Red Hat SummitChapter 2. Technical configuration required for installing RHUI
Before you install Red Hat Update Infrastructure (RHUI), you must configure your system and components as follows.
Complete the initial stages of the Red Hat Certified Cloud and Service Provider (CCSP) certification:
- Virtualization, image creation, and instance provisioning technologies, tools, and processes.
- Proposed process for measuring and reporting consumption of Red Hat software.
- Proposed process for notifying customers of errata updates to Red Hat software.
- Proposed process for making images that include Red Hat software available to customers, including image lifecycle management and retiring outdated images.
For more information, see Product Documentation for Red Hat Certified Cloud and Service Provider Certification Browse Knowledgebase.
Self-signed certificates are typically used for RHUI deployment. However, If you wish to use SSL certificates signed by a third-party certificate authority, you must ensure that they are obtained by the client and reviewed by Red Hat.
NoteYou can use the Red Hat consultant to assist with the development of self-signed certificates. This will not affect the user experience of the client’s customers.
- Ensure that the client will provide systems, virtual machines, or tenant instances for installation of all Red Hat Update Appliances (RHUAs), external load balancers, and content delivery servers (CDSs).
- Make sure access to RHEL 8 is available, either by ISO or by subscription.
Ensure that you have one RHUA node with the following configuration:
-
RHEL 8 or greater with
Minimal Installation - SELinux is enabled
An x86_64 processor with cores equivalent to or greater than 4 cores of Intel Xeon 2 GHz
NoteYou must increase the number of cores to 8 if you wish to provide more than 100 repositories with multiple major RHEL releases.
8 GB memory
NoteYou must increase the minimum memory to 16 GB if you wish to provide more than 100 repositories with multiple major RHEL releases.
- A 50 GB disk
A 50 GB disk dedicated for PostgresSQL and mounted to
/var/lib/pgsql.NoteYou must increase the disk capacity to at least 100 GB if you wish to provide more than 100 repositories with multiple major RHEL releases.
-
RHEL 8 or greater with
Ensure that you have one HAProxy node with the following configuration:
-
RHEL 8 or greater with
Minimal installation - SELinux is enabled
An x86_64 processor with cores equivalent to or greater than 2 cores of Intel Xeon 2 GHz
NoteYou must increase the number of cores to 4 if you wish to provide more than 100 repositories with multiple major RHEL releases.
4 GB memory
NoteYou must increase the minimum memory to 8 GB if you wish to provide more than 100 repositories with multiple major RHEL releases.
- A 50 GB disk
-
RHEL 8 or greater with
Ensure that you have at least two CDS nodes (physical or virtual) with the following recommended configuration:
-
RHEL 8 or greater with
Minimal installation - SELinux is enabled
An x86_64 processor with cores equivalent to or greater than 4 cores of Intel Xeon 2GHz
NoteYou must increase the number of cores to 8 if you wish to provide more than 100 repositories with multiple major RHEL releases.
- 8 GB memory
- A 100 GB disk per major RHEL release
-
RHEL 8 or greater with
Ensure that image certification is performed on RHEL guest templates as provided:
- A minimum 10 GB disk for the operating system
-
iptablesis enabled - SELinux is enabled
- If password authentication is enabled, you must use the strongest possible hash
- Default logging is enabled
Ensure that the client’s network is properly configured as follows:
- IP addresses must be allocated for all RHUAs, CDSs, and external load balancers (if any).
- DNS records (forward and reverse) have been created for all IP addresses, for example, rhua.company.com, cds1.company.com, cds2.company.com, and certs.company.com.
- If your server has multiple network interface cards (NICs), the fully qualified domain name (FQDN) of the RHUA and the CDSs must be resolved to the IP of the NIC that is used to communicate between the RHUA and the CDSs.
-
RHUI uses DNS to reach the CDN. In most cases, your instance should be preconfigured to talk to the proper DNS servers hosted as part of the cloud’s infrastructure. If you run your own DNS servers or update your client DNS configuration, there is a chance you will see errors similar to
yum Could not contact any CDS load balancers. In these cases, check that your DNS server is forwarding to the cloud’s DNS servers for the request or that your DNS client is configured to fall back to the cloud’s DNS server for name resolution. -
Using more than one HAProxy node requires a round-robin DNS entry for the host name used as the value of the
--cds-lb-hostnameparameter when rhui-installer is run (cds.example.com in this guide) that resolves to the IP addresses of all HAProxy nodes. How to Configure DNS Round Robin presents one way to configure a round-robin DNS. In the context of RHUI, these will be the IP addresses of the HAProxy nodes, and they are to be mapped to the host name specified as --cds-lb-hostname while calling rhui-installer. See HAProxy Configuration for more information.
Ensure that all required network ports are open.
Table 2.1. List of ports and their usage Connection Port Usage RHUA to CDSs
22/TCP
SSH configuration and access
RHUA to HAProxy servers
22/TCP
SSH configuration and access
Clients to CDS or HAProxy
443/TCP
Access to content
HAProxy to CDS
443/TCP
Load balancing
NFS ports
2049/TCP
File system
CDSs to RHUA
443/TCP
Retrieve content that has not been symlinked
- Ensure that the network proxy settings between RHUA and the Red Hat CDN are configured appropriately.
-
Ensure that the network proxy settings between the CDSs and the clients via
yum.confare configured appropriately. - Ensure a round-robin DNS entry is used if more than one HAProxy node is used.
