Charon-AXP for Linux installation

Table of contents

Introduction

The Charon-AXP product is distributed as a self-extracting shell archive ("SHAR"). The SHAR is executed in order to unpack it. Before you can unpack the contents you must accept the EULA. The result is a set of RPM packages that are installed using the standard yum or dnf commands.

The RPM modules provide different components. Generally it is recommended to install all the RPM modules but it is possible to omit some RPM packages if they are not needed.

Charon installation consists of the following steps:

  • Host system checks (hardware and software) to ensure the host platform meets the minimum Charon-AXP installation requirements
  • Installation of any 3rd party material, for example, the utilities required for Charon-AXP
  • Running the SHAR to unpack the RPM modules and their individual installation
  • Installation of the Charon-AXP license (hardware dongle or software license)
  • Configuration of the Charon-AXP host system. It assumes creating a specific user, configuring the network, etc.


Hardware Requirements

Number of CPU cores

Each Charon-AXP emulated CPU requires a corresponding physical core. So the total number of the host CPUs must exceed the number of emulated CPUs since some of the host CPUs must be dedicated to serving Charon I/O operations and host operating system needs. If several Charon instances run in parallel, the required number of CPU cores is cumulative.

The following table lists the minimum and recommended number of CPUs required for each virtual Alpha instance (note that each Charon instance is able to run on 2 CPU cores hosts, but this configuration does not support emulation of all the virtual CPUs):

Charon-AXP productMinimum number of host CPU coresRecommended number of host CPU cores

AlphaServer 400 - AlphaServer 4100

2

2

AlphaServer DS10/DS10L/DS15

2

2

AlphaServer DS20/DS25

4

4

AlphaServer ES40/ES45

6

8

AlphaServer GS80

10

16

AlphaServer GS160

18

32

AlphaServer GS320

34

48

When starting, the Charon-AXP software checks the available number of host CPU cores. This check is based on the maximum number of AXP CPUs that can be emulated if this number is not restricted by the "n_of_cpus" parameter. If the available number of host CPU cores is below this number, Charon-AXP will issue a warning message even if the requirements for the configured number of AXP CPUs are fulfilled. The Charon-AXP software will work despite this warning if the requirements for the configured number of AXP CPUs are fulfilled.

Disable Hyper-Threading

Hyper-threading should be switched off completely. Disable hyper-threading in the BIOS settings of the physical host or, for a VMware virtual machine, edit the virtual machine properties, select the Resources tab then select Advanced CPU. Set the Hyper-threaded Core Sharing mode to None.  If Hyper-threading cannot be disabled, please contact Stromasys support for alternative resource requirements and instructions.

CPU type and speed

Platform emulation is a complex and CPU-intensive task. The performance of the individual cores of the host processors is the single most important factor which determines the emulated CPU performance. For the best performance, Stromasys recommends using the fastest available x86_64 processors of the latest generation. At the time of writing, the current generation of Intel server processors is "4th Gen Intel Xeon® Scalable Processors". The current generation of AMD server processors is "4th Generation AMD EPYC™ Processors".

There is a trade-off between the number of cores a processor provides versus the base (or "sustained all-core") frequency – the higher the number of cores, the lower the frequency. In order to choose the best processor, you must understand the workload you wish to emulate. If your workload can be easily distributed across a large number of CPUs ("multi-threaded"), a host processor with a higher number of cores running at a lower frequency might be appropriate. If, on the other hand, your workload conists of single-threaded tasks, probably a host processor with a low number of cores running at the highest possible frequency would be best.

Both Intel and AMD processors have the capability of increasing the frequency on one or very few cores when the other cores are idle. Intel calls this "Max Turbo Frequency" and AMD calls it "Max. Boost Clock". Because the emulator consists of many threads that all need their own host CPUs, this single/few CPU turbo/boost frequency is of no consequence. You should consider only the "Base Frequency/Clock", or, if a processor is capable, the "all-core turbo/boost speed", which is the frequency that all cores can reach when under load.

in general we recommend that the CPU frequency be 3 GHz or higher.


Host memory

The minimum host memory size:

  • depends on the amount of Alpha memory to be emulated and on the number of Charon-AXP instances to be executed on one host.
  • is calculated according to the following formula:

    The minimum host memory = (2Gb +  the amount of Alpha memory emulated) per Charon-AXP instance.

Disk storage

The total amount of disk space required for Charon-AXP can be calculated as a sum of:

  • 500 MB for the Charon software
  • All the disk/tape image sizes plus 500 MB for the Charon software
  • The space required for the host operating system.

Keep in mind that Temporary disk storage is often needed when setting up a new emulator instance, for example for source disks backups storage, software installation kits, and others.

When virtual disks/tapes are used to represent physical disk drives / magnetic tapes, the disk/tape image files have the same size as their hardware equivalent, regardless of their degree of utilization.

Ethernet adapters

Charon-AXP networking requires dedicated host Ethernet adapters; their number must be equal to the emulated adapters to be configured in Charon-AXP. One adapter (optionally) can be left to the host for TCP/IP networking, management interface, etc.

It is also possible to use virtual network interfaces, but for performance considerations, it is recommended to use physical ones only.

Software Requirements

  • Red Hat Enterprise Linux (RHEL) and Oracle Linux 7.x to 9.x (64-bit)
  • Rocky Linux 8.x and 9.x (64-bit)
  • CentOS 7.x (64-bit)
  • Hypervisors: VMware ESXi 5.5 – 8.0; Microsoft Hyper-V; KVM (require a supported Linux operating system running in the virtual machine).
    Note that prerequisites of additional products may limit the choice of hypervisors. For example, a VE license server VM requires VMware ESXi 6.5 or higher. Please refer to the appropriate documentation.

Host system preparation

The automatic installation of updates must be disabled.  Updates to the Charon host must be done only in specific service maintenance periods established by the system administrator. Before applying new updates one must shutdown the operating system running on Charon and stop all the running Charon instances and services.

If a network-wide license (red dongle or software license) is going to be used, do the following:

  • On the license server (where the network license will reside): open port 1947 for both TCP and UDP
  • On the client, if broadcast search for remote licenses is to be used, UDP traffic from port 1947 of the license server to ports 30000-65535 of the client must be permitted
    • If stricter firewall rules are required, it is possible to open the ports 30000-65535 and 1947 only for the "/usr/sbin/hasplmd" daemon.
  • Both on license server and client: set default gateway

Please consult with your Linux User's Guide on details.


Before installation

  1. .Create a directory for the Charon-AXP distribution as shown in the following example:

    # mkdir /charon_dist

    .

  2. On RHEL/CentOS 7, and RHEL 8, the "libev" package is required. If it is reported as missing during Charon installation on RHEL 7/8, check that the repository "extras" is included and enabled, if not, include and enable it. Please refer to your Linux distribution administrator's guide. The "libev" package is included in the "Base-OS" repository for RHEL/Rocky Linux 9, so there is no need to enable or install an additional repository.

    Command to enable the "extras" repository for RHEL 7.x:

    yum-config-manager --enable rhel-7-server-extras-rpms

WARNING

  • If you plan to install Charon-VAX on the same server, both products, Charon-AXP and Charon-VAX, must have the same build number.
  • If you upgrade from a previous version of Charon-AXP, please stop all running Charon virtual machines, uninstall Charon products and reboot the Linux server (recommended) before proceeding with the installation steps described below.

Distribution preparation

Starting with version 4.12, Charon-AXP is delivered as a self-extracting shell-archive with a file name format as follows:

# cp /tmp/charon-axp-<VER>-<BN>.<ZZ>.sh /charon_dist

where:

ItemDescription

VER

Version of Charon-AXP product, for example 4.12

BN

Build Number of Charon-AXP product, for example 21009

ZZ

Charon-AXP target operating system identifier where:

  • ZZ = "el90" for RHEL/Rocky Linux 9
  • ZZ = "el8" for RHEL/Rocky Linux 8
  • ZZ = "el74" for RHEL/CentOS/Rocky Linux 7

To unpack the archive, perform the following steps:

  • Copy the package file to some location in your filesystem, for example /var/tmp/charon-axp-4.12-21009-el90.sh
  • Go to the directory where you wish to unpack the package, for example /charon_dist
  • Run the archive shell script: # sh /path/to/<archive-name>
    For example:
    # sh /var/tmp/charon-axp-4.12-21009-el90.sh
  • Accept the EULA. To successfully unpack the archive, the end-user license agreement must be accepted.
  • After this, the software packages making up the Charon-AXP kit will be extracted into a version-specific sub-directory of the current working directory of the user.

Example command and output:

# sh /var/tmp/charon-axp-4.12-21009.el90.sh
Verifying archive integrity... 100% MD5 checksums are OK. All good.
Uncompressing Charon-AXP for Linux, Version 4.12 (Build 21009) 100%
End User License Agreement for : STROMASYS SOFTWARE.

<...lines removed...>

Please confirm EULA (yes/no) > yes
EULA accepted
gpg: directory `/home/root/.gnupg' created
gpg: new configuration file `/home/root/.gnupg/gpg.conf' created
gpg: WARNING: options in `/home/root/.gnupg/gpg.conf' are not yet active during this run

<...lines removed...>


Example Command:

# cd /charon_dist
sh /var/tmp/charon-axp-4.12-21009-el90.sh


As a result, the new subdirectory "charon-axp-<VER>-<BN>.<ZZ>" will be created.

Switch to that directory:

# cd charon-axp-<VER>-<BN>.<ZZ>

Example:

# cd charon-axp-4.12-21009.el90

The distribution directory contains the following RPM files:

File nameDescription
aksusbd-8.13-1.x86_64.rpm(star) HASP Run-time
charon-axp-VER-BN.ZZ.x86_64.rpmCharon-AXP

charon-license-VER-BN.ZZ.x86_64.rpm

(star) Charon Libraries

charon-mtd-VER-BN.ZZ.x86_64.rpmMTD utility

charon-utils-VER-BN.ZZ.x86_64.rpm

Charon Utilities

(star) These packages are only required if you play to use HASP licensing. If you plan to use VE licensing, you should not install these packages.

Example:

# ls
aksusbd-8.13-1.x86_64.rpm
charon-axp-4.12-21009.el74.x86_64.rpm
charon-license-4.12-21009.el74.x86_64.rpm
charon-mtd-4.12-21009.el74.x86_64.rpm
charon-utils-4.12-21009.el74.x86_64.rpm


Installation

Issue the following command to install all the RPM files present in the directory:

yum install *.rpm

If you plan to use VE licensing, you can use the following command to only install the packages required for that:

# yum install charon-{axp,mtd,utils}-*.rpm

Enter "y" to agree to install all the listed packages.

Example:

Dependencies Resolved  

================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
aksusbd x86_64 8.13-1 /aksusbd-8.13-1.x86_64 2.9 M
charon-axp x86_64 4.12-21009 /charon-axp-4.12-21009.el74.x86_64 260 M
charon-license
x86_64 4.11-20404 /charon-license-4.12-21009.el74.x86_64 2.9 M
charon-utils
x86_64 4.11-20404 /charon-utils-4.12-21009.el74.x86_64 1.8 M
charon-mtd 
x86_64 4.11-20404 /charon-mtd-4.12-21009.68704.el74.x86_64 1.2 M 


Transaction Summary
================================================================================
Install 4 Packages

Total size: 267 M
Installed size: 267 M
Is this ok [y/d/N]: y

Check the installation process has completed successfully.


Example:

Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction (shutdown inhibited)
Installing : aksusbd-8.13-1.x86_64 1/4
Starting aksusbd (via systemctl): [ OK ]
Installing : charon-utils-4.12-21009.x86_64 2/5
Installing : charon-mtd-4.12-21009.x86_64 3/5 

Installing : charon-license-4.12-21009.x86_64 4/5 
Installing : charon-axp-4.12-21009.x86_64 5/5
Verifying : aksusbd-8.13-1.x86_64 1/5 
Verifying : charon-license-4.12-21009.x86_64 2/5 
Verifying : charon-axp-4.12-21009.x86_64 3/5 
Verifying : charon-utils-4.12-21009.x86_64 4/5
Verifying : charon-mtd-4.12-21009.x86_64 4/5 


Installed:
aksusbd.x86_64 0:8.13-1 charon-axp.x86_64 0:4.12-21009
charon-license.x86_64 0:4.12-21009 charon-utils.x86_64 0:4.12-21009
charon-mtd.x86_64 0:4.12-21009


Complete!

Re-login (as "root") to apply the PATH settings or execute the following command:

# . /etc/profile.d/charon.sh

If "PuTTY" terminal emulator is going to be used as an additional option copy the following file to your home directory:

# mkdir -p $HOME/.config/putty/sessions (if it does not already exist)
cp /opt/charon/putty/sessions/CHTERM-VT100 $HOME/.config/putty/sessions

Note that the "charon-utils" package has the following dependencies:

  • ethtool
  • bridge-utils
  • net-tools
  • iproute
  • NetworkManager

During "charon-utils" installation using "yum", these packages, with the exception of "bridge-utils", will be installed automatically from the standard repository if some of them are absent on the host system. In order to install the "bridge-utils", you must first install the EPEL (Extra Packages for Enterprise Linux) repository. Please see the EPEL web page for how to do this:

https://docs.fedoraproject.org/en-US/epel/


Charon-AXP home directory

By default Charon is installed in the "/opt/charon/" directory. It has the following subdirectories:

Directory

Description

/bin

Contains all the executable files

/cfg

Contains the configuration files templates

/doc

Contains the documentation

/log

Contains the log files

/disks

Contains the disk containers

/drivers

Contains the Charon drivers

The most important directory at this stage is the "/cfg" directory since it contains template configuration files with examples of typical configuration parameters and comments. This will be described in the next chapter.

Non-privileged user account creation

Create a non-privileged user account named "charon" for running Charon:

useradd -G disk,tape,cdrom,dialout,lock -c "Charon User" -m charon
# passwd charon

Any existing user can also be used to run Charon. In this case issue the following command to include this existing user into these specific groups:

usermod -G disk,tape,cdrom,dialout,lock -g <user name> <user name>

Example:

usermod -G disk,tape,cdrom,dialout,lock -g tommy tommy

If PuTTY is required for the non-privileged user, repeat the installation steps for CHTERM-VT100 (above) for the user.

Re-login to apply changes.

Please note: If the emulator will be configured to use a physical serial port ("/dev/ttyNN"), it must either be run as the root user or the non-privileged user must be a member of the dialout group. The non-privileged account created above does not allow the use of FC presentation mode (kgpsa_generic_storage). If you plan to use either of this feature, you should plan to run Charon-AXP as the root user.


Charon License Installation

Charon-AXP requires a valid product license to run the emulator. You have the choice of "VE" or "HASP" licensing. These are mutually exclusive. More information can be found below and in the CHARON-AXP for Linux Licensing section.

VE Licensing

VE licensing requires that a license server be installed and running that can serve a valid license. Stromasys recommends that you deploy a separate, dedicated system for the license server. If you need to set up a license sever, please refer to Virtual Environment (VE) License Server Documentation. If you already have a running VE license server, see the following and if necessary the CHARON-AXP for Linux Licensing section.

For Charon-AXP/VAX, the configuration of primary and (optionally) backup license server must be specified in the emulator configuration file using a text editor.

Configuration file general format:

set session license_key_id = "VE://<license-server-IP-Address>[:<port>]/[<passphrase>/]"

Description of the parameters:

  • <license-server-IP>: the IP address of the VE license server (127.0.0.1 if the VE license server is on the same host).
  • <port>: the TCP port on which the license is served (if not specified, the default port 8083 will be used).
  • <passphrase>: the passphrase of the correct product section on the license (optional). The parameter may be required for the emulator in some cases to identify the correct section.

To configure a backup license server, add the backup license server information to the same line after the primary license server information:

set session license_key_id = "VE://<primary-licserv-IP-Address>[:<port>]/<passphrase>/, VE://<backup-licserv-IP-Address>[:<port>]/<passphrase>/"

Only one backup server can be configured. The backup server typically provides a license limited to a certain number of runtime hours should the primary server become unavailable. If all valid licenses are lost or removed while an emulator is running, there is a grace period (configured on the license; default: 2 hours). The grace period is the time period during which the emulator continues to run after its license has been lost or removed. If there is no valid license after the grace period ends, the emulator will stop (this could cause data loss for a running guest system).

HASP Licensing

Regular HASP USB dongle

If the Charon license is located on a regular USB dongle, it must be connected to a "local" host USB port. "local" means either a USB port directly connected to the emulator-host, or one belonging to a USB-over-IP device, such that the USB port appears local to the emulator-host.

If the Charon host is accessed remotely (Remote Desktop for example), please note that regular HASP licenses cannot be displayed or used to start a Charon virtual machine. As a workaround it is possible to install Charon as a daemon (service). This procedure will be described later.

Network HASP USB dongle

If the Charon license is a network license (red USB dongle), it is possible either to connect it to the host USB port (to use it locally and provide it to other hosts on the local network at the same time) or to install it on a local network "license server" for remote access from this particular host.

If a remote license server is to be used:

  • Copy the aksusbd-8.13-1.x86_64.rpm and charon-license-4.12-<build>.<OS identifier>.x86_64.rpm files to the server (see Installation section above), for example to "/tmp".
  • Login as "root" on the server.
  • Switch to that directory.
  • Install the copied files using "yum".
    Example:

    cd /tmp
    yum install aksusbd* charon-license-*
  • Connect the network HASP dongle to one of the server USB ports.


The network HASP (red dongles) licenses have no restrictions with respect to remote access.

Software license

If the Charon license is a software license (SL), it is installed on the host using the following procedure:

  1. Run the hasp_srm_view utility in the following way to get the host fingerprint file ("my_host.c2v" in this example):

    # hasp_srm_view -fgp my_host.c2v
  2. Send the resulting file to STROMASYS. In return STROMASYS will provide you with a ".v2c" file, for example "your_license.v2c".
  3. Copy the received file to any folder on the Charon host, invoke the system default web browser and enter the URL http://localhost:1947 to display the "Sentinel Admin Control Center" (ACC) web interface. This interface allows you to view and manage the Charon licenses.
  4. In the ACC perform the following steps: select Update/Attach from the menu on the left pane then use the Browse button to select the received file and click on the Apply File button to install the license.
  5. Ensure that the software license is now visible in the "Sentinel Keys" section of the ACC.


It is also possible to use the "hasp_update" utility for applying ".v2c" files.

The Software Licenses (SL) are always network licenses, they have no restrictions with respect to being displayed or accessed via a remote connection.

A "Provisional" (demo) license does not require collecting a fingerprint. For its installation start at step 3 in the sequence above

License validity verification

To check the Charon license validity, invoke the hasp_srm_view utility to make sure that the Charon license is visible and is correct:

  • Text of the license is displayed correctly by the hasp_srm_view utility, no error messages are shown.
  • The content of the license looks correct. For example: license number, major and minor versions, minimum and maximum build numbers, Charon-AXP products and allowed hardware (Charon-AXP models) should be checked. More details on the license content can be found in the CHARON-AXP Licensing chapter of this Guide.

Example:

# hasp_srm_view 

License Manager running at host: dlao.msc.masq
License Manager IP address: 192.168.1.129

HASP Net key detected

The Physical KeyId: 1422726238
License Type: License Dongle (Network Capable)
CHARON Sentinel HASP License key section
Reading 4032 bytes

The License Number: 000.msc.sanity.tests
The License KeyId: 1422726238
The Master KeyId: 827774524
Release date: 10-MAR-2020 
Release time: 15:15:15
... 

If multiple licenses are available, it is possible to check them using the "-all" parameter with the hasp_srm_view utility in the following way:

hasp_srm_view -all

(info) It it also possible to display the license content for one specific key using the "-key" parameter and specifying the Key Id (see "# hasp_srm_view -h" for more)

Reminder: If the Charon host is accessed over a remote connection, please note that regular HASP licenses cannot be displayed and used in this case. As a workaround it is possible to install Charon as a daemon (service). This procedure will be described later.

Troubleshooting

If the Charon license content cannot be displayed by the hasp_srm_view utility or it is incorrect, check the license is available and correctly used:

  1. Invoke the system default web browser and enter the URL http://localhost:1947 to display the "Sentinel Admin Control Center" (ACC) web interface.
  2. Click on "Sentinel Keys" link to open the corresponding page.
  3. Make sure that one and only one Charon HASP or SL license is present.

(info) To facilitate troubleshooting, Stromasys recommends to enable logging from the Sentinel Admin Control Center as described in this article: Enabling logging in Sentinel Admin Control Center.

ProblemAction
No license is displayedMake sure that all the recommendations above about remote access to the host are fulfilled (if remote access takes place), that the HASP USB key is not broken and its LED indicator is lit (meaning that it is used by the host).
Only one License key / SL is seen and its content is incorrectContact STROMASYS to request a new license update.
Several License keys / SLs are displayedRemove all of them except the one provided by STROMASYS for the just installed version of Charon.

Removing licenses can be done by physical disconnection of the corresponding USB HASP keys from the Charon host and physical disconnection of the network HASP keys from all hosts on the local network (or by disabling remote access to network licenses from the Charon host - see detailed explanations below).

For license servers accessible only via non-broadcast search it is also possible to disable access to network licenses if only a local license is to be used: Click on the "Configuration" link to open the "Configuration for Sentinel Manager" page.


Uncheck the "Allow Access to Remote Licenses" checkbox from the "Access to Remote License Managers" tab then press the "Submit" button to apply changes.

Starting with Charon-AXP/VAX 4.9 for Linux and Charon-AXP/VAX version 4.8 for Windows the Charon emulator products do not follow the settings in the Sentinel ACC with respect to querying remote license servers and network visibility. They perform a broadcast search for network licenses even if this has been disabled in the Sentinel ACC. If this behavior has to be prevented for specific reasons, the network access of the system has to be temporarily restricted or disabled, for example by blocking the relevant traffic in a firewall. Another possibility would be to block access to the network license at the license server side.

Note that such methods can negatively impact other functions of the system or, in the case of blocking access to a network license on the server, even the functions on other license clients.


It is also possible to leave several licenses available to Charon-AXP at the same time but in this case they have to be specified in the configuration file.

Example:

set session license_key_id=1877752571

It is also possible to have one "main" and one "backup" license in case the main license becomes unavailable:

set session license_key_id="1877752571,354850588"

Charon-AXP checks its licenses from time to time starting with the main license. If it becomes unavailable, it attempts to access the backup license.

Network configuration

In most cases Charon will use a network. In this case Charon requires one or more dedicated network interfaces with any other protocols including TCP/IP removed at the host level.

Two ways of network configuration are possible:

  • With the help of the "ncu" utility
  • Manually

The first way is recommended. Use the manual approach only in absence of the "ncu" utility or if it impossible to use it.


Configuration with NCU utility

Login as root and enter "ncu". The following menu will appear:

# ncu
CHARON Network Configuration Utility, 
STROMASYS (c) 2020 Version 1.7


Interfaces Dedicated to State
---------- ------------ ------------
eth0         host         connected to host
eth1         host         disconnected from host
lo           host         unmanaged by host
virbr0-nic   bridge       unmanaged by bridge

==================================================================
bridge name bridge id          STP enabled   interfaces
==================================================================
virbr0     8000.5254004608c0  yes            virbr0-nic

==================================================================

select action:
1 - Dedicate to CHARON
2 - Release to host
3 - Create Bridge with TAPs
4 - Remove Bridge
5 - Add VLAN
6 - Remove VLAN
7 - Print status
8 - Exit
:> 1

The utility lists the available network interfaces (both physical and virtual) and indicates whether they are dedicated to the host or to Charon and whether they are currently in use by the host operating system.


"ncu" offers several options:

  • Dedicate interface to Charon (option "1")
  • Release interface to host (option "2")
  • Create a bridge between a chosen Linux network interface and the Linux virtual bridge and create a number of virtual network interfaces ("TAP") (option "3")
  • Remove the Linux virtual bridge and all the created virtual network interfaces (option "4")
  • Add VLAN (option "5")
  • Remove VLAN (option "6")
  • Print status (option "7") - use it to display status of network interfaces and the menu shown above
  • Exit (option "8")

In the example above we see 2 network interfaces, "eth0" and "eth1", that are dedicated to the host and the host uses only the interface "eth0".

Let's dedicate the interface "eth1" to Charon-AXP.

Enter "1" then "eth1":

Specify the interface to dedicate to CHARON:eth1
Turning off offloading for eth1.. Please wait

select action:
1 - Dedicate to CHARON
2 - Release to host
3 - Create Bridge with TAPs
4 - Remove Bridge
5 - Add VLAN
6 - Remove VLAN
7 - Print status
8 - Exit

:> 7

Now the interface "eth1" is dedicated to CHARON-AXP:

Interfaces Dedicated to State
---------- ------------ ------------
eth0         host         connected to host
eth1         CHARON       disconnected from host
lo           host         unmanaged by host
virbr0-nic   bridge       unmanaged by bridge

==================================================================
bridge name bridge id          STP enabled   interfaces
==================================================================
virbr0     8000.5254004608c0  yes            virbr0-nic

==================================================================

select action:
1 - Dedicate to CHARON
2 - Release to host
3 - Create Bridge with TAPs
4 - Remove Bridge
5 - Add VLAN
6 - Remove VLAN
7 - Print status
8 - Exit

:>

Enter "8" to return to the console prompt.

Now "eth1" can be used by Charon-AXP.


Manual Configuration

Choosing a network interface

To choose an interface to be used for Charon networking, do the following:

ifconfig
eth0 Link encap:Ethernet HWaddr 00:60:52:0A:A9:1E
... 
eth1 Link encap:Ethernet HWaddr 00:C0:26:60:FB:15 
...
eth2 Link encap:Ethernet HWaddr 00:1A:92:E1:3F:7F

Choose an interface to be used by Charon, for example "eth1"

Designation of network interface to Charon

To designate the chosen interface to Charon open up the file "/etc/sysconfig/network-scripts/ifcfg-ethN" (where N is the number of the interface to be used for Charon, in this case it is "1") and make sure that all the IP-setup related parameters are removed. The file must look like this:

DEVICE="eth1"
HWADDR="00:06:2B:00:6A:87"
NM_CONTROLLED="no"
ONBOOT="no"

Switching off the offload parameters

Determine what additional parameters are currently set to "on" on the host network adapter to be used by Charon using the following command:

ethtool -k <device>

Example:

ethtool -k eth1
Offload parameters for eth1:
rx-checksumming: on
tx-checksumming: on
scatter-gather: on
tcp-segmentation-offload: off
udp-fragmentation-offload: off
generic-segmentation-offload: on
generic-receive-offload: off
large-receive-offload: off

Use "ethtool" to switch off all the offload parameters:

# ethtool -K <device> <parameter> off

Example:

ethtool -k eth1
Offload parameters for eth1:
rx-checksumming: on
tx-checksumming: on
scatter-gather: on
tcp-segmentation-offload: off
udp-fragmentation-offload: off
generic-segmentation-offload: on
generic-receive-offload: off
large-receive-offload: off

For the example above let's create a temporary file containing the commands to be executed at system startup as the offload parameters must be switched off following each reboot:

ethtool -K eth1 rx off
ethtool -K eth1 tx off
ethtool -K eth1 sg off
ethtool -K eth1 gso off
ethtool -K eth1 gro off
 

Let's suppose the name of the file is "offload_off_eth1.txt". To execute it on system startup, execute the following command (example):

cat offload_off_eth1.txt >> /etc/rc.d/rc.local

Final steps

  • Reboot the host system
  • Login as user "charon"
  • Verify the offload parameters are effective

Upgrade from previous version

To upgrade an already installed Charon-AXP kit to a more recent one:

  1. Ensure your license allows you to upgrade to that version. If not, please generate a C2V file and send it to STROMASYS for update. See CHARON-AXP for Linux utilities - 'hasp_srm_view' utility
  2. Prepare the new kit RPM files as it is described in "Charon-AXP for Linux installation#Before installation" and "Charon-AXP for Linux installation#Distribution preparation" sections.
  3. Stop all running CHARON-AXP instances.
  4. Make sure that no template files (i.e. "es40.cfg.template") have been used for your specific configuration otherwise copy those files to a dedicated folder.
  5. Login as "root" user.
  6. Remove the old Charon-AXP version as described in the "CHARON-AXP for Linux deinstallation" chapter and reboot the Linux server (recommended).
  7. Proceed with the instructions on the new kit installation as described in the "Charon-AXP for Linux installation#Installation" section.
  8. Once installation is completed, it is recommended to reboot the Linux server (possible issues with licenses detection could occur).
  9. Install the license for the new Charon-AXP as described in the "Charon-AXP for Linux installation#License installation" section.

  10. Start all the CHARON-AXP services stopped at step #3.

If you did not reboot your Linux server at step 6, you may experience issues with 'aksusbd' service installation and then license detection.

Example:

  Installing : aksusbd-8.13-1.x86_64 1/5
Failed to execute operation: Access denied
Failed to restart aksusbd.service: Access denied

To solve this problem, remove all Charon installed product and restart from step 6 above.



© Stromasys, 1999-2024  - All the information is provided on the best effort basis, and might be changed anytime without notice. Information provided does not mean Stromasys commitment to any features described.

Vadim Model
December 9, 2023

Actually (at least on Rocky Linux 9.2) presense in 'dialout' group is enough for use /dev/ttyS*. So, original statement does not seem to be correct. One does not need root privileges to use /dev/ttyS*. Of course, being root resolves (almost) all access problems.