Cisco Network Registrar Installation Guide, 6.3
Chapter 2: Installing and Upgrading Network Registrar
Downloads: This chapterpdf (PDF - 181.0KB) The complete bookPDF (PDF - 789.0KB) | Feedback

Installing and Upgrading Network Registrar

Table Of Contents

Installing and Upgrading Network Registrar

Checklist

Before You Begin

Installation and Upgrade Procedure

Entering License Keys

Uninstalling Network Registrar

Uninstalling on Windows

Uninstalling on Solaris

Uninstalling on Linux

Starting and Stopping Servers

Starting and Stopping Servers on Windows

Starting and Stopping Servers on Solaris or Linux

Troubleshooting the Installation


Installing and Upgrading Network Registrar


This chapter describes how to install Network Registrar 6.3 on Windows, Solaris, or Linux systems. It includes these sections:

Checklist

Before You Begin

Installation and Upgrade Procedure

Entering License Keys

Uninstalling Network Registrar

Starting and Stopping Servers

Troubleshooting the Installation

Checklist

Before you perform the installation or upgrade, ensure that you are prepared by reviewing this checklist:

Does my operating system meet the minimum requirements to support Network Registrar 6.3? (See the "System Requirements" section on page 1-2.)

Does my hardware meet the minimum requirements? (See the "System Requirements" section on page 1-2)

For Red Hat Linux installations, have I verified that I have downloaded a compatible version of Network Registrar 6.3? (See the "Downloading Network Registrar for Red Hat Linux" section on page 1-5.)

If necessary, have I excluded Network Registrar directories and subdirectories from virus scanning? (See the "Backup Software and Virus Scanning Guidelines" section on page 1-4.)

On Windows, are other applications closed, including any virus-scanning or automatic-backup software programs? Is the Debugger Users group included in the Local Users and Groups?

Do I have the proper software license keys? (See the "License Keys" section on page 1-3.)

Am I authorized for the administrative privileges needed to install the software?

Does the target installation server have enough disk space?

Is this a new installation or an upgrade?

Is the cluster mode of operation regional or local?

Is this a full or client-only installation?

Is the Java Runtime Environment (JRE) 1.4.2 or later, or the equivalent Java Development Kit (JDK), installed on my system? If so, where?

Is the Windows system set up to support 16-bit applications (short filenames)?

Should the web UI use an HTTP or HTTPS connection, or both?

Am I upgrading from an earlier version of Network Registrar? If so:

Are there any active user interface sessions?

Is my database backed up?

Is my Network Registrar task list empty?

Before You Begin

Verify that you are running a supported operating system and that your environment meets all other current system requirements (see the "System Requirements" section on page 1-2).

If you are running an unsupported operating system, back up your Network Registrar data and upgrade your operating system before installing this latest release:


Step 1 Use the currently installed Network Registrar release to complete any configuration changes in progress, so that the existing database is consistent before you perform the upgrade.

Step 2 Ensure that no pending database tasks result from recent edits. You can confirm that the task lists are empty by viewing the CCM and MCD Tasks pages under the Administration menu in the web UI. Wait until both lists are empty before proceeding with the update.

Step 3 Back up your database. The installation program tries to detect configuration data from an earlier installation and will upgrade the data.

Step 4 Upgrade your operating system.


Installation and Upgrade Procedure

Follow this procedure to install or upgrade Network Registrar. The procedure is essentially the same for a new installation or upgrade, except that the upgrade requires a few additional steps.


Step 1 Log in to the target machine using an account that has administrative privileges:

Windows—Account in the Administrators group

Solaris and Linux—su (superuser) or root account


Note On Windows, close all open applications, including any antivirus software. Also ensure that the Dr. Watson visual notification setting is unchecked. This option prevents the servers from restarting automatically if a failure occurs until you respond to a pop-up dialog box. The Visual Notification check box in Dr. Watson is usually marked by default. Run drwtsn32.exe (in C:\WINDOWS\system32), uncheck the check box, then click OK. (Note that you can perform this step after the installation.)


Step 2 If necessary, download and install Java Runtime Environment (JRE) 1.4.2 or later, or the equivalent Java Development Kit (JDK). These are available from Sun Microsystems at its download website.


Note On Windows, add the \bin subdirectory of your Java installation folder to your PATH environment variable.


Step 3 If you are not configuring secure login to the Web UI, skip to Step 4. If you are configuring secure login, you must create a keystore file by using the Java keytool utility, which is located in the \bin subdirectory of the Java installation (see Step 2). Use the utility to define a self-signed certificate, or to request and later import a certificate from an external signing authority:

a. To create a keystore file containing a self-signed certificate, run this command and respond to the prompts:

> keytool -genkey -alias tomcat -keyalg RSA -keystore k-file 
Enter keystore password: password 
What is your first and last name? [Unknown]: name
What is the name of your organizational unit? [Unknown]: org-unit 
What is the name of your organization? [Unknown]: org-name 
What is the name of your City or Locality? [Unknown]: local 
What is the name of your State or Province? [Unknown]: state 
What is the two-letter country code for this unit? [Unknown]: cc 
Is CN=name, OU=org-unit, O=org-name, L=local, ST=state, C=cc correct? [no]: yes 
Enter key password for <tomcat> (RETURN if same as keystore password): 

The keystore filename (k-file) is its fully qualified path. You will be entering the keystore path and password in Step 12.

b. To create a Certificate Signing Request (CSR) that you will submit to the Certificate Authority (CA) when you request a certificate, create the keystore file as in the previous substep, then execute this command:

> keytool -certreq -keyalg RSA -alias tomcat -file certreq.cer -keystore k-file 
... 

Submit the resulting certreq.cer file to the CA. Once you receive the certificate from the CA, first download the Chain Certificate from the CA, then import the Chain Certificate and your new Certificate into the keystore file, as follows:

> keytool -import -alias root -keystore k-file -trustcacerts -file chain-cert-file 
> keytool -import -alias tomcat -keystore k-file -trustcacerts -file new-cert-file 

For details on the keytool utility, see the documentation at the Java website of Sun Microsystems. For details on the keystore file and Tomcat, see the documentation at the website of the Apache Software Foundation.


Caution The keystore password is stored in the server.xml file in the install-path\tomcat\conf directory, which is protected to have superuser access only. Because the password is visible as plain text in this file, do not change the file and directory permissions to make this file generally accessible.

Step 4 Load the installation CD, or browse to the network resource where the Network Registrar software is located. If you download a distribution file from the Cisco website, run it from a different directory than where you will install Network Registrar.

Windows—The cnr_6_3-nt.exe file is a self-extracting executable file that places the setup file and other files in the directory where you run it. (If you are not configured for Autostart, run the setup.exe file in that directory.) The Welcome to Cisco Network Registrar window appears.

Click Next. The second welcome window introduces the setup program and reminds you to exit all current programs, including virus scanning software. If any programs are running, click Cancel, close these programs, and return to the start of Step 4. If you already exited all programs, click Next.

Solaris and Linux—Be sure that the gzip and gtar utilities are available to uncompress and unpack the Network Registrar installation files. See the GNU organization website for information on these utilities. Follow these steps:

1. Download the distribution file.

2. Navigate to the directory in which you will uncompress and extract the installation files.

3. Uncompress and unpack the .gtar.gz file. Use gtar with the -z option:

gtar -zxpf cnr_6_3-linux.gtar.gz

To unpack the .gtar file that gunzip already uncompressed, omit the -z option:

gtar -xpf cnr_6_3-linux.gtar 

4. Run this command or program:

Solaris—Run the pkgadd command with the -d option that specifies the directory from which you are installing, with the -a option in case you want to upgrade from a previous release. The name of the Network Registrar package is nwreg2:

pkgadd -a install-path/solaris/nwreg2/install/cnradmin -d install-path/solaris 
nwreg2 

Linux—Run the install_cnr script from the directory containing the installation files:

install-path./install_cnr 

The install-path is the CD-ROM directory that contains the installation files or the directory that contains the extracted Network Registrar installation files, if they were downloaded electronically.

Step 5 Specify whether you want to install Network Registrar in the local or regional cluster mode (see the "Overview" section on page 1-1):

Windows—Keep the default Network Registrar Local or choose Network Registrar Regional. Click Next. The Select Program Folder appears, where you determine the program folder in which to store the program shortcuts in the Start menu. Accept the default, enter another name, or choose a name from the Existing Folders list. Click Next.

Solaris and Linux—Enter 1 for a local, or 2 for regional. The default mode is 1.

Step 6 If you are upgrading, the upgrade process autodetects the installation directory from the previous release. Note these Network Registrar installation directories and make any appropriate changes to meet your needs:

Windows default locations:

Local cluster—C:\Program Files\Network Registrar\Local

Regional cluster—C:\Program Files\Network Registrar\Regional

Solaris and Linux default locations:

Local cluster:

Program files—/opt/nwreg2/local

Data files—/var/nwreg2/local/data

Log files—/var/nwreg2/local/logs

Temporary files—/var/nwreg2/local/temp

Regional cluster:

Program files—/opt/nwreg2/regional

Data files—/var/nwreg2/regional/data

Log files—/var/nwreg2/regional/logs

Temporary files—/var/nwreg2/regional/temp

Step 7 Choose whether to archive the existing binaries and database in case this installation does not succeed. The default and recommended choice is Yes or y:

If you choose to archive the files, specify the archive directory. The default directories are:

Windows—Local cluster (C:\Program Files\Network Registrar\Local.sav); Regional cluster (C:\Program Files\Network Registrar\Regional.sav). Click Next.

Solaris and Linux—Local cluster (/opt/nwreg2/local.sav); Regional cluster (/opt/nwreg2/regional.sav)

Step 8 Choose the appropriate installation type: server and client (the default), or client-only:

Windows—Choose Both server and client (default) or Client only. Click Next. The Select Port window appears.

Solaris and Linux—Entering 1 installs the server and client (the default), or 2 installs the client only.

Step 9 Choose the CCM management SCP port number. (You can change this port number on your target system.) These are the default port numbers:

Local cluster—1234

Regional cluster—1244

On Windows, click Next.

Step 10 Enter the location of the Java installation (JRE or JDK installed in Step 2). (The installation or upgrade process tries to detect the location.)

Windows—A dialog box reminds you of the Java requirements. Click OK and then choose the default Java directory or another one. Click OK. The Select Connection Type window appears.

Solaris and Linux—Enter the Java installation location.


Note Do not include the bin subdirectory in the path. If you install a new Java version or change its location, rerun the Network Registrar installer, then specify the new location in this step.


Step 11 Choose whether to enable the Web UI to use a nonsecure (HTTP) or secure (HTTPS) connection for Web UI logins:

Windows—Choose Non-secure/HTTP (default), Secure/HTTPS (requires JSSE), or Both HTTP and HTTPS.

Solaris and Linux—Enter an HTTP port, a secure HTTPS port, or both HTTP and HTTPS ports.

Enabling the secure HTTPS port configures security for connecting to the Apache Tomcat web server (see Step 3 for configuration). (To change the connection type, rerun the installer, and then make a different choice at this step.)

If you choose HTTPS, or HTTP and HTTPS, click Next and continue with Step 12.

If you choose the default HTTP connection, click Next, and skip to Step 13.

Step 12 If you enabled HTTPS Web UI connectivity, you are prompted for the location of the necessary .jar files:

If you want to use a different JSSE installation than the default set in Step 2 for the .jar files, enter it.

For the keystore location, specify the fully qualified path to the keystore file that contains the certificate(s) to be used for the secure connection to the Apache Tomcat web server. This is the keystore file that you created in Step 3.

For the keystore password, specify the password given when creating the keystore file. On Windows, click Next.


Caution Do not include a dollar sign ($) in the keystore password as it will result in an invalid configuration on the Apache Tomcat web server.

Step 13 Enter a port number for the Web UI connection. The defaults are:

HTTP local cluster—8080

HTTP regional cluster—8090

HTTPS local cluster—8443

HTTPS regional cluster—8453

On Windows, click Next.

The Network Registrar installation process begins. (Solaris prompts you to verify that you want to continue with the installation.) Status messages report that the installer is transferring files and running scripts. This process may take a few minutes:

Windows—The Setup Complete window appears. Choose Yes, I want to restart my computer now or No, I will restart my computer later and then click Finish.

Solaris and Linux—Successful completion messages appear.

Step 14 Verify the status of the Network Registrar servers:

Windows—In the Services control panel, verify that the Network Registrar Local Server Agent or Network Registrar Regional Server Agent is running after rebooting the system when the installation has completed successfully.

Solaris and Linux—Use the install-path/usrbin/cnr_status command to verify status. See the "Starting and Stopping Servers" section.


Entering License Keys

To administer the local and regional clusters that you installed, you must enter at least one license key. Running features at the cluster may require multiple keys.

Ensure that you have read the "License Keys" section on page 1-3 for critical information about license keys, including a description of each license type and which keys you need.

Follow this procedure to enter license keys:


Step 1 Start the Network Registrar web UI or CLI:

To access the web UI, open the Web browser and use the HTTP (nonsecure login) or HTTPS (secure login) website:

http://hostname:http-port 
https://hostname:https-port 

where:

The hostname is the actual name of the target host.

The http-port and the https-ports are the default HTTP or HTTPS port that are specified during installation. (See the installation procedure, Step 13).

On Windows, you can access the Web UI from the Start menu from the local host:

On a local cluster—Choose Start > Programs > Network Registrar 6.3 > Network Registrar 6.31 local Web UI (or Network Registrar 6.31 local Web UI (secure) if you enabled secure login).

On a regional cluster—Choose Start > Programs > Network Registrar 6.3 > Network Registrar 6.3 regional Web UI (or Network Registrar 6.3 regional Web UI (secure) with secure login).

To start the CLI:

Windows—Navigate to the install-path\bin directory and enter this command:

nrcmd -C cluster-ipaddress -N admin -P changeme 

Solaris and Linux—Navigate to the install-path/usrbin directory and enter this command:

install-path/usrbin/nrcmd -C clustername -N admin -P changeme 

Step 2 Enter the username admin and the password changeme.

Tip Cisco recommends that you change this password as soon as possible to maintain system security.

Step 3 Enter the license key:

Web UI—Enter the license key on the Add License page. Click Add. The License Type column indicates what kind of license has been entered.

CLI—You can enter the local cluster license only. Enter this command to define the key:

nrcmd> license set key=keystring 


Uninstalling Network Registrar

Follow the appropriate procedure to uninstall Network Registrar. The procedure differs based on which operating system you are using. (You must have administrator or superuser privileges to uninstall Network Registrar, just as you must to install it.)

To back up your database before uninstalling Network Registrar, see the Cisco Network Registrar User's Guide for the procedure. (You cannot convert the 6.3 databases back to a format that previous releases can use.)


Note Uninstallation stops the Network Registrar server agents first. If you find that the server processes are not shutting down, see the "Starting and Stopping Servers" section.


Uninstalling on Windows

Follow this procedure to uninstall Network Registrar on Windows:


Step 1 Choose the Add/Remove Program function from the Windows control panel, or the Uninstall Network Registrar choice from the Windows Start menu Network Registrar shortcut folder. The uninstallation program removes the server and user interface components but does not delete user data files.

Step 2 Optionally, delete all Network Registrar data by deleting the Network Registrar folder.

Note Temporarily stop any service that is related to software that integrates with Performance Monitoring that might interfere with removing shared libraries in the Network Registrar folder.

Step 3 Reboot after the uninstallation completes to finish the uninstall process.


Uninstalling on Solaris

Follow this procedure to uninstall Network Registrar on Solaris:


Step 1 From the root account, use the pkgrm program to remove the nwreg2 package:

pkgrm nwreg2 

The uninstallation procedure removes the server and user interface components; but does not delete user data, such as the log and data files.

Step 2 Optionally, delete the database and log files that are associated with Network Registrar, as mentioned in the instructions at the end of the pkgrm process.


Uninstalling on Linux

Follow this procedure to uninstall Network Registrar on Linux:


Step 1 Run the uninstall_cnr program from the install-path/usrbin directory:

./uninstall_cnr 
Stopping Server Agent...
Deleting startup files...
Removing Network Registrar...
cannot remove /opt/nwreg2/usrbin - directory not empty
cannot remove /opt/nwreg2/conf - directory not empty
package optnwreg2 not found in file index
Note that any files that have been changed (including your database) have _not_ been 
uninstalled. You should delete these files by hand when you are done with them, before you 
reinstall the package.

The cannot remove warnings mean that, although the uninstall program removes the server and user interface components, it cannot delete directories that are not empty. Certain configuration and data files that are created during installation remain deliberately after uninstallation.

Step 2 Optionally, delete the database and log files that are associated with Network Registrar, as mentioned in the instructions at the end of the uninstall_cnr script execution.


Starting and Stopping Servers

In Windows, you can stop and start the Network Registrar server agent from the Services feature of the Windows Control Panel. If the installation completed successfully and you enabled the servers, the Network Registrar DNS and DHCP servers start automatically each time you reboot the machine.

For the TFTP server, you must use this Network Registrar CLI command to enable it to restart on bootup:

nrcmd> tftp enable start-on-reboot 

All servers in the cluster are controlled by the Network Registrar regional or local server agent. You can stop or start the servers by stopping or starting the server agent.

For details on stopping and starting servers, see the Cisco Network Registrar User's Guide.

Starting and Stopping Servers on Windows

Follow this procedure to start and stop servers on Windows:


Step 1 Choose Start > Settings > Control Panel > Administrative Tools > Services.

Step 2 From the Services list, choose Network Registrar Local Server Agent or Network Registrar Regional Server Agent.

Step 3 Click Restart or Stop, as required, and then click Close.


Starting and Stopping Servers on Solaris or Linux

In Solaris or Linux, the Network Registrar servers automatically start up after a successful installation or upgrade. You do not need to reboot the system. Follow this procedure to start and stop servers on Solaris or Linux:


Step 1 Log in as superuser.

Step 2 Start the server agent by running the nwreglocal or nwregregion script with the start argument:

# /etc/init.d/nwreglocal start ;for the local cluster
# /etc/init.d/nwregregion start ;for the regional cluster

Step 3 Enter the cnr_status command to check that the servers are running:

# install-path/usrbin/cnr_status 

Step 4 Stop the server agent by running the nwreglocal or nwregregion script with the stop argument:

# /etc/init.d/nwreglocal stop ;for the local cluster
# /etc/init.d/nwregregion stop ;for the regional cluster


Troubleshooting the Installation

The Network Registrar installation process creates a log file, install_cnr_log, in the Network Registrar log file directory. For upgrades, two additional log files are created: mcdupgrade_log and lease_upgrade_log. The log directory is set to these locations by default:

Windows:

Local cluster: C:\Program Files\Network Registrar\Local\logs

Regional cluster: C:\Program Files\Network Registrar\Regional\logs

Solaris and Linux:

Local cluster: /var/nwreg2/local/logs

Regional cluster: /var/nwreg2/regional/logs

If the installation or upgrade does not complete successfully, first check the contents of these log files to help determine what might have failed. Some examples of possible causes of failure are:

An incorrect version of Java is installed.

Insufficient disk space is available.

Inconsistent data exists for an upgrade.

If the log messages do not clearly indicate the failure, you can gather additional debug information by using the debug_install utility script. This script appears only if the installation failed and is located by default in the Network Registrar program files directory:

Windows:

Local cluster: C:\Program Files\Network Registrar\Local\debug_install.cmd

Regional cluster: C:\Program Files\Network Registrar\Regional\debug_install.cmd

Solaris and Linux:

Local cluster: /opt/nwreg2/local/debug_install.sh

Regional cluster: /opt/nwreg2/regional/debug_install.sh

If the ## Executing checkinstall script part of the Solaris pkgadd fails, ensure that the /tmp directory has sufficient permissions to allow a nonprivileged installation user ID to write to it.

If you still need help determining the cause or resolution of the failure, forward the output of this script to Cisco for further analysis. To contact Cisco for assistance, see the "Obtaining Documentation, Obtaining Support, and Security Guidelines" section on page v.