Deploying GreenRadius on RedHat Enterprise Linux using Podman
Prerequisites
- A target machine running RHEL 8 or 9
- Adjust SELinux in a way that allows GreenRADIUS to function smoothly
- A GreenRADIUS update package (v6.1.2.2 or later)
Deployment Instructions
- Log in with a user that has sudo access.
- Run
sudo yum update
- Run
sudo yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-$(rpm -E '%{rhel}').noarch.rpm
- Run
sudo yum -y install container-selinux
- Run
sudo yum makecache --refresh
- Run
sudo yum -y install fuse-overlayfs
- Run
sudo yum -y install slirp4netns
- Run
sudo dnf update
- Run
sudo dnf install epel-release
- Run
sudo dnf install --enablerepo="epel" ufw
- Run
sudo yum remove docker-ce docker-ce-cli containerd.io
- Run
sudo dnf install podman
- Run
sudo dnf install podman-plugins
- Run
sudo systemctl enable podman.socket --now
- Run
sudo curl -L "https://github.com/docker/compose/releases/download/v2.35.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
- Run
sudo chmod +x /usr/local/bin/docker-compose
- Create a symlink to this path with
sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
- Run
sudo yum install incron
- Run
sudo yum install unzip
- Run
sudo yum install net-tools
- Run
sudo useradd -d /home/gradmin -m -G wheel -s /bin/bash gradmin
- Run
sudo passwd gradmin
and set the password forgradmin
appropriately - Run
sudo chmod -R 750 /home/gradmin
- Run
sudo chown -R gradmin:gradmin /home/gradmin
- Run
sudo mkdir /home/gradmin/grs-podman-compose
- Run
sudo systemctl disable firewalld
- Reboot and login as
gradmin
- Copy the GreenRADIUS update package to the
/tmp/
directory - Run
sudo unzip /tmp/GreenRADIUS_????_Update.zip -d /tmp/
(Note: For this step and subsequent steps with "GreenRADIUS_????_Update.zip", replace "????" with the appropriate version number of the GreenRADIUS update package.) - Run
sudo tar -xvzf /tmp/GreenRADIUS_????_Update/images.tgz -C /tmp/
- Run
sudo tar -xvzf /tmp/GreenRADIUS_????_Update/others.tgz -C /tmp/
- Run
sudo cp /tmp/others/docker-compose.yml /home/gradmin/grs-podman-compose/
- Run
sudo cp /tmp/others/podman-compose.override.yml /home/gradmin/grs-podman-compose/
- Run
sudo mkdir -p /opt/grs/scripts
- Run
sudo ls -lart /tmp/others/vm_incron_scripts_podman/
- Copy all the files listed using the previous instruction to
/opt/grs/scripts/
using the following command:sudo cp /tmp/others/vm_incron_scripts_podman/<filename> /opt/grs/scripts
- Run
cd /opt/grs/scripts && sudo chown root:root *.sh && sudo chmod 511 freeradius_restart.sh freeradius_update_clients.sh get_host_info.sh incron_script.sh openldap_cmd_template_3.sh openldap_restart.sh openldap_update_ca_certificates.sh rsyslog_restart.sh configure_redis_server.sh && cd -
- Run
sudo bash -c "echo 'gradmin ALL=(root) NOPASSWD:/opt/grs/scripts/get_host_info.sh , /opt/grs/scripts/incron_script.sh , /opt/grs/scripts/rsyslog_restart.sh , /opt/grs/scripts/freeradius_restart.sh ,/opt/grs/scripts/freeradius_update_clients.sh , /opt/grs/scripts/openldap_restart.sh , /opt/grs/scripts/openldap_update_ca_certificates.sh , /opt/grs/scripts/openldap_cmd_template_3.sh ,/opt/grs/scripts/configure_redis_server.sh' > /etc/sudoers.d/grs"
- Run
sudo mkdir -p /opt/grs/host-comm/request
- Run
sudo mkdir -p /opt/grs/host-comm/response
- Run
sudo chown -R gradmin:gradmin /opt/grs/host-comm
- Run
sudo bash -c "echo 'gradmin' > /etc/incron.allow"
- Run
sudo bash -c "echo '/opt/grs/host-comm/request IN_CLOSE_WRITE sudo /opt/grs/scripts/incron_script.sh \$#' > /var/spool/incron/gradmin"
- Run
sudo systemctl enable incrond
- Run
sudo service incrond restart
- Run
sudo podman load -i /tmp/images/greenradius_????_init_image
- Run
sudo podman load -i /tmp/images/greenradius_????_main_image
- Run
sudo podman load -i /tmp/images/greenradius_????_openldap_image
- Run
sudo podman load -i /tmp/images/greenradius_????_postgres_image
- Run
sudo podman load -i /tmp/images/greenradius_????_rsyslog_image
- Run
sudo podman load -i /tmp/images/greenradius_????_freeradius_image
- Run
sudo podman load -i /tmp/images/greenradius_????_grs_auth_app_image
- Run
sudo chmod -R 750 /home/gradmin
- Run
sudo chown -R gradmin:gradmin /home/gradmin
- Run
sudo timedatectl set-timezone UTC
- Run
sudo cp /tmp/others/scripts/get_system_timezone.sh /opt/grs/scripts/
- Run
sudo sh +x /opt/grs/scripts/get_system_timezone.sh
- Run
sudo sh +x /tmp/others/scripts/prerequisite_for_getting_system_timezone.sh
- Run
cd /home/gradmin/grs-podman-compose
- Run
sudo podman-compose -f docker-compose.yml -f podman-compose.override.yml up -d
- Verify that the GreenRADIUS instance is accessible via the web. You should be able to
visit
https://<IP_address_of_GreenRADIUS>/admin
in your browser to access the GreenRADIUS web admin interface.
Note: Whenever the timezone on the server will be changed, the server will have to be rebooted for the timezone to be reflected in the containers
Enabling auto-start of GreenRADIUS containers on boot
- Run
sudo touch /tmp/grs-podman-compose-app.service
- Edit the
/tmp/grs-podman-compose-app.service
file in your editor of choice. - Paste in the following:
# /etc/systemd/system/grs-podman-compose-app.service
[Unit]
Description=Podman Compose Application Service
Requires=podman.service
After=podman.service
[Service]
Type=oneshot
RemainAfterExit=yes
WorkingDirectory=/home/gradmin/grs-podman-compose
ExecStart=/usr/bin/podman-compose up -d
ExecStop=/usr/bin/podman-compose down
TimeoutStartSec=0
[Install]
WantedBy=multi-user.target
- Run
sudo cp /tmp/grs-podman-compose-app.service /etc/systemd/system/
- Run
sudo systemctl enable grs-podman-compose-app
Migrating from GreenRADIUS v5.x to v6.x
Migrating GreenRADIUS servers in containerized deployment from v5.x to v6.x requires some steps to change the compose plugin used by podman to start containers. These steps will stop GreenRADIUS services.
- Run
cd /home/gradmin/grs-podman-compose
- Run
sudo podman-compose -f docker-compose.yml -f podman-compose.override.yml down
- Run
sudo podman network rm grs-podman-compose_grs_net
. Disregard errors if this network does not exist. - Run
sudo pip3 uninstall podman-compose
- Run
sudo curl -L "https://github.com/docker/compose/releases/download/v2.35.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
- Create a symlink to this path with
sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
- Run
sudo chmod +x /usr/local/bin/docker-compose
- Run
sudo systemctl enable podman.socket --now
- Run
sudo podman compose -f docker-compose.yml -f podman-compose.override.yml up -d
- If you had enabled auto-start for GreenRADIUS in the earlier deployment, redo the steps from this updated guide.
- Continue with usual steps for applying GreenRADIUS Updates.
Applying Updates to Your GreenRADIUS Instance
- Copy the latest update package for GreenRADIUS into the /tmp/ directory
- Run
sudo unzip /tmp/GreenRADIUS_????_Update.zip -d /tmp/ (where "????" is the version number of the GreenRADIUS update package)
- Run
sudo tar -xvzf /tmp/GreenRADIUS_????_Update/images.tgz -C /tmp/
- Run
sudo tar -xvzf /tmp/GreenRADIUS_????_Update/others.tgz -C /tmp/
- If upgrading from 5.2.11.11 or lower, run
sudo bash /tmp/others/scripts/system_upgrade_podman.sh
- Run
sudo podman load -i /tmp/images/greenradius_????_init_image
- Run
sudo podman load -i /tmp/images/greenradius_????_main_image
- Run
sudo podman load -i /tmp/images/greenradius_????_openldap_image
- Run
sudo podman load -i /tmp/images/greenradius_????_postgres_image
- Run
sudo podman load -i /tmp/images/greenradius_????_rsyslog_image
- Run
sudo podman load -i /tmp/images/greenradius_????_freeradius_image
- Run
sudo podman load -i /tmp/images/greenradius_????_grs_auth_app_image
- Run
cd /home/gradmin/grs-podman-compose
- Run
sudo podman compose down
- Find the attached
docker-compose.yml
file - Run
sudo cp /tmp/docker-compose.yml /home/gradmin/grs-podman-compose/docker-compose.yml
- Run
sudo cp /tmp/others/podman-compose.override.yml /home/gradmin/grs-podman-compose/podman-compose.override.yml
(Entery
if prompted to overwrite.) - Run
sudo podman compose -f docker-compose.yml -f podman-compose.override.yml up -d
- Confirm that the latest GreenRADIUS version is accessible via your browser at the same URL as before. On future startups, you will need to run sudo podman compose -f docker-compose.yml -f podman-compose.override.yml up -d from the grs-podman-compose directory, as shown above, to launch the containers.
Troubleshooting
Under certain configurations there may be an issue where the containers appear to start successfully but GreenRADIUS services are unavailable. In that case, try these steps to fix the issue:
- Run
sudo podman exec -it GRS-POSTGRES bash -c 'chown -R root:postgres /opt/grs/greenradius/certificates/postgres/server'
- Run
cd /home/gradmin/grs-podman-compose
- Run
sudo podman compose stop
- Run
sudo podman compose start
Updated 2025-06-03
© 2025 Green Rocket Security Inc. All rights reserved.
© 2025 Green Rocket Security Inc. All rights reserved.