CHARON-VAX for Linux installation

Table of contents

Introduction

CHARON-VAX products are distributed in form of archive TAR.GZ files that contain RPM modules for different components. Generally it is recommended to install all the RPM modules but it is possible to omit some RPM files if they are not needed.

CHARON installation consists of the following steps:

  • Host system checks (hardware and software) to ensure the host platform meets the minimum CHARON-VAX installation requirements
  • Installation of any 3rd party material, for example, the utilities required for CHARON-VAX
  • Extracting CHARON-VAX RPM modules from the TAR.GZ archive and their individual installation
  • Installation of the CHARON-VAX license (hardware dongle or software license)
  • Configuration of the CHARON-VAX host system. It assumes creating a specific user, configuring the network, etc.

Hardware Requirements

Number of CPU cores

Each CHARON emulated CPU requires a corresponding physical core. So the total number of the host CPUs must exceed the number of emulated CPUs since some of the host CPUs must be dedicated to serving CHARON I/O operations and host operating system needs. If several CHARON instances run in parallel, the required number of CPU cores is cumulative.

The table below lists the minimum and recommended number of CPUs required for each product:

CHARON-VAX model

Minimal number of CPU cores

Recommended number of CPU cores

VAX 6610

2

4

VAX 6620

3

4

VAX 6630

4

6

VAX 6640

6

8

VAX 6650

8

12

VAX 6660

8

12

Other models22

When starting, the CHARON-VAX software checks the available number of host CPU cores. This check is based on the maximum number of VAX CPUs that can be emulated. Therefore the number of host CPU cores recommended for the maximum number of emulated CPUs - as shown in the right column of the table above - must be available. If the available number of host CPU cores is below this number, CHARON-VAX will issue a warning message. The CHARON-VAX software will work despite this warning.

Hyper-threading must be switched off completely. Disable hyper-threading in the BIOS settings of the physical host or, for a VMware virtual machine, edit the virtual machine properties, select the Resources tab then select Advanced CPU. Set the Hyper-threaded Core Sharing mode to None.

CPU type and speed

Since CHARON-VAX utilizes LAHF instruction in VAX CPU emulation please avoid usage of early AMD64 and Intel 64 CPUs in CHARON host system since they lack it. AMD introduced the instruction with their Athlon 64, Opteron and Turion 64 revision D processors in March 2005 and Intel introduced it with the Pentium 4 G1 stepping in December 2005.

Concerning CPU speed, the general recommendation is that higher the CPU frequency is, better the emulated VAX performances will be. The minimum recommendation is at least 3 GHz.

Operative memory

The minimum host memory size:

  • depends on the amount of VAX memory to be emulated and on the number of CHARON-VAX instances to be executed on one host.
  • is calculated according to the following formula:

    The minimum host memory = (2Gb +  the amount of VAX memory emulated) per CHARON-VAX instance.

The maximum amount of VAX memory that can be created in the CHARON-VAX/66x0 products and supported by OpenVMS/VAX is 3584 Mb. For details, see the memory size specifications.

Disk storage

The total amount of disk space required for CHARON-VAX can be calculated as a sum of all the disk/tape image sizes plus 50 MB for the CHARON software plus the space required for the host operating system. Temporary disk storage is often needed when setting up a new virtual machine (for source disks backups storage, software installation kits, etc...).

When virtual disks/tapes are used to represent physical disk drives / magnetic tapes, the disk/tape image files have the same size as their hardware equivalent, regardless of their degree of utilization.


Ethernet adapters

CHARON-VAX networking requires dedicated host Ethernet adapters; their number must be equal to the emulated adapters to be configured in CHARON-VAX. One adapter (optionally) can be left to the host for TCP/IP networking, management interface, etc.

It is also possible to use virtual network interfaces but for performance considerations, it is recommended to use physical ones only.

Software Requirements

  • Red Hat Enterprise Linux 7.x, 64bit
  • Red Hat Enterprise Linux 6.5 - 6.10, 64bit
  • CentOS 7.x, 64bit
  • VMware ESXi 5.5 and 6.x up to 6.7 (requires a supported Linux operating system on top of a ESXi virtual machine)


For CentOS, a connection to the internet is required to install the glibc.i686 package which is not included in the Standard distribution DVD. If there's no connection available, please use the "Everything" distribution DVD.

Host system preparation

The automatic installation of updates must be disabled.  Updates to the CHARON host must be done only in specific service maintenance periods established by the system administrator. Before applying new updates one must shutdown the operating system running on CHARON and stop all the running CHARON instances and services.

If a network-wide license (red dongle or software license) is going to be used, do the following:

  • On the server side (where the network license will reside): open port 1947 for both TCP and UDP
  • On the client side, if broadcast search for remote licenses is to be used, UDP traffic from port 1947 of the license server to ports 30000-65535 of the client must be permitted.
  • Both on server and client sides: set default gateway

Please consult with your Linux User's Guide on details.

If stricter firewall rules are required, it is possible to open the ports 30000-65535 and 1947 only for the "/usr/sbin/hasplmd" daemon.

Before installation

  1. Login as the superuser ("root") on the host system. Because Sentinel HASP runtime relies on 32-bit compatibility libraries to run on Linux, the 32-bit compatibility libraries must be installed before continuing. If the emulator host has access to a package repository, either local or remote, use the following command:

    # yum install glibc.i686

    (info) Sometimes it is not possible to use an online repository for the installation of 32-bit glibc package. In this case the procedure described in the appendixes has to be used: glibc.i686 installation without Internet connection


    .

  2. Create a directory for the CHARON-VAX distribution, copy the TAR.GZ files there and change to this directory as shown in the following example:

    # mkdir /charon_dist
    # cp /tmp/charon-vax-4.10-20200.el74.tar.gz /charon_dist
    # cd /charon_dist
  3. On RHEL 7.x and CentOS 7.x, the "libev" package is required. If it is reported as missing during CHARON installation on RHEL 7.x check that the repository "extras" is included and enabled, if not, include and enable it. Please refer to your Linux distribution administrator's guide. Example for RHEL 7.x:

    yum-config-manager --enable rhel-7-server-extras-rpms

WARNING

  • If you plan to install CHARON-AXP on the same server, both products, CHARON-AXP and CHARON-VAX, will have to be the same build number.
  • If you upgrade from a previous version of CHARON-VAX, please stop all running CHARON virtual machines and uninstall CHARON products before proceeding with the installation steps described below.

Distribution preparation

  1. Extract the content of the distribution TAR.GZ files to the current directory:

    # tar -xvzf charon-vax-<VER>-<BN>.<ZZ>.tar.gz

    where:

     

    Description

    VER

    Version of CHARON-VAX product, for example 4.10

    BN

    Build Number of CHARON-VAX product, for example 20200

    ZZ

    CHARON-VAX target operating system identifier.

    For CentOS 7.x 'ZZ' value is 'el74', for Red Hat Enterprise Linux 7.x the value is 'el74' and for Red Hat Enterprise Linux 6.5 to 6.9 the value is 'el65'.

    Example:

    # tar -xvzf charon-vax-4.10-20200.el74.tar.gz 

    As result, a new directory "charon-vax-<VER>-<BN>.<VC>.<ZZ>" will be created.
     

  2. Switch to that directory:

    # cd charon-vax-<VER>-<BN>.<ZZ>

    Example:

    # cd charon-vax-4.10-20200.el74

         


  3. The distribution directory contains the following RPM files:

    File name

    Description

    charon-vax-VER-BN.ZZ.x86_64.rpmCHARON-VAX

    aksusbd-7.63-1.i386.rpm

    HASP Run-time

    charon-license-VER-BN.ZZ.x86_64.rpm

    CHARON Libraries

    charon-utils-VER-BN.ZZ.x86_64.rpm

    CHARON Utilities

    charon-mtd-VER-BN.ZZ.x86_64.rpmMTD utility

    Example:

    ls
    aksusbd-7.63-1.i386.rpm
    charon-vax-4.10-20200.el74.x86_64.rpm
    charon-license-4.10-20200.el74.x86_64.rpm
    charon-utils-4.10-20200.el74.x86_64.rpm
    charon-mtd-4.10-20200.el74.x86_64.rpm 
     


Installation

Issue the following command to install all the RPM files present in the directory:

# yum install *.rpm

Enter "y" to agree to install all the listed packages.

Example:

Dependencies Resolved  

================================================================================ 
Package Arch Version Repository Size 
================================================================================ 
Installing: 
aksusbd i386 7.63-1 /aksusbd-7.63-1.i386 2.9 M 
charon-vax x86_64 4.10-20200 /charon-vax-4.10-20200.68704.el74.x86_64 260 M 
charon-license 
x86_64 4.10-20200 /charon-license-4.10-20200.68704.el74.x86_64 2.9 M 
charon-utils 
x86_64 4.10-20200 /charon-utils-4.10-20200.68704.el74.x86_64 1.8 M 
charon-mtd 
x86_64 4.10-20200 /charon-mtd-4.10-20200.68704.el74.x86_64 1.2 M 


Transaction Summary 
================================================================================ 
Install 4 Packages 

Total size: 267 M 
Installed size: 267 M 
Is this ok [y/d/N]y

Check the installation process has completed successfully.

Example:

Downloading packages: 
Running transaction check 
Running transaction test 
Transaction test succeeded 
Running transaction (shutdown inhibited) 
Installing : aksusbd-7.63-1.i386 1/5 
Starting aksusbd (via systemctl): [ OK ] 
Installing : charon-utils-4.10-20200.x86_64 2/5
Installing : charon-mtd-4.10-20200.x86_64 3/5 

Installing : charon-license-4.10-20200.x86_64 4/5 
Installing : charon-vax-4.10-20200.x86_64 5/5
Verifying : aksusbd-7.63-1.i386 1/5 
Verifying : charon-license-4.10-20200.x86_64 2/5 
Verifying : charon-vax-4.10-20200.x86_64 3/5 
Verifying : charon-utils-4.10-20200.x86_64 4/5
Verifying : charon-mtd-4.10-20200.x86_64 4/5 


Installed: 
aksusbd.i386 0:7.63-1 charon-vax.x86_64 0:4.10-20200 
charon-license.x86_64 0:4.10-20200 charon-utils.x86_64 0:4.10-20200
charon-mtd.x86_64 0:4.10-20200  


Complete!

Re-login (as "root") to apply the PATH settings or execute the following command:

# . /etc/profile.d/charon.sh


Note that the "charon-utils" package has the following dependencies:

  • ethtool
  • bridge-utils
  • net-tools
  • iproute
  • NetworkManager

During "ncu" installation using "yum", these packages will be installed automatically if some of them are absent on the host system.

CHARON-VAX home directory

By default CHARON is installed in the "/opt/charon" directory. It has the following subdirectories:

Directory

Description

/bin

Contains all the executable files

/cfg

Contains the configuration files templates

/doc

Contains the documentation

/log

Contains the log files

/disks

Contains the disk containers

/drivers

Contains the CHARON drivers

The most important at this stage is the "/cfg" directory since it contains template configuration files with examples of typical configuration parameters and comments. We will focus our attention on this subject in the next chapter.

Specific user account creation

Create a specific user account named "charon" for running CHARON:

# useradd -G disk,tape,cdrom,dialout,lock -c "Charon User" -m charon
# passwd charon

Any existing user can also be used to run CHARON. In this case issue the following command to include this existing user into these specific groups:

# usermod -G disk,tape,cdrom,dialout,lock -g <user name> <user name>

Example:

# usermod -G disk,tape,cdrom,dialout,lock -g tommy tommy

The specific account created above does not allow to use physical consoles "/dev/tty<N>" as CHARON consoles. If you plan to map CHARON console to "/dev/tty<N>" use only "root" account for CHARON running.


License installation

Regular HASP USB dongle

If CHARON license is located on a regular USB dongle, just connect it to the host USB port.

If the CHARON host is accessed remotely, please note that regular HASP licenses cannot be displayed and used to start a CHARON virtual machine. As a workaround it is possible to install CHARON as a daemon (service). This procedure will be described later.

Network HASP USB dongle

If the CHARON license is a network license (red USB dongle), it is possible either to connect it to the host USB port (to use it locally and provide it to other hosts on the local network at the same time) or to install it on a local network "license server" for remote access from this particular host.

If a remote license server is to be used:

  • Copy the aksusbd-7.63-1.i386.rpm and charon-license-4.10-<build>.<OS identifier>.x86_64.rpm files (see above) to the server, for example "/tmp"
  • Login as "root" to the server.
  • Switch to that directory.
  • Install the copied files using "yum".
    Example:

    # cd /tmp
    # yum install aksusbd* charon-license-*
  • Connect the network HASP dongle to one of the server USB ports.


The network HASP (red dongles) licenses have no restrictions with respect remote access

Software license

If CHARON license is a software license (SL), it is installed on the host using the following procedure:

  1. Run hasp_srm_view utility in the following way to get the host fingerprint file ("my_host.c2v" in this example):

    # hasp_srm_view -fgp my_host.c2v
  2. Send the resulting file to STROMASYS. In return STROMASYS will provide you with a ".v2c" file, for example "your_license.v2c".
  3. Copy the received file to any folder on the CHARON host, invoke the system default web browser and enter URL http://localhost:1947 to display the "Sentinel Admin Control Center" (ACC) web interface. This interface allows you to view and manage the CHARON licenses.
  4. In the ACC perform the following steps: select Update/Attach from the menu on the left pane then use the Browse button to select the received file and click on the Apply File button to install the license.
  5. Ensure that the software license is now visible in the "Sentinel Keys" section of the ACC.


It is also possible to use the "hasp_update" utility for applying ".v2c" files.

The Software Licenses (SL) are always network licenses, they have no restrictions with respect to being displayed or accessed via a remote connection.

A "Provisional" (demo) license does not require collecting a fingerprint. For its installation start at step 3 in the sequence above

License validity verification

To check the CHARON license validity, invoke the hasp_srm_view utility to make sure that CHARON license is visible is correct:

  • Text of the license is displayed correctly by the hasp_srm_view utility, no error messages are shown.
  • The content of the license looks correct. For example: license number, major and minor versions, minimum and maximum build numbers, CHARON-VAX products and allowed hardware (CHARON-VAX models) should be checked. More details on the license content can be found in the CHARON-VAX Licensing chapter of this Guide.


Example:

# hasp_srm_view 

License Manager running at host: dlao.msc.masq 
License Manager IP address: 192.168.1.129 

HASP Net key detected 

The Physical KeyId: 1422726238 
CHARON Sentinel HASP License key section 
Reading 4032 bytes 

The License Number: 000.msc.sanity.tests 
The License KeyId: 1422726238 
The Master KeyId: 827774524 
Release date: 12-MAY-2018
Release time: 15:15:15 
Update number: 1 
End User name: MSC 
Purchasing Customer name: STROMASYS
... 

If multiple licenses are available, it is possible to check them using the "-all" parameter with the hasp_srm_view utility in the following way:

# hasp_srm_view -all

(info) It it also possible to display the license content for one specific key using the "-key" parameter and specifying the Key Id (see "hasp_srm_view -h" for more)

Reminder: If the CHARON host is accessed over a remote connection, please note that regular HASP licenses cannot be displayed and used in this case. As a workaround it is possible to install CHARON as a daemon (service). This procedure will be described later.

Troubleshooting

If the CHARON license content cannot be displayed by the hasp_srm_view utility or it is incorrect, check the license is available and correctly used:

  1. Invoke the system default web browser and enter the URL http://localhost:1947 to display the "Sentinel Admin Control Center" (ACC) web interface.
  2. Click on "Sentinel Keys" link to open the corresponding page.
  3. Make sure that one and only one CHARON HASP or SL license is present.

ProblemAction
No license is displayedMake sure that all the recommendations above about remote access to the host are fulfilled (if remote access takes place), that the HASP USB key is not broken and its LED indicator is lit (meaning that it is used by the host).
Only one License key / SL is seen and its content is incorrectContact STROMASYS to request a new license update.
Several License keys / SLs are displayedRemove all of them except the one provided by STROMASYS for the just installed version of CHARON.

Removing licenses can be done by physical disconnection of the corresponding USB HASP keys from CHARON host and physical disconnection of the network HASP keys from all hosts on the local network (or by disabling remote access to network licenses from the CHARON host - see detailed explanations below).

For license servers accessible only via non-broadcast search it is also possible to disable access to network licenses if only a local license is to be used: Click on the "Configuration" link to open the "Configuration for Sentinel Manager" page.

Uncheck the "Allow Access to Remote Licenses" checkbox from the "Access to Remote License Managers" tab then press the "Submit" button to apply changes.

Starting with Charon-AXP/VAX 4.9 for Linux and Charon-AXP/VAX version 4.8 for Windows the Charon emulator products do not follow the settings in the Sentinel ACC with respect to querying remote license servers and network visibility. They perform a broadcast search for network licenses even if this has been disabled in the Sentinel ACC. If this behavior has to be prevented for specific reasons, the network access of the system has to be temporarily restricted or disabled, for example by blocking the relevant traffic in a firewall. Another possibility would be to block access to the network license at the license server side.

Note that such methods can negatively impact other functions of the system or, in the case of blocking access to a network license on the server, even the functions on other license clients.


It is also possible to leave several licenses available to CHARON-VAX at the same time but in this case they have to be specified in the configuration file.

Example:

set session license_key_id=1877752571

It is also possible to have one "main" and one "backup" license in case the main license becomes unavailable:

set session license_key_id="1877752571,354850588"

CHARON-VAX checks its licenses from time to time starting with main license. If it becomes unavailable, it attempts to access the backup license.

Network configuration

In most cases CHARON will use a network. In this case CHARON requires one or more dedicated network interfaces with any other protocols including TCP/IP removed at the host level.

Two ways of network configuration are possible:

  • With the help of the "ncu" utility
  • Manual

The first way is recommended. Use the manual approach only in absence of the "ncu" utility or if it is impossible to use it.


Configuration with NCU utility

Login as root and enter "ncu". The following menu will appear:

# ncu

CHARON Network Configuration Utility, STROMASYS (c) 2016 Version 1.6 

Interfaces Dedicated to State
---------- ------------ ------------
eth0       host         connected to host
eth1       host         disconnected from host

===============================VLAN===============================
==================================================================
select action:
1 - Dedicate to CHARON
2 - Release to host
3 - Create Bridge with TAPs
4 - Remove Bridge
5 - Add VLAN
6 - Remove VLAN
7 - Print status
8 - Exit
:> 1

The utility lists the available network interfaces (both physical and virtual) and indicates whether they are dedicated to the host or to CHARON and whether they are currently in use by the host operating system.

"ncu" offers several options:

  • Dedicate interface to CHARON (option "1")
  • Release interface to host (option "2")
  • Create a bridge between a chosen physical network interface and the Linux virtual network and create a number of virtual network interfaces (option "3")
  • Remove the Linux virtual network and all the created virtual network interfaces (option "4")
  • Add VLAN (option "5")
  • Remove VLAN (option "6")
  • Print status (option "7") - use it to display status of network interfaces and the menu shown above
  • Exit (option "8")

In the example above we see 2 network interfaces, "eth0" and "eth1", that are are dedicated to the host and the host uses only the interface "eth0".

Let's dedicate the interface "eth1" to CHARON-VAX.

Enter "1" then "eth1":

Specify the interface to dedicate to CHARON:eth1

Turning off offloading for eth1.. Please wait

select action:
1 - Dedicate to CHARON
2 - Release to host
3 - Create Bridge with TAPs
4 - Remove Bridge
5 - Add VLAN
6 - Remove VLAN
7 - Print status
8 - Exit

:> 7


Now the interface "eth1" is dedicated to CHARON-VAX:

Interfaces Dedicated to State
---------- ------------ ------------
eth0       host         connected to host
eth1       CHARON       disconnected from host

===============================VLAN===============================
==================================================================
select action:
1 - Dedicate to CHARON
2 - Release to host
3 - Create Bridge with TAPs
4 - Remove Bridge
5 - Add VLAN
6 - Remove VLAN
7 - Print status
8 - Exit

:>

Enter "8" to return to the console prompt.

Now "eth1" can be used by CHARON-VAX.

Manual Configuration

Choosing network interface

To choose an interface to be used for CHARON networking, do the following:

# ifconfig
eth0 Link encap:Ethernet HWaddr 00:60:52:0A:A9:1E
... 
eth1 Link encap:Ethernet HWaddr 00:C0:26:60:FB:15 
...
eth2 Link encap:Ethernet HWaddr 00:1A:92:E1:3F:7F

Choose an interface to be used by CHARON, for example "eth1"

Designation of network interface to CHARON

To designate the chosen interface to CHARON open up the file "/etc/sysconfig/network-scripts/ifcfg-ethN" (where N is the number of the interface to be used for CHARON, in this case it is "1") and make sure that all the IP-setup related parameters are removed. The file must look like this:

DEVICE="eth1"
HWADDR="00:06:2B:00:6A:87"
NM_CONTROLLED="no"
ONBOOT="no"

Switching off the offload parameters

Determine what additional parameters are currently set to "on" on the host network adapter to be used by CHARON using the following command:

# ethtool -k <device>

Example:

# ethtool -k eth1
Offload parameters for eth1:
rx-checksumming: on
tx-checksumming: on
scatter-gather: on
tcp-segmentation-offload: off
udp-fragmentation-offload: off
generic-segmentation-offload: on
generic-receive-offload: off
large-receive-offload: off

Use "ethtool" to switch off all the offload parameters:

# ethtool -K <device> <parameter> off

Example:

# ethtool -k eth1
Offload parameters for eth1:
rx-checksumming: on
tx-checksumming: on
scatter-gather: on
tcp-segmentation-offload: off
udp-fragmentation-offload: off
generic-segmentation-offload: on
generic-receive-offload: off
large-receive-offload: off

For the example above let's create a temporary file containing the commands to be executed at system startup as the offload parameters must be switched off following each reboot:

ethtool -K eth1 rx off
ethtool -K eth1 tx off
ethtool -K eth1 sg off
ethtool -K eth1 gso off
ethtool -K eth1 gro off
 

Let's suppose the name of the file is "offload_off_eth1.txt". To execute it on system startup, execute the following command (example):

cat offload_off_eth1.txt >> /etc/rc.d/rc.local

Final steps

  • Reboot the host system
  • Login as user "charon"
  • Verify the offload parameters are effective


Upgrade to new version

To upgrade an already installed CHARON-VAX kit to a more recent one:

  1. Ensure your license allows you to upgrade to that version. If not, please generate a C2V file and send it to STROMASYS for update. See CHARON-VAX for Linux utilities - 'hasp_srm_view' utility
  2. Prepare the new kit RPM files as it is described in "Before installation" and "Distribution preparation" sections.
  3. Stop all running CHARON-VAX instances.
  4. Make sure that no template files (i.e. "mv3k6.cfg.template") have been used for your specific configuration otherwise copy those files to a dedicated folder.
  5. Login as "root" user.
  6. Remove the old CHARON-VAX version as described in the "CHARON-VAX for Linux deinstallation" chapter.
  7. Proceed with the same instructions on the new kit installation as described in the "Installation" section.
  8. Install the license for the new CHARON-VAX as described in the "License installation" section.

  9. Start all the CHARON-VAX services stopped at step #3.



© Stromasys, 1999-2024  - All the information is provided on the best effort basis, and might be changed anytime without notice. Information provided does not mean Stromasys commitment to any features described.