Chapter 11. Installing Red Hat Update Infrastructure
Once you have completed the prerequisites, you can install RHUI on your system using repositories and a network connection to resolve dependencies.
You can install RHUI using the following shared storage solutions:
11.1. RHUI Installer arguments
You can use the RHUI Installer command, rhui-installer
, with a combination of the following arguments to install and configure Red Hat Update Infrastructure (RHUI) based on your use case.
Mandatory RHUI Installer Arguments
Table 11.1. Mandatory RHUI Installer arguments
Argument | Description |
---|---|
--cds-lb-hostname CDS_LB_HOSTNAME | The hostname of the load balancer used by clients to access the CDS, specified as a fully qualified domain name (FQDN). |
--rhua-hostname RHUA_HOSTNAME | The hostname of the RHUA node, specified as an FQDN. |
--remote-fs-server REMOTE_FS_SERVER |
The remote mount point for the shared file system. For example, |
| An optional username without administrative privileges. It is used to run the Ansible installation playbooks on the RHUA node. Note By default, RHUI Installer uses the output from the logname(1) command for the username. However, if logname(1) does not return a username or you want to run the installer as a different user, you can use the --user or -u flag. To find the default username value, run the following command: # rhui-installer --help |
--rerun | Argument to rerun RHUI Installer. By default, the flag is set to false. Note
Running rhui-installer generates an |
Optional RHUI Installer Arguments
Table 11.2. Optional RHUI Installer arguments
Argument | Description |
---|---|
--colors-off | Turn off colored output. By default, the argument is set to false. |
--log-level |
Sets the level of detailed output. The valid values are error,warn,success,info, and debug. By default, the argument is set to |
--answers-file ANSWERS_FILE | The location of a user supplied optional answers file. Note
When you run RHUI Installer initially, it generates an |
--retain-package-versions RETAIN_PACKAGE_VERSIONS |
The number of retained package versions. By default, the value is set to |
--remote-fs-mountpoint REMOTE_FS_MOUNTPOINT |
The location of the file system to mount the remote share. By default, the location is |
--remote-fs-conf-server REMOTE_FS_CONF_SERVER |
Remote shared filesystem to be mounted at |
--remote-fs-cert-server REMOTE_FS_CERT_SERVER |
Remote shared filesystem to be mounted at |
--remote-fs-logs-server REMOTE_FS_LOGS_SERVER |
Remote shared filesystem to be mounted at |
--remote-fs-type REMOTE_FS_TYPE |
The file system type to use. The valid values are |
--rhui-manager-password RHUI_MANAGER_PASSWORD |
The |
--pulp-workers NUMBER_OF_WORKERS | The number of pulp workers associated with the RHUI instance. The number must be greater than 0. The default number of workers is 8. |
--ignore-newer-rhui-packages | Use this flag to prevent the installation of any available newer RHUI packages. This flag is ignored if there is no newer rhui-installer package. It is not saved in the answers.yaml file. It must be specified every time this functionality is desired. The default value is False. |
--ignore-newer-rhel-packages | Use this flag to prevent the installation of any available newer packages. It is not saved in the answers.yaml file. It must be specified every time this functionality is desired. The default value is False, meaning the RHUA will get updated. Note
RHUA must be rebooted if any package has been updated that requires rebooting. The command to check this is: |
--fetch-missing-symlinks FETCH_MISSING_SYMLINKS | The flag to configure CDS nodes to fetch missing symlinks from the RHUA node. The values are True and False. The default value is True. To configure CDS nodes in an already installed RHUI instance, rerun the installer with the flag and apply the change to all CDS nodes. Note If your clients try to fetch the content before it is exported, they will encounter HTTP 404 errors. |
--container-support-enabled CONTAINER_SUPPORT_ENABLED | The flag to enable container support in RHUI. The values are True and False. The default value is False. |
--rhua-mount-options RHUA_MOUNT_OPTIONS | The flag to specify the options for mounting a remote shared filesystem on RHUA and CDS nodes. Before you set it up, ensure that it is possible to umount the current remote filesystem. If RHUA is already running, the pulp service needs to be stopped prior to using this flag. You must also resinstall all CDS nodes after you set the flag.
The default value is Note This flag does not apply to Ceph file systems. |
--client-repo-prefix PREFIX | The argument to use a custom prefix, or no prefix at all, when creating RHUI repository IDs.
To remove the prefix entirely, use two quotation marks, |
Optional Ceph File System Arguments
Table 11.3. Optional CephFS arguments
Argument | Description |
---|---|
--cephfs-username CEPHFS_USERNAME |
The username associated with the Ceph file system. The default username is |
--cephfs-secretkey-file CEPHFS_SECRETKEY_FILE | The path to the file containing the CephFS secret key. |
--cephfs-name CEPHFS_NAME | The name of the Ceph file system. |
Optional Proxy Arguments
Table 11.4. Optional Proxy arguments
Argument | Description |
---|---|
--proxy-hostname PROXY_HOSTNAME | The hostname of the proxy server that the RHUA node will use to communicate with the Red Hat CDN (cdn.redhat.com:443). |
--proxy-password PROXY_PASSWORD | The password to access the proxy server. Specify a password only if your proxy server requires authentication. |
--proxy-port PROXY_PORT |
The TCP port on the proxy server. Note that the Squid proxy server normally uses port |
--proxy-protocol PROXY_PROTOCOL |
The application layer protocol that the proxy server is configured to support, either |
--proxy-username PROXY_USERNAME | The username associated with the proxy server. Specify a username only if your proxy server requires authentication. |
Optional Certificate Authority Arguments
Table 11.5. Optional arguments for generating Certification Authorities
Argument | Description |
---|---|
--certs-ca-common-name CERTS_CA_COMMON_NAME |
The common name for the generated CA certificate. By default, the name is |
--certs-country CERTS_COUNTRY |
The country attributes for managed certificates. The default is |
--certs-state CERTS_STATE |
The state attributes for managed certificates. The default is |
--certs-city CERTS_CITY |
The city attributes for managed certificates. The default is |
--certs-org CERTS_ORG |
The org attributes for managed certificates. The default is |
--certs-org-unit CERTS_ORG_UNIT |
The org unit attributes for managed certificates. The default is |
--certs-ca-expiration CERTS_CA_EXPIRATION |
The number of days after which the CA expires. The default value is |
--cds-certs-expiration CDS_CERTS_EXPIRATION |
The number of days after which the certificate expires. The default value is |
Arguments for configuring RHUI using Certificate Authorities
You can configure RHUI using the following CAs:
- RHUI CA: Signs certificates generated by RHUI.
- Client SSL CA: Signs certificates generated by RHUI and secures the exchange of content between the client and the HAProxy and CDS nodes.
Client Entitlement CA: Signs entitlement certificates generated by RHUI and secures the content that the client requests from RHUI.
NoteIf you do not provide a RHUI CA, the command will automatically generate one.
If you do not provide a Client SSL CA or a Client Entitlement CA, the command will use the configured RHUI CA instead.
Depending on your use case, you must provide the respective arguments:
Configuring using a RHUI CA
- --user-supplied-rhui-ca-crt USER_SUPPLIED_RHUI_CA_CRT: The path to the digital certificate crt file issued by a CA. If you do not provide a crt file, the command automatically generates one.
-
--user-supplied-rhui-ca-key USER_SUPPLIED_RHUI_CA_KEY: The path to the key file used to generate the
--user-supplied-rhui-ca-crt
file. If you do not provide a key, it is automatically generated.
Configuring using a Client SSL CA
-
--user-supplied-client-ssl-ca-crt USER_SUPPLIED_CLIENT_SSL_CA_CRT: The path to a digital certificate crt file issued by the CA. You can use this crt file to generate the client SSL certificate. The client SSL certificate secures the content returned to a client from RHUI. If you do not provide a file, the command uses the RHUI crt file,
--user-supplied-rhui-ca-crt
. -
--user-supplied-client-ssl-ca-key USER_SUPPLIED_CLIENT_SSL_CA_KEY: The path to the key file that generates the
--user-supplied-client-ssl-ca-crt
file. If you do not provide a key, the command uses the RHUI key,--user-supplied-rhui-ca-key
.
-
--user-supplied-client-ssl-ca-crt USER_SUPPLIED_CLIENT_SSL_CA_CRT: The path to a digital certificate crt file issued by the CA. You can use this crt file to generate the client SSL certificate. The client SSL certificate secures the content returned to a client from RHUI. If you do not provide a file, the command uses the RHUI crt file,
Configuring using a Client Entitlement CA:
-
--user-supplied-client-entitlement-ca-crt USER_SUPPLIED_CLIENT_ENTITLEMENT_CA_CRT: The path to a digital certificate crt file issued by the CA. You can use this crt file to generate the client entitlement certificate. The client entitlement certificate secures requests made by a client to RHUI. If you do not provide a file, the command uses the RHUI crt file,
--user-supplied-rhui-ca-crt
. -
--user-supplied-client-entitlement-ca-key USER_SUPPLIED_CLIENT_ENTITLEMENT_CA_KEY: The path to the key file that generates the
--user-supplied-client-entitlement-ca-crt
file. If you do not provide a key, the command use the RHUI key,--user-supplied-rhui-ca-key
.
-
--user-supplied-client-entitlement-ca-crt USER_SUPPLIED_CLIENT_ENTITLEMENT_CA_CRT: The path to a digital certificate crt file issued by the CA. You can use this crt file to generate the client entitlement certificate. The client entitlement certificate secures requests made by a client to RHUI. If you do not provide a file, the command uses the RHUI crt file,
11.2. Installing Red Hat Update Infrastructure using NFS
Perform the following steps to install Red Hat Update Infrastructure (RHUI) on your system using repositories along with network file system (NFS).
Prerequisites
- Ensure that your system can access the internet.
- Ensure you have root access to the RHUA node.
- Optional: Ensure you have configured your proxy server if you plan to use one with RHUI.
Procedure
Navigate to the RHUA node and install the
rhui-installer
package.# dnf install rhui-installer
Run
rhui-installer
and specify the arguments based on your use case.To set up RHUI without a proxy server:
# rhui-installer --remote-fs-server <nfs_server>:/ --rhua-hostname <public-hostname-of-your-rhua> --cds-lb-hostname <public-hostname-of-your-cds-or-lb>
The following arguments are mandatory when using NFS.
- --remote-fs-server: The remote mountpoint for the shared file system.
- --cds-lb-hostname: The name of the load balancer that clients use to access the CDS. You must specify the name as a Fully Qualified Domain Name (FQDN).
- --rhua-hostname: The hostname of the RHUA node. You must specify the name as a Fully Qualified Domain Name (FQDN).
--rhua-mount-options (Optional): The flag to specify the options for mounting a remote shared filesystem on RHUA and CDS nodes. The default value is
rw
.To change mount options in an already running RHUI environment:
Stop Pulp services
systemctl stop pulpcore
Re-run RHUI installer and specify the new options:
--rerun --rhua-mount-options [new options]
Apply the options to all CDS nodes:
rhui-manager --noninteractive cds reinstall --all
To set up RHUI with a proxy server:
# rhui-installer --remote-fs-server <nfs_server>:/ --rhua-hostname <public-hostname-of-your-rhua> --cds-lb-hostname <public-hostname-of-your-cds-or-lb> --proxy-hostname <public-hostname-of-your-proxy-server> --proxy-port <TCP-port> --proxy-protocol <supported-protocol> --proxy-username <proxy-username> --proxy-password <proxy-password>
The following arguments are mandatory when using NFS and a proxy server.
- --remote-fs-server: The remote mountpoint for the shared file system.
- --cds-lb-hostname: The name of the load balancer that clients use to access the CDS. You must specify the name as a fully qualified domain name (FQDN).
- --rhua-hostname: The hostname of the RHUA node. You must specify the name as a fully qualified domain name (FQDN).
- --proxy-hostname: The hostname of the proxy server that the RHUA node will use to communicate with the Red Hat CDN (cdn.redhat.com:443).
- --proxy-port: The TCP port on the proxy server. Note that the Squid proxy server normally uses port 3128.
-
--proxy-protocol: The application layer protocol that the proxy server is configured to support, either
HTTP
orHTTPS
. - --proxy-username: The user name associated with the proxy server. Specify the user name only if your proxy server requires authentication.
- --proxy-password: The password to access the proxy server. Specify the password only if your proxy server requires authentication.
The rhui-installer
command sets the initial RHUI login password by default and stores it in the /etc/rhui/rhui-subscription-sync.conf
file.
If you wish to set your own password, you can override the initial password with the --rhui-manager-password
argument.
Verification
On the RHUA node, verify if you can access the RHUI Terminal User Interface (TUI).
# rhui-manager
11.3. Installing Red Hat Update Infrastructure using CephFS
Perform the following steps to install Red Hat Update Infrastructure (RHUI) on your system using repositories along with the Ceph file system (CephFS).
Prerequisites
- Ensure that your system can access the internet.
- Ensure you have root access to the RHUA node.
Enable the Ceph Tools repository on the RHUA and CDS nodes. For more information, see:
- Ensure you have configured your shared storage using CephFS, see Section 9.2, “Configuring shared storage using CephFS”.
- Optional: Ensure you have configured your proxy server if you plan to use one with RHUI.
Procedure
Navigate to the RHUA node and install the
rhui-installer
package.# dnf install rhui-installer
Create a file containing the CephFS secret key.
# echo "cephfs secretkey" > <path to file containing the CephFS secret key> # chmod 400 <path to file containing the CephFS secretkey>
Run
rhui-installer
and specify the arguments based on your use case.To set up RHUI without a proxy server:
# rhui-installer --remote-fs-server <ceph_monip>:<ceph_port>:/ --remote-fs-type ceph --cephfs-secretkey-file <ceph_secretkey_file> --cephfs-name <cephfs_name> --cephfs-username <ceph-fs-username> --rhua-hostname <public-hostname-of-your-rhua> --cds-lb-hostname <public-hostname-of-your-cds-or-lb>
The following arguments are mandatory when using CephFS.
-
--remote-fs-server: The remote mountpoint for the shared file system. The format is
<ceph_monip>:<ceph_port>
. - --cds-lb-hostname: The name of the load balancer that clients use to access the CDS. You must specify the name as a Fully Qualified Domain Name (FQDN).
- --rhua-hostname: The hostname of the RHUA node. You must specify the name as a Fully Qualified Domain Name (FQDN).
- --remote-fs-type: The type of file system to use. You must set this to Ceph.
- --cephfs-secretkey-file: The path to the file containing the CephFS secret key.
- --cephfs-name: The name of the Ceph file system.
- --cephfs-username: The username associated with the Ceph file system.
-
--remote-fs-server: The remote mountpoint for the shared file system. The format is
To set up RHUI with a proxy server:
# rhui-installer --remote-fs-server <ceph_monip>:<ceph_port>:/ --remote-fs-type ceph --cephfs-secretkey-file <ceph_secretkey_file> --cephfs-name <cephfs_name> --cephfs-username <ceph-fs-username> --rhua-hostname <public-hostname-of-your-rhua> --cds-lb-hostname <public-hostname-of-your-cds-or-lb> --proxy-hostname <public-hostname-of-your-proxy-server> --proxy-port <TCP-port> --proxy-protocol <supported-protocol> --proxy-username <proxy-username> --proxy-password <proxy-password>
The following arguments are mandatory when using CephFS and a proxy server.
-
--remote-fs-server: The remote mountpoint for the shared file system. The format is
<ceph_monip>:<ceph_port>
. - --cds-lb-hostname: The name of the load balancer that clients use to access the CDS. You must specify the name as a fully qualified domain name (FQDN).
- --rhua-hostname: The hostname of the RHUA node. You must specify the name as a fully qualified domain name (FQDN).
- --remote-fs-type: The type of file system to use. You must set this to Ceph.
- --cephfs-secretkey-file: The path to the file containing the CephFS secret key.
- --cephfs-name: The name of the Ceph file system.
- --cephfs-username: The username associated with the Ceph file system.
- --proxy-hostname: The hostname of the proxy server that the RHUA node will use to communicate with the Red Hat CDN (cdn.redhat.com:443).
- --proxy-port: The TCP port on the proxy server. Note that the Squid proxy server normally uses port 3128.
-
--proxy-protocol: The application layer protocol that the proxy server is configured to support, either
HTTP
orHTTPS
. - --proxy-username: The user name associated with the proxy server. Specify the user name only if your proxy server requires authentication.
- --proxy-password: The password to access the proxy server. Specify the password only if your proxy server requires authentication.
-
--remote-fs-server: The remote mountpoint for the shared file system. The format is
The rhui-installer
command sets the initial RHUI login password by default and stores it in the /etc/rhui/rhui-subscription-sync.conf
file.
If you wish to set your own password, you can override the initial password with the --rhui-manager-password
argument.
Verification
On the RHUA node, verify if you can access the RHUI Terminal User Interface (TUI).
# rhui-manager