Step 1 |
Log into the target machine using an account that has administrative privileges:
Windows—Close all open applications, including any antivirus software.
Note
|
From Cisco Prime
Network
Registrar 9.1, Linux and Windows installer provide an option to prompt for web service port, by default same as the web UI port. This
will be prompted only if web services feature is enabled. For a new installation, default value of the web service port will
be same as the default value for web UI port or the newly input web UI port. For subsequent installations, the port values
will be picked from the conf files.
|
Caution
|
Many distributions of Red Hat and CentOS Linux come with a firewall and connection tracking installed and enabled by default.
Running a stateful firewall on the same OS and DNS will cause a significant decrease in server performance. Cisco strongly
recommends NOT to use a firewall on the DNS server's operating system. If disabling the firewall is not possible, then connection tracking
of DNS traffic MUST be disabled. For more information, see the "DNS Performance and Firewall Connection Tracking" section in the
Cisco Prime Network Registrar 10.1 Administration Guide.
|
|
Step 2 |
Download and install JRE 1.8, or the equivalent JDK, if you have not already done so. These are available at the Oracle website.
Note
|
On Windows, add the full path of the bin subdirectory of your Java installation folder to your PATH environment variable;
for example, C:\Program Files (x86)\Java\jdk1.8\bin.
|
|
Step 3 |
If you are not configuring secure login to the web UI, skip to Step 4. If you are configuring secure login, you must create a keystore file by using the Java keytool utility, which is located in the bin subdirectory of the Java installation (see Step 2). Use the utility to define a self-signed certificate, or to request and later import a certificate from an external signing
authority:
-
To create a keystore file containing a self-signed certificate, run this command and respond to the prompts:
> keytool -genkey -alias tomcat -keyalg RSA -keystore k-file
Enter keystore password: password
What is your first and last name? [Unknown]: name
What is the name of your organizational unit? [Unknown]: org-unit
What is the name of your organization? [Unknown]: org-name
What is the name of your City or Locality? [Unknown]: local
What is the name of your State or Province? [Unknown]: state
What is the two-letter country code for this unit? [Unknown]: cc
Is CN=name, OU=org-unit, O=org-name, L=local, ST=state, C=cc correct? [no]: yes
Enter key password for <tomcat> (RETURN if same as keystore password):
The keystore filename (k-file) is its fully qualified path. You will be entering the keystore path and password in Step 17.
-
To create a Certificate Signing Request (CSR) that you will submit to the Certificate Authority (CA) when you request a certificate,
create the keystore file as in the previous substep, then execute this command:
> keytool -certreq -keyalg RSA -alias tomcat -file certreq.cer -keystore k-file
Submit the resulting certreq.cer file to the CA. Once you receive the certificate from the CA, first download the Chain Certificate
from the CA, then import the Chain Certificate and your new Certificate into the keystore file, as follows:
> keytool -import -alias root -keystore k-file -trustcacerts -file chain-cert-file
> keytool -import -alias tomcat -keystore k-file -trustcacerts -file new-cert-file
For details on the keytool utility, see the documentation at the Java website of Oracle. For details on the keystore file and Tomcat, see the documentation at the website of the Apache Software Foundation.
Caution
|
The Cisco Prime
Network
Registrar installation program for Windows does not try to modify ACLs to restrict access to the installed files and directories. If
you want to restrict access to these files and directories, use the native Microsoft utilities to manually change file and
directory permissions. See Modifying ACLs in Windows Installations.
|
|
Step 4 |
Download the distribution file from
Cisco.com, if needed. Then:
-
Windows—The cpnr_version-windows.exe file is a self-extracting
executable file that places the setup file and other files in the
directory where you run it. (If you are not configured for
Autostart, run the setup.exe file in that directory.) The Welcome to
Cisco Prime
Network
Registrar window appears.
Click Next. The second welcome window introduces the setup
program and reminds you to exit all current programs, including
virus scanning software. If any programs are running, click
Cancel, close these programs, and return to the start of
Step 4. If you already exited all programs, click
Next.
-
Linux—Be sure that the gzip and gtar utilities are
available to uncompress and unpack the Cisco Prime
Network
Registrar installation files. See the GNU organization website for
information on these utilities. Do the following:
-
Download the distribution file from Cisco.com, if needed.
-
Navigate to a directory in which you want to uncompress and
extract the installation files. It can be the same directory
into which the distribution was downloaded.
-
Uncompress and unpack the .gtar.gz file. Use gtar
with the -z option:
gtar -zxpf cpnr_10_1-linux-x86_64.gtar.gz
The command creates the cpnr_10_1 directory
into which the Cisco Prime
Network
Registrar installation files are extracted.
-
Run
the install_cnr script as follows:
# ./cpnr_10_1/Linux/install_cnr
The installation script does some checks to assure you are
using a supported operating system version and that the
required packages are installed, and will report if there
are any issues and stop the installation.
|
Step 5 |
Specify whether you want to install Cisco Prime
Network
Registrar in the local or regional cluster mode:
Note
|
Since a regional server is required for license management, install the regional server first so that you can register the
local to the regional. If you face any problem with synchronizing the regional cluster to the local cluster after registration,
unset and set the password on the regional cluster, and sync again.
|
Tip
|
Include a network time service in your configuration to avoid time differences between the local and regional clusters. This
method ensures that the aggregated data at the regional server appears consistently. The maximum allowable time drift between
the regional and local clusters is five minutes. If the time skew exceeds five minutes, then the installation process will
not be able to correctly register the server with the regional. In this case, unset and set the password on the regional cluster,
and sync again.
|
-
Windows—Keep the default Cisco Prime
Network
Registrar Local or choose Cisco Prime
Network
Registrar Regional. Click Next. The Select Program Folder appears, where you determine the program folder in which to store the program shortcuts in the
Start menu. Accept the default, enter another name, or choose a name from the Existing Folders list. Click Next.
-
Linux—Enter 1 for a local, or 2 for regional. For a new installation, the default is 1. For an upgrade, the default depends on what was previously installed.
|
Step 6 |
On Linux, specify if you want to run Cisco Prime
Network
Registrar Local Server Agent as a non-root nradmin user. If you choose to run Cisco Prime Network Registrar for a non-root user, a user nradmin is created with the requisite privileges to run the Cisco Prime Network Registrar services. When running Cisco Prime
Network
Registrar as a non-root user (nradmin), some changes occur in the CLI operation of the product . Though it is still possible to run as root, it is not recommended.
Instead, create regular Linux users and add them to the nradmin group. Users in this group will have full access to the Cisco Prime Network Registrar files. To start and stop Cisco Prime
Network
Registrar, these users may use the new cnr_service program which is in install-path/bin/cnr_service).
Note
|
The root user is only needed for installation and uninstallation.
|
|
Step 7 |
Note these
Cisco Prime
Network
Registrar
installation default directories and make any appropriate changes to meet your
needs:
Note
|
An installation directory path with spaces is not supported on Windows (except for system directories, such as "Program Files").
|
Note
|
If you are upgrading, the upgrade process autodetects the installation directory from the previous release.
|
Windows default
locations:
Caution
|
Do not
specify the
\Program
Files (x86) or \Program Files or \ProgramData for the location of the
Cisco Prime
Network
Registrar
data, logs, and temporary files. If you do this, the behavior of
Cisco Prime
Network
Registrar
may be unpredictable because of Windows security.
|
-
Local
cluster
-
Program files—C:\Program Files (x86)\Network Registrar\Local
-
Data files—C:\NetworkRegistrar\Local\data
-
Log
files—C:\NetworkRegistrar\Local\logs
-
Temporary files—C:\NetworkRegistrar\Local\temp
-
Regional cluster
-
Program files—C:\Program Files (x86)\Network Registrar\Regional
-
Data files—C:\NetworkRegistrar\Regional\data
-
Log
files—C:\NetworkRegistrar\Regional\logs
-
Temporary files—C:\NetworkRegistrar\Regional\temp
Linux default
locations:
-
Local
cluster
-
Program files—/opt/nwreg2/local
-
Data files—/var/nwreg2/local/data
-
Log files—/var/nwreg2/local/logs
-
Temporary files—/var/nwreg2/local/temp
-
Regional cluster
-
Program files—/opt/nwreg2/regional
-
Data files—/var/nwreg2/regional/data
-
Log files—/var/nwreg2/regional/logs
-
Temporary files—/var/nwreg2/regional/temp
|
Step 8 |
If there are
no defined administrators, create an administrator by providing the username
and password. You have to confirm the password entered.
If you are
installing a regional, continue; else go to
Step
10.
|
Step 9 |
Enter the
filename, as an absolute path, for your base license (see
License Files).
Note
|
Ensure
that you use the absolute path and not a relative path for your base license as
there are chances that there might be changes to the default path from what you
started the install with.
|
Entering
the filename during installation is optional. However, if you do not enter the
filename now, you must enter it when you first log into the web UI or CLI.
Note
|
If you install Cisco Prime
Network
Registrar using a Remote Desktop Connection to the Windows Server, you will not be able to enter the license information during the
installation. Cisco Prime
Network
Registrar will reject the licenses as invalid. You must therefore skip the license information step, and add the license after the
installation completes, using either the web UI or CLI. See Starting Cisco Prime Network Registrar for details.
|
|
Step 10 |
Register
the local to the regional by providing the regional IPv4 or IPv6 address and
SCP port.
After the
local is registered to the regional, it can provide those services for which
the licenses are present in the regional.
Note
|
If you
face any problem synchronizing the regional cluster to the local cluster after
registration, unset and set the password on the regional cluster, and sync
again. This can happen due to time skew of more than five minutes between local
and regional clusters.
|
Include a
network time service in your configuration to avoid time differences between
the local and regional clusters. This method ensures that the aggregated data
at the regional server appears consistently. The maximum allowable time drift
between the regional and local clusters is five minutes. If the time skew
exceeds five minutes, then the installation process will not be able to
correctly register the server with the regional. In this case, unset and set
the password on the regional cluster, and sync again.
|
Step 11 |
After you
register local to the regional, you can select the required services from the
licensed services.
Note
|
If a
service is not selected, upgrade process will use the existing configuration.
To remove a service wait until the upgrade process is completed.
|
|
Step 12 |
Choose whether to archive the existing binaries and database in case this installation does not succeed. The default and
recommended choice is Yes or y:
If you choose to archive the files, specify the archive directory. The default directories are:
-
Windows—Local cluster (C:\NetworkRegistrar\Local.sav); Regional cluster (C:\NetworkRegistrar\Regional.sav). Click Next.
-
Linux—Local cluster (/opt/nwreg2/local.sav); Regional cluster (/opt/nwreg2/regional.sav).
|
Step 13 |
Choose the appropriate installation type: server and client (the default), or client-only:
-
Windows—Choose Both server and client (default) or Client only. Click Next. The Select Port window appears.
-
Linux—Entering 1 installs the server and client (the default), or 2 installs the client only.
Note
|
Choose Client only in a situation where you want the client software running on a different machine than the protocol servers. Be aware that
you must then set up a connection to the protocol servers from the client.
|
|
Step 14 |
Enter CCM
management SCP port number that the server agent uses for internal
communication between servers. The default value is 1234 for local cluster and
1244 for regional cluster.
|
Step 15 |
Enter the location of JRE 1.8 or JDK selected in Step 2. (The installation or upgrade process tries to detect the location.):
-
Windows—A dialog box reminds you of the Java requirements. Click OK and then choose the default Java directory or another one. Click OK. The Select Connection Type window appears.
-
Linux—Enter the Java installation location.
Note
|
Do not include the bin subdirectory in the path. If you install a new Java version or change its location, rerun the Cisco Prime
Network
Registrar installer then specify the new location in this step.
|
|
Step 16 |
Choose whether to enable the web UI to use a Non-secure (HTTP) or Secure (HTTPS) connection for web UI logins:
-
Windows—Choose Non-secure (HTTP) only, Secure (HTTPS) only (default), or Both HTTP and HTTPS.
-
Linux—Enter 1 for Non-secure (HTTP) only, 2 for Secure (HTTPS) only (default), or 3 for both HTTP and HTTPS.
Enabling the secure HTTPS port configures security for connecting to the Apache Tomcat web server (see Step 3 for configuration). (To change the connection type, rerun the installer, and then make a different choice at this step.)
-
If you choose HTTPS, or HTTP and HTTPS, click Next and continue with Step 17.
-
If you choose HTTP connection, click Next, and go to Step 18.
|
Step 17 |
If you
enabled HTTPS web UI connectivity, you are prompted for the location of the
necessary keystore and keystore files:
-
For the
keystore location, specify the fully qualified path to the keystore file that
contains the certificate(s) to be used for the secure connection to the Apache
Tomcat web server. This is the keystore file that you created in
Step
3.
-
For the
keystore password, specify the password given when creating the keystore file.
On Windows, click
Next.
Caution
|
Do not
include a dollar sign ($) in the keystore password as it will result in an
invalid configuration on the Apache Tomcat web server.
|
Note
|
From Cisco Prime Network Registrar 10.1 onwards, the keystore password is encrypted by default. If you want to change the
keystore password later, you can use the plain text password. However, for better security, you should use the encrypt script
present in the install-path/usrbin directory to generate the encrypted password. This encrypted password should be updated in server.xml. After making
the change, you must restart Cisco Prime Network Registrar.
|
|
Step 18 |
Enter a port number for the web UI connection. The defaults are:
|
Step 19 |
Choose
Yes if
you want to enable the
Cisco Prime
Network
Registrar
web services.
|
Step 20 |
Enter a port
number for the web service connection. The defaults are:
Note
|
For Web services user have an option to enter a different port number.
|
|
Step 21 |
Select the security mode to be configured. Required. Fail if the connection cannot be secured. is selected by default. Click Next.
|
Step 22 |
If you are installing a regional, select Yes to enable the BYOD service.
The Cisco Prime
Network
Registrar installation process begins. Status messages report that the installer is transferring files and running scripts. This process
may take a few minutes.
-
Windows—The Setup Complete window appears. Choose Yes, I want to restart my computer now or No, I will restart my computer later, and then click Finish.
-
Linux—Successful completion messages appear.
Note
|
When you upgrade Cisco Prime
Network
Registrar, the upgrade process takes place during the installation. Therefore, the installation and upgrade processes take a longer
time depending on the number of scopes, prefixes, and reservations that you have configured.
|
|
Step 23 |
Verify the status of the Cisco Prime
Network
Registrar servers:
-
Windows—In the Services control panel, verify that the Cisco Prime
Network
Registrar Local Server Agent or Cisco Prime
Network
Registrar Regional Server Agent is running after rebooting the system when the installation has completed successfully.
-
Linux—Use the install-path/usrbin/cnr_status command to verify the status. See Starting and Stopping Servers.
If the upgrade fails, you can revert to the earlier Cisco Prime
Network
Registrar version. For details about reverting to the earlier version, see the Reverting to an Earlier Product Version.
|