Chapter 3. Prerequisites for installing Red Hat Update Infrastructure

The cloud provider provides the following technical prerequisites:

  • Completion of the initial stages of the Red Hat Certified Cloud and Service Provider (CCSP) certification, including review of the client’s :

    • Virtualization, image creation, and instance provisioning technologies, tools, and processes
    • Proposed process for measuring and reporting consumption of Red Hat software
    • Proposed process for notifying customers of errata updates to Red Hat software
    • Proposed process for making images that include Red Hat software available to customers, including image lifecycle management and retiring outdated images

      See Product Documentation for Red Hat Certified Cloud and Service Provider Certification Browse Knowledgebase for more information.

  • Self-signed certificates are typically used for Red Hat Update Infrastructure (RHUI) deployment. If SSL certificates signed by a third-party certificate authority will be used, they have been obtained by the client and reviewed by Red Hat.
Note

The Red Hat consultant can assist with the development of self-signed certificates, and their use will not affect the user experience of the client’s customers.

  • The client will provide systems, virtual machines, or tenant instances for installation of all Red Hat Update Appliances (RHUAs), external load balancers, and content delivery servers (CDSs), configured as described below.
  • Make sure access to RHEL 7 and the RHUI bits (by ISO or subscription) are available.
  • A minimal RHUI installation includes four required servers: one RHUA, one load balancer, and two CDSs (physical or virtual) configured as follows:

    • Red Hat Enterprise Linux (RHEL) 7.6 or greater with Minimal installation recommended
    • SELinux on
    • Two CPUs, AMD64 processor architecture
    • 4 GB memory minimum (16 GB memory minimum for CDSs if Gluster Storage is used)
    • 10 GB disk for operating system
    • 50 GB disk per major RHEL release
    • Each CDS node with a 500 GB local block device dedicated to the GlusterFS brick (if Gluster Storage is used)
    • 50 GB for MongoDB (100 GB if you plan to keep a large number of RHEL repositories in RHUI). Either add this capacity to the root file system, or attach a volume of this capacity and mount it at /var/lib/mongodb.
  • Certification generation using openssl requires one server, new or existing, configured as follows:

    • RHEL 7.6 or greater with Minimal installation recommended
    • SELinux enabled
    • Two CPUs, AMD64 processor architecture
    • 2 GB memory
    • 6 GB disk for operating system
  • Image certification is performed on RHEL guest templates as provided:

    • Minimum 10 GB disk for operating system
    • iptables on
    • SELinux enabled
    • If password authentication is on, must use strongest possible hash
    • Default logging on
  • The client’s network must be properly configured for the RHUI:

    • IP addresses must be allocated for all RHUAs, CDSs, and external load balancers (if any).
    • DNS records (forward and reverse) have been created for all IP addresses, for example, rhua.company.com, cds1.company.com, cds2.company.com, and certs.company.com.
Note

If the server has multiple network interface cards (NICs), the fully qualified domain name (FQDN) of the RHUA and the CDSs must be resolved to the IP of the NIC that is used to communicate between the RHUA and the CDSs.

RHUI uses DNS to reach the CDN. In most cases, your instance should be preconfigured to talk to the proper DNS servers hosted as part of the cloud’s infrastructure. If you run your own DNS servers or update your client DNS configuration, there is a chance you will see errors similar to yum Could not contact any CDS load balancers. In these cases, check that your DNS server is forwarding to the cloud’s DNS servers for the request or that your DNS client is configured to fall back to the cloud’s DNS server for name resolution.

Using more than one HAProxy node requires a round-robin DNS entry for the host name used as the value of the --cds-lb-hostname parameter when rhui-installer is run (cds.example.com in this guide) that resolves to the IP addresses of all HAProxy nodes. How to Configure DNS Round Robin presents one way to configure a round-robin DNS. In the context of RHUI, these will be the IP addresses of the HAProxy nodes, and they are to be mapped to the host name specified as --cds-lb-hostname while calling rhui-installer.

See HAProxy Configuration for more information.

  • All required network ports are open.

Table 3.1. Required Network Port Settings

ConnectionPortUsage

RHUA to cdn.redhat.com

443/TCP

Content Delivery

RHUA to CDSs

22/TCP

Initial SSH configuration

RHUA to HAProxy servers

22/TCP

Initial SSH configuration

CDS to RHUA

8140/TCP

Puppet

HAProxy to RHUA

8140/TCP

Puppet

Clients to CDS or HAProxy

443/TCP

 

Clients to CDS or HAProxy

5000/TCP

Docker

HAProxy to CDS

443/TCP

Load balancing

HAProxy to CDS

5000/TCP

Docker load balancing

GlusterFS ports

24007/TCP, 49152-4/TCP

Storage

NFS ports

2049/TCP

File system

  • Network proxy settings between RHUA and the Red Hat CDN are configured appropriately.
  • Network proxy settings between the CDSs and the clients via yum.conf are configured appropriately.
  • A round-robin DNS entry if more than one HAProxy node is used

Report a bug