Deploying GreenRadius on Amazon Linux 2023

Prerequisites

  • A target machine (x86_64) running Amazon Linux 2023
  • A GreenRADIUS update package (v5.1.6.6 or later)
  • If you have installed firewall software, make sure that it is set up properly to allow incoming connections.
  • SELinux set to "permissive" or "disabled" (this is the default on fresh installations)
  • The docker-compose-override-tz.yml, docker-compose-override.yml, and timezone_handle_for_docker_on_Amazon-Linux-2.sh files from this deployment package

Deployment Instructions

  1. Log in with a user that has sudo access.
  2. Run sudo yum update
  3. Run sudo yum install -y yum-utils device-mapper-persistent-data lvm2
  4. Run sudo yum -y install wget unzip awscli aws-cfn-bootstrap nfs-utils chrony conntrack jq ec2-instance-connect socat
  5. Run sudo yum install curl
  6. Run sudo yum install libxcrypt-compat
  7. Run if sudo yum list installed | grep ec2-net-utils; then sudo yum remove ec2-net-utils -y -q; fi
  8. Run sudo yum -y install docker
  9. Run sudo systemctl enable docker
  10. Run `sudo curl -L "https://github.com/docker/compose/releases/download/1.28.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
  11. Run sudo chmod +x /usr/local/bin/docker-compose
  12. Run sudo yum install unzip
  13. Run wget https://dl.fedoraproject.org/pub/epel/8/Everything/x86_64/Packages/i/incron-0.5.12-12.el8.x86_64.rpm
  14. Run sudo rpm -i incron-0.5.12-12.el8.x86_64.rpm
  15. Run sudo yum install net-tools
  16. Run sudo useradd -d /home/gradmin -m -G wheel -s /bin/bash gradmin
  17. Run sudo passwd gradmin
  18. Run chmod -R 750 /home/gradmin
  19. Run chown -R gradmin:gradmin /home/gradmin
  20. Run sudo su gradmin to assume the permissions of the gradmin user
  21. Run mkdir ~/temp
  22. Run cd ~/temp
  23. Copy the latest GreenRADIUS update package to the /home/gradmin/temp/ directory.
  24. Copy the provided docker-compose.override-tz.yml file to the /home/gradmin/temp/ directory.
  25. Copy the provided docker-compose.override.yml file to the /home/gradmin/temp/ directory.
  26. Copy the provided timezone_handle_for_docker_on_Amazon-Linux-2.sh script to /home/gradmin directory.
  27. Run sudo chmod 750 /home/gradmin/timezone_handle_for_docker_on_Amazon-Linux-2.sh
  28. Run sudo chown gradmin:gradmin /home/gradmin/timezone_handle_for_docker_on_Amazon-Linux-2.sh
  29. Run sudo service docker start
  30. Run sudo unzip GreenRADIUS_xxxx_Update.zip. In this instruction and those following, replace xxxx with the version number for the upgrade package.
  31. Run sudo tar -xvzf GreenRADIUS_xxxx_Update/images.tgz -C .
  32. Run sudo tar -xvzf GreenRADIUS_xxxx_Update/others.tgz -C .
  33. Run sudo mkdir -p /opt/grs/scripts
  34. Run sudo cp others/vm_incron_scripts/* /opt/grs/scripts/
  35. Run cd /opt/grs/scripts && sudo chown root:root *.sh && sudo chmod 511 freeradius_restart.sh get_host_info.sh incron_script.sh openldap_cmd_template_3.sh openldap_restart.sh openldap_update_ca_certificates.sh rsyslog_restart.sh && cd -
  36. Run sudo bash -c "echo 'gradmin ALL=(root) NOPASSWD:/opt/grs/scripts/get_host_info.sh , /opt/grs/scripts/incron_script.sh , /opt/grs/scripts/rsyslog_restart.sh , /opt/grs/scripts/freeradius_restart.sh , /opt/grs/scripts/openldap_restart.sh , /opt/grs/scripts/openldap_update_ca_certificates.sh , /opt/grs/scripts/openldap_cmd_template_3.sh' > /etc/sudoers.d/grs"
  37. Run sudo mkdir -p /opt/grs/host-comm/request
  38. Run sudo mkdir -p /opt/grs/host-comm/response
  39. Run sudo chown -R gradmin:gradmin /opt/grs/host-comm
  40. Run sudo bash -c "echo 'gradmin' > /etc/incron.allow"
  41. Run sudo bash -c "echo '/opt/grs/host-comm/request IN_CLOSE_WRITE sudo /opt/grs/scripts/incron_script.sh \$#' > /var/spool/incron/gradmin"
  42. Run sudo systemctl enable incrond
  43. Run sudo service incrond restart
  44. Run sudo docker load -i images/greenradius_xxxx_init_image
  45. Run sudo docker load -i images/greenradius_xxxx_main_image
  46. Run sudo docker load -i images/greenradius_xxxx_openldap_image
  47. Run sudo docker load -i images/greenradius_xxxx_postgres_image
  48. Run sudo docker load -i images/greenradius_xxxx_rsyslog_image
  49. Run sudo docker load -i images/greenradius_xxxx_freeradius_image
  50. Run sudo docker load -i images/greenradius_xxxx_grs_auth_app_image
  51. Run sudo mkdir -p /home/gradmin/grs-docker-compose
  52. Run sudo cp others/docker-compose.yml /home/gradmin/grs-docker-compose/
  53. Run sudo chmod 750 /home/gradmin/grs-docker-compose/docker-compose.yml
  54. Run sudo chown gradmin:gradmin /home/gradmin/grs-docker-compose/docker- compose.yml
  55. Run sudo cp docker-compose.override-tz.yml /home/gradmin/grs-docker-compose/
  56. Run sudo chmod 750 /home/gradmin/grs-docker-compose/docker-compose.override-tz.yml
  57. Run sudo chown gradmin:gradmin /home/gradmin/grs-docker-compose/docker-compose.override-tz.yml
  58. Run sudo cp docker-compose.override.yml /home/gradmin/grs-docker-compose/
  59. Run sudo chmod 750 /home/gradmin/grs-docker-compose/docker-compose.override.yml
  60. Run sudo chown gradmin:gradmin /home/gradmin/grs-docker-compose/docker-compose.override.yml
  61. Set the proper timezone using the command sudo timedatectl set-timezone <time zone>. You can view a list of valid timezones with sudo timedatectl list-timezones | less.
  62. Run file /etc/timezone
  63. If and only if /etc/timezone exists and is a directory, run sudo rm -rf /etc/timezone
  64. Run sudo touch /etc/timezone
  65. Edit /etc/timezone and enter the value set in step 59.
  66. Run sudo sh /home/gradmin/timezone_handle_for_docker_on_Amazon-Linux-2.sh
  67. Run sudo su -
  68. Run cd /home/gradmin/grs-docker-compose
  69. Run docker-compose -f docker-compose.yml -f docker-compose.override.yml -f docker- compose.override-tz.yml up -d
  70. Run sudo touch /etc/systemd/system/grs-docker-compose-app.service
  71. Edit /etc/systemd/system/grs-docker-compose-app.service and enter the following: 
    # /etc/systemd/system/grs-docker-compose-app.service

[Unit]
Description=Docker Compose Application Service
Requires=docker.service
After=docker.service

[Service]
Type=oneshot
RemainAfterExit=yes
WorkingDirectory=/home/gradmin/grs-docker-compose
ExecStart=/usr/local/bin/docker-compose -f docker-compose.yml -f docker-compose.override.yml -f docker-compose.override-tz.yml up -d
ExecStop=/usr/local/bin/docker-compose down
TimeoutStartSec=0

[Install]
WantedBy=multi-user.target
  72. Save the file.
  73. Run sudo systemctl enable grs-docker-compose-app
  74. Run sudo systemctl start grs-docker-compose-app.service
  75. Run sudo rm -rf /home/gradmin/temp/*

To apply subsequent updates

  1. Copy the update package to the /home/gradmin/temp/ directory.
  2. Log in as gradmin.
  3. Run sudo yum update
  4. Run sudo unzip /home/gradmin/temp/GreenRADIUS_xxxx_Update.zip -d /home/gradmin/temp/. Note that in this command and below, xxxx should be replaced with the current version number.
  5. Run cd /home/gradmin/temp
  6. Run sudo tar -xvzf GreenRADIUS_xxxx_Update/images.tgz -C .
  7. Run sudo tar -xvzf GreenRADIUS_xxxx_Update/others.tgz -C .
  8. Run sudo docker load -i images/greenradius_xxxx_init_image
  9. Run sudo docker load -i images/greenradius_xxxx_main_image
  10. Run sudo docker load -i images/greenradius_xxxx_openldap_image
  11. Run sudo docker load -i images/greenradius_xxxx_postgres_image
  12. Run sudo docker load -i images/greenradius_xxxx_rsyslog_image
  13. Run sudo docker load -i images/greenradius_xxxx_freeradius_image
  14. Run sudo docker load -i images/greenradius_xxxx_grs_auth_app_image
  15. Run cd /home/gradmin/grs-docker-compose
  16. Run sudo docker-compose down
  17. Run sudo cp /home/gradmin/temp/others/docker-compose.yml /home/gradmin/grs-docker-compose/
  18. Run cd /home/gradmin/grs-docker-compose
  19. Run sudo docker-compose -f docker-compose.yml -f docker-compose.override.yml -f docker-compose.override-tz.yml up -d
  20. Run sudo rm -rf /home/gradmin/temp/*

To manually start/stop containers

First, change the directory with cd /home/gradmin/grs-docker-compose/.

To start the container, run sudo docker-compose -f docker-compose.yml -f docker-compose.override.yml -f docker-compose.override-tz.yml up -d.

To stop the container, run sudo docker-compose down.

Updated 2023-10-31
© 2024 Green Rocket Security Inc. All rights reserved.