-
Language:
English
-
Language:
English
Chapter 6. Install Red Hat Update Infrastructure
The following sections describe how to install Red Hat Update Infrastructure.
6.1. Generate an RSA Key Pair
It is necessary to generate the RSA key pair on the Red Hat Update Appliance (RHUA) node and copy the public key to content delivery server (CDS) and HAProxy nodes so rhui-manager
can set up the CDS and HAProxy nodes.
6.1.1. RSA Key Pair for Version 2 of the SSH Protocol
Follow these steps to generate an RSA key pair for version 2 of the SSH protocol.
Generate an RSA key pair.
[USER@rhua ~]$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/USER/.ssh/id_rsa):
-
Press
Enter
to confirm the default location,~/.ssh/id_rsa
, for the newly created key. Leave the passphrase field blank. The CDS installation and registration will fail if a passphrase is provided while generating the key pair.
Your identification has been saved in /home/USER/.ssh/id_rsa. Your public key has been saved in /home/USER/.ssh/id_rsa.pub. The key fingerprint is: e7:97:c7:e2:0e:f9:0e:fc:c4:d7:cb:e5:31:11:92:14 USER@rhua.example.com The key's randomart image is: +--[ RSA 2048]----+ | E. | | . . | | o . | | . .| | S . . | | + o o ..| | * * +oo| | O +..=| | o* o.| +-----------------+
By default, the permissions of the
~/.ssh/
directory are set to rwx------ or 700 expressed in octal notation. This is to ensure that only <$USER> can view the contents. If required, this can be confirmed with the following command.[USER@rhua ~]$ ls -ld ~/.ssh drwx------. 2 USER USER 54 Nov 25 16:56 /home/USER/.ssh/
Copy the public key to the HAProxy and CDS nodes.
[USER@rhua ~]$ ssh-copy-id user@<haproxy1> [USER@rhua ~]$ ssh-copy-id user@<cds1> [USER@rhua ~]$ ssh-copy-id user@<cds2>
This command copies the most recently modified
~/.ssh/id*.pub
public key if it is not yet installed. Alternatively, specify the public key’s file name.[USER@rhua ~]$ ssh-copy-id -i ~/.ssh/id_rsa.pub user@hostname
This command copies the content of
~/.ssh/id_rsa.pub
into the~/.ssh/authorized_keys
file on the machine to which you want to connect. If the file already exists, the keys are appended to its end.
6.1.2. ECDSA Key Pair for Version 2 of the SSH Protocol
Follow these steps to generate an ECDSA key pair for version 2 of the SSH protocol.
Generate an ECDSA key pair.
[USER@rhua ~]$ ssh-keygen -t ecdsa Generating public/private ecdsa key pair. Enter file in which to save the key (/home/USER/.ssh/id_ecdsa):
-
Press
Enter
to confirm the default location,~/.ssh/id_ecdsa
, for the newly created key. Leave the passphrase field blank. The CDS installation and registration will fail if a passphrase is provided while generating the key pair.
[USER@rhua ~]$ Your identification has been saved in /home/USER/.ssh/id_ecdsa. Your public key has been saved in /home/USER/.ssh/id_ecdsa.pub. The key fingerprint is: fd:1d:ca:10:52:96:21:43:7e:bd:4c:fc:5b:35:6b:63 USER@rhua.example.com The key's randomart image is: +--[ECDSA 256]---+ | .+ +o | | . =.o | | o o + ..| | + + o +| | S o o oE.| | + oo+.| | + o | | | | | +-----------------+
By default, the permissions of the
~/.ssh/
directory are set torwx------
or700
expressed in octal notation. This is to ensure that only <$USER> can view the contents. If required, this can be confirmed.[USER@rhua ~]$ ls -ld ~/.ssh drwx------. 2 USER USER 54 Nov 25 16:56 /home/USER/.ssh/
Copy the public key to the HAProxy and CDS nodes.
[USER@rhua ~]$ ssh-copy-id user@<haproxy1> [USER@rhua ~]$ ssh-copy-id user@<cds1> [USER@rhua ~]$ ssh-copy-id user@<cds2>
This command copies the most recently modified
~/.ssh/id*.pub
public key if it is not yet installed. Alternatively, specify the public key’s file name.[USER@rhua ~]$ ssh-copy-id -i ~/.ssh/id_ecdsa.pub USER@hostname
This command copies the content of
~/.ssh/id_ecdsa.pub
into the~/.ssh/authorized_keys
on the machine to which you want to connect. If the file already exists, the keys are appended to its end.
6.2. Apply Updates
- Before installing Red Hat Update Appliance (RHUA) packages, apply any available operating system updates to all nodes (RHUA, content delivery server [CDS], and HAProxy) and reboot.
Verify that all configuration changes have persisted.
WarningMake sure the host name of the RHUA is set correctly. If the host name is unset and its value is reported as
localhost.localdomain
orlocalhost
, you will not be able to proceed.
6.3. Mount Red Hat Update Infrastructure ISO
This section is optional and can be skipped if you are using a subscription to install Red Hat Update Infrastructure 3.0.
To install the RHUI packages on the RHUA node, CDS nodes, and HAProxy nodes, mount the ISO to a suitable directory (or burn the ISO to a CD, insert the CD, and mount the ISO), and enter the mount point.
6.4. Run the setup_package_repos Script
This section is optional and can be skipped if you are using a subscription to install Red Hat Update Infrastructure 3.0.
The setup_package_repos script is provided in the root directory of the RHUI ISO image.
The setup_package_repos script creates a Yum configuration entry that requires the RHUI packages to be signed with the Red Hat Release key.
Perform the following step on the RHUA node, CDS nodes, and HAProxy nodes to install the RHUI packages.
Execute the script from the mount point for the applicable system component.
[root@rhua ~]# ./setup_package_repos [root@<cds1> ~]# ./setup_package_repos [root@<haproxy1> ~]# ./setup_package_repos
6.5. Install the rhui-installer Script
Install the rhui-installer script.
[root@rhua ~]# yum install -y rhui-installer
This script will install the RHUI packages on the current machine. - Ensuring we are in an expected directory. - Copying installation files. - Creating a Repository File - Importing the gpg key. - Installation repository will remain configured for future package installs. - Installation media can now be safely unmounted. Installation packages are now available on this system. If you are installing a RHUA, please run yum install -y rhui-installer; rhui-installer. If you are installing a CDS, please log into the RHUA and run rhui-manager to begin the installation. Do not run rhui-installer to install a CDS.
6.6. Run the rhui-installer
The rhui-installer sets the initial Red Hat Update Infrastructure login password and displays it in its output. It is also written in the /etc/rhui-installer/answers.yaml file. You can override the initial password with the --rhui-manager-password
option. If you want to change the initial password later, you can only change it via the rhui-manager tool. Run the rhui-installer --help
command to see the full list of rhui-installer options.
Run
rhui-installer
on the RHUA.[root@rhua ~]# rhui-installer --remote-fs-type=glusterfs --remote-fs-server=cds1.example.com:rhui_content_0 --cds-lb-hostname=cds.example.com Installing Done [100%] [..............................................................................] Success! The initial credentials are admin / <system-generated password> Re-running the installer will not update your password. The full log is at /var/log/kafo/configuration.log
Following are explanations of the command arguments.
-
--remote-fs-type=glusterfs
means the remote file system type is GlusterFS. -
--remote-fs-server=cds1.example.com
means the name of the remote file system server is cds1.example.com -
rhui_content_0
means the name of the GlusterFS volume on cds1.example.com --cds-lb-hostname=cds.example.com
means the name of the load balancer on cds1.example.com is cds.example.com.NoteDuring installation, the cds-lb-hostname option is not included and prepopulates from the answers file provided with the rhui-installer RPM. The host name is preset in the answers file to cds.example.com, and certificates are created for the RHUI environment with this cds-lb-hostname included. See the procedure in Chapter 19, Migrate to a New Load Balancer, or Change the Name of an Existing Load Balancer for details on changing the name of a load balancer.
If using NFS, the rhui-installer command line is different. Instead of
--remote-fs-type=glusterfs --remote-fs-server=cds1.example.com:rhui_content_0
specify the NFS server name and the exported directory, joined by the colon sign, as the parameter of the
--remote-fs-server
option. For example:--remote-fs-server=filer.example.com:/export
-
Verify that the remote share is mounted.
[root@rhua ~]# mount | grep rhui cds1.example.com:rhui_content_0 on /var/lib/rhui/remote_share type fuse.glusterfs (rw,relatime,user_id=0,group_id=0,default_permissions,allow_other,max_read=131072)
6.7. Change the Initial Password
Rerunning the rhui-installer will not update the rhui-manager login password.
Navigate to the Red Hat Update Infrastructure Management Tool home screen.
[root@rhua ~]# rhui-manager Previous authentication credentials could not be found. Logging into the RHUI. If this is the first time using the RHUI, it is recommended to change the user's password in the User Management section of RHUI Tools.
-
Enter the RHUI Username (admin) and RHUI Password (provided by the rhui-installer output). The initial password is also stored in
/etc/rhui-installer/answers.yaml
. After successfully logging in for the first time, you should change the password. Press
u
on the Red Hat Update Infrastructure Management Tool home screen to select manage RHUI users.-= Red Hat Update Infrastructure Management Tool =- -= Home =- r manage repositories c manage content delivery servers (CDS) l manage HAProxy load-balancer instances s synchronization status and scheduling e create entitlement certificates and client configuration RPMs n manage Red Hat entitlement certificates sm manage Red Hat subscriptions u manage RHUI users Connected: rhua.example.com
Press
p
to select p change a user’s password (followed by logout).------------------------------------------------------------------------------ = Red Hat Update Infrastructure Management Tool = = User Manager = p change a user's password (followed by logout) Connected: rhua.example.com ------------------------------------------------------------------------------ rhui (users) => p Warning: After password change you will be logged out. Use ctrl-c to cancel password change. Username: admin
Enter the new password and press
Enter
. Re-enter the new password and pressEnter
.New Password: Re-enter Password: Password successfully updated. ------------------------------------------------------------------------------
6.8. Register a Red Hat Subscription in RHUI
Navigate to the Red Hat Update Infrastructure Management Tool home screen.
[root@rhua ~]# rhui-manager
Press
sm
to select manage Red Hat subscriptions.-= Red Hat Update Infrastructure Management Tool =- -= Home =- r manage repositories c manage content delivery servers (CDS) l manage HAProxy load-balancer instances s synchronization status and scheduling e create entitlement certificates and client configuration RPMs n manage Red Hat entitlement certificates sm manage Red Hat subscriptions u manage RHUI users Connected: rhua.example.com
Type
r
to select register a Red Hat subscription in RHUI.-= Red Hat Update Infrastructure Management Tool =- -= Subscriptions Manager =- l list registered Red Hat subscriptions a list available Red Hat subscriptions r register a Red Hat subscription in RHUI d unregister a Red Hat subscription in RHUI Connected: rhua.example.com
-
Register the subscriptions by entering the number beside each subscription that you want to include, or enter
a
to select all of them. -
Press
c
when your are finished selecting the subscriptions. The Red Hat Update Infrastructure Management Tool displays the subscriptions to be registered and prompts for confirmation. -
Press
y
to proceed. A screen message indicates each successful registration. -
Check that the correct subscriptions have been registered by pressing
l
to access the list registered Red Hat subscriptions screen.