Monday, February 23, 2015

CentOS Recovery Use Case 1: Modifying License MAC Addresses

I recently published a blog entry on how one could use the CentOS distribution and Recovery process to access the Cisco UCOS root file system. As noted in the initial blog, this isn't a new revelation. I originally was going to provide a group of use cases in the "primer" but decided that it was a little too long. So, I am breaking the use cases out into individual entries. Who knows, over time this may become another series. For now, let's focus on one of the CentOS recovery use cases: preserving a license MAC in your lab or staging area.

Background

With UCM versions prior to UCM 8x, the licenses were keyed to the MAC address of the Publisher (i.e. First) node. I have had instances where I am helping a customer do a "Jump Upgrade" and I am loading their UCM 6x or 7x system in my lab (or theirs, whatever works). Sometimes I need to do some interim upgrades/patches and if I don't have a valid license I could run into trouble. 

By using CentOS to gain access to the UCOS root file system, you can adjust the MAC address used by your VM so that it matches the production Publisher node. This should clear any licensing roadblocks out of your upgrade path. 



Procedure

The CentOS boot process is discussed in a separate blog entry (read that first)Use the following steps to resolve the MAC address licensing issue:

1. Edit the eth0 configuration file using the following command: vim /etc/sysconfig/network-scripts/ifcfg-eth0

(1a) If you are unfamiliar with VI, use this command reference

(1b) Add or change the line: MACADDR=DE:AD:BE:EF:00:01 (substitute your MAC address using ":" delimited fields)

(1c) Save and close the file using the key sequence ":wq" (without quotes)

2. Edit the hardware config file using the command: vim /etc/sysconfig/hwconf

(2a) Find the line that starts with "network.hwaddr" (without quotes)

(2b) Edit the mac address line to match the new MAC address: network.hwaddr: DE:AD:BE:EF:00:01

(2c) Save and close the file (:wq)

3. Type in the exit command.

4. Type exit in CentOS to reboot.

5. Disconnect the ISO from your VM guest.

6. Your system should come on line and licenses (either already restored via DRS or added by you manually) should be valid.



License MAC In Later Releases

Starting with UCM 8x, things get a little more interesting. Cisco has the concept of the "License MAC", which is automatically generated by the system and linked to several system parameters. I haven't had to mess with this in conjunction with the CentOS recovery process but my understanding is that there is a script that controls the generation of the license mac. Further, that script is a file you can access if you are using the Rescue mode as we have described above.

I think the script is located in /usr/local/bin/base_scripts/ and is called LicenseMac.sh. The line you want to look for is: FinalString='expr substr "$SHA1sum" 1 12'

Changing "FinalString" to a literal string (e.g. "deadbeef0001") should do the job. Again, I haven't tested this. I have used the previously described method.




Thanks for reading. If you have time, post a comment!

2 comments:

  1. This could be useful for testing or practicing backup recovery.

    ReplyDelete
  2. I would be interested if anyone has found a way to do this with the 10.x suite of products. We need to test our disaster recovery scenarios and the best way is to clone our production cluster. The new 10.x software, as I understand it, does not use a license mac at all and relies on server signed bin files. It is incredibly complicated, and unreliable, to document disaster recovery scenarios without being able to induce a "disaster".

    ReplyDelete