Deploying GreenRadius on Oracle Linux 7.x

Prerequisites

  • A target machine running Oracle Linux 7.5 or greater
  • The update package for GreenRADIUS v4.4.6.6
  • The update package for the latest version of GreenRADIUS
  • The zip file containing:
    • The docker-compose.yml file for GreenRADIUS with appropriate patches for RHEL/OEL
    • The docker-compose.override.yml file
    • The timezone_handle_for_docker_on_CentOS.sh file

Deployment Instructions

  1. Log in with a user that has sudo access
  2. Run sudo yum update
  3. Run sudo yum-config-manager --enable *addons
  4. Run cd /etc/yum.repos.d/
  5. Run sudo wget http://yum.oracle.com/public-yum-ol7.repo
  6. Run sudo yum-config-manager --enable *addons
  7. Run sudo yum update
  8. Run sudo yum install docker-engine
  9. Run sudo systemctl start docker
  10. Run sudo systemctl enable docker
  11. Run sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
  12. Run sudo chmod +x /usr/local/bin/docker-compose
  13. Run sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
  14. Run sudo yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
  15. Run sudo yum install incron
  16. Run sudo yum install unzip
  17. Run sudo yum install net-tools
  18. Run sudo useradd -d /home/gradmin -m -G wheel -s /bin/bash gradmin
  19. Run sudo passwd gradmin and set the password for gradmin appropriately
  20. Run sudo chmod -R 750 /home/gradmin
  21. Run sudo chown -R gradmin:gradmin /home/gradmin
  22. Run sudo mkdir /home/gradmin/grs-docker-compose
  23. As root, edit the /etc/selinux/config file and disable SELinux
  24. Run sudo service firewalld stop
  25. Run sudo systemctl disable firewalld
  26. Reboot and login as gradmin
  27. Copy the 4.4.6.6 update package to /tmp/
  28. Copy the docker-compose.yml and docker-compose.override.yml files to /home/gradmin/grs-docker-compose, and the timezone_handle_for_docker_on_CentOS.sh file to /home/gradmin
  29. Run sudo unzip /tmp/GreenRADIUS_xxxx_Update.zip -d /tmp/
  30. Run sudo tar -xvzf /tmp/GreenRADIUS_xxxx_Update/images.tgz -C /tmp/
  31. Run sudo tar -xvzf /tmp/GreenRADIUS_xxxx_Update/others.tgz -C /tmp/
  32. Run sudo mkdir -p /opt/grs/scripts
  33. Run sudo cp /tmp/others/vm_incron_scripts/* /opt/grs/scripts/
  34. Run cd /opt/grs/scripts && sudo chown root:root *.sh && sudo chmod 511 freeradius_restart.sh get_host_info.sh incron_script.sh openldap_cmd_template_3.sh openldap_restart.sh openldap_update_ca_certificates.sh rsyslog_restart.sh && cd -
  35. Run sudo bash -c "echo 'gradmin ALL=(root) NOPASSWD:/opt/grs/scripts/get_host_info.sh , /opt/grs/scripts/incron_script.sh , /opt/grs/scripts/rsyslog_restart.sh , /opt/grs/scripts/freeradius_restart.sh , /opt/grs/scripts/openldap_restart.sh , /opt/grs/scripts/openldap_update_ca_certificates.sh , /opt/grs/scripts/openldap_cmd_template_3.sh' > /etc/sudoers.d/grs"
  36. Run sudo mkdir -p /opt/grs/host-comm/request
  37. Run sudo mkdir -p /opt/grs/host-comm/response
  38. Run sudo chown -R gradmin:gradmin /opt/grs/host-comm
  39. Run sudo bash -c "echo 'gradmin' > /etc/incron.allow"
  40. Run sudo bash -c "echo '/opt/grs/host-comm/request IN_CLOSE_WRITE sudo /opt/grs/scripts/incron_script.sh \$#' > /var/spool/incron/gradmin"
  41. Run sudo systemctl enable incrond
  42. Run sudo service incrond restart
  43. Run sudo docker load -i /tmp/images/greenradius_4466_init_image
  44. Run sudo docker load -i /tmp/images/greenradius_4466_main_image
  45. Run sudo docker load -i /tmp/images/greenradius_4466_openldap_image
  46. Run sudo docker load -i /tmp/images/greenradius_4466_postgres_image
  47. Run sudo docker load -i /tmp/images/greenradius_4466_rsyslog_image
  48. Run sudo docker load -i /tmp/images/greenradius_4466_freeradius_image
  49. Run sudo chmod -R 750 /home/gradmin
  50. Run sudo chown -R gradmin:gradmin /home/gradmin
  51. Run sudo timedatectl set-timezone UTC
  52. Run sudo sh /home/gradmin/timezone_handle_for_docker_on_CentOS.sh
  53. Run cd /home/gradmin/grs-docker-compose.
  54. Run sudo docker-compose -f docker-compose.yml -f docker-compose.override.yml up -d
  55. Verify that a GreenRADIUS 4.4.6.6 instance is accessible via the web. You should be able to visit https://<ip address of instance>/admin in your browser and via the login page for the web administration console.
  56. Run sudo docker-compose down
  57. Copy the latest update package for GreenRADIUS into the /tmp/ directory
  58. Run sudo unzip /tmp/GreenRADIUS_xxxx_Update.zip -d /tmp/ (where "xxxx" is the version number of the GreenRADIUS update package)
  59. Run sudo tar -xvzf /tmp/GreenRADIUS_xxxx_Update/images.tgz -C /tmp/
  60. Run sudo tar -xvzf /tmp/GreenRADIUS_xxxx_Update/others.tgz -C /tmp/
  61. Run sudo docker load -i /tmp/images/greenradius_xxxx_init_image
  62. Run sudo docker load -i /tmp/images/greenradius_xxxx_main_image
  63. Run sudo docker load -i /tmp/images/greenradius_xxxx_openldap_image
  64. Run sudo docker load -i /tmp/images/greenradius_xxxx_postgres_image
  65. Run sudo docker load -i /tmp/images/greenradius_xxxx_rsyslog_image
  66. Run sudo docker load -i /tmp/images/greenradius_xxxx_freeradius_image
  67. Edit /home/gradmin/grs-docker-compose/docker-compose.yml and replace every occurrence of "4466" with the version for your latest version of GreenRADIUS (e.g. "4499" for v4.4.9.9)
  68. Run cd /home/gradmin/grs-docker-compose
  69. Run sudo docker-compose -f docker-compose.yml -f docker-compose.override.yml up -d
  70. Confirm that the latest GreenRADIUS version is accessible via your browser at the same URL as before.

On future startups, you will need to run sudo docker-compose -f docker-compose.yml -f docker-compose.override.yml up -d from the grs-docker-compose directory, as shown above, to launch the containers.

Updated 2022-07-12
© 2022 Green Rocket Security Inc. All rights reserved.