

Installing the PCoIP License Server¶

The method you will use to install the PCoIP License Server depends on whether you can open a temporary internet connection to the License Server machine.

If you can open a temporary connection to the internet, you can install the software and dependencies directly and then remove the internet connection.
If you cannot connect to the internet, you must obtain dependencies and License Server software via a temporary internet-connected machine and transfer the files yourself.

Important: Migrating from RHEL/CentOS 7 to RHEL/CentOS 8

If you have currently deployed a PCoIP License Server on RHEL/CentOS 7 and wish to upgrade to RHEL/CentOS 8, do not upgrade the operating system in place. Updating the operating system could invalidate your PCoIP licenses. See Migrating from RHEL/CentOS 7 to RHEL/CentOS 8 for a supported migration path.

Caution: Don't install more than one type of license server on the same machine

The PCoIP License Server version 21.03 cannot be installed on the same machine as the PCoIP License Server 1.x or an NVIDIA GRID License Server.

Keeping Passwords Secure¶

Some commands documented in this guide allow the use of the -p flag to provide password values inline, rather than stopping for a user input prompt. Although the PCoIP License Server does not log or distribute passwords provided this way, it can be difficult to tell whether other system loggers (like /var/log/secure and bash history) are capturing them, leading to inadvertent disclosures. For this reason, Teradici strongly discourages the use of the -p flag (or the related -n flag used by pcoip-set-password).

As of version 21.01.2, the PCoIP license server supports the use of system environment variables to store the license server password. To register the password as an environment variable, open a console window and run the following commands, substituting your password for your_license_server_password:

export HISTIGNORE="export*"
export TERADICI_LICENSE_SERVER_PASSWORD=<your_license_server_password>

If the PCoIP License Server password is registered in this way, the PCoIP License Server can use it automatically without needing the -p flag.

If you must use the -p flag

If you prefer to use these flags, or have no alternative, you should run sudo -i first. This changes to the Linux root user, and may avoid logging your password into /var/log/secure. You may also run export HISTIGNORE="sudo pcoip-*" to avoid logging password into bash history.

Installing With a Temporary Internet Connection¶

To install the software with a temporary internet connection:

Open the internet connection on the License Server machine.
SSH into your License Server machine.
For RHEL/CentOS 7, install wget and yum-utils (skip this step for RHEL/CentOS 8):
```
sudo yum install wget
sudo yum install yum-utils
```
Install the Teradici pcoip-license-server repository, using the shell script available here. The script will discover your operating system and configure the repo appropriately.

Install the license server:

For RHEL/CentOS 7:

sudo yum install -y pcoip-license-server

For RHEL/CentOS 8:

sudo dnf install -y pcoip-license-server

Set your PCoIP License Server administrative password with pcoip-set-password.

Change the default password immediately

Until the default password is changed, commands can be issued to the license server without your knowledge.
Info: Password Rules

Passwords should be surrounded with single quotation marks like 'password', and must conform to the following rules:
- Must be between 8 and 30 characters long
- Must contain at least one lowercase letter
- Must contain at least one uppercase letter
- Must contain at least one digit
- Must contain at least one symbol, excluding ' (single quote), " (double quote), \ (backslash), and spaces.
Note: Default password

The default password in new installations is 1P@ssw0rd!, where the leading 1 is a numeral one and 0 is a zero. When setting the password on a clean installation, use this as your curent password.
- To set the new password:
```
sudo pcoip-set-password
```
  You will be prompted for the old and new passwords.
  Register your password as an environment variable
  
  Teradici recommends that you register your password as a system environment variable, which will allow you to run commands without providing the password inline via the -p flag. Providing the passwords inline can have security implications and Teradici recommends against it. See Keeping Passwords Secure at the top of this page for more information and methods for mitigating the security concerns.
  
  To register the PCoIP password as an environment variable, run the following commands, replacing <your_license_server_password> with your license server password:
```
export HISTIGNORE="export*"
export TERADICI_LICENSE_SERVER_PASSWORD=<your_license_server_password>
```
  You can specify the old and new passwords inline, by including the -p and -n flags; to do this, you would enter sudo pcoip-set-password -p <old_password> -n <new_password>. This method may expose your password via system loggers, and Teradici strongly discourages it.
Remove the internet connection.
If you need to change the PCoIP License Server's listening port, see Configuring the License Server's Listening Port.

The PCoIP License Server starts automatically when it is installed.

Installing With No Internet Connection¶

If you cannot open an internet connection on the License Server machine, you must create a temporary machine to download the License Server software and its dependencies and then manually transfer and install them.

To install the software without an internet connection:

Create a disposable internet-connected RHEL (or CentOS) machine for downloading and inspecting packages. This machine should be identical to the license server machine.
SSH into the new temporary machine.
Install the Teradici repository by running the shell script available here. The script will discover your operating system and configure the repo appropriately.
Create a new directory to hold the downloaded package manager files. In the following examples, we are creating folders in your user home directory (~/). You can create them anywhere; just keep track of them and modify subsequent commands as necessary:
```
cd ~/
```
```
mkdir ./rpms/
mkdir ./updates/
```

Download required updates to the new /updates/ folder:

RHEL/CentOS 7

sudo yum update -y --downloadonly --downloaddir=./updates

RHEL/CentOS 8

sudo dnf update -y --downloadonly --downloaddir=./updates

Download the RPM packages to the new /rpms/ folder:

RHEL/CentOS 7

sudo yum install --downloadonly --downloaddir=./rpms pcoip-license-server -y

RHEL/CentOS 8

sudo dnf install --downloadonly --downloaddir=./rpms pcoip-license-server -y

Transfer the RPMs directory containing the packages to your license server machine using any acceptable method, such as a USB flash drive.

The temporary machine is no longer needed

We are now done with the temporary machine, and it can be safely destroyed.
Connect to the license server machine using a console.
Install the updates from the updates/ directory you transferred earlier. The following example assumes the updates/ directory is in the user home directory; if you put it somewhere else, modify these instructions accordingly:
- RHEL/CentOS 7
```
cd ~/updates/
sudo yum install --disablerepo="*" -y *
```
- RHEL/CentOS 8
```
cd ~/updates/
sudo dnf install --disablerepo="*" -y *
```
Install the PCoIP License Server from the rpms/ directory you transferred earlier. The following example assumes the rpms/ directory is in the user home directory; if you put it somewhere else, modify these instructions accordingly:
- RHEL/CentOS 7
```
cd ~/rpms/
sudo yum install --disablerepo="*" -y *
```
- RHEL/CentOS 8
```
cd ~/rpms/
sudo dnf install --disablerepo="*" -y *
```
Important: Long installation times are possible

When installing the PCoIP License Server offline, installation times of up to 10 minutes are possible. This is expected behavior.
Set your PCoIP License Server administrative password with pcoip-set-password.

Change the default password immediately

Until the default password is changed, commands can be issued to the license server without your knowledge.
Info: Password Rules

Passwords should be surrounded with single quotation marks like 'password', and must conform to the following rules:
- Must be between 8 and 30 characters long
- Must contain at least one lowercase letter
- Must contain at least one uppercase letter
- Must contain at least one digit
- Must contain at least one symbol, excluding ' (single quote), " (double quote), \ (backslash), and spaces.
Note: Default password

The default password in new installations is 1P@ssw0rd!, where the leading 1 is a numeral one and 0 is a zero. When setting the password on a clean installation, use this as your curent password.

To set the new password:
```
sudo pcoip-set-password
```
You will be prompted for the old and new passwords.
Register your password as an environment variable

Teradici recommends that you register your password as a system environment variable, which will allow you to run commands without providing the password inline via the -p flag. Providing the passwords inline can have security implications and Teradici recommends against it. See Keeping Passwords Secure at the top of this page for more information and methods for mitigating the security concerns.

To register the PCoIP password as an environment variable, run the following commands, replacing <your_license_server_password> with your license server password:
```
export HISTIGNORE="export*"
export TERADICI_LICENSE_SERVER_PASSWORD=<your_license_server_password>
```
You can specify the old and new passwords inline, by including the -p and -n flags; to do this, you would enter sudo pcoip-set-password -p <old_password> -n <new_password>. This method may expose your password via system loggers, and Teradici strongly discourages it.
If you need to change the PCoIP License Server's listening port, see Configuring the License Server's Listening Port.

The PCoIP License Server starts automatically when it is installed.

Do not modify the trusted storage database

The PCoIP License Server installs a trusted storage database in /var/opt/flexnetls/TERADICI.

If the contents of this directory are moved or modified, the license server will consider the trusted storage corrupted. The server will log an error and refuse to start.

Migrating from RHEL/CentOS 7 to RHEL/CentOS 8¶

If you have an exisitng PCoIP License Server on RHEL/CentOS 7 and wish to upgrade to RHEL/CentOS 8, you must create a new machine and transfer the license activations to it. You cannot upgrade the operating system in place.

To migrate licenses from a RHEL/CentOS 7 to a RHEL/CentOS 8 PCoIP License Server:

On the existing RHEL/CentOS 7 machine, record the number of activated licenses using the pcoip-list-licenses command, replacing <password> with your PCoIP License Server password:
```
sudo pcoip-list-license
```
Note the number of licenses returned by this command; we will use it to verify the migration in the last step.
Create a new offline RHEL/CentOS 8 machine.
Follow the instructions above to install the PCoIP License Server on the new machine.
Return the licenses on the RHEL/CentOS 7 machine, using the instructions here.

The command will provide the number of licenses returned; note this value. We'll use it in the next step.
On the new RHEL/CentOS 8 machine, activate the same number of licenses that were returned in the previous step, using the instructions here. When following these instructions, use the number returned in the previous step for <license count>.
Repeat steps 4 and 5 for each of your activation codes, until all licenses have been returned from the old machine and re-activated on the new one.
On the new machine, verify that all the licenses have been successfully activated with the pcoip-list-licenses command, replacing <password> with your PCoIP License Server password:
```
sudo pcoip-list-license
```
The value returned by this command should match the total number of licenses returned on the old license server.