CHARON-VAX for Linux installation
Table of contents
Introduction
CHARON-VAX products are distributed in form of archive TAR.GZ files that contain RPM modules for different components. Generally it is recommended to install all the RPM modules but it is possible to omit some RPM files if they are not needed.
CHARON installation consists of the following steps:
- Host system checks (hardware and software) to ensure the host platform meets the minimum CHARON-VAX installation requirements
- Installation of any 3rd party material, for example, the utilities required for CHARON-VAX
- Extracting CHARON-VAX RPM modules from the TAR.GZ archive and their individual installation
- Installation of the CHARON-VAX license (hardware dongle or software license)
- Configuration of the CHARON-VAX host system. It assumes creating a specific user, configuring the network, etc.
Hardware Requirements
Number of CPU cores
Each CHARON emulated CPU requires a corresponding physical core. So the total number of the host CPUs must exceed the number of emulated CPUs since some of the host CPUs must be dedicated to serving CHARON I/O operations and host operating system needs. If several CHARON instances run in parallel, the required number of CPU cores is cumulative.
The table below lists the minimum and recommended number of CPUs required for each product:
CHARON-VAX model | Minimal number of CPU cores | Recommended number of CPU cores |
---|---|---|
VAX 6610 | 2 | 4 |
VAX 6620 | 3 | 4 |
VAX 6630 | 4 | 6 |
VAX 6640 | 6 | 8 |
VAX 6650 | 8 | 12 |
VAX 6660 | 8 | 12 |
Other models | 2 | 2 |
When starting, the CHARON-VAX software checks the available number of host CPU cores. Currently, this check is based on the maximum number of VAX CPUs that can be emulated, not on the number of the actually configured VAX CPUs. Therefore the number of host CPU cores recommended for the maximum number of emulated CPUs - as shown in the right column of the table above - must be available. If the available number of host CPU cores is below this number, CHARON-VAX will issue a warning message even if the requirements for the configured number of VAX CPUs are fulfilled. The CHARON-VAX software will work despite this warning if the requirements for the configured number of VAX CPUs are fulfilled.
Hyper-threading must be switched off completely. Disable hyper-threading in the BIOS settings of the physical host or, for a VMware virtual machine, edit the virtual machine properties, select the Resources tab then select Advanced CPU. Set the Hyper-threaded Core Sharing mode to None.
CPU type and speed
Since CHARON-VAX utilizes LAHF instruction in VAX CPU emulation please avoid usage of early AMD64 and Intel 64 CPUs in CHARON host system since they lack it. AMD introduced the instruction with their Athlon 64, Opteron and Turion 64 revision D processors in March 2005 and Intel introduced it with the Pentium 4 G1 stepping in December 2005.
Concerning CPU speed, the general recommendation is that higher the CPU frequency is, better the emulated VAX performances will be. The minimum recommendation is at least 3 GHz.
Operative memory
The minimum host memory size:
- depends on the amount of VAX memory to be emulated and on the number of CHARON-VAX instances to be executed on one host.
is calculated according to the following formula:
The minimum host memory = (2Gb + the amount of VAX memory emulated) per CHARON-VAX instance.
The maximum amount of VAX memory that can be created in the CHARON-VAX/66x0 products and supported by OpenVMS/VAX is 3584 Mb. For details, see the memory size specifications.
Disk storage
The total amount of disk space required for CHARON-VAX can be calculated as a sum of all the disk/tape image sizes plus 50 MB for the CHARON software plus the space required for the host operating system. Temporary disk storage is often needed when setting up a new virtual machine (for source disks backups storage, software installation kits, etc...).
When virtual disks/tapes are used to represent physical disk drives / magnetic tapes, the disk/tape image files have the same size as their hardware equivalent, regardless of their degree of utilization.
Ethernet adapters
CHARON-VAX networking requires dedicated host Ethernet adapters; their number must be equal to the emulated adapters to be configured in CHARON-VAX. One adapter (optionally) can be left to the host for TCP/IP networking, management interface, etc.
It is also possible to use virtual network interfaces but for performance considerations, it is recommended to use physical ones only.
For VMware based CHARON hosts, it is mandatory to use "E1000" virtual network adapters. "E1000E" adapters are not supported.
Starting with ESXi 6.5, it is not possible to select E1000 adapter when a new virtual machine is created using Windows Server 2012 and 2016 templates.
The following workarounds are available:
- Import the virtual machine from an older version of ESXi
- Do not select "Red Hat Enterprise Linux 7 (64-bit)" nor "CentOS 7 (64-bit)" during virtual machine creation but select "Linux" as "Guest OS family" and "
Software Requirements
- Red Hat Enterprise Linux 7.x, 64bit
- Red Hat Enterprise Linux 6.5 - 6.9, 64bit
- CentOS 7.x, 64bit
- VMware ESXi 5.5 and 6.x up to 6.7 (requires a supported Linux operating system on top of a ESXi virtual machine)
For CentOS, a connection to the internet is required to install the glibc.i686
package which is not included in the Standard distribution DVD. If there's no connection available, please use the "Everything" distribution DVD.
Host system preparation
The automatic installation of updates must be disabled. Updates to the CHARON host must be done only in specific service maintenance periods established by the system administrator. Before applying new updates one must shutdown the operating system running on CHARON and stop all the running CHARON instances and services.
If a network-wide license (red dongle or software license) is going to be used, do the following:
- On the server side (where the network license will reside): open port 1947 for both TCP and UDP
- On the client side, if broadcast search for remote licenses is to be used, UDP traffic from port 1947 of the license server to ports 30000-65535 of the client must be permitted.
- Both on server and client sides: set default gateway
Please consult with your Linux User's Guide on details.
If stricter firewall rules are required, it is possible to open the ports 30000-65535 and 1947 only for the "/usr/sbin/hasplmd
" daemon.
Before installation
Login as the superuser ("root") on the host system. Because Sentinel HASP runtime relies on 32-bit compatibility libraries to run on Linux, the 32-bit compatibility libraries must be installed before continuing. If the emulator host has access to a package repository, either local or remote, use the following command:
# yum install glibc.i686
Sometimes it is not possible to use an online repository for the installation of 32-bit glibc package. In this case the procedure described in the appendixes has to be used: glibc.i686 installation without Internet connection
.
Create a directory for the CHARON-VAX distribution, copy the TAR.GZ files there and change to this directory as shown in the following example:
# mkdir /charon_dist
# cp /tmp/charon-vax-4.9-19402.el74.tar.gz /charon_dist
# cd /charon_dist
WARNING
- If you plan to install CHARON-AXP on the same server, both products, CHARON-AXP and CHARON-VAX, will have to be the same build number.
- If you upgrade from a previous version of CHARON-VAX, please stop all running CHARON virtual machines and uninstall CHARON products before proceeding with the installation steps described below.
Distribution preparation
Extract the content of the distribution TAR.GZ files to the current directory:
# tar -xvzf charon-vax-<VER>-<BN>.<ZZ>.tar.gz
where:
Description
VER
Version of CHARON-VAX product, for example 4.9
BN
Build Number of CHARON-VAX product, for example 19402
ZZ
CHARON-VAX target operating system identifier.
For CentOS 7.x 'ZZ' value is 'el74', for Red Hat Enterprise Linux 7.x the value is 'el74' and for Red Hat Enterprise Linux 6.5 to 6.9 the value is 'el65'.
Example:
# tar -xvzf
charon-vax-
4.9-19402.el74.tar.gz
As result, a new directory "charon-vax-<VER>-<BN>.<VC>.<ZZ>" will be created.
Switch to that directory:
# cd
charon-vax-<VER>-<BN>.<ZZ>
Example:
# cd charon-vax-4.9-19402.el74
The distribution directory contains the following RPM files:
File name
Description
charon-vax-VER-BN.ZZ.x86_64.rpm CHARON-VAX aksusbd-7.63-1.i386.rpm
HASP Run-time
charon-license-VER-BN.ZZ.x86_64.rpm
CHARON Libraries
charon-utils-VER-BN.ZZ.x86_64.rpm
CHARON Utilities
Example:
# ls
aksusbd-7.63-1.i386.rpm
charon-vax-4.9-19402.el74.x86_64.rpm
charon-license-4.9-19402.el74.x86_64.rpm
charon-utils-4.9-19402.el74.x86_64.rpm
Installation
Issue the following command to install all the RPM files present in the directory:
# yum install *.rpm |
Enter "y" to agree to install all the listed packages.
Example:
|
Check the installation process has completed successfully.
Example:
|
Re-login (as "root") to apply the PATH settings or execute the following command:
|
Note that the "charon-utils" package has the following dependencies:
- ethtool
- bridge-utils
- net-tools
- iproute
- NetworkManager
During "ncu" installation using "yum", these packages will be installed automatically if some of them are absent on the host system.
CHARON-VAX home directory
By default CHARON is installed in the "/opt/charon
" directory. It has the following subdirectories:
Directory | Description |
/bin | Contains all the executable files |
/cfg | Contains the configuration files templates |
/doc | Contains the documentation |
/log | Contains the log files |
/disks | Contains the disk containers |
/drivers | Contains the CHARON drivers |
The most important at this stage is the "/cfg" directory since it contains template configuration files with examples of typical configuration parameters and comments. We will focus our attention on this subject in the next chapter.
Specific user account creation
Create a specific user account named "charon" for running CHARON:
# useradd -G disk,tape,cdrom,dialout,lock -c "Charon User" -m charon # passwd charon |
Any existing user can also be used to run CHARON. In this case issue the following command to include this existing user into these specific groups:
# usermod -G disk,tape,cdrom,dialout,lock -g <user name> <user name> |
Example:
# usermod -G disk,tape,cdrom,dialout,lock -g tommy tommy |
The specific account created above does not allow to use physical consoles "/dev/tty<N>
" as CHARON consoles. If you plan to map CHARON console to "/dev/tty<N>
" use only "root" account for CHARON running.
License installation
Regular HASP USB dongle
If CHARON license is located on a regular USB dongle, just connect it to the host USB port.
If the CHARON host is accessed remotely, please note that regular HASP licenses cannot be displayed and used to start a CHARON virtual machine. As a workaround it is possible to install CHARON as a daemon (service). This procedure will be described later.
Network HASP USB dongle
If the CHARON license is a network license (red USB dongle), it is possible either to connect it to the host USB port (to use it locally and provide it to other hosts on the local network at the same time) or to install it on a local network "license server" for remote access from this particular host.
If a remote license server is to be used:
- Copy the aksusbd-7.63-1.i386.rpm and charon-license-4.9-<build>.<OS identifier>.x86_64.rpm files (see above) to the server, for example "/tmp"
- Login as "root" to the server.
- Switch to that directory.
Install the copied files using "yum".
Example:# cd
/tmp
# yum install aksusbd* charon-license-*
- Connect the network HASP dongle to one of the server USB ports.
The network HASP (red dongles) licenses have no restrictions with respect remote access
Software license
If CHARON license is a software license (SL), it is installed on the host using the following procedure:
Run hasp_srm_view utility in the following way to get the host fingerprint file ("my_host.c2v" in this example):
# hasp_srm_view -fgp my_host.c2v
- Send the resulting file to STROMASYS. In return STROMASYS will provide you with a ".v2c" file, for example "your_license.v2c".
- Copy the received file to any folder on the CHARON host, invoke the system default web browser and enter URL http://localhost:1947 to display the "Sentinel Admin Control Center" (ACC) web interface. This interface allows you to view and manage the CHARON licenses.
- In the ACC perform the following steps: select Update/Attach from the menu on the left pane then use the Browse button to select the received file and click on the Apply File button to install the license.
- Ensure that the software license is now visible in the "Sentinel Keys" section of the ACC.
It is also possible to use the "hasp_update" utility for applying ".v2c" files.
The Software Licenses (SL) are always network licenses, they have no restrictions with respect to being displayed or accessed via a remote connection.
A "Provisional" (demo) license does not require collecting a fingerprint. For its installation start at step 3 in the sequence above
License validity verification
To check the CHARON license validity, invoke the hasp_srm_view utility to make sure that CHARON license is visible is correct:
- Text of the license is displayed correctly by the hasp_srm_view utility, no error messages are shown.
- The content of the license looks correct. For example: license number, major and minor versions, minimum and maximum build numbers, CHARON-VAX products and allowed hardware (CHARON-VAX models) should be checked. More details on the license content can be found in the CHARON-VAX Licensing chapter of this Guide.
Example:
|
If multiple licenses are available, it is possible to check them using the "-all" parameter with the hasp_srm_view utility in the following way:
# hasp_srm_view -all |
It it also possible to display the license content for one specific key using the "-key" parameter and specifying the Key Id (see "# hasp_srm_view -h
" for more)
Reminder: If the CHARON host is accessed over a remote connection, please note that regular HASP licenses cannot be displayed and used in this case. As a workaround it is possible to install CHARON as a daemon (service). This procedure will be described later.
Troubleshooting
If the CHARON license content cannot be displayed by the hasp_srm_view utility or it is incorrect, check the license is available and correctly used:
- Invoke the system default web browser and enter the URL http://localhost:1947 to display the "Sentinel Admin Control Center" (ACC) web interface.
- Click on "Sentinel Keys" link to open the corresponding page.
- Make sure that one and only one CHARON HASP or SL license is present.
Problem | Action |
---|---|
No license is displayed | Make sure that all the recommendations above about remote access to the host are fulfilled (if remote access takes place), that the HASP USB key is not broken and its LED indicator is lit (meaning that it is used by the host). |
Only one License key / SL is seen and its content is incorrect | Contact STROMASYS to request a new license update. |
Several License keys / SLs are displayed | Remove all of them except the one provided by STROMASYS for the just installed version of CHARON. |
Removing licenses can be done by physical disconnection of the corresponding USB HASP keys from CHARON host and physical disconnection of the network HASP keys from all hosts on the local network (or by disabling remote access to network licenses from the CHARON host - see detailed explanations below).
For license servers accessible only via non-broadcast search it is also possible to disable access to network licenses if only a local license is to be used: Click on the "Configuration" link to open the "Configuration for Sentinel Manager" page.
Uncheck the "Allow Access to Remote Licenses" checkbox from the "Access to Remote License Managers" tab then press the "Submit" button to apply changes.
Starting with Charon-AXP/VAX 4.9 for Linux and Charon-AXP/VAX version 4.8 for Windows the Charon emulator products do not follow the settings in the Sentinel ACC with respect to querying remote license servers and network visibility. They perform a broadcast search for network licenses even if this has been disabled in the Sentinel ACC. If this behavior has to be prevented for specific reasons, the network access of the system has to be temporarily restricted or disabled, for example by blocking the relevant traffic in a firewall. Another possibility would be to block access to the network license at the license server side.
Note that such methods can negatively impact other functions of the system or, in the case of blocking access to a network license on the server, even the functions on other license clients.
It is also possible to leave several licenses available to CHARON-VAX at the same time but in this case they have to be specified in the configuration file.
Example:
set session license_key_id=1877752571 |
It is also possible to have one "main" and one "backup" license in case the main license becomes unavailable:
set session license_key_id="1877752571,354850588" |
CHARON-VAX checks its licenses from time to time starting with main license. If it becomes unavailable, it attempts to access the backup license.
Network configuration
In most cases CHARON will use a network. In this case CHARON requires one or more dedicated network interfaces with any other protocols including TCP/IP removed at the host level.
Two ways of network configuration are possible:
- With the help of the "ncu" utility
- Manual
The first way is recommended. Use the manual approach only in absence of the "ncu" utility or if it is impossible to use it.
Configuration with NCU utility
Login as root and enter "ncu". The following menu will appear:
|
The utility lists the available network interfaces (both physical and virtual) and indicates whether they are dedicated to the host or to CHARON and whether they are currently in use by the host operating system.
"ncu" offers several options:
- Dedicate interface to CHARON (option "1")
- Release interface to host (option "2")
- Create a bridge between a chosen physical network interface and the Linux virtual network and create a number of virtual network interfaces (option "3")
- Remove the Linux virtual network and all the created virtual network interfaces (option "4")
- Add VLAN (option "5")
- Remove VLAN (option "6")
- Print status (option "7") - use it to display status of network interfaces and the menu shown above
- Exit (option "8")
In the example above we see 2 network interfaces, "eth0" and "eth1", that are are dedicated to the host and the host uses only the interface "eth0".
Let's dedicate the interface "eth1" to CHARON-VAX.
Enter "1" then "eth1":
Specify the interface to dedicate to CHARON:eth1
select action:
|
Now the interface "eth1" is dedicated to CHARON-VAX:
===============================VLAN=============================== ================================================================== select action:
|
Enter "8" to return to the console prompt.
Now "eth1" can be used by CHARON-VAX.
Manual Configuration
Choosing network interface
To choose an interface to be used for CHARON networking, do the following:
# ifconfig eth0 Link encap:Ethernet HWaddr 00:60:52:0A:A9:1E ... eth1 Link encap:Ethernet HWaddr 00:C0:26:60:FB:15 ...eth2 Link encap:Ethernet HWaddr 00:1A:92:E1:3F:7F |
Choose an interface to be used by CHARON, for example "eth1"
Designation of network interface to CHARON
To designate the chosen interface to CHARON open up the file "/etc/sysconfig/network-scripts/ifcfg-eth
N" (where N is the number of the interface to be used for CHARON, in this case it is "1") and make sure that all the IP-setup related parameters are removed. The file must look like this:
DEVICE="eth1" HWADDR="00:06:2B:00:6A:87" NM_CONTROLLED="no" ONBOOT="no" |
Switching off the offload parameters
Determine what additional parameters are currently set to "on" on the host network adapter to be used by CHARON using the following command:
# ethtool -k <device> |
Example:
# ethtool -k eth1 Offload parameters for eth1: rx-checksumming: on tx-checksumming: on scatter-gather: on tcp-segmentation-offload: off udp-fragmentation-offload: off generic-segmentation-offload: on generic-receive-offload: off large-receive-offload: off |
Use "ethtool" to switch off all the offload parameters:
# ethtool -K <device> <parameter> off |
Example:
# ethtool -k eth1 Offload parameters for eth1: rx-checksumming: on tx-checksumming: on scatter-gather: on tcp-segmentation-offload: off udp-fragmentation-offload: off generic-segmentation-offload: on generic-receive-offload: off large-receive-offload: off
|
For the example above let's create a temporary file containing the commands to be executed at system startup as the offload parameters must be switched off following each reboot:
ethtool -K eth1 rx off ethtool -K eth1 tx off ethtool -K eth1 sg off ethtool -K eth1 gso off |
Let's suppose the name of the file is "offload_off_eth1.txt
". To execute it on system startup, execute the following command (example):
# cat offload_off_eth1.txt >> /etc/rc.d/rc.loca l |
Final steps
- Reboot the host system
- Login as user "charon"
- Verify the offload parameters are effective
Upgrade to new version
To upgrade an already installed CHARON-VAX kit to a more recent one:
- Ensure your license allows you to upgrade to that version. If not, please generate a C2V file and send it to STROMASYS for update. See CHARON-VAX for Linux utilities - 'hasp_srm_view' utility
- Prepare the new kit RPM files as it is described in "Before installation" and "Distribution preparation" sections.
- Stop all running CHARON-VAX instances.
- Make sure that no template files (i.e. "mv3k6.cfg.template") have been used for your specific configuration otherwise copy those files to a dedicated folder.
- Login as "root" user.
- Remove the old CHARON-VAX version as described in the "CHARON-VAX for Linux deinstallation" chapter.
- Proceed with the same instructions on the new kit installation as described in the "Installation" section.
Install the license for the new CHARON-VAX as described in the "License installation" section.
- Start all the CHARON-VAX services stopped at step #3.
© Stromasys, 1999-2024 - All the information is provided on the best effort basis, and might be changed anytime without notice. Information provided does not mean Stromasys commitment to any features described.