The release of NVIDIA GRID 10 included a new version of the GRID license server. Rather than do an inplace upgrade of my existing Windows-based license servers that I was using in my lab, I decided to rebuild them on CentOS.
Prerequisites
In order to deploy the NVIDIA GRID license server, you will need two servers. The license servers should be deployed in a highly-available architecture since the features enabled by the GRID drivers will not function if a license cannot be checked out. These servers should be fully patched. All of my CentOS boxes run without a GUI. All of the install steps will be done through the console, so you will need SSH access to the servers.
The license servers only require 2 vCPU and 4GB of RAM for most environments. The license server component runs on Tomcat, so we will need to install Java and the Tomcat web server. We will do that as part of our install. Newer versions of Java default to IPv6, so if you are not using this technology in your environment, you will need to disable IPv6 on the server. If you don’t, the license server will not be listening on any IPv4 addresses. While there are other ways to change Java’s default behavior, I find it easier to just disable IPv6 since I do not use it in my environment.
The documentation for the license server can be found on the NVIDIA docs site at https://docs.nvidia.com/grid/ls/2019.11/grid-license-server-user-guide/index.html
Installing the Prerequisites
First, we need to prepare the servers by installing and configuring our prerequisites. We need to disable IPv6, install Java and Tomcat, and configure the Tomcat service to start automatically.
If you are planning to deploy the license servers in a highly available configuration, you will need to perform all of these steps on both servers.
The first step is to disable IPv6. As mentioned above, Java appears to default to IPv6 for networking in recent releases on Linux.
The steps to do this are:
- Open the sysctl.conf file with the following command (substitute your preferred editor for nano).
sudo nano /etc/sysctl.conf
- Add the following two lines at the end of the file:
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1 - Save the file.
- Reboot to allow the changes to take effect.
Note: There are other ways to prevent Java from defaulting to IPv6. These methods usually involve making changes to the application parameters when Java launches. I selected this method because it was the easiest route to implement and I do not use IPv6 in my lab.
After the system reboots, the install can proceed. The next steps are to install and configure Java and Tomcat.
- Install Java and Tomcat using the following commands:
sudo yum install -y java tomcat tomcat-webapps
- Enable the tomcat service so that it starts automtically on reboot
sudo systemctl enable tomcat.service
- Start Tomcat.
sudo systemctl start tomcat.service
Finally, we will want to configure our JAVA_HOME variable. The license server includes a command line tool, nvidialsadmin, that can be used to configure password authentication for the license server management console, and that tool requires a JAVA_HOME variable to be configured. These steps will create the variable for all users on the system.
- Run the following command to see the path to the Java install:
sudo alternatives –config java
- Copy the path to the Java folder, which is in parenthesis. Do not include anyting after “jre/’
- Create a Bash plugin for Java with the following command:
sudo nano /etc/profile.d/java.sh
- Add the following lines to the file:
export JAVA_HOME=(Your Path to Java)
export PATH=$PATH:$JAVA_HOME/bin - Save the file.
- Reboot the system.
- Test to verify that the JAVA_HOME variable is set up properly
echo $JAVA_HOME
Installing the NVIDIA License Server
Now that the prerequisites are configured, the NVIDIA license server software can be installed. The license server binaries are stored on the NVIDIA Enterprise Licensing portal, and they will need to be downloaded on another machine and copied over using a tool like WinSCP.
The steps for installing the license server once the installer has been copied to the servers re:
- Set the binary to be executable.
chmod +x setup.bin
- Run the setup program in console mode.
sudo ./setup.bin -i console
- The first screen is a EULA that will need to be accepted. To scroll down through the EULA, press Enter until you get to the EULA acceptance.
- Press Y to accept the EULA.
- When prompted, enter the path for the Tomcat WebApps folder. On CentOS, this path is:
/usr/share/tomcat - When prompted, press 1 to enable firewall rules for the license server. This will enable the license server port on TCP7070.
Since this is a headless server, the management port on TCP8080 will also need to be enabled. This will be done in a later step. - Press Enter to install.
- When the install completes, press enter to exit the installer.
After the install completes, the management port firewall rules will need to be configured. While the management interface can be secured with usernames and passwords, this is not configured out of the box. The normal recommendation is to just use the browser on the local machine to set the configuration, but since this is a headless machine, that’s not avaialble either. For this step, I’m applying the rules to an internal zone and restricting access to the management port to the IP address of my management machine. The steps for this are:
- Create a firewall rule for port TCP port 8080.
sudo firewall-cmd –permanent –zone=internal –add-port=8080/tcp
- Create a firewall rule for the source IP address.
sudo firewall-cmd –permanent –zone=internal –add-source=Management-Host-IP/32
- Reload the firewall daemon so the new rules take effect:
sudo firewall-cmd –reload
Configuring the License Server For High Availability
Once the firewall rules for accessing the management port are in place, the server configuration can begin. These steps will consist of configuring the high availability features. Registering the license servers with the NVIDIA Licensing portal and retrieving and applying licenses will not be handled in this step.
In order to set the license servers up for high availability, you will need two servers running the same version of the license server software. You will also need to identify which servers will be the primary and secondary servers in the infrastructure.
- Open a web browser on your management machine and go to http://<primary license server hostname or IP>:8080/licserver
- Click on Configuration
- In the License Generation section, fill in the following details:
- Backup URI:
http://<secondary license server hostname or IP>:7070/fne/bin/capability - Main URI:
http://<primary license server hostname or IP>:7070/fne/bin/capability
- Backup URI:
- In the Settings for server to server sync between License servers section, fill in the following details:
- Synchronization to fne enabled: True
- Main FNE Server URI:
http://<primary license server hostname or IP>:7070/fne/bin/capability
- Click Save.
- Open a new browser window or tab and go to go to http://<secondary license server hostname or IP>:8080/licserver
- Click on Configuration
- In the License Generation section, fill in the following details:
- Backup URI:
http://<secondary license server hostname or IP>:7070/fne/bin/capability - Main URI:
http://<primary license server hostname or IP>:7070/fne/bin/capability
- Backup URI:
- In the Settings for server to server sync between License servers section, fill in the following details:
- Synchronization to fne enabled: True
- Main FNE Server URI:
http://<primary license server hostname or IP>:7070/fne/bin/capability
- Click Save.
Summary
After completing the high availability setup section, the license servers are ready for the license file. In order to generate and install this, the two license servers will need to be registered with the NVIDIA licensing service. The steps to complete those tasks will be covered in a future post.
The Virtual Horizon 