Linux system-wide installation

Installing RADKit

Danger

Do not install or execute RADKit as the root user. This is a general security best practice for any application.

System-wide installation is the recommended method for production setups. The installation process requires root privileges, but RADKit itself should run as an un-privileged user.

Follow these steps before starting the installation:

  • choose or create an un-privileged user to run RADKit Service (e.g. radkit);

  • add this user to the sudoers file so that it can use the sudo command;

  • log in as that user to perform the installation.

Then, execute the following command, replacing <VERSION> with the RADKit version that you are installing:

$ sudo sh ./cisco_radkit_<VERSION>_linux_x86_64.sh

and follow the prompts until completion, then read on to learn how to finalize your installation and start using RADKit.

Directory layout

The system-wide installation directory for RADKit is /opt/radkit (this cannot be changed). It is owned by the user that performed the installation. After the installation has completed, the following directory layout will be present:

/opt
└── radkit
    └── bin                       # Symlinks to the RADKit CLI for the current version
    └── data                      # Data files for the RADKit Service daemon
    └── versions
        └── <VERSION>
            └── python            # Python environment and binaries for this version of RADKit
            └── uninstall         # Uninstaller for this version of RADKit
            └── post-install.sh   # Post-install script (see below for details)

The post-install.sh script is meant for people who want to automate the deployment and provisioning of their RADKit Service. It also suggests firewall rules to make the Service ports reachable through the local firewall, in case this Service will be managed remotely.

The /opt/radkit/data directory will be progressively populated as you set up and use RADKit Service; its general layout is:

/opt/radkit/data
└── systemd               # Helper files for the systemd daemon
└── identities            # Client credentials for Cloud
└── logs
    └── service           # Service application logs
└── service               # Service data files
└── session_logs
    └── service           # Service session logs

In parallel, other RADKit components such as RADKit Client create and use another directory at run-time to store their data, referred to as the RADKit directory.

While the installation directory under /opt/radkit contains the RADKit binaries and Service data, the RADKit directory used by the other components is user-specific and is located in the current user’s $HOME/.radkit by default.

Note

In other words: multiple users can use RADKit Client with their own personal settings, but there is a single RADKit Service instance on the host, which runs as the user that performed the installation.

The exact contents of a user’s RADKit directory depend on which components have been run and which actions were taken, but the general layout is:

$HOME/.radkit
└── client          # Client data files
└── control         # Control data files
└── identities      # Client credentials for Cloud
└── logs
    └── client      # Client application logs
└── session_logs
    └── client      # Client session logs

Adjusting the PATH

Since RADKit 1.7.0, the Linux installer no longer creates symbolic links for the RADKit CLI tools in a standard location that is already in the system PATH. Instead, it now creates the symlinks in a dedicated, RADKit-specific directory and the user is responsible for adding that directory to their PATH environment variable, for example:

# Add this to the environment, profile or rc file of your favorite shell
$ export PATH; PATH="$PATH:/opt/radkit/bin"

Once this is done, the different RADKit components can be started through the CLI:

  • radkit-client

  • radkit-control

  • radkit-interactive

  • radkit-network-console

  • radkit-service

Warning

  • The radkit-service command should NOT be used in the systemd scenario unless instructed by Cisco TAC or RADKit support. Instead, please use RADKit Control to manage your Service through the CLI.

  • radkit-service-gui and radkit-medic-gui are currently not supported on Linux.

Moving existing Service data

This step is optional, and is only required if you have a pre-existing installation of RADKit Service whose data did not reside under /opt/radkit/data. This would be the case if:

  • you had installed any version of RADKit using pip;

  • you had installed RADKit 1.6.x or earlier using the Linux installer;

  • you had installed RADKit 1.7.x as a single user using the Linux installer (see Linux custom and single-user installation);

  • you had manually set up RADKit Service as a systemd service using the instructions that came with RADKit 1.4.x, 1.5.x and 1.6.x.

In all of these cases, your data would normally be found under $HOME/.radkit for the user that RADKit Service used to run as, unless the installation was further customized.

To copy the data files, first make sure that the old RADKit Service is shut down, then run the following script (edit it to suit your setup if necessary, for instance edit $HOME or $USER if the user that owns the old data is not the same as the one that will run the systemd service). Make sure to enter the correct superadmin password when prompted (it must be the one that unlocks the Service database that is being migrated).

#!/bin/bash
# Shut down the new RADKit Service
sudo systemctl stop radkit
# Copy the data files
sudo cp -R $HOME/.radkit/* /opt/radkit/data/
# Save the superadmin password
read -s -p 'superadmin password: ' SAPW
echo $SAPW | sudo dd status=none of=/opt/radkit/data/systemd/superadmin-password
# Set ownership of the data files
sudo chown -R $USER /opt/radkit/data/*
# Start RADKit Service with the migrated data
sudo systemctl start radkit

Starting RADKit Service

The new systemd service should be already started after installation. To stop and start RADKit Service, issue the following commands:

$ sudo systemctl stop radkit
$ sudo systemctl start radkit

You can also check the service status and the most recent log entries with:

$ sudo systemctl status radkit
● radkit.service - RADKit Service
    Loaded: loaded (/etc/systemd/system/radkit.service; enabled; preset: enabled)
    Active: active (running) since Thu 2024-09-05 16:55:55 UTC; 1min 15s ago
Main PID: 6207 (radkit-service)
    Tasks: 2 (limit: 4556)
    Memory: 202.8M (peak: 203.2M)
        CPU: 4.856s
    CGroup: /system.slice/radkit.service
            └─6207 /opt/radkit/versions/1.7.0b7/python/bin/python3 /opt/radkit/bin/radkit-service --domain PROD --radkit-directory /opt/radkit/data run --no-cli-app

Sep 05 16:55:59 linux radkit-service[6207]: 16:55:59.342Z INFO  | internal | Cisco Remote Automation Development Kit (RADKit) -- Copyright (c) 2018-2024 by Cisco Systems, Inc.
...
Sep 05 16:55:59 linux radkit-service[6207]: 16:55:59.345Z INFO  | internal | Service lockfile created successfully
Sep 05 16:56:00 linux radkit-service[6207]: 16:56:00.169Z INFO  | internal | Starting UI and API listener [addresses=['[::]'] secure_port=8081]
Sep 05 16:56:00 linux radkit-service[6207]: 16:56:00.188Z INFO  | internal | Starting HTTP server [bind=['[::]:8081']]
Sep 05 16:56:00 linux radkit-service[6207]: 16:56:00.190Z INFO  | internal | Running on https://[::]:8081 (CTRL + C to quit)

If you copied the Service data files from a previous installation, the new Service is now ready to use, else it should now be bootstrapped; please return to the main Linux installer page under Bootstrapping RADKit Service for instructions.