Download and install the Java Runtime Environment (JRE) or Development Kit (JDK), version 1.3.1 or later, available from Sun Microsystems at their website. If you accept the default location during the Java installation, it differs for each of these recent Java versions (the following are given as UNIX paths):

JRE 1.3.1—/javasoft/jre/1.3.1_0x—go to substep (e)

JDK 1.3.1—/jdk1.3.1_0x—go to substep (e)

JRE 1.4.1—/java/j2re1.4.1_0x—go to substep (f)

JDK 1.4.1—/j2sdk1.4.1_0x—go to substep (f)

Each of these installation paths are referred to as JAVA_HOME in each of the subsequent steps. If you are not configuring secure login to the Web UI, go to substep (c).

e. If you installed the JRE or JDK version 1.3.1 and want to configure secure login to the Web UI, you must also download and install the Java Secure Socket Extension (JSSE) version 1.0.2 or later, available from Sun Microsystems at their website. The default installation location is:

Windows—C:\jsse1.0.2

Solaris and Linux—/jsse1.0.2

f. If you are configuring secure login to the Web UI, you must create a keystore file using the Java keytool utility, located in the JAVA_HOME\bin directory. This utility defines a self-signed certificate or points to a file for a certificate that you obtained from an external signing authority:

To create a keystore file containing a self-signed certificate that is valid for one year, run this command and respond to the prompts. For example:

> JAVA_HOME\bin\keytool -genkey -alias tomcat -keyalg RSA -validity 365 
	-keystore keystore-file 
Enter keystore password: changeit 
What is your first and last name? 
	[Unknown]: j doe 
What is the name of your organizational unit? 
	[Unknown]: engineering 
What is the name of your organization? 
	[Unknown]: example company 
What is the name of your City or Locality? 
	[Unknown]: san jose
What is the name of your State or Province? 
	[Unknown]: ca 
What is the two-letter country code for this unit? 
	[Unknown]: us 
Is CN=j doe, OU=engineering, O=example company, L=san jose, ST=ca, C=us correct? 
	[no]: yes 
Enter key password for <tomcat> 
	(RETURN if same as keystore password): 

To create a keystore file and import a certificate file that you obtained from an external signing authority, run the keytool utility and respond to the prompts. For example:

> JAVA_HOME/bin/keytool -genkey -alias tomcat -file certificate.cer 
	-keystore keystore-file 
... 

The keystore-file is the fully qualified path to the keystore file you are creating. You must enter the keystore path and password in Step 10.


Caution The keystore password is in the server.xml file in the install-path\tomcat\conf directory, which is protected to have superuser access only. Because the password is visible as plain text in this file, do not change the file permissions to make this file generally accessible.

Note If you are planning multiple installations or upgrades at your site, you may want to prepare an installation or upgrade "script" (response file) at this point. That way, you can perform subsequent "silent" installations or upgrades that occur as background processes without user input. This involves slight modifications to the commands in the following step. For details, see "Performing a Silent Installation."


Step 2 Load the installation CD, or browse to the network resource where the Network Registrar software is located. If you download a distribution file from the Cisco website, run it from a different directory than where you will install Network Registrar:

Windows—The cnr_6_1-nt.exe distribution file is a self-extracting executable that places the setup file and other files in the directory where you run it. If you are not configured for Autostart, run the setup.exe file in that directory.

You will encounter two Welcome windows. The first window identifies the current software release; click Next. The second window introduces the setup program and reminds you to exit all current programs, including virus scan software. If any programs are running, click Cancel, close the programs, then start again with Step 2. If you are satisfied that all programs are stopped, click Next.

Solaris and Linux—You must have the gzip utility (to uncompress) and gtar utility (to unpack) installed and in the search path. See the GNU organization website for details.

Download the distribution file.

Change to the directory where you want to unpack the file.

To uncompress and unpack a .gtar.gz file, use gtar with the -z option:

gtar -zxpf cnr_6_1-linux.gtar.gz 

To unpack the .gtar file that was already uncompressed using gunzip, omit the -z option:

gtar -xpf cnr_6_1-linux.gtar 

Solaris—Run the pkgadd command with the -d option that specifies the directory from which you are installing, with the -a command in case you want to upgrade from a pre-6.0 version. The name of the Network Registrar package is nwreg2:

pkgadd -a install-path/solaris/nwreg2/install/cnradmin -d install-path/solaris 
nwreg2 

Linux—Run the install_cnr program from the installation directory:

install-path # ./install_cnr 

The install-path is the directory on which the CD-ROM is mounted, in which you unpack the distribution file, or network resource from which you are installing.

Step 3 Cluster mode—Respond to whether you want to install Network Registrar in Local or Regional mode. Local mode is for managing local cluster protocol servers. Regional mode is for aggregate management of multiple local clusters using the central management model.

Windows—Select the appropriate radio button. The default is Local mode.

Solaris and Linux—Enter 1 for a Local, or 2 for Regional. The default is 1.

Step 4 Windows program folder—Determine the program folder from which to run the application from the Windows 2000 Start menu. Accept the default, or enter another name or select it from the Existing Folders list. If you are upgrading, the upgrade process autodetects the program folder from the previous release. Click Next.

Step 5 Installation directory—Each operating system has a different default location:

Windows default locations—

Local cluster—C:\Program Files\Network Registrar\Local

Regional cluster—C:\Program Files\Network Registrar\Regional

If you are upgrading, the upgrade process autodetects the installation directory from the previous release. You can use the Browse button to browse for a new location. Click Next.

Solaris and Linux default locations—

Local cluster—Executables go to /opt/nwreg2/local, the data files to /var/nwreg2/local/data, the log files to /var/nwreg2/local/logs, and the temporary files to /var/nwreg2/local/temp

Regional cluster—Executables go to /opt/nwreg2/regional, the data files to /var/nwreg2/regional/data, the log files to /var/nwreg2/regional/logs, and the temporary files to /var/nwreg2/regional/temp

If the selected base directory does not already exist (/opt/nwreg2 by default), respond to whether you want it created.

Step 6 These windows or prompts appear only if you are doing an upgrade installation:

a. Database—Respond whether you want to upgrade using the previous configuration database (the top radio button or y), or create a new configuration database to replace the old one (the bottom radio button or n). The default is to use the existing database. If the upgrade process cannot determine the database version, you can select or enter 5.0, 5.5, or 6.0 (or later). On Windows, click Next.


Note To upgrade from Network Registrar 3.5 or earlier, first upgrade to the latest release of Network Registrar 6.0, then upgrade again to 6.1.


b. Archiving—Determine if you want to archive the existing binaries and database in case the current installation is unsuccessful. The default and recommended choice is Yes or y.

c. Archive directory—If you choose to archive the files, enter (or browse) for the archive directory location. The defaults are:

Windows—Local cluster: C:\Program Files\Network Registrar\Local.sav;
regional cluster: C:\Program Files\Network Registrar\Regional.sav. Click Next.

Solaris and Linux—Local cluster: /opt/nwreg2/local.sav;
regional cluster: /opt/nwreg2/regional.sav.

Step 7 Installation type—Select or enter if you want to install or upgrade the server and client (the top radio button, or 1), or just the client (the bottom radio button, or 2). The default is to install both the server and client. (Note that if your Windows version is not supported, you can run only a client installation and this window does not appear. Click Next.)

Step 8 CCM port—Enter the CCM management SCP port number. Check the target system for this port number. The defaults are:

Local cluster—1234

Regional cluster—1244

On Windows, click Next.

Step 9 Java—Select or enter the Java JRE or JDK 1.3.1 or later location. The installation or upgrade process tries to detect it.

Windows—An information window reminds you of the Java requirements. Click OK in this window, then either select the Java directory or select another one, and click OK.

Solaris and Linux—Enter the Java JRE or JDK location.


Note Do not include the bin subdirectory in the path. If you install a new Java version or change its location, rerun the Network Registrar installer, then specify the new location at this step.


Step 10 Connection type—Select where you want to enable the Web UI for HTTP or secure HTTPS logins:

Enable the Web UI on an HTTP port

Enable the Web UI on a secure HTTPS port

Enable the Web UI on both HTTP and secure HTTPS ports

Enabling the secure HTTPS port configures security for connecting to the Apache Tomcat version 4.0 webserver using a preconfigured Java Secure Socket Extension (JSSE) installation (see Step 1 for the configuration steps):

If you select the HTTP connection (the default setting), click Next, then go to Step 11.

If you select the secure HTTPS connection (or both HTTP and HTTPS) and click Next, these windows or prompts appear:

Information—Reminds you of the JSSE requirements. Click OK or Return.

JSSE/Java directory—Enter (or browse for) the Java or JSSE location, from Step 1(d) or (e). If you installed JRE or JDK version 1.3.1, enter the JSSE path. Click OK or Return.

Keystore location—Enter the fully qualified path to the keystore file that contains the certificate(s) to be used for the secure connection to the Apache Tomcat Web server. This is the keystore-file you specified in Step 1(f). Click Next or Return.

Keystore password—Enter the password given when creating the JSSE keystore file to provide the secure interface to clients. The default password is changeit. Click Next or Return.


Note To change the connection type, rerun the installer, then change the selection at this step.


Step 11 Web UI port—Enter an available port number for the Web UI connection. The defaults are:

HTTP—Local cluster: 8080; regional cluster: 8090

HTTPS—Local cluster: 8443; regional cluster: 8453

On Windows, click Next.

Step 12 Processing—On Solaris, respond to whether you want to continue with the installation. Status windows or processing messages appear reporting that the installer is transferring files and running scripts. Both of these processes might take a few minutes.

Step 13 Completion—

Windows—Gives you the choice whether to restart the system right away or wait until later. Make the selection and click Finish.

Solaris and Linux—Displays successful completion messages.

Step 14 To check the status of the Network Registrar servers:

Windows—In the Services control panel, check that the "Network Registrar Local Server Agent" or "Network Registrar Regional Server Agent" are running.

Solaris and Linux—Use the install-path/usrbin/cnr_status command. See the "Starting and Stopping the Servers" section.


License Keys

To administer the Network Registrar local and regional clusters that you installed, you must enter at least one license key. In fact, running the regional cluster may require multiple keys.


Caution Network Registrar 6.1 requires new license keys. You cannot use one from a previous release, except that you can use the key obtained in Network Registrar 6.0 to run the local cluster.

You can run the user interfaces and the servers on different machines. You must tell the user interface which cluster (group of servers that share a database) that you want to access and whether the cluster is on the local or a remote host. The license that you have determines what to do and what can happen:

If you have a permanent license, you must enter it once for each cluster that you want to access through the user interface. Once entered, you are not prompted for a license key again until you install the cluster on another machine.

If you have an evaluation copy of Network Registrar, you have a license that expires.

If you have an invalid or expired license key, you cannot configure or manage the Network Registrar servers until you obtain a valid license key, although the servers will continue to function normally.

The types of licenses are:

Local cluster key—Manages the local cluster servers in the Web UI or command line interface (CLI). If you have Network Registrar 6.0 installed, you can upgrade using the key from that release. The evaluation version of this license is for a given time period only.

Regional central configuration key—Manages multiple local clusters at the regional cluster, in the Web UI only. The evaluation version of this license is for a given time period only.

Regional address space key—Manages the address space (address blocks and subnets) in the multiple local clusters at the regional cluster, in the Web UI only. The evaluation version of this license is for a given time period only.

Router management key—Manages router interface configuration (RIC) servers at the regional cluster, in the Web UI only. The evaluation version of this license is for a given time period only.

Node count key—Manages a certain number of managed IP addresses, at the regional or local cluster. The evaluation version of this license is for a given time period only.

To enter the license key:


Step 1 Start the Network Registrar Web UI or CLI:

To access the Web UI, open the Web browser and use the HTTP (nonsecure login) or HTTPS (secure login) website:

http://hostname:port-at-install 
https://hostname:port-at-install 

The hostname is the target host's actual name.The port-at-install is the port specified during installation (see Step 10).

Windows—If you access the Web UI from the local host, you can also select from the Windows 2000 Start menu:

Local cluster—Start > Programs > Network Registrar 6.1 > Network Registrar 6.1 local Web UI (or Network Registrar 6.0 local Web UI (secure) if you enabled secure login).

Regional cluster—Start > Programs > Network Registrar 6.1 > Network Registrar 6.1 regional Web UI (or Network Registrar 6.0 regional Web UI (secure) if you enabled secure login).

To start the CLI:

Windows—Go to the install-path\bin directory and enter:

nrcmd -C clustername -N admin -P changeme 

Solaris and Linux—Go to the install-path\usrbin directory and enter:

install-path/usrbin/nrcmd -C clustername -N admin -P changeme 

Step 2 Enter the username admin and password changeme. (You should change this password soon.)

Step 3 Enter the license key:

In the Web UI, enter the license key on the Add License page. Click Add. The License Type column indicates what kind of license it is.

In the CLI, you can enter only the local cluster license. Enter this command to define the key:

nrcmd> license set key=keystring 


Uninstalling Network Registrar

How to uninstall Network Registrar depends on the operating system:


Note See the Network Registrar User's Guide on how to back up the databases. You cannot convert the 6.1 databases back to the 6.0. 5.5, 5.0, or 3.5 formats.


Windows—Use either the Add/Remove Program function from the Windows control panel, or the Uninstall Network Registrar selection from the Windows Start menu. The uninstallation program removes the server and user interface components, but does not delete user data files. To delete all Network Registrar data, uninstall, then delete the Network Registrar folder.

Reboot after the uninstallation to clean up the Windows services before you re-install.

Solaris—Use the pkgrm program to remove the nwreg2 files, from a root account:

pkgrm nwreg2 

The uninstallation procedure removes the server and user interface components, but does not delete user data, such as the log and data files. To delete the data associated with Network Registrar, follow the instructions at the end of the pkgrm process about which directories to remove.

Linux—Run the uninstall_cnr program from the install-path/usrbin directory:

./uninstall_cnr 
Stopping Server Agent...
Deleting startup files...
Removing Network Registrar...
cannot remove /opt/nwreg2/usrbin - directory not empty
cannot remove /opt/nwreg2/conf - directory not empty
package optnwreg2 not found in file index
Note that any files that have been changed (including your database) have _not_ been 
uninstalled. You should delete these files by hand when you are done with them, before 
you reinstall the package.

The "cannot remove" warnings means that, although the uninstall program removes the server and user interface components, it cannot delete nonempty directories. Certain configuration and data files created during installation are deliberately left behind after the uninstallation. You must delete these files separately before you re-install Network Registrar. You might want to delete what is left in the binary, data, and log directories.


Note Uninstallation stops the Network Registrar server agents first. If you find that the server processes are not shutting down, see the "Starting and Stopping the Servers" section.


Starting and Stopping the Servers

You can stop and start the Network Registrar server agent from the Services feature of the Windows Control Panel. If the installation completed successfully and you enabled the servers, the Network Registrar DNS and DHCP servers will start automatically each time you reboot the machine.

For the TFTP server, you must use this CLI command to enable it to restart on bootup:

nrcmd> tftp enable start-on-reboot 

All three servers in the cluster are controlled by a server agent. You can stop or start the servers by stopping or starting the server agent:

Windows 2000—Select Start > Settings > Control Panel > Administrative Tools > Services. From the Service list, select Network Registrar Local Server Agent or Network Registrar Regional Server Agent. Click Restart or Stop, as required, then click Close.

Solaris and Linux—Log in as superuser. Run the nwreglocal or nwregregion script with the start argument:

# /etc/init.d/nwreglocal start ;for the local cluster
# /etc/init.d/nwregregion start ;for the regional cluster


Note The nwreglocal and nwregregion server agents were named aicservagt in previous releases.


Enter the cnr_status command to check that the servers are running:

# install-path/usrbin/cnr_status 


Note The cnr_status script was named aicstatus in previous releases.


To stop the server agent, perform the steps as in starting the agent, except run the nwreglocal or nwregregion script with the stop argument:

# /etc/init.d/nwreglocal stop ;for the local cluster
# /etc/init.d/nwregregion stop ;for the regional cluster

Troubleshooting

The Network Registrar installation process creates a log file, install_cnr_log, in the Network Registrar log file directory. For upgrades, two additional log files are created, mcdupgrade_log and lease_upgrade_log. By default, the log directory is set to:

Windows—Local cluster: C:\Program Files\Network Registrar\Local\logs;
regional cluster: C:\Program Files\Network Registrar\Regional\logs

Solaris and Linux— Local cluster: /var/nwreg2/local/logs;
regional cluster: /var/nwreg2/regional/logs

If the installation or upgrade does not complete successfully, first check the contents of these log files to help determine what might have failed. Examples of possible causes for failure are:

An incorrect version of Java installed

Insufficient available disk space available

Inconsistent data for an upgrade

If log messages do not clearly indicate the failure, you can gather additional debug information using the debug_install utility script. This script only appears if there is a failed installation and is located by default in the Network Registrar executables directory:

Windows—Local cluster: C:\Program Files\Network Registrar\Local\debug_install.cmd;
regional cluster: C:\Program Files\Network Registrar\Regional\debug_install.cmd

Solaris and Linux—Local cluster: /opt/nwreg2/local/debug_install.sh;
regional cluster: /opt/nwreg2/regional/debug_install.sh

If the cause of the failure still does not seem readily apparent or correctable, forward the output of this script to Cisco Systems for further analysis.