Deploying GreenRadius on RedHat Enterprise Linux

Prerequisites

  • A target machine running RHEL 7 or 8
  • Adjust SELinux in a way that allows GreenRADIUS to function smoothly
  • A GreenRADIUS update package (v5.1.3.3 or later)

Deployment Instructions

  1. Log in with a user that has sudo access.
  2. Run sudo yum update
  3. Run sudo yum install -y yum-utils
  4. Run sudo yum update
  5. Run sudo yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-$(rpm -E '%{rhel}').noarch.rpm
  6. Run sudo yum -y install container-selinux
  7. Run sudo yum makecache --refresh
  8. Run sudo yum -y install fuse-overlayfs
  9. Run sudo yum -y install slirp4netns
  10. Run sudo dnf update
  11. Run sudo dnf install epel-release
  12. Run sudo dnf install --enablerepo="epel" ufw
  13. Run sudo yum remove docker-ce docker-ce-cli containerd.io
  14. Run sudo dnf install podman
  15. Run sudo dnf install podman-plugins
  16. Run sudo yum install python3
  17. Run sudo pip3 install podman-compose
  18. Check where podman-compose has been installed by running sudo find / -name "podman-compose"
  19. Create a symlink to this path with sudo ln -s <path/where/podman-compose/is/installed> /usr/bin/podman-compose
  20. Run sudo yum install incron
  21. Run sudo yum install unzip
  22. Run sudo yum install net-tools
  23. Run sudo useradd -d /home/gradmin -m -G wheel -s /bin/bash gradmin
  24. Run sudo passwd gradmin and set the password for gradmin appropriately
  25. Run sudo chmod -R 750 /home/gradmin
  26. Run sudo chown -R gradmin:gradmin /home/gradmin
  27. Run sudo mkdir /home/gradmin/grs-podman-compose
  28. Run sudo service firewalld stop
  29. Run sudo systemctl disable firewalld
  30. Reboot and login as gradmin
  31. Copy the GreenRADIUS update package to the /tmp/ directory
  32. Run sudo unzip /tmp/GreenRADIUS_xxxx_Update.zip -d /tmp/ (Note: For this step and subsequent steps with "GreenRADIUS_xxxx_Update.zip", replace "xxxx" with the appropriate version number of the GreenRADIUS update package.)
  33. Run sudo tar -xvzf /tmp/GreenRADIUS_xxxx_Update/images.tgz -C /tmp/
  34. Run sudo tar -xvzf /tmp/GreenRADIUS_xxxx_Update/others.tgz -C /tmp/
  35. Run sudo cp /tmp/others/docker-compose.yml /home/gradmin/grs-podman-compose/
  36. Run sudo cp /tmp/others/podman-compose.override.yml /home/gradmin/grs-podman-compose/
  37. Run sudo mkdir -p /opt/grs/scripts
  38. Run sudo cp /tmp/others/vm_incron_scripts/* /opt/grs/scripts/
  39. Run cd /opt/grs/scripts && sudo chown root:root *.sh && sudo chmod 511 freeradius_restart.sh get_host_info.sh incron_script.sh openldap_cmd_template_3.sh openldap_restart.sh openldap_update_ca_certificates.sh rsyslog_restart.sh && cd -
  40. Run sudo bash -c "echo 'gradmin ALL=(root) NOPASSWD:/opt/grs/scripts/get_host_info.sh , /opt/grs/scripts/incron_script.sh , /opt/grs/scripts/rsyslog_restart.sh , /opt/grs/scripts/freeradius_restart.sh , /opt/grs/scripts/openldap_restart.sh , /opt/grs/scripts/openldap_update_ca_certificates.sh , /opt/grs/scripts/openldap_cmd_template_3.sh' > /etc/sudoers.d/grs"
  41. Run sudo mkdir -p /opt/grs/host-comm/request
  42. Run sudo mkdir -p /opt/grs/host-comm/response
  43. Run sudo chown -R gradmin:gradmin /opt/grs/host-comm
  44. Run sudo bash -c "echo 'gradmin' > /etc/incron.allow"
  45. Run sudo bash -c "echo '/opt/grs/host-comm/request IN_CLOSE_WRITE sudo /opt/grs/scripts/incron_script.sh \$#' > /var/spool/incron/gradmin"
  46. Run sudo systemctl enable incrond
  47. Run sudo service incrond restart
  48. Run sudo podman load -i /tmp/images/greenradius_xxxx_init_image
  49. Run sudo podman load -i /tmp/images/greenradius_xxxx_main_image
  50. Run sudo podman load -i /tmp/images/greenradius_xxxx_openldap_image
  51. Run sudo podman load -i /tmp/images/greenradius_xxxx_postgres_image
  52. Run sudo podman load -i /tmp/images/greenradius_xxxx_rsyslog_image
  53. Run sudo podman load -i /tmp/images/greenradius_xxxx_freeradius_image
  54. Run sudo podman load -i /tmp/images/greenradius_xxxx_grs_auth_app_image
  55. Run sudo chmod -R 750 /home/gradmin
  56. Run sudo chown -R gradmin:gradmin /home/gradmin
  57. Run sudo timedatectl set-timezone UTC
  58. Run sudo cp /tmp/others/scripts/get_system_timezone.sh /opt/grs/scripts/
  59. Run sudo sh +x /opt/grs/scripts/get_system_timezone.sh
  60. Run sudo sh +x /tmp/others/scripts/prerequisite_for_getting_system_timezone.sh
  61. Run cd /home/gradmin/grs-podman-compose
  62. Run sudo podman-compose -f docker-compose.yml -f podman-compose.override.yml up -d
  63. Verify that the GreenRADIUS instance is accessible via the web. You should be able to visit https://<ip address of instance>/admin in your browser to access the GreenRADIUS web admin interface.

Applying Updates to Your GreenRADIUS Instance

  1. Run cd /home/gradmin/grs-podman-compose
  2. Run sudo podman-compose down
  3. Copy the latest update package for GreenRADIUS into the /tmp/ directory
  4. Run sudo unzip /tmp/GreenRADIUS_xxxx_Update.zip -d /tmp/ (where "xxxx" is the version number of the GreenRADIUS update package)
  5. Run sudo tar -xvzf /tmp/GreenRADIUS_xxxx_Update/images.tgz -C /tmp/
  6. Run sudo tar -xvzf /tmp/GreenRADIUS_xxxx_Update/others.tgz -C /tmp/
  7. Run sudo podman load -i /tmp/images/greenradius_xxxx_init_image
  8. Run sudo podman load -i /tmp/images/greenradius_xxxx_main_image
  9. Run sudo podman load -i /tmp/images/greenradius_xxxx_openldap_image
  10. Run sudo podman load -i /tmp/images/greenradius_xxxx_postgres_image
  11. Run sudo podman load -i /tmp/images/greenradius_xxxx_rsyslog_image
  12. Run sudo podman load -i /tmp/images/greenradius_xxxx_freeradius_image
  13. Run sudo podman load -i /tmp/images/greenradius_xxxx_grs_auth_app_image
  14. Edit /home/gradmin/grs-podman-compose/docker-compose.yml and replace every occurrence of the current version number with the version for your latest version of GreenRADIUS (e.g. 5122 for v5.1.2.2)
  15. Run cd /home/gradmin/grs-podman-compose
  16. Run sudo podman-compose -f docker-compose.yml -f docker-compose.override.yml up -d
  17. Confirm that the latest GreenRADIUS version is accessible via your browser at the same URL as before. On future startups, you will need to run sudo podman-compose -f docker-compose.yml -f docker-compose.override.yml up -d from the grs-podman-compose directory, as shown above, to launch the containers.

Note: Whenever the timezone on the server will be changed, the server will have to be rebooted for the timezone to be reflected in the containers.

Updated 2023-09-06
© 2023 Green Rocket Security Inc. All rights reserved.