WAE Design Floating License Server

This section contains the following topics:

About FlexNet Publisher Licenses

The FlexNet Publisher license server must be set up if WAE Design users are to use floating licenses. Using this server, you can control access to the licenses, monitor who has them checked out, and check log activity.

The FlexNet Publisher license server has two interfaces. One is a CLI, which requires that you start an lmgrd daemon so all users can access the floating licenses. The other is a web UI, where you must install and configure an lmadmin tool. Best practice is to use only one or the other interface (CLI or web) to administer the license server.

  • For information about FlexNet Publisher and for more details on all FlexNet Publisher CLI commands and GUI, refer to the FlexNet Publisher License Administration Guide (FlexLM_EndUser_LicAdmin.pdf). This is located in $CARIDEN_HOME/docs, which by default is /opt/cariden/software/mate/current/docs. This section includes some FlexNet Publisher instructions for both the CLI and GUI that could change without Cisco’s knowledge.

  • All instructions and examples assume you used /opt/cariden as the default installation directory. If you did not, substitute your installation directory for /opt/cariden.

  • Throughout this section, bin is /opt/cariden/software/flexlm/current/bin.

Prerequisites

  • You must have the required packages installed. For a list of package dependencies, see the “Installation Requirements” chapter in the Cisco WAE Installation Guide.

  • You must have a WAE Design floating license installed on the same device or VM as the FlexNet Publisher floating license server, which means you must have WAE Design installed. Contact your Cisco representative for this license, and see License Installation to install this license.

Pre-Installation

Procedure

Note 

If you are installing the FlexNet Publisher license server on a different Linux device than the one on which a WAE server installation resides, complete Step 1 to Step 4. Otherwise, skip to Step 5. Follow all steps on the device where the FlexNet Publisher license server resides.

If you are installing the FlexNet Publisher license server on a different Linux device than the one on which a WAE server installation resides, complete Step 1 to Step 4. Otherwise, skip to Step 5. Follow all steps on the device where the FlexNet Publisher license server resides.
Step 1

Log in to the FlexNet Publisher license server as root or as a user with administrative capabilities.
Step 2

Create a lowercase, alphanumeric username where the first letter is an alphabetical character.

/usr/sbin/useradd <username>
Step 3

Set a password.

passwd <username>
Step 4

Create an installation directory that has root privileges. The best practice is to use the default installation directory, which is /opt/cariden. 

cd ~/
mkdir -p /opt/cariden
Step 5

Change the owner of the installation directory to the newly created user.

chown <username> /opt/cariden
Step 6

Verify that there are no local firewalls blocking the services. For a list of ports used, see Configure License Server Ports and the “Installation Requirements” chapter in the Cisco WAE Installation Guide.

The following example shows how to disable the iptables firewall as root:
service iptables save
service iptables stop
sudo chkconfig iptables off
Step 7

Check if the redhat-lsb (Linux Standards Base) package is installed. This package is required to run the FlexLM license server. 

yum list installed | greb redhat-lsb

If it is not there, install it.

yum install redhat-lsb-4.0-7.el6.centos.x86_64
(choose repo for your distribution).
Step 8

If you already have a license server installed and running, enter one of the following commands to stop it gracefully:

bin/lmdown -c <license_file>
bin/lmdowm -all
If the server is distributing borrowed licenses, enter one of the following commands:
bin/lmdown -c <license_file> -force
bin/lmdowm -all -force
Step 9

Download the License Server Software package from the Cisco WAE Automation software download site. You must download a new license package regardless of whether this is an upgrade or a new installation.

Step 10

The WAE Design license file’s SERVER statement must be the same hostname as the output from the hostname CLI command.

  1. Determine the hostname.

    hostname

  2. Edit the /etc/sysconfig/network file to include the hostname returned in the preceding step.

    HOSTNAME=<hostname>
Step 11

Ensure the /etc/hosts file on the client devices contains the same hostname as identified in Step 4. (Client devices are the devices that will be checking the licenses in and out of the server.)

Install License Server

Before you begin

Confirm that you have the Cisco WAE License Server installer package (WAE_License_Server-3.0-Linux-x86_64.sh) downloaded from the WAE Automation Software Download site.

Procedure

The installer runs /lmadmin-i86_lsb-11_11_1_1.bin from the installed folder ( /opt/cariden/software/wae-license-server ).

The installer runs /lmadmin-i86_lsb-11_11_1_1.bin from the installed folder ( /opt/cariden/software/wae-license-server ).
Step 1

If you want to run the license server web UI, run /lmadmin-i86_lsb-11_11_1_1.bin from the /opt/cariden/software/wae-license-server/bin directory.

Step 2

Although the default is to install lmadmin into /opt/FNPLicenseServerManager, the best practice is to install it into /opt/cariden/software/flexlm/current/web.

chmod 755./<lmadmin_package>.bin;./<lmadmin_package>.bin

Configure License Server Ports

To check out or borrow a floating license, client devices must establish two TCP connections to the license server. One connection is to the floating license server daemon. Unless otherwise configured, this daemon listens on the first available port in the range of 27000 and 27009. The other connection is to the Cisco daemon, which the license server randomly selects from the ephemeral range (which often ranges from 49152 to 65535).

Procedure

If firewall policies block the above ports, you can change the ports by adding the port information to the floating license server’s license file. By default, the file contains the following information: 

SERVER <hostname> <MAC address>
VENDOR Cisco

Modify the preceding lines as follows to change the ports that these daemons use.

Port Type

Syntax

Example

Server daemon

SERVER <hostname> <MAC address> <port>

SERVER Centos10 525400232200 5053

Cisco daemon

VENDOR cisco PORT= <port>

VENDOR cisco PORT=27010

Start License Server


Note

The following instructions are for using either the CLI or license web server, but not both. The recommended practice is to install and use one or the other.

To start the license server, you must have access to its license file, which is not the same as the WAE license. Download the floating license server file (.lic extension) to a directory of your choice on the device where the license server will be installed. The best practice is to put it in /opt/cariden/etc.

To start the CLI server daemon (lmgrd) and specify the lmgrd log file name and location, enter the following from /opt/cariden/software/flexlm/current/bin:
./lmgrd -c <license_filename> -l <log_path_filename>.log

To start the license server using the web UI:

Procedure

Step 1

Create a backup of the Cisco daemon file so that it can be easily restored in case of failure.

.cp /opt/cariden/software/flexlm/current/bin/cisco /opt/cariden/software/flexlm/current/bin/cisco.bak
Step 2

Copy the Cisco daemon files to the flexlm/web directory.

cp /opt/cariden/software/flexlm/current/bin/cisco
/opt/cariden/software/flexlm/web/cisco
Step 3

Configure the following parameters from the /opt/cariden/software/flexlm/web directory. For more information, see lmadmin -help.

  1. By default, the lmadmin server has a user named “admin” with a password of “admin.” If needed, add another user to this lmadmin server. 

    ./lmadmin -useradd <username> - pass <password>
  2. Import the WAE Design license file that was installed.
    ./lmadmin -import <path>/<license_filename>
    For example:
    lmadmin -import ~/.cariden/etc/MATE_Floating.lic

  3. Start the lmadmin process with its default settings.
Step 4

Start the license server web UI, which by default uses a non-secure port of 8090. By entering the following in a web browser, you are redirected to the secure port. 

http:<server_hostname>:8091
Step 5

Click the Administration link, and log in using the an administrative username and password. Both have a default of “admin.”
Step 6

Click the Vendor Daemon Configuration tab, click the Administer link, and then click Start.

Post-Installation

Log Files

By default, the lmadmin logs are in /opt/cariden/software/flexlm/web/logs.

The lmgrd log files are located wherever you specified the <log_path_filename> .log when starting the lmgrd daemon ( lmgrd -l <log_path_filename> .log ).

Verify Ports

To verify the ports, you can use any of several methods, as follows:

Procedure

Step 1

Verify the license server daemon port is running. For example, you can telnet to this port to verify that it is running:

telnet <license_server_IP_address> <license_server_daemon_port>

For example:

telnet 127.0.0.1 27000
Step 2

Verify the license server is listening to the specified port.

For example:

netstat -a | egrep '27000[0-9]'

tcp

0

0

* :27000

*.*

LISTEN

tcp

0

0

localhost:48245

localhost:27000

ESTABLISHED

tcp

0

0

localhost:27000

localhost:48245

ESTABLISHED
Step 3

View the lmgrd log file, which indicates on which ports the license server and Cisco daemons are listening.

For example:

13:00:14 (lmgrd) lmgrd tcp-port 27001
13:00:14 (lmgrd) cisco using TCP-port 42207
Step 4

For lmadmin, go to the admin page.

  • To verify the server daemon’s port, choose Administration > Server Configuration > License Server Configuration.

  • To verify the Cisco daemon’s port, choose Administration > Server Configuration > Vendor Daemon Configuration.

Distribute Information to Clients

Either distribute the same floating .lic file that you installed to all WAE Design users who need it, or give them both the MAC address and hostname for the license server. Having users install licenses via the MAC address and port is the recommended practice since it eases administration.

After end users install the floating license once, the license is automatically validated from the server each time the user opens the WAE Design GUI or runs the CLI tools.

Set Up Access Control List for Web Server

If you are using the web server to administer licenses, you can set up an access control list. This is optional, but doing so can improve the security of who can access the web server, as well as give you an easily maintainable list of license users. To do this, you need to know the user ID for all users who are checking out licenses from the license server. The user ID is what they use to log in to their operating systems.

Procedure

Step 1

Create and open a file named cisco.opt in /opt/cariden/software/flexlm/current/bin.
Step 2

Create groups to make it easier and faster to configure inclusions and exclusions. You can then use these groups, rather than specifying individual users. 

GROUP group_name user_name1 user_name2 user_username3..

Example: The group name is akdevops, and each name following it is a user. 

GROUP akdevops theresa lone loretta byron patrick sharon
Step 3

For each user or group that you want to grant license access, add an INCLUDEALL line. 

INCLUDEALL type {user_name | group_name}

Example:

INCLUDEALL GROUP akdevops
INCLUDEALL USER gbd456
INCLUDEALL USER odd789
Step 4

For each user or group you want to exclude from accessing the license server, add an EXCLUDEALL USER line. 

EXCLUDEALL type {user_name | group_name}

Example:

EXCLUDEALL GROUP region_fea
EXCLUDEALL USER rgu456
EXCLUDEALL USER ilt789
Step 5

Save the file.

Configure Borrowing Parameters


Note

If you have a floating license that was generated prior to May 2015, you must acquire a new one to enable borrow licenses.

Procedure

Step 1

Configure the /opt/cariden/bin/cisco.opt file to define who is permitted to borrow licenses.

Anyone not in an INCLUDE_BORROW statement is not permitted to borrow licenses. Thus, it is easier to use groups that user names. The inclusion format is as follows. You must specify a line item for each feature. For a list of these features, use the license_check tool.
INCLUDE_BORROW feature type {user_name | group_name}
Example:
INCLUDE_BORROW MD_Layer1 USER ohara
INCLUDE_BORROW MD_SegmentRouting GROUP akdevops
Step 2

You can refine this INCLUDE_BORROW list by excluding users. The EXCLUDE_BORROW has precedence over the INCLUDE_BORROW statements such that if a user or group is identified in both lists, that user or group will be excluded as specified. 

EXCLUDE_BORROW feature type {user | group_name}
Example:
EXCLUDE_BORROW MD_VPN USER diana
EXCLUDE_BORROW MD_BGP GROUP acme
Step 3

(Optional) Specify the number of licenses for a feature that cannot be borrowed. This is useful for ensuring that users who need to check out licenses will have them available. 

BORROW_LOWWATER feature number
Example: Save 23 MD_Sim licenses for use by those who are not borrowing licenses.
BORROW_LOWWATER MD_Sim 23

Verify Licenses in Use

Use the lmstat command to summarize how many licenses are in the original license file and how many are in use.
lmstat -a

The results show how many licenses are checked out and borrowed. The output contains *_Users entries and entries for each feature. The *_Users is determined by the users who have access to the license. Each feature lists a set of licenses checked out for that feature.

Example:
Users of MD_Users: (Total of 300 licenses issued; Total of 295 licenses in use)
“MD_Users” v5, vendor:cisco
Checked-out licenses are only displayed for *_Users, whereas borrowed licenses are shown for *_Users, as well as for individual features. The output uses the following format, where <time> is the time at which the license was checked out or borrowed. The <license_handle> is a unique ID for the license. If a user has the same license checked out twice, for example, each instance has a unique <license_handle> .
<feature> <version> <vendor>
<username> <user_hostname> <display> (<license>/<port> 
<license_handle>) <time>
Example of a checked-out license:
dusan md1 /dev/pts/0 (v5) (matelic.cisco.com/27000 37337), start Wed 5/20 11:50
Licenses that are borrowed are listed with a (linger: #) notation, where # is the number of seconds for which the license is borrowed.
<username> <user_hostname> <display> (<license>/<port> <license_handle>) <time> <linger>
Example of a borrowed license:
obi obi-mbpr /dev/pts/18 (v5) (matelic.cisco.com/27000 18848), start Fri 5/8 16:26 (linger: 2532780)

Reclaim Unused Licenses

You can reclaim licenses that have been checked out or borrowed. This feature is useful when a license remains idle, such as when an employee is on vacation or accidentally has the license running on two devices.

Reclaiming licenses is only valid through the CLI lmremove command.

Use the lmstat -a command described in Verify Licenses in Use to identify the required inputs to the lmremove command.