Thursday, January 10, 2019

Radiator v4.22: New Linux packages for Radiator products

Background


In our efforts to make Radiator easier to install, deploy and update, we have concentrated our efforts first to ensure Radiator software packaging is up-to-date with current Linux distribution packaging practices. We have started by designing our new packages based on the best practices we have used in our deployments and enhanced those with recommendations for packaging suitable for Red Hat, CentOS, Ubuntu and Debian.

These new packages are now available at:

In the near future we intend to introduce Linux package repositories for our customer interested in automating their Radiator updates. We will also continue making legacy RPM packages for a small number of future Radiator releases to provide time for users to migrate to new packages. We will publish blog posts with more detailed migration information during January 2019.

What has changed in packaging?

  • New packages are named as radiator-4.22-1.el7.noarch.rpm and radiator_4.22-1_all.deb. Legacy RPMs are named as Radiator-4.22-1.noarch.rpm. Note the changes in RPM name.
  • Radiator AAA server software now installs completely separately to /opt/radiator/radiator directory to keep Radiator product files separate from system files and Perl libraries. For this reason radiusd and radpwtst and other utilities are no longer copied in /usr/bin and other directories. Startup configuration that comes with the new packages sets this directory as the primary source for Radiator module files.
  • A system user and group radiator is created for Radiator as there is no need to run Radiator as a privileged user. Also the default configuration file and log file permissions have been revised to more secure defaults.
  • Radiator's log directory is now /var/log/radiator/ with permissions set correctly for radiator system user and group. If this directory exists, its permissions are updated but existing old log files are not changed.
  • Radiator package is now fully compliant with systemd for running a single as well as multiple Radiator  instances. This however means that the oldest supported Red Hat / CentOS distribution version for new packages is Red Hat Enterprise Linux or CentOS 7. For Ubuntu we support 16.04 LTS (Xenial Xerus) as well as 18.04 LTS (Bionic Beaver). For Debian we support 9 (stretch).
  • systemd unit files set Radiator configuration file to /etc/radiator/radiator.conf
  • Radiator service is installed but is neither enabled nor started by default according to Red Hat packaging recommendations. This is also how deb packages are configured.
  • In addition to a new example configuration file, located at /etc/radiator/radiator.conf, the new package installs also a logrotate configuration file at /etc/logrotate.d/radiator. By default the configuration rotates and compresses Radiator logs every month and keeps 24 months worth of logs.
  • Root privileges are no longer needed for TACACS+. Radiator is started with privileges that allow binding to reserved ports.
  • New packages are signed. More information will be available in Radiator documentation.
See Radiator documentation for the latest installation instructions and other information. See the separate blog post about migration information.

What packages do not do?

Package configuration tries to keep system changes at minimum. For example, firewall rules are not updated. 

Some Linux distributions such as Red Hat Enterprise Linux 7 and Centos 7, have a firewall setup enabled by default. To make Radiator accessible from the network on Red Hat or Centos, use firewall configuration command (sudo firewall-cmd --permanent --zone=public --add-service=radius; sudo firewall-cmd --reload) to setup and enable rules for RADIUS.

Give us feedback

As these are new packages, we are interested in any feedback you may have on the package design and installation. If you have any ideas, suggestions, feedback or questions of the new packages, please do send them via this package feedback form or via email to support (a) radiatorsoftware.com.


UPDATE 2019-01-29: Mention Debian 9. Firewall configuration example was added. Link to migration information post was added.