Deploying GreenRadius on RedHat Enterprise Linux

Prerequisites

  • A target machine running RHEL 7 or 8
  • A GreenRADIUS update package (later than v4.5.1.1)
  • The zip file containing:
    • The docker-compose.yml file for GreenRADIUS with appropriate patches for RHEL/OEL
    • The docker-compose.override.yml file
    • The timezone_handle_for_docker_on_CentOS.sh file

Deployment Instructions

  1. Log in with a user that has sudo access.
  2. Run sudo yum update
  3. Run sudo yum install -y yum-utils
  4. Run sudo yum-config-manager --enable *addons (If this Step gives a warning, it can be ignored.)
  5. Run sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
    • If this deployment is on RHEL 8, run sudo yum erase podman buildah
  6. Run sudo yum update
  7. Run sudo yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-$(rpm -E '%{rhel}').noarch.rpm
  8. Run sudo yum install http://mirror.centos.org/centos/7/extras/x86_64/Packages/container-selinux-2.107-3.el7.noarch.rpm
    • If this deployment is on RHEL 8, run sudo yum -y install container-selinux
  9. Run sudo yum install http://mirror.centos.org/centos/7/extras/x86_64/Packages/fuse-overlayfs-0.7.2-6.el7_8.x86_64.rpm
    • If this deployment is on RHEL 8, run sudo yum makecache --refresh, then sudo yum -y install fuse-overlayfs
  10. Run sudo yum install http://mirror.centos.org/centos/7/extras/x86_64/Packages/slirp4netns-0.4.3-4.el7_8.x86_64.rpm
    • If this deployment is on RHEL 8, run sudo yum -y install slirp4netns
  11. Run sudo yum install docker-ce docker-ce-cli containerd.io
  12. Run sudo systemctl start docker
  13. Run sudo systemctl enable docker
  14. Run sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
  15. Run sudo chmod +x /usr/local/bin/docker-compose
  16. Run sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
  17. Run sudo yum install incron
  18. Run sudo yum install unzip
  19. Run sudo yum install net-tools
  20. Run sudo useradd -d /home/gradmin -m -G wheel -s /bin/bash gradmin
  21. Run sudo passwd gradmin and set the password for gradmin appropriately
  22. Run sudo chmod -R 750 /home/gradmin
  23. Run sudo chown -R gradmin:gradmin /home/gradmin
  24. Run sudo mkdir /home/gradmin/grs-docker-compose
  25. As root, edit the /etc/selinux/config file and disable SELinux
  26. Run sudo service firewalld stop
  27. Run sudo systemctl disable firewalld
  28. Reboot and login as gradmin
  29. Copy the GreenRADIUS update package to /tmp/
  30. Copy the docker-compose.yml and docker-compose.override.yml files to /home/gradmin/grs-docker-compose, and the timezone_handle_for_docker_on_CentOS.sh file to /home/gradmin
  31. Run sudo unzip /tmp/GreenRADIUS_xxxx_Update.zip -d /tmp/
    • Note: For this step and subsequent steps with "GreenRADIUS_xxxx_Update.zip", replace "xxxx" with the appropriate version number of the GreenRADIUS update package.
  32. Run sudo tar -xvzf /tmp/GreenRADIUS_xxxx_Update/images.tgz -C /tmp/
  33. Run sudo tar -xvzf /tmp/GreenRADIUS_xxxx_Update/others.tgz -C /tmp/
  34. Run sudo mkdir -p /opt/grs/scripts
  35. Run sudo cp /tmp/others/vm_incron_scripts/* /opt/grs/scripts/
  36. Run cd /opt/grs/scripts && sudo chown root:root *.sh && sudo chmod 511 freeradius_restart.sh get_host_info.sh incron_script.sh openldap_cmd_template_3.sh openldap_restart.sh openldap_update_ca_certificates.sh rsyslog_restart.sh && cd -
  37. Run sudo bash -c "echo 'gradmin ALL=(root) NOPASSWD:/opt/grs/scripts/get_host_info.sh , /opt/grs/scripts/incron_script.sh , /opt/grs/scripts/rsyslog_restart.sh , /opt/grs/scripts/freeradius_restart.sh , /opt/grs/scripts/openldap_restart.sh , /opt/grs/scripts/openldap_update_ca_certificates.sh , /opt/grs/scripts/openldap_cmd_template_3.sh' > /etc/sudoers.d/grs"
  38. Run sudo mkdir -p /opt/grs/host-comm/request
  39. Run sudo mkdir -p /opt/grs/host-comm/response
  40. Run sudo chown -R gradmin:gradmin /opt/grs/host-comm
  41. Run sudo bash -c "echo 'gradmin' > /etc/incron.allow"
  42. Run sudo bash -c "echo '/opt/grs/host-comm/request IN_CLOSE_WRITE sudo /opt/grs/scripts/incron_script.sh \$#' > /var/spool/incron/gradmin"
  43. Run sudo systemctl enable incrond
  44. Run sudo service incrond restart
  45. Run sudo docker load -i /tmp/images/greenradius_xxxx_init_image
  46. Run sudo docker load -i /tmp/images/greenradius_xxxx_main_image
  47. Run sudo docker load -i /tmp/images/greenradius_xxxx_openldap_image
  48. Run sudo docker load -i /tmp/images/greenradius_xxxx_postgres_image
  49. Run sudo docker load -i /tmp/images/greenradius_xxxx_rsyslog_image
  50. Run sudo docker load -i /tmp/images/greenradius_xxxx_freeradius_image
  51. Run sudo chmod -R 750 /home/gradmin
  52. Run sudo chown -R gradmin:gradmin /home/gradmin
  53. Run sudo timedatectl set-timezone UTC
  54. Run sudo sh /home/gradmin/timezone_handle_for_docker_on_CentOS.sh
  55. Run cd /home/gradmin/grs-docker-compose.
  56. Run sudo docker-compose -f docker-compose.yml -f docker-compose.override.yml up -d
  57. Verify that a GreenRADIUS instance is accessible via the web. You should be able to visit https://<ip address of instance>/admin in your browser to access the GreenRADIUS web admin interface.

Applying Updates to Your GreenRADIUS Instance

  1. Run sudo docker-compose down
  2. Copy the latest update package for GreenRADIUS into the /tmp/ directory
  3. Run sudo unzip /tmp/GreenRADIUS_xxxx_Update.zip -d /tmp/ (where "xxxx" is the version number of the GreenRADIUS update package)
  4. Run sudo tar -xvzf /tmp/GreenRADIUS_xxxx_Update/images.tgz -C /tmp/
  5. Run sudo tar -xvzf /tmp/GreenRADIUS_xxxx_Update/others.tgz -C /tmp/
  6. Run sudo docker load -i /tmp/images/greenradius_xxxx_init_image
  7. Run sudo docker load -i /tmp/images/greenradius_xxxx_main_image
  8. Run sudo docker load -i /tmp/images/greenradius_xxxx_openldap_image
  9. Run sudo docker load -i /tmp/images/greenradius_xxxx_postgres_image
  10. Run sudo docker load -i /tmp/images/greenradius_xxxx_rsyslog_image
  11. Run sudo docker load -i /tmp/images/greenradius_xxxx_freeradius_image
  12. Edit /home/gradmin/grs-docker-compose/docker-compose.yml and replace every occurrence of the current version number with the version for your latest version of GreenRADIUS (e.g. "4522" for v4.5.2.2)
  13. Run cd /home/gradmin/grs-docker-compose
  14. Run sudo docker-compose -f docker-compose.yml -f docker-compose.override.yml up -d
  15. Confirm that the latest GreenRADIUS version is accessible via your browser at the same URL as before.

On future startups, you will need to run sudo docker-compose -f docker-compose.yml -f docker-compose.override.yml up -d from the grs-docker-compose directory, as shown above, to launch the containers.

Updated 2022-09-10
© 2023 Green Rocket Security Inc. All rights reserved.