CS1000E Rls. 7.5 Installation
1. Install Linux base on CPDC card(s)
Load the Linux base:
The first step in the installation process is to load the Linux base on the CPDC cards.
You will need to load (and patch) as many cards as your installation requires. The procedure is the same for each.
- Every installation requires one Primary Security/Deployment Server (UCM0).
- You may optionally configure a Backup Security Server (UCM1).
- All other CPDC cards/servers, such as the MAS, are Member Servers (MAS).
We can interact with a CPDC card either via serial a TTY cable, or via a USB keyboard and VGA monitor connected to the cards faceplate. The bootable software installation USB thumb drive is placed in any one of the three faceplate USB slots.
Power up the card, and be prepared to press F to choose a boot method. The option appears on the screen within a few seconds of booting, immediately after the option to enter bios configuration, and only stays onscreen a few seconds.
At the Boot Option Menu, arrow down to select Flash Drive:
Next, tell the system to run through the configuration script via serial or KVM. Up until this point the same output will appear on both the serial port and the monitor, if connected. If Enter is pressed without input, the system defaults to serial - com1.
Proceed through all the "are you sure?" prompts, keep pressing enter to proceed....
- On the Base Configuration Data Selection screen, select 1, Normal installation.
- On the Network configuration screen, enter the appropriate IP address and fully qualified domain name (FQDN) information.
The Hostname is the cards unique name, eg: UCM0 or MAS
The Domain name is the site name, eg: mypbx.com
The FQDN is then, for example, ucm0.mypbx.com
- On the GMT Offset Selection screen, enter the time zone code offset that matches your location.
- On the DST Selection screen (Daylight Savings Time) again, make the appropriate selection based on your location.
- Check previously entered information and enter [Y]es to confirm it's correct, or N if changes are needed.
A basic configuration may not include a DNS server.
Set the date and time if needed, and confirm that it is correct - this is important!
Next set the root and admin2 passwords. These must meet complexity requirements so good luck! WRITE THEM DOWN!
The root password is rarely needed, beware though, as it might expire. The admin2 password is used to directly access the base element after the installation has completed, eg, when the element is NOT registered with the security domain.
On the Deployment Server screen, enter [Y]es for one CPDC card only (UCM0). An installation has only ONE deployment server.
This ends the configuration script. The system will now automatically install and configure packages. The process takes approximately 17 minutes and will include a reboot.
When the installation process is complete, the card reboots to a FQDN login prompt:
These steps should be repeated for all CPDC cards.
Upload and apply patches:
Use a SFTP file transfer program (winSCP/Transmit) to upload the Service-updates (patches) and Service-pack to each CPDC card in turn. The patching directories are:
- /var/opt/nortel/patch: upload Service Updates (SUs) here...
- /var/opt/nortel/patch/sp: upload Service Packs (SPs) here...
Always patch the PRIMARY UCM0 first, then the backup UCM1, followed by any Member servers.
After uploading the SU's, login with admin2 and pload the SU's, one at a time, in the following order:
pload <patchname> and
pins <handlenumber> for each patch file to load and apply it.
pload <patchname> each patch file, and
pins --all to install and apply the SU's all at once.
The Service pack applies additional patches depending on the deployed applications, and so should be applied AFTER deployment. We can uploaded the file now, but don't forget to load it later! Use:
spload <filename.zip>, followed by
spins to install.
spstat to see which service updates/pack are in service.
Linux Base patching commands:
Show info about a patch
Put patch Out of Service
Unload Patch from system
Load service packs
Install service packs
Service pack status
The following commands may also be useful for getting a snapshot of server status before and after patching:
swVersionShow- Show application versions and deployed applications
appstart status- Show which applications are running
ps -ef- Show the task list.
By default the root and nortel passwords will expire after 90 days, locking out the accounts. We shall set them to never expire (never age). Login as root, and issue the following commands:
# passwd root -x -1 # passwd nortel -x -1
chage --list root can be used to confirm the password will never expire.
Note: The root user can only login directly, either via the COM1 console, or through an attached keyboard and monitor.
Because most systems do not use DNS servers, the PC's hosts file must be modified to allow browser navigation via the FQDN. The hosts file is found in the following directory (you may have to "show hidden files/folders" first, in Folder Options):
C:\Windows\System32\drivers\etc\Open the file with Notepad and add a line at the bottom with the following for each FQDN:
192.168.75.13 ucm0.mypbx.com (substituting your cards IP address and FQDN)
To modify the hosts file on a Windows 7 machine, Notepad must be opened with administrator's privileges. Right click on the Notepad icon and select Run as administrator. Then from the file menu choose Open, navigate to the hosts file, make changes and save it.
Now we can continue to Configure and Join the Secure Domain....