Deploying GreenRadius on RedHat Enterprise Linux using Podman

Prerequisites

  • A target machine running RHEL 8 or 9
  • Adjust SELinux in a way that allows GreenRADIUS to function smoothly
  • A GreenRADIUS update package (v6.1.2.2 or later)

Deployment Instructions

  1. Log in with a user that has sudo access.
  2. Run sudo yum update
  3. Run sudo yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-$(rpm -E '%{rhel}').noarch.rpm
  4. Run sudo yum -y install container-selinux
  5. Run sudo yum makecache --refresh
  6. Run sudo yum -y install fuse-overlayfs
  7. Run sudo yum -y install slirp4netns
  8. Run sudo dnf update
  9. Run sudo dnf install epel-release
  10. Run sudo dnf install --enablerepo="epel" ufw
  11. Run sudo yum remove docker-ce docker-ce-cli containerd.io
  12. Run sudo dnf install podman
  13. Run sudo dnf install podman-plugins
  14. Run sudo systemctl enable podman.socket --now
  15. Run sudo curl -L "https://github.com/docker/compose/releases/download/v2.35.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
  16. Run sudo chmod +x /usr/local/bin/docker-compose
  17. Create a symlink to this path with sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
  18. Run sudo yum install incron
  19. Run sudo yum install unzip
  20. Run sudo yum install net-tools
  21. Run sudo useradd -d /home/gradmin -m -G wheel -s /bin/bash gradmin
  22. Run sudo passwd gradmin and set the password for gradmin appropriately
  23. Run sudo chmod -R 750 /home/gradmin
  24. Run sudo chown -R gradmin:gradmin /home/gradmin
  25. Run sudo mkdir /home/gradmin/grs-podman-compose
  26. Run sudo systemctl disable firewalld
  27. Reboot and login as gradmin
  28. Copy the GreenRADIUS update package to the /tmp/ directory
  29. Run sudo unzip /tmp/GreenRADIUS_????_Update.zip -d /tmp/ (Note: For this step and subsequent steps with "GreenRADIUS_????_Update.zip", replace "????" with the appropriate version number of the GreenRADIUS update package.)
  30. Run sudo tar -xvzf /tmp/GreenRADIUS_????_Update/images.tgz -C /tmp/
  31. Run sudo tar -xvzf /tmp/GreenRADIUS_????_Update/others.tgz -C /tmp/
  32. Run sudo cp /tmp/others/docker-compose.yml /home/gradmin/grs-podman-compose/
  33. Run sudo cp /tmp/others/podman-compose.override.yml /home/gradmin/grs-podman-compose/
  34. Run sudo mkdir -p /opt/grs/scripts
  35. Run sudo ls -lart /tmp/others/vm_incron_scripts_podman/
  36. Copy all the files listed using the previous instruction to /opt/grs/scripts/ using the following command: sudo cp /tmp/others/vm_incron_scripts_podman/<filename> /opt/grs/scripts
  37. Run cd /opt/grs/scripts && sudo chown root:root *.sh && sudo chmod 511 freeradius_restart.sh freeradius_update_clients.sh get_host_info.sh incron_script.sh openldap_cmd_template_3.sh openldap_restart.sh openldap_update_ca_certificates.sh rsyslog_restart.sh configure_redis_server.sh && cd -
  38. Run sudo bash -c "echo 'gradmin ALL=(root) NOPASSWD:/opt/grs/scripts/get_host_info.sh , /opt/grs/scripts/incron_script.sh , /opt/grs/scripts/rsyslog_restart.sh , /opt/grs/scripts/freeradius_restart.sh ,/opt/grs/scripts/freeradius_update_clients.sh , /opt/grs/scripts/openldap_restart.sh , /opt/grs/scripts/openldap_update_ca_certificates.sh , /opt/grs/scripts/openldap_cmd_template_3.sh ,/opt/grs/scripts/configure_redis_server.sh' > /etc/sudoers.d/grs"
  39. Run sudo mkdir -p /opt/grs/host-comm/request
  40. Run sudo mkdir -p /opt/grs/host-comm/response
  41. Run sudo chown -R gradmin:gradmin /opt/grs/host-comm
  42. Run sudo bash -c "echo 'gradmin' > /etc/incron.allow"
  43. Run sudo bash -c "echo '/opt/grs/host-comm/request IN_CLOSE_WRITE sudo /opt/grs/scripts/incron_script.sh \$#' > /var/spool/incron/gradmin"
  44. Run sudo systemctl enable incrond
  45. Run sudo service incrond restart
  46. Run sudo podman load -i /tmp/images/greenradius_????_init_image
  47. Run sudo podman load -i /tmp/images/greenradius_????_main_image
  48. Run sudo podman load -i /tmp/images/greenradius_????_openldap_image
  49. Run sudo podman load -i /tmp/images/greenradius_????_postgres_image
  50. Run sudo podman load -i /tmp/images/greenradius_????_rsyslog_image
  51. Run sudo podman load -i /tmp/images/greenradius_????_freeradius_image
  52. Run sudo podman load -i /tmp/images/greenradius_????_grs_auth_app_image
  53. Run sudo chmod -R 750 /home/gradmin
  54. Run sudo chown -R gradmin:gradmin /home/gradmin
  55. Run sudo timedatectl set-timezone UTC
  56. Run sudo cp /tmp/others/scripts/get_system_timezone.sh /opt/grs/scripts/
  57. Run sudo sh +x /opt/grs/scripts/get_system_timezone.sh
  58. Run sudo sh +x /tmp/others/scripts/prerequisite_for_getting_system_timezone.sh
  59. Run cd /home/gradmin/grs-podman-compose
  60. Run sudo podman compose -f docker-compose.yml -f podman-compose.override.yml up -d
  61. Verify that the GreenRADIUS instance is accessible via the web. You should be able to visit https://<IP_address_of_GreenRADIUS>/admin in your browser to access the GreenRADIUS web admin interface.

Note: Whenever the timezone on the server will be changed, the server will have to be rebooted for the timezone to be reflected in the containers

Enabling auto-start of GreenRADIUS containers on boot

  1. Run sudo touch /tmp/grs-podman-compose-app.service
  2. Edit the /tmp/grs-podman-compose-app.service file in your editor of choice.
  3. Paste in the following:
# /etc/systemd/system/grs-podman-compose-app.service
[Unit]
Description=Podman Compose Application Service
Requires=podman.service
After=podman.service
[Service]
Type=oneshot
RemainAfterExit=yes
WorkingDirectory=/home/gradmin/grs-podman-compose
ExecStart=/usr/bin/podman compose up -d
ExecStop=/usr/bin/podman compose down
TimeoutStartSec=0
[Install]
WantedBy=multi-user.target
  1. Run sudo cp /tmp/grs-podman-compose-app.service /etc/systemd/system/
  2. Run sudo systemctl enable grs-podman-compose-app

Migrating from GreenRADIUS v5.x to v6.x

Migrating GreenRADIUS servers in containerized deployment from v5.x to v6.x requires some steps to change the compose plugin used by podman to start containers. These steps will stop GreenRADIUS services.

  1. Run cd /home/gradmin/grs-podman-compose
  2. Run sudo podman-compose -f docker-compose.yml -f podman-compose.override.yml down
  3. Run sudo podman network rm grs-podman-compose_grs_net. Disregard errors if this network does not exist.
  4. Run sudo pip3 uninstall podman-compose
  5. Run sudo curl -L "https://github.com/docker/compose/releases/download/v2.35.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
  6. Create a symlink to this path with sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
  7. Run sudo chmod +x /usr/local/bin/docker-compose
  8. Run sudo systemctl enable podman.socket --now
  9. Run sudo podman compose -f docker-compose.yml -f podman-compose.override.yml up -d
  10. If you had enabled auto-start for GreenRADIUS in the earlier deployment, redo the steps from this updated guide.
  11. Continue with usual steps for applying GreenRADIUS Updates.

Applying Updates to Your GreenRADIUS Instance

  1. Copy the latest update package for GreenRADIUS into the /tmp/ directory
  2. Run sudo unzip /tmp/GreenRADIUS_????_Update.zip -d /tmp/ (where "????" is the version number of the GreenRADIUS update package)
  3. Run sudo tar -xvzf /tmp/GreenRADIUS_????_Update/images.tgz -C /tmp/
  4. Run sudo tar -xvzf /tmp/GreenRADIUS_????_Update/others.tgz -C /tmp/
  5. If upgrading from 5.2.11.11 or lower, run sudo bash /tmp/others/scripts/system_upgrade_podman.sh
  6. Run sudo podman load -i /tmp/images/greenradius_????_init_image
  7. Run sudo podman load -i /tmp/images/greenradius_????_main_image
  8. Run sudo podman load -i /tmp/images/greenradius_????_openldap_image
  9. Run sudo podman load -i /tmp/images/greenradius_????_postgres_image
  10. Run sudo podman load -i /tmp/images/greenradius_????_rsyslog_image
  11. Run sudo podman load -i /tmp/images/greenradius_????_freeradius_image
  12. Run sudo podman load -i /tmp/images/greenradius_????_grs_auth_app_image
  13. Run cd /home/gradmin/grs-podman-compose
  14. Run sudo podman compose down
  15. Find the attached docker-compose.yml file
  16. Run sudo cp /tmp/docker-compose.yml /home/gradmin/grs-podman-compose/docker-compose.yml
  17. Run sudo cp /tmp/others/podman-compose.override.yml /home/gradmin/grs-podman-compose/podman-compose.override.yml (Enter y if prompted to overwrite.)
  18. Run sudo podman compose -f docker-compose.yml -f podman-compose.override.yml up -d
  19. Confirm that the latest GreenRADIUS version is accessible via your browser at the same URL as before. On future startups, you will need to run sudo podman compose -f docker-compose.yml -f podman-compose.override.yml up -d from the grs-podman-compose directory, as shown above, to launch the containers.

Troubleshooting

Under certain configurations there may be an issue where the containers appear to start successfully but GreenRADIUS services are unavailable. In that case, try these steps to fix the issue:

  1. Run sudo podman exec -it GRS-POSTGRES bash -c 'chown -R root:postgres /opt/grs/greenradius/certificates/postgres/server'
  2. Run cd /home/gradmin/grs-podman-compose
  3. Run sudo podman compose stop
  4. Run sudo podman compose start
Updated 2025-06-10
© 2025 Green Rocket Security Inc. All rights reserved.