Chapter 3. Technical configuration required for installing RHUI

Before you install Red Hat Update Infrastructure (RHUI), you must configure your system and components as follows.

  • Complete the initial stages of the Red Hat Certified Cloud and Service Provider (CCSP) certification:

    • Virtualization, image creation, and instance provisioning technologies, tools, and processes.
    • Proposed process for measuring and reporting consumption of Red Hat software.
    • Proposed process for notifying customers of errata updates to Red Hat software.
    • Proposed process for making images that include Red Hat software available to customers, including image life cycle management and retiring outdated images.

    For more information, see Product Documentation for Red Hat Certified Cloud and Service Provider Certification Browse Knowledgebase.

  • Self-signed certificates are typically used for RHUI deployment. However, If you wish to use SSL certificates signed by a third-party certificate authority, you must ensure that they are obtained by the client and reviewed by Red Hat.

    Note

    You can use the Red Hat consultant to assist with the development of self-signed certificates. This will not affect the user experience of the client’s customers.

  • Ensure that the client will provide systems, virtual machines, or tenant instances for installation of all Red Hat Update Appliances (RHUAs), external load balancers, and content delivery servers (CDSs).
  • Make sure you have the latest version of Red Hat Enterprise Linux (RHEL) 8 available, either as an ISO or as a subscription.

  • Ensure that you have one RHUA node with the following configuration:

    • Latest version of RHEL 8 with Minimal Installation
    • SELinux is enabled

    • An x86_64 processor with cores equivalent to or greater than 4 cores of Intel Xeon 2 GHz

      Note

      You must increase the number of cores to 8 if you wish to provide more than 100 repositories with multiple major RHEL releases.

    • 8 GB memory

      Note

      You must increase the minimum memory to 16 GB if you wish to provide more than 100 repositories with multiple major RHEL releases.

    • A 20 GB disk for the operating system

    • A 50 GB disk dedicated for PostgresSQL and mounted to /var/lib/pgsql.

      Note

      You must increase the disk capacity to at least 100 GB if you wish to provide more than 100 repositories with multiple major RHEL releases.

      For even larger installations, of 500 or more repositories, you must also scale the database storage.

  • Ensure that you have one HAProxy node with the following configuration:

    • Latest version of RHEL 8 with Minimal Installation
    • SELinux is enabled

    • An x86_64 processor with cores equivalent to or greater than 2 cores of Intel Xeon 2 GHz

      Note

      You must increase the number of cores to 4 if you wish to provide more than 100 repositories with multiple major RHEL releases.

    • 4 GB memory

      Note

      You must increase the minimum memory to 8 GB if you wish to provide more than 100 repositories with multiple major RHEL releases.

    • A 20 GB disk for the operating system

  • Ensure that you have at least two CDS nodes (physical or virtual) with the following recommended configuration:

    • Latest version of RHEL 8 with Minimal Installation
    • SELinux is enabled

    • An x86_64 processor with cores equivalent to or greater than 4 cores of Intel Xeon 2GHz

      Note

      You must increase the number of cores to 8 if you wish to provide more than 100 repositories with multiple major RHEL releases.

    • 8 GB memory
    • A 50 GB disk with default Nginx log rotation

  • Ensure that image certification is performed on RHEL guest templates as provided:

    • A minimum 10 GB disk for the operating system
    • iptables is enabled
    • SELinux is enabled
    • If password authentication is enabled, you must use the strongest possible hash
    • Default logging is enabled

  • Ensure that the client’s network is properly configured as follows:

    • IP addresses must be allocated for all RHUAs, CDSs, and external load balancers (if any).
    • DNS records (forward and reverse) or /etc/hosts entries have been created for all IP addresses. For example, rhua.example.com, cds1.example.com, cds2.example.com, and rhui-lb.example.com.
    • If your server has multiple network interface cards (NICs), the fully qualified domain name (FQDN) of the RHUA and the CDSs must be resolved to the IP of the NIC that is used to communicate between the RHUA and the CDSs.
    • RHUI uses DNS to reach the CDN. In most cases, your instance should be preconfigured to talk to the proper DNS servers hosted as part of the cloud’s infrastructure. If you run your own DNS servers or update your client DNS configuration, there is a chance you will see errors similar to yum Could not contact any CDS load balancers. In these cases, check that your DNS server is forwarding to the cloud’s DNS servers for the request or that your DNS client is configured to fall back to the cloud’s DNS server for name resolution.
    • Using more than one HAProxy node requires a round-robin DNS entry for the host name used as the value of the --cds-lb-hostname parameter when rhui-installer is run (cds.example.com in this guide) that resolves to the IP addresses of all HAProxy nodes. How to Configure DNS Round Robin presents one way to configure a round-robin DNS. In the context of RHUI, these will be the IP addresses of the HAProxy nodes, and they are to be mapped to the host name specified as --cds-lb-hostname while calling rhui-installer. See HAProxy Configuration for more information.

  • Ensure that all required network ports are open and that network access is restricted to only the nodes that you plan to use.

    Table 3.1. List of ports and their usage

    ConnectionPortUsage

    RHUA to CDS

    22/TCP

    SSH configuration and access

    RHUA to HAProxy servers

    22/TCP

    SSH configuration and access

    Clients to HAProxy

    443/TCP

    Access to content

    HAProxy to CDS

    443/TCP

    Load balancing

    NFS ports open for CDS and RHUA

    2049/TCP

    File system

    CDS to RHUA

    443/TCP

    Retrieve content that has not been symlinked

  • Ensure that the network proxy settings between RHUA and the Red Hat CDN are configured appropriately.
  • Ensure that the network proxy settings between the CDSs and the clients via yum.conf are configured appropriately.
  • Ensure a round-robin DNS entry is used if more than one HAProxy node is used.