Chapter 7. Add or delete a content delivery server
7.1. Add a content delivery server
The Red Hat Update Infrastructure Management Tool provides several options for configuring a content delivery server (CDS) within the Red Hat Update Infrastructure (RHUI). Adding a CDS differs in Red Hat Update Infrastructure 3.1.9 from Red Hat Update Infrastructure 3.1.8. Rather than adding a preconfigured CDS as done in Red Hat Update Infrastructure 3.1.8, the Add step in the Red Hat Update Appliance (RHUA) also installs CDS services.
Procedure
-
Make sure
sshdis running on the CDS node and that ports 443 and 5000 are open. Navigate to the Red Hat Update Infrastructure Management Tool home screen.
[root@rhua ~]# rhui-manager
Press
cto select manage content delivery servers (CDS).-= Red Hat Update Infrastructure Management Tool =- -= Home =- r manage repositories c manage content delivery servers (CDS) l manage HAProxy load-balancer instances s synchronization status and scheduling e create entitlement certificates and client configuration RPMs n manage Red Hat entitlement certificates u manage RHUI users Connected: rhua.example.comType
ato select register (add) a new Content Delivery Server instance.------------------------------------------------------------------------------ = Red Hat Update Infrastructure Management Tool = = Content Delivery Server (CDS) Management = l list all known CDS instances managed by the RHUI a register (add) a new CDS instance r reinstall and reapply configuration to an existing CDS instance d unregister (delete) a CDS instance from the RHUI Connected: rhua.example.com ------------------------------------------------------------------------------ rhui (cds) => aEnter the host name of the CDS to add.
Hostname of the CDS instance to register: cds1.example.com
Enter the user name that will have SSH access to the CDS and have sudo privileges.
Username with SSH access to <cds1.example.com> and sudo privileges: root
Enter the absolute path to the SSH private key for logging in to the CDS and press
Enter.Absolute path to an SSH private key to log into <cds1.example.com> as root: /root/.ssh/id_rsa ......................................................................... The following CDS has been successfully added: Hostname: <cds1.example.com> SSH Username: root SSH Private Key: /root/.ssh/id_rsa The CDS will now be configured: ………………………………………………………….. The CDS was successfully configured.
- If adding the content delivery server fails, check that the firewall rules permit access between the RHUA and the CDS.
Run the
mountcommand to see if Gluster Storage is mounted as read-write.[root@rhua ~]# mount | grep cds1.example.com cds1.example.com:rhui_content_0 on /var/lib/rhui/remote_share type fuse.glusterfs (rw,relatime,user_id=0,group_id=0,default_permissions,allow_other,max_read=131072)
After successful configuration, repeat these steps for any remaining CDSs. You can also add a CDS using the command line interface.
[root@rhua ~]# rhui cds add cds1.example.com root /root/.ssh/id_rsa -u
7.2. Unregister a content delivery server
Use the following procedure to unregister (delete) a CDS instance that you are not going to use.
Procedure
Navigate to the Red Hat Update Infrastructure Management Tool home screen.
[root@rhua ~]# rhui-manager
Press
cto selectmanage content delivery servers (CDS).-= Red Hat Update Infrastructure Management Tool =- -= Home =- r manage repositories c manage content delivery servers (CDS) l manage HAProxy load-balancer instances s synchronization status and scheduling e create entitlement certificates and client configuration RPMs n manage Red Hat entitlement certificates u manage RHUI users Connected: rhua.example.comType
dto selectunregister (delete) a CDS instance from the RHUI.------------------------------------------------------------------------------ = Red Hat Update Infrastructure Management Tool = = Content Delivery Server (CDS) Management = l list all known CDS instances managed by the RHUI a register (add) a new CDS instance r reinstall and reapply configuration to an existing CDS instance d unregister (delete) a CDS instance from the RHUI Connected: rhua.example.com ------------------------------------------------------------------------------ rhui (cds) => dEnter the host name of the CDS to delete.
Hostname of the CDS instance to unregister: cds1.example.com
Confirm the
/etc/haproxy/haproxy.cfgfile in the HAProxy instance# cat /etc/haproxy/haproxy.cfg
7.3. Configure a content delivery server to accept legacy CAs
A CDS node normally only accepts entitlement certificates signed by the Certificate Authority (CA) that is currently configured on RHUI 3. You may want to accept other previously created CAs so that clients can continue to work if you change your main CA or when the CA certificate expires. RHUI 3 supports the concept of legacy CAs, where you can install other CA certificates on CDS nodes and make them usable.
Procedure
-
Make sure all your RHUI nodes are running version 3.1 or later. If you have originally installed RHUI from an older version, you have to reinstall your CDS nodes in
rhui-managerfirst. -
Transfer your legacy CA certificate to your CDS nodes and save it in the
/etc/pki/rhui/legacy-ca/directory. Get the subject hash value from the certificate and keep it in a shell variable:
#hash=`openssl x509 -hash -noout -in /etc/pki/rhui/legacy-ca/YOUR_CERT.crt`
Create a symbolic link to the certificate file in the
/etc/pki/tls/certs/directory with the hash and an unused number, starting from 0, as the symbolic link name:#ln -s /etc/pki/rhui/legacy-ca/YOUR_CERT.crt /etc/pki/tls/certs/$hash.0
This action takes effect immediately.
If you decide to stop accepting the certificate, delete the symbolic link and the certificate file, and restart the httpd service.
