The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
The FlexNet Publisher license server must be set up if WAE Design users are to use floating licenses. Using this server, you can control access to the licenses, monitor who has them checked out, and check log activity.
The FlexNet Publisher license server has two interfaces. One is a CLI, which requires that you start an lmgrd
daemon so all users can access the floating licenses. The other is a web UI, wherein you must install and configure an lmadmin
tool. Best practice is to use only one or the other interface (CLI or web) to administer the license server.
Note For information about FlexNet Publisher and for more details on all FlexNet Publisher CLI commands and GUI, refer to the FlexNet Publisher License Administration Guide (FlexLM_EndUser_LicAdmin.pdf
). This is located in $CARIDEN_HOME/docs
, which by default is /opt/cariden/software/mate/current/docs
. This chapter includes some FlexNet Publisher instructions for both the CLI and GUI that could change without Cisco’s knowledge.
Note All instructions and examples assume you used /opt/cariden
as the default installation directory. If you did not, substitute your installation directory for /opt/cariden
.
export PATH=$PATH:$CARIDEN_ROOT/software/flexlm/current/bin
export PATH=$PATH:$CARIDEN_ROOT/software/flexlm/current/bin
Note If you are installing the FlexNet Publisher license server on a different Linux device than the one on which a WAE server installation resides, follow steps 1-4. Otherwise, skip to step 5. Follow all steps on the device where the FlexNet Publisher license server resides.
Step 1 Log in to the FlexNet Publisher license server as root or as a user with administrative capabilities.
Step 2 Create a lowercase, alphanumeric username where the first letter is an alphabetical character.
<username>
<username>
Step 4 Create an installation directory that has root privileges. The best practice is to use the default installation directory, which is /opt/cariden
.
Step 5 Change the owner of the installation directory to the newly created user.
/opt/cariden
Note Throughout this chapter, bin
is /opt/cariden/software/flexlm/current/bin
.
Step 6 Ensure there are no local firewalls blocking the services. This step is beyond the scope of these instructions, though following is an example. For a list of ports used, see the System Requirements document.
Example: This shows how to disable the iptables firewall as root.
service iptables save
service iptables stop
sudo chkconfig iptables off
Step 7 If you already have a license server installed and running, gracefully stop it.
If the server is distributing borrowed licenses, use the -force
option.
bin/lmdown -c <license_file>
-force
Step 8 Download the License Server package from the Cisco download site. Navigate to the WAE Design License Server Software page. Note that you must download a new license package regardless of whether this is an upgrade or a new installation.
Step 9 The WAE Design license file’s SERVER statement must be the same hostname as the output from the hostname CLI command.
b. Edit the /etc/sysconfig/network
file to include the hostname returned in the preceding step.
Step 10 Ensure the /etc/hosts
file on the client devices contains the same hostname as identified in Step 4. (Client devices are the devices that will be checking the licenses in and out of the server.)
The installer runs /lmadmin-i86_lsb-11_11_1_1.bin
from the installed folder ( /opt/cariden/software/wae-license-server
).
If you want to run the license server web UI, run /lmadmin-i86_lsb-11_11_1_1.bin
from the /opt/cariden/software/wae-license-server/bin
directory.
Although the default is to install lmadmin
into /opt/FNPLicenseServerManager
, the best practice is to install it into /opt/cariden/software/flexlm/current/web
.
chmod 755./lmadmin-i86_lsb-11_11_1_1.bin;./lmadmin-i86_lsb-11_11_1_1.bin
To check out or borrow a floating license, client devices must establish two TCP connections to the license server. One connection is to the floating license server daemon. Unless otherwise configured, this daemon listens on the first available port in the range of 27000 and 27009. The other connection is to the Cisco daemon, which the license server randomly selects from the ephemeral range (which often ranges from 49152 to 65535).
If firewall policies block the above ports, you can change the ports by adding the port information to the floating license server’s license file. By default, the file contains the following information:
Modify the preceding lines as follows to change the ports that these daemons use.
|
|
|
---|---|---|
Note The following instructions are for using either the CLI or license web server, but not both. The recommended practice is to install and use one or the other.
To start the license server, you must have access to its license file. Note that this is not the same as the WAE license.
Download the floating license server file (.lic extension) to a directory of your choice on the device where the license server will be installed. Best practice is to put it in /opt/cariden/etc
.
To start the license server daemon ( lmgrd
) and specify the lmgrd
log file name and location, enter the following from /opt/cariden/software/flexlm/current/bin
.
-l <log_path_filename>.log
/lmgrd -c /opt/cariden/etc/MATE_Floating.lic -l /opt/cariden/logs/lmgrd.log
Step 1 Create a backup of the Cisco daemon file so that it can be easily restored in case of failure.
Step 2 Copy the Cisco daemon files to the flexlm/web
directory.
Step 3 To start the license server using the web UI, first configure the following parameters from the /opt/cariden/software/flexlm/web
directory. For more information, see lmadmin -help
.
a. By default, the lmadmin server has a user named “admin” with a password of “admin.” If needed, add another user to this lmadmin server.
- pass
<password>
b. Import the WAE Design license file that was installed.
<path>
/<license_filename>
lmadmin -import ~/.cariden/etc/MATE_Floating.lic
c. Start the lmadmin
process with its default settings.
Step 4 Start the license server web UI, which by default uses a non-secure port of 8090. By entering the following in a web browser, you are redirected to the secure port.
Step 5 Click the Administration link, and log in using the an administrative username and password. Both have a default of “admin.”
Step 6 Click the Vendor Daemon Configuration tab, click the Administer link, and then click Start.
By default, the lmadmin
logs are in /opt/cariden/software/flexlm/web/logs
.
The lmgrd
log files are located wherever you specified the <log_path_filename> .log
when starting the lmgrd
daemon ( lmgrd -l
<log_path_filename> .log
).
To verify the ports, you can use any of several methods, as follows.
telnet 127.0.0.1 27000
netstat -a | egrep '27000[0-9]'
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
lmgrd
log file, which indicates on which ports the license server and Cisco daemons are listening.13:00:14 (lmgrd) lmgrd tcp-port 27001
13:00:14 (lmgrd) cisco using TCP-port 42207
– To verify the server daemon’s port, choose Administration > Server Configuration > License Server Configuration.
– To verify the Cisco daemon’s port, choose Administration > Server Configuration > Vendor Daemon Configuration.
Either distribute the same floating.lic file that you installed to all WAE Design users who need it, or give them both the MAC address and hostname for the license server. Having users install licenses via the MAC address and port is the recommended practice since it eases administration.
After end users install the floating license once, the license is automatically validated from the server each time the user opens the WAE Design GUI or runs the CLI tools.
If you are using the web server to administer licenses, you can set up an access control list. This is optional, but doing so can improve the security of who can access the web server, as well as give you an easily maintainable list of license users. To do this, you need to know the user ID for all users who are checking out licenses from the license server. The user ID is what they use to log in to their operating systems.
Step 1 Create and open a file named cisco.opt in /opt/cariden/software/flexlm/current/bin
.
Step 2 Create groups to make it easier and faster to configure inclusions and exclusions. You can then use these groups, rather than specifying individual users.
Example: The group name is akdevops
, and each name following it is a user.
GROUP akdevops theresa lone loretta byron patrick sharon
Step 3 For each user or group that you want to grant license access, add an INCLUDEALL
line.
{user_name | group_name}
INCLUDEALL GROUP akdevops
INCLUDEALL USER gbd456
INCLUDEALL USER odd789
Step 4 For each user or group you want to exclude from accessing the license server, add an EXCLUDEALL USER
line.
type {user_name | group_name}
EXCLUDEALL GROUP region_fea
EXCLUDEALL USER rgu456
EXCLUDEALL USER ilt789
Note If you have a floating license that was generated prior to May 2015, you must acquire a new one to enable borrow licenses.
Step 1 Configure the /opt/cariden/bin/cisco.opt
file to define who is permitted to borrow licenses.
Anyone not in an INCLUDE_BORROW
statement is not permitted to borrow licenses. Thus, it is easier to use groups that user names.
The inclusion format is as follows. You must specify a line item for each feature. For a list of these features, use the license_check
tool.
feature type {user_name | group_name}
INCLUDE_BORROW MD_Layer1 USER ohara
INCLUDE_BORROW MD_SegmentRouting GROUP akdevops
Step 2 You can refine this INCLUDE_BORROW
list by excluding users. The EXCLUDE_BORROW
has precedence over the INCLUDE_BORROW
statements such that if a user or group is identified in both lists, that user or group will be excluded as specified.
feature type {user | group_name}
EXCLUDE_BORROW MD_VPN USER diana
EXCLUDE_BORROW MD_BGP GROUP acme
Step 3 Optional: Specify the number of licenses for a feature that cannot be borrowed. This is useful for ensuring that users who need to check out licenses will have them available.
feature number
Example: Save 23 MD_Sim licenses for use by those who are not borrowing licenses.
BORROW_LOWWATER MD_Sim 23
Use the lmstat
command to summarize how many licenses are in the original license file and how many are in use.
The results show how many licenses are checked out and borrowed. The output contains *_Users entries and entries for each feature. The *_Users is determined by the users who have access to the license. Each feature lists a set of licenses checked out for that feature.
Users of MD_Users: (Total of 300 licenses issued; Total of 295 licenses in use)
“MD_Users” v5, vendor:cisco
Checked-out licenses are only displayed for *_Users, whereas borrowed licenses are shown for *_Users, as well as for individual features.
The output uses the following format, where <time> is the time at which the license was checked out or borrowed. The <license_handle>
is a unique ID for the license. If a user has the same license checked out twice, for example, each instance has a unique <license_handle>
.
<feature> <version> <vendor>
<username> <user_hostname> <display> (<license>/<port> <license_handle>) <time>
dusan md1 /dev/pts/0 (v5) (matelic.cisco.com/27000 37337), start Wed 5/20 11:50
Licenses that are borrowed are listed with a (linger: #)
notation, where # is the number of seconds for which the license is borrowed.
<username> <user_hostname> <display> (<license>/<port> <license_handle>) <time> <linger>
obi obi-mbpr /dev/pts/18 (v5) (matelic.cisco.com/27000 18848), start Fri 5/8 16:26 (linger: 2532780)
You can reclaim licenses that have been checked out or borrowed. This feature is useful when a license remains idle, such as when an employee is on vacation or accidentally has the license running on two devices.
Reclaiming licenses is only valid through the CLI lmremove
command.
Use the lmstat -a
command described in the Verify Licenses in Use section to identify the required inputs to the lmremove
command.
In the next two sections, examples use the following lmstat -a
output as their starting point. Compare the results of these examples to this output to see the differences between the two.
bin/lmstat -a
“MD_Users” v5, vendor:cisco
obi obi-mbpr /dev/pts/18 (v5) (matelic.cisco.com/27000 18848), start Fri 5/8 16:26 (linger: 2532780)
dusan md1 /dev/pts/0 (v5) (matelic.cisco.com/27000 37337), start Wed 5/20 11:50
dusan md1 /dev/pts/0 (v5) (matelic.cisco.com/27000 42295), start Wed 5/20 11:51
llonned woql077 /dev/tty (v5) (matelic.cisco.com/27000 50668), start Thu 5/14 13:53 (linger: 554760)
To reclaim all licenses for a specific user, enter this command:
Example: This example reclaims all licenses for the user named “dusan.”
bin/lmremove MD_Users dusan md1 /dev/pts/0
The lmstat -a
command now shows dusan removed as a user.
obi obi-mbpr /dev/pts/18 (v5) (matelic.cisco.com/27000 18848), start Fri 5/8 16:26 (linger: 2532780)
llonned woql077 /dev/tty (v5) (matelic.cisco.com/27000 50668), start Thu 5/14 13:53 (linger: 554760)
To reclaim a license for a specific feature, enter this command:
<feature> <server_host> <port> <license_handle>
Example: This example reclaims a single license from the user named “dusan.”
bin/lmremove MD_Users matelic.cisco.com 27000 37337
The lmstat -a
command now shows the license 37337 removed for the user named dusan, though dusan still has use of license 42295.
obi obi-mbpr /dev/pts/18 (v5) (matelic.cisco.com/27000 18848), start Fri 5/8 16:26 (linger: 2532780)
dusan md1 /dev/pts/0 (v5) (matelic.cisco.com/27000 42295), start Wed 5/20 11:51
llonned woql077 /dev/tty (v5) (matelic.cisco.com/27000 50668), start Thu 5/14 13:53 (linger: 554760)