Chapter 7. Add or Delete a Content Delivery Server

7.1. Add a Content Delivery Server

The Red Hat Update Infrastructure Management Tool provides several options for configuring a content delivery server (CDS) within the Red Hat Update Infrastructure (RHUI). Adding a CDS differs in Red Hat Update Infrastructure 3.1 from Red Hat Update Infrastructure 3.0. Rather than adding a preconfigured CDS as done in Red Hat Update Infrastructure 3.0, the Add step in the Red Hat Update Appliance (RHUA) also installs CDS services.

  1. Make sure sshd is running on the CDS node and that ports 443 and 5000 are open.
  2. Navigate to the Red Hat Update Infrastructure Management Tool home screen.

    [root@rhua ~]# rhui-manager
  3. Press c to select manage content delivery servers (CDS).

                 -= Red Hat Update Infrastructure Management Tool =-
    
    -= Home =-
    
       r   manage repositories
       c   manage content delivery servers (CDS)
       l   manage HAProxy load-balancer instances
       s   synchronization status and scheduling
       e   create entitlement certificates and client configuration RPMs
       n   manage Red Hat entitlement certificates
       sm  manage Red Hat subscriptions
       u   manage RHUI users
    
                                                       Connected: rhua.example.com
  4. Type a to select register (add) a new Content Delivery Server instance.

    ------------------------------------------------------------------------------
    = Red Hat Update Infrastructure Management Tool =
    
    = Content Delivery Server (CDS) Management =
    
    l   list all known CDS instances managed by the RHUI
    a   register (add) a new CDS instance
    r   reinstall and reapply configuration to an existing CDS instance
    d   unregister (delete) a CDS instance from the RHUI
    
                                                  	Connected: rhua.example.com
    ------------------------------------------------------------------------------
    rhui (cds) => a
  5. Enter the host name of the CDS to add.

    Hostname of the CDS instance to register:
    cds1.example.com
  6. Enter the user name that will have SSH access to the CDS and have sudo privileges.

    Username with SSH access to <cds1.example.com> and sudo privileges:
    root
  7. Enter the absolute path to the SSH private key for logging in to the CDS and press Enter.

    Absolute path to an SSH private key to log into <cds1.example.com> as root:
    /root/.ssh/id_rsa
    .........................................................................
    The following CDS has been successfully added:
    
    Hostname:             <cds1.example.com>
    SSH Username:     root
    SSH Private Key:  /root/.ssh/id_rsa
    
    The CDS will now be configured:
    …………………………………………………………..
    The CDS was successfully configured.
  8. If adding the content delivery server fails, check that the firewall rules permit access between the RHUA and the CDS.
  9. Run the mount command to see if Gluster Storage is mounted as read-write.

    [root@rhua ~]# mount | grep cds1.example.com
    
    cds1.example.com:rhui_content_0 on /var/lib/rhui/remote_share type fuse.glusterfs (rw,relatime,user_id=0,group_id=0,default_permissions,allow_other,max_read=131072)
  10. After successful configuration, repeat these steps for any remaining CDSs. You can also add a CDS using the command-line interface.

    [root@rhua ~]# rhui cds add cds1.example.com root /root/.ssh/id_rsa -u

7.2. Unregister a Content Delivery Server

Use the following procedure to unregister (delete) a CDS instance that you are not going to use any longer.

  1. Navigate to the Red Hat Update Infrastructure Management Tool home screen.

    [root@rhua ~]# rhui-manager
  2. Press c to select manage content delivery servers (CDS).

    -= Red Hat Update Infrastructure Management Tool =-
    
    -= Home =-
    
    r   manage repositories
    c   manage content delivery servers (CDS)
    l   manage HAProxy load-balancer instances
    s   synchronization status and scheduling
    e   create entitlement certificates and client configuration RPMs
    n   manage Red Hat entitlement certificates
    sm  manage Red Hat subscriptions
    u   manage RHUI users
    
                                                          Connected: rhua.example.com
  3. Type d to select unregister (delete) a CDS instance from the RHUI.

    ------------------------------------------------------------------------------
    = Red Hat Update Infrastructure Management Tool =
    
    = Content Delivery Server (CDS) Management =
    
    l   list all known CDS instances managed by the RHUI
    a   register (add) a new CDS instance
    r   reinstall and reapply configuration to an existing CDS instance
    d   unregister (delete) a CDS instance from the RHUI
    
                                                       Connected: rhua.example.com
    ------------------------------------------------------------------------------
     rhui (cds) => d
  4. Enter the host name of the CDS to delete.

    Hostname of the CDS instance to unregister:
    cds1.example.com
  5. Confirm the /etc/haproxy/haproxy.cfg file in the HAProxy instance

    #  cat /etc/haproxy/haproxy.cfg

Report a bug

7.3. Configure a Content Delivery Server to Accept Legacy CAs

A CDS node normally only accepts entitlement certificates signed by the Certificate Authority (CA) that is currently configured on RHUI 3. However, you may want to accept other, previously created CAs, too, so that clients can still continue to work if you change your main CA or when the CA certificate expires. RHUI 3 supports the concept of legacy CAs, where you can install other CA certs on CDS nodes and make them usable.

  1. Make sure all your RHUI nodes are running version 3.1 or later. If you have originally installed RHUI from an older version, you also have to reinstall your CDS nodes in rhui-manager first.
  2. Transfer your legacy CA certificate to your CDS nodes and save it in the /etc/pki/rhui/legacy-ca/ directory.
  3. Get the subject hash value from the certificate and keep it in a shell variable:

    #hash=`openssl x509 -hash -noout -in /etc/pki/rhui/legacy-ca/YOUR_CERT.crt`
  4. Create a symbolic link to the certificate file in the /etc/pki/tls/certs/ directory with the hash and an unused number, starting from 0, as the symbolic link name:

    #ln -s /etc/pki/rhui/legacy-ca/YOUR_CERT.crt /etc/pki/tls/certs/$hash.0

    This action takes effect immediately.

    Note

    If you decide to stop accepting the certificate, delete the symbolic link and the certificate file, and restart the httpd service.