Step 1 |
Log into the target machine using an account that has administrative privileges:
Windows—Close all open applications, including any antivirus software.
Note
|
From Cisco Prime
Network
Registrar 10.0, Linux and Windows installer provide an option to prompt for web service port, by default same as the web UI port. This
will be prompted only if web services feature is enabled. For a new installation, default value of the web service port will
be same as the default value for web UI port or the newly input web UI port. For subsequent installations, the port values
will be picked from the conf files.
|
Caution
|
Many distributions of Redhat and CentOS Linux come with a firewall and connection tracking installed and enabled by default.
Running a stateful firewall on the same OS and DNS will cause a significant decrease in server performance. Cisco strongly
recommends NOT to use a firewall on the DNS server's operating system. If disabling the firewall is not possible, then connection tracking
of DNS traffic MUST be disabled. For more information, see the "DNS Performance and Firewall Connection Tracking" section in Cisco Prime Network Registrar 10.0 Administration Guide.
|
|
Step 2 |
Download and install the Java Runtime Environment (JRE) 1.7/1.8, or the equivalent Java Development Kit (JDK), if you have
not already done so. These are available from the Oracle website.
Note
|
On Windows, add the full path of the bin subdirectory of your Java installation folder to your PATH environment variable;
for example, C:\Program Files (x86)\Java\jdk1.7\bin.
|
|
Step 3 |
If you are not configuring secure login to the web UI, skip to Step 4. If you are configuring secure login, you must create a keystore file by using the Java keytool utility, which is located in the bin subdirectory of the Java installation (see Step 2). Use the utility to define a self-signed certificate, or to request and later import a certificate from an external signing
authority:
-
To create a keystore file containing a self-signed certificate, run this command and respond to the prompts:
> keytool -genkey -alias tomcat -keyalg RSA -keystore k-file
Enter keystore password: password
What is your first and last name? [Unknown]: name
What is the name of your organizational unit? [Unknown]: org-unit
What is the name of your organization? [Unknown]: org-name
What is the name of your City or Locality? [Unknown]: local
What is the name of your State or Province? [Unknown]: state
What is the two-letter country code for this unit? [Unknown]: cc
Is CN=name, OU=org-unit, O=org-name, L=local, ST=state, C=cc correct? [no]: yes
Enter key password for <tomcat> (RETURN if same as keystore password):
The keystore filename (k-file) is its fully qualified path. You will be entering the keystore path and password in Step 16.
-
To create a Certificate Signing Request (CSR) that you will submit to the Certificate Authority (CA) when you request a certificate,
create the keystore file as in the previous substep, then execute this command:
> keytool -certreq -keyalg RSA -alias tomcat -file certreq.cer -keystore k-file
Submit the resulting certreq.cer file to the CA. Once you receive the certificate from the CA, first download the Chain Certificate
from the CA, then import the Chain Certificate and your new Certificate into the keystore file, as follows:
> keytool -import -alias root -keystore k-file -trustcacerts -file chain-cert-file
> keytool -import -alias tomcat -keystore k-file -trustcacerts -file new-cert-file
For details on the keytool utility, see the documentation at the Java website of Oracle. For details on the keystore file and Tomcat, see the documentation at the website of the Apache Software Foundation.
Caution
|
The Cisco Prime
Network
Registrar installation program for Windows does not try to modify ACLs to restrict access to the installed files and directories. If
you want to restrict access to these files and directories, use the native Microsoft utilities to manually change file and
directory permissions. See Modifying ACLs in Windows Installations .
|
|
Step 4 |
Load the installation CD, or browse to the network resource where the Cisco Prime
Network
Registrar software is located. If you download a distribution file from the Cisco website, run it from a different directory than where
you will install Cisco Prime
Network
Registrar.
-
Windows—The cpnr_version-windows.exe file is a self-extracting executable file that places the setup file and other files in the directory where you
run it. (If you are not configured for Autostart, run the setup.exe file in that directory.) The Welcome to Cisco Prime
Network
Registrar window appears.
Click Next. The second welcome window introduces the setup program and reminds you to exit all current programs, including virus scanning
software. If any programs are running, click Cancel, close these programs, and return to the start of Step 4. If you already exited all programs, click Next.
-
Linux—Be sure that the gzip and gtar utilities are available to uncompress and unpack the Cisco Prime
Network
Registrar installation files. See the GNU organization website for information on these utilities. Do the following:
-
Download the distribution file.
-
Navigate to the directory in which you will uncompress and extract the installation files.
-
Uncompress and unpack the .gtar.gz file. Use gtar with the -z option:
gtar -zxpf cpnr_10_0-linux-x86_64.gtar.gz
or
gtar -zxpf cpnr_10_0-linux-i686.gtar.gz
To unpack the .gtar file that gunzip already uncompressed, omit the -z option: gtar -xpf cpnr_10_0-linux5.gtar
The command creates the cpnr_10_0 directory into which the Cisco Prime
Network
Registrar installation files are extracted.
-
Run the following command or program:
-
Linux—Run the install_cnr script from the directory containing the installation files:
# ./install_cnr
The install-path is the CD-ROM directory that contains the installation files or the directory that contains the extracted
Cisco Prime
Network
Registrar installation files, if they were downloaded electronically.
|
Step 5 |
Specify whether you want to install Cisco Prime
Network
Registrar in the local or regional cluster mode:
Note
|
Since a regional server is required for license management, install the regional server first so that you can register the
local to the regional. If you face any problem with synchronizing the regional cluster to the local cluster after registration,
unset and set the password on the regional cluster, and sync again.
|
Tip
|
Include a network time service in your configuration to avoid time differences between the local and regional clusters. This
method ensures that the aggregated data at the regional server appears consistently. The maximum allowable time drift between
the regional and local clusters is five minutes. If the time skew exceeds five minutes, then the installation process will
not be able to correctly register the server with the regional. In this case, unset and set the password on the regional cluster,
and sync again.
|
-
Windows—Keep the default Cisco Prime
Network
Registrar Local or choose Cisco Prime
Network
Registrar Regional. Click Next. The Select Program Folder appears, where you determine the program folder in which to store the program shortcuts in the
Start menu. Accept the default, enter another name, or choose a name from the Existing Folders list. Click Next.
-
Linux—Enter 1 for a local, or 2 for regional. The default mode is 1.
|
Step 6 |
On Linux,
specify if you want to run
Cisco Prime
Network
Registrar
Local Server Agent as a non-root
nradmin
user. If you choose to run Cisco Prime
Network Registrar for a non-root user, a user
nradmin
is created with the requisite privileges to run the Cisco Prime
Network Registrar services. When running
Cisco Prime
Network
Registrar
as a non-root user
(nradmin), some changes occur in the CLI operation of the
product . Though it is still possible to run as root, it is not recommended.
Instead, create regular Linux users and add them to the nradmin group. Users
in this group will have full access to the Cisco Prime
Network Registrar files. To start and stop
Cisco Prime
Network
Registrar,
these users may use the new ‘cnr_service program
in the path which is in <install directory>/bin/cnr_service).
Note
|
The root
user is only needed for installation and uninstallation.
|
|
Step 7 |
Note these
Cisco Prime
Network
Registrar
installation default directories and make any appropriate changes to meet your
needs:
Note
|
An installation directory path with spaces (except on Windows for system directories, such as "Program Files") is not supported.
|
Note
|
If you are upgrading, the upgrade process autodetects the installation directory from the previous release.
|
Windows default
locations:
Caution
|
Do not
specify the
\Program
Files (x86) or \Program Files or \ProgramData for the location of the
Cisco Prime
Network
Registrar
data, logs, and temporary files. If you do this, the behavior of
Cisco Prime
Network
Registrar
may be unpredictable because of Windows security.
|
-
Local
cluster
-
Program files—C:\Program Files (x86)\Network Registrar\Local
-
Data files—C:\NetworkRegistrar\Local\data
-
Log
files—C:\NetworkRegistrar\Local\logs
-
Temporary files—C:\NetworkRegistrar\Local\temp
-
Regional cluster
-
Program files—C:\Program Files (x86)\Network Registrar\Regional
-
Data files—C:\NetworkRegistrar\Regional\data
-
Log
files—C:\NetworkRegistrar\Regional\logs
-
Temporary files—C:\NetworkRegistrar\Regional\temp
Linux default
locations:
-
Local
cluster
-
Program files— /opt/nwreg2/local
-
Data files— /var/nwreg2/local/data
-
Log
files— /var/nwreg2/local/logs
-
Temporary files— /var/nwreg2/local/temp
-
Regional cluster
-
Program files— /opt/nwreg2/regional
-
Data files— /var/nwreg2/regional/data
-
Log
files— /var/nwreg2/regional/logs
-
Temporary files— /var/nwreg2/regional/temp
|
Step 8 |
If there are
no defined administrators, create an administrator by providing the username
and password. You have to confirm the password entered.
If you are
installing a regional, continue; else go to
Step
10.
|
Step 9 |
Enter the
filename, as an absolute path, for your base license (see
License Files).
Note
|
Ensure
that you use the absolute path and not a relative path for your base license as
there are chances that there might be changes to the default path from what you
started the install with.
|
Entering
the filename during installation is optional. However, if you do not enter the
filename now, you must enter it when you first log into the web UI or CLI.
Note
|
If you install Cisco Prime
Network
Registrar using a Remote Desktop Connection to the Windows Server, you will not be able to enter the license information during the
installation. Cisco Prime
Network
Registrar will reject the licenses as invalid. You must therefore skip the license information step, and add the license after the
installation completes, using either the web UI or CLI. See Starting Cisco Prime Network Registrar for details.
|
|
Step 10 |
Register
the local to the regional by providing the regional IPv4 or IPv6 address and
SCP port.
After the
local is registered to the regional, it can provide those services for which
the licenses are present in the regional.
Note
|
If you
face any problem synchronizing the regional cluster to the local cluster after
registration, unset and set the password on the regional cluster, and sync
again. This can happen due to time skew of more than five minutes between local
and regional clusters.
|
Include a
network time service in your configuration to avoid time differences between
the local and regional clusters. This method ensures that the aggregated data
at the regional server appears consistently. The maximum allowable time drift
between the regional and local clusters is five minutes. If the time skew
exceeds five minutes, then the installation process will not be able to
correctly register the server with the regional. In this case, unset and set
the password on the regional cluster, and sync again.
|
Step 11 |
After you
register local to the regional, you can select the required services from the
licensed services.
Note
|
If a
service is not selected, upgrade process will use the existing configuration.
To remove a service wait until the upgrade process is completed.
|
|
Step 12 |
Choose whether to archive the existing binaries and database in case this installation does not succeed. The default and
recommended choice is Yes or y:
If you choose to archive the files, specify the archive directory. The default directories are:
-
Windows—Local cluster (C:\NetworkRegistrar\Local.sav); Regional cluster (C:\NetworkRegistrar\Regional.sav). Click Next.
-
Linux—Local cluster (/opt/nwreg2/local.sav); Regional cluster (/opt/nwreg2/regional.sav).
|
Step 13 |
Choose the appropriate installation type: server and client (the default), or client-only:
-
Windows—Choose Both server and client (default) or Client only. Click Next. The Select Port window appears.
-
Linux—Entering 1 installs the server and client (the default), or 2 installs the client only.
Note
|
Choose Client only in a situation where you want the client software running on a different machine than the protocol servers. Be aware that
you must then set up a connection to the protocol servers from the client.
|
|
Step 14 |
Enter CCM
management SCP port number that the server agent uses for internal
communication between servers. The default value is 1234 for local cluster and
1244 for regional cluster.
|
Step 15 |
Enter the location of the Java installation (JRE) 1.7/1.8 or JDK selected in Step 2. (The installation or upgrade process tries to detect the location.):
-
Windows—A dialog box reminds you of the Java requirements. Click OK and then choose the default Java directory or another one. Click OK. The Select Connection Type window appears.
-
Linux—Enter the Java installation location.
Note
|
Do not include the bin subdirectory in the path. If you install a new Java version or change its location, rerun the Cisco Prime
Network
Registrar installer then specify the new location in this step.
|
|
Step 16 |
Choose whether to enable the web UI to use a nonsecure (HTTP) or secure (HTTPS) connection for web UI logins:
-
Windows—Choose Non-secure/HTTP (default), Secure/HTTPS (requires JSSE), or Both HTTP and HTTPS.
-
Linux—Enter 1 for Non-secure/HTTP (default), 2 for Secure/HTTPS (requires JSSE), or 3 for both HTTP and HTTPS.
Enabling the secure HTTPS port configures security for connecting to the Apache Tomcat web server (see Step 3 for configuration). (To change the connection type, rerun the installer, and then make a different choice at this step.)
-
If you choose HTTPS, or HTTP and HTTPS, click Next and continue with Step 17.
-
If you choose the default HTTP connection, click Next, and go to Step 18.
|
Step 17 |
If you
enabled HTTPS web UI connectivity, you are prompted for the location of the
necessary keystore and keystore files:
-
For the
keystore location, specify the fully qualified path to the keystore file that
contains the certificate(s) to be used for the secure connection to the Apache
Tomcat web server. This is the keystore file that you created in
Step
3.
-
For the
keystore password, specify the password given when creating the keystore file.
On Windows, click
Next.
Caution
|
Do not
include a dollar sign ($) in the keystore password as it will result in an
invalid configuration on the Apache Tomcat web server.
|
|
Step 18 |
Enter a port number for the web UI connection. The defaults are:
|
Step 19 |
Choose
Yes if
you want to enable the
Cisco Prime
Network
Registrar
web services.
|
Step 20 |
Enter a port
number for the web service connection. The defaults are:
Note
|
For Web
services user have an option to enter a different port number.
|
|
Step 21 |
Select the
security mode to be configured.
Optional.
Allow fallback to unsecure connection is selected by default. Click
Next.
|
Step 22 |
If you are
installing a regional, select
Yes to
enable BYOD service.
Note
|
Enabling
BYOD service option is available only in Windows and Linux.
|
The Cisco Prime
Network
Registrar installation process begins. Status messages report that the installer is transferring files and running scripts. This process
may take a few minutes:
-
Windows—The Setup Complete window appears. Choose Yes, I want to restart my computer now or No, I will restart my computer later, and then click Finish.
-
Linux—Successful completion messages appear.
Note
|
When you upgrade Cisco Prime
Network
Registrar, the upgrade process takes place during the installation. Therefore, the installation and upgrade processes take a longer
time depending on the number of scopes, prefixes, and reservations that you have configured.
|
|
Step 23 |
Verify the status of the Cisco Prime
Network
Registrar servers:
-
Windows—In the Services control panel, verify that the Cisco Prime
Network
Registrar Local Server Agent or Cisco Prime
Network
Registrar Regional Server Agent is running after rebooting the system when the installation has completed successfully.
-
Linux—Use the install-path/usrbin/cnr_status command to verify status. See Starting and Stopping Servers.
If the upgrade fails, you can revert to the earlier Cisco Prime
Network
Registrar version. For details about reverting to the earlier version, see the Reverting to an Earlier Product Version.
|