Chapter 3. Prerequisites for Installing Red Hat Update Infrastructure

The cloud provider provides the following technical prerequisites:

  1. completion of the initial stages of the Red Hat Certified Cloud & Service Provider (CCSP) certification, including review of the client’s :

    1. virtualization, image creation, and instance provisioning technologies, tools, and processes.
    2. proposed process for measuring and reporting consumption of Red Hat software.
    3. proposed process for notifying customers of errata updates to Red Hat software.
    4. proposed process for making images that include Red Hat software available to customers, including image life-cycle management and retiring outdated images.

      See Product Documentation for Red Hat Certified Cloud and Service Provider Certification Browse Knowledgebase for more information.

  2. Self-signed certificates are typically used for Red Hat Update Infrastructure (RHUI) deployment. If SSL certificates signed by a third-party certificate authority will be used, they have been obtained by the client and reviewed by Red Hat.

    Note

    The Red Hat Consultant can assist with the development of self-signed certificates, and their use will not affect the user experience of the client’s customers.

  3. The client will provide systems, virtual machines, or tenant instances for installation of all Red Hat Update Appliances (RHUAs), external load balancers, and content delivery servers (CDSs), configured as described below.
  4. Make sure rhel-7-server-rpms and the RHUI ISO packages are available.
  5. A minimal RHUI installation includes three required servers: one RHUA and two CDSs (physical or virtual) configured as follows:

    1. Red Hat Enterprise Linux (RHEL) 6.7 or greater with Minimal installation recommended
    2. SELinux on
    3. Two CPUs, AMD64 processor architecture
    4. 4 GB memory minimum
    5. 10 GB disk for operating system
    6. 50 GB disk per major RHEL release
    7. Each CDS node with a 500 GB local block device dedicated to the GlusterFS brick (if Gluster Storage is used)
  6. Certification generation using openssl requires one server, new or existing, configured as follows:

    1. RHEL 6.7 or greater with Minimal installation recommended
    2. SELinux enabled
    3. Two CPUs, AMD64 processor architecture
    4. 2 GB memory
    5. 6 GB disk for operating system
  7. Image certification is performed on RHEL guest templates as provided, typically one RHEL 6 guest and one RHEL 7 guest.

    1. Minimum 10 GB disk for operating system
    2. iptables on
    3. SELinux enabled
    4. If password authentication is on, must use strongest possible hash
    5. Default logging on
  8. The client’s network must be properly configured for the RHUI.

    1. IP addresses must be allocated for all RHUAs, CDSs, and external load balancers (if any).
    2. DNS records (forward and reverse) have been created for all IP addresses. Example: rhua.company.com, cds1.company.com, cds2.company.com, and certs.company.com

      Note

      If the server has multiple network interface cards (NICs), the fully qualified domain name of the RHUA and the CDSs must be resolved to the IP of the NIC that is used to communicate between the RHUA and the CDSs.

      RHUI uses DNS to reach the CDN. In most cases, your instance should be preconfigured to talk to the proper DNS servers hosted as part of the cloud’s infrastructure. If you run your own DNS servers or update your client DNS configuration, there is a chance you will see errors similar to yum Could not contact any CDS load balancers. In these cases, check that your DNS server is forwarding to the cloud’s DNS servers for the request or that your DNS client is configured to fall back to the cloud’s DNS server for name resolution.

      Using more than one HAProxy node requires a round-robin DNS entry for the host name used as the value of the --cds-lb-hostname parameter when rhui-installer is run (cds.example.com in this guide) that resolves to the IP addresses of all HAProxy nodes. This Knowledgebase solution presents one way to configure a round-robin DNS. In the context of RHUI, these will be the IP addresses of the HAProxy nodes, and they are to be mapped to the host name specified as --cds-lb-hostname while calling rhui-installer.

      See HAProxy Configuration for more information.

      Red Hat Enterprise Linux 7 uses firewalld for port manipulation, whereas Red Hat Enterprise Linux 6 uses iptables.

  9. All required network ports are open.

    Table 3.1. Required Network Port Settings

    ConnectionPortUsage

    RHUA to cdn.redhat.com

    443/TCP

    Content Delivery

    RHUA to CDSs

    22/TCP

    Initial SSH configuration

    RHUA to HAProxy servers

    22/TCP

    Initial SSH configuration

    CDS to RHUA

    8140/TCP

    Puppet

    HAProxy to RHUA

    8140/TCP

    Puppet

    Clients to CDS or HAProxy

    443/TCP

     

    Clients to CDS or HAProxy

    5000/TCP

    Docker

    HAProxy to CDS

    443/TCP

    Load balancing

    HAProxy to CDS

    5000/TCP

    Docker load balancing

    GlusterFS ports

    24007/TCP, 49152-4/TCP

    Storage

    NFS ports

    2049/TCP

    File system

  10. Network proxy settings between RHUA and the Red Hat CDN are configured appropriately.
  11. Network proxy settings between the CDSs and the clients via yum.conf are configured appropriately.
  12. A round-robin DNS entry if more than one HAProxy node is used

Report a bug