Chapter 3. Prerequisites for Installing Red Hat Update Infrastructure
The cloud provider provides the following technical prerequisites:
completion of the initial stages of the Red Hat Certified Cloud & Service Provider (CCSP) certification, including review of the client’s :
- virtualization, image creation, and instance provisioning technologies, tools, and processes.
- proposed process for measuring and reporting consumption of Red Hat software.
- proposed process for notifying customers of errata updates to Red Hat software.
proposed process for making images that include Red Hat software available to customers, including image life-cycle management and retiring outdated images.
See Product Documentation for Red Hat Certified Cloud and Service Provider Certification Browse Knowledgebase for more information.
Self-signed certificates are typically used for Red Hat Update Infrastructure (RHUI) deployment. If SSL certificates signed by a third-party certificate authority will be used, they have been obtained by the client and reviewed by Red Hat.
NoteThe Red Hat Consultant can assist with the development of self-signed certificates, and their use will not affect the user experience of the client’s customers.
- The client will provide systems, virtual machines, or tenant instances for installation of all Red Hat Update Appliances (RHUAs), external load balancers, and content delivery servers (CDSs), configured as described below.
- Make sure access to RHEL 7 and the RHUI bits (by ISO or subscription) are available.
A minimal RHUI installation includes four required servers: one RHUA, one load balancer, and two CDSs (physical or virtual) configured as follows:
- Red Hat Enterprise Linux (RHEL) 6.7 or greater with Minimal installation recommended
- SELinux on
- Two CPUs, AMD64 processor architecture
- 4 GB memory minimum
- 10 GB disk for operating system
- 50 GB disk per major RHEL release
- Each CDS node with a 500 GB local block device dedicated to the GlusterFS brick (if Gluster Storage is used)
Certification generation using openssl requires one server, new or existing, configured as follows:
- RHEL 6.7 or greater with Minimal installation recommended
- SELinux enabled
- Two CPUs, AMD64 processor architecture
- 2 GB memory
- 6 GB disk for operating system
Image certification is performed on RHEL guest templates as provided, typically one RHEL 6 guest and one RHEL 7 guest.
- Minimum 10 GB disk for operating system
- iptables on
- SELinux enabled
- If password authentication is on, must use strongest possible hash
- Default logging on
The client’s network must be properly configured for the RHUI.
- IP addresses must be allocated for all RHUAs, CDSs, and external load balancers (if any).
DNS records (forward and reverse) have been created for all IP addresses. Example: rhua.company.com, cds1.company.com, cds2.company.com, and certs.company.com
NoteIf the server has multiple network interface cards (NICs), the fully qualified domain name of the RHUA and the CDSs must be resolved to the IP of the NIC that is used to communicate between the RHUA and the CDSs.
RHUI uses DNS to reach the CDN. In most cases, your instance should be preconfigured to talk to the proper DNS servers hosted as part of the cloud’s infrastructure. If you run your own DNS servers or update your client DNS configuration, there is a chance you will see errors similar to yum Could not contact any CDS load balancers. In these cases, check that your DNS server is forwarding to the cloud’s DNS servers for the request or that your DNS client is configured to fall back to the cloud’s DNS server for name resolution.
Using more than one HAProxy node requires a round-robin DNS entry for the host name used as the value of the --cds-lb-hostname parameter when rhui-installer is run (cds.example.com in this guide) that resolves to the IP addresses of all HAProxy nodes. This Knowledgebase solution presents one way to configure a round-robin DNS. In the context of RHUI, these will be the IP addresses of the HAProxy nodes, and they are to be mapped to the host name specified as --cds-lb-hostname while calling rhui-installer.
See HAProxy Configuration for more information.
Red Hat Enterprise Linux 7 uses firewalld for port manipulation, whereas Red Hat Enterprise Linux 6 uses iptables.
All required network ports are open.
Table 3.1. Required Network Port Settings Connection Port Usage RHUA to cdn.redhat.com
443/TCP
Content Delivery
RHUA to CDSs
22/TCP
Initial SSH configuration
RHUA to HAProxy servers
22/TCP
Initial SSH configuration
CDS to RHUA
8140/TCP
Puppet
HAProxy to RHUA
8140/TCP
Puppet
Clients to CDS or HAProxy
443/TCP
Clients to CDS or HAProxy
5000/TCP
Docker
HAProxy to CDS
443/TCP
Load balancing
HAProxy to CDS
5000/TCP
Docker load balancing
GlusterFS ports
24007/TCP, 49152-4/TCP
Storage
NFS ports
2049/TCP
File system
- Network proxy settings between RHUA and the Red Hat CDN are configured appropriately.
- Network proxy settings between the CDSs and the clients via yum.conf are configured appropriately.
- A round-robin DNS entry if more than one HAProxy node is used
