Red Hat SummitMigrating Red Hat Update Infrastructure
Migrating to Red Hat Update Infrastructure 4 and upgrading to the latest version of Red Hat Update Infrastructure
Abstract
Making open source more inclusive
Red Hat is committed to replacing problematic language in our code, documentation, and web properties. We are beginning with these four terms: master, slave, blacklist, and whitelist. Because of the enormity of this endeavor, these changes will be implemented gradually over several upcoming releases. For more details, see our CTO Chris Wright’s message.
Chapter 1. Migrating Red Hat Update Infrastructure
After you have installed Red Hat Update Infrastructure (RHUI) 4, it is possible to migrate your existing repositories from RHUI 3 to RHUI 4.
Migration enables RHUI 3 repositories on your RHUI 4 machine. However, it does not migrate the RPM contents or the RPM data. You must re-synchronize these repositories automatically or manually after the migration is complete.
Before you begin the migration process, note the following recommendations and limitations:
- You cannot upgrade directly from RHUI 3 to RHUI 4. You must install RHUI 4 alongside your current RHUI 3 installation. You can then synchronize the RHUI 3 repositories on RHUI 4 using the same CA certificate from RHUI 3. This also ensures that old clients are able to access content from RHUI 4. Finally, you can change the RHUI 3 load balancer to point to the RHUI 4 CDS nodes.
- You cannot use LEAPP to upgrade from RHUI 3 to RHUI 4. You must set up RHUI 4 alongside RHUI 3 and then migrate the RHUI data.
- With RHUI 4, you can use any version of a load balancer, before and after migration. For example, you can use a RHEL 7 version of an HAProxy node from RHUI 3 with a RHUI 4 instance instead of a RHEL 8 version from RHUI 4.
To route to two different instances of RHUI, for example a RHUI 3 instance and a RHUI 4 instance, from one address or load balancer, you must set up a RHUI 4 instance so that it can take over all the content from the old RHUI 3 instance.
However, a configuration where you run both RHUI3 and RHUI4 instances using a single address or a load balancer is not recommended. You can encounter a number of problems ranging from SSL certificate conflicts to repository path changes in between requests.
1.1. Overview of Red Hat Update Infrastructure migration
Migration uses the rhui-manager utility, available in your Red Hat Update Infrastructure (RHUI) 4 installation, to transfer your repositories from RHUI 3 to RHUI 4. You must install RHUI 4 before migrating your repositories.
The rhui-manager utility uses the sub-command migration and the following mandatory arguments:
-
--hostname- The hostname of the remote RHUI 3 RHUA node -
--password- The rhui-manager password of the remote RHUI 3 RHUA node
You must add the public part of an SSH key pair for the current user on the RHUI 4 machine to the .ssh/authorized_keys file on the RHUI 3 machine.
Although a default path is provided, it is likely that the path to your keyfile may not match the provided default. You may have to add the following argument to your migration command:
-
--keyfile_path- The path to the SSH private key on the RHUI 4 machine. The default path is/root/.ssh/id_rsa_rhua.
1.2. Migrating repositories from RHUI 3 to RHUI 4
The following procedure explains how to migrate your RHUI 3 repositories to RHUI 4.
Prerequisites
- Ensure that RHUI 4 is installed on your destination machine. For more information, see Installing Red Hat Update Infrastructure.
- Ensure that you have the necessary credentials to access your RHUI 3 machine.
Ensure that a RHUI entitlement certificate is available on your RHUI 4 machine. In case it is not, run the following command to add the certificate:
rhui-subscription-sync
# rhui-subscription-syncCopy to Clipboard Copied! Toggle word wrap Toggle overflow Optional: Ensure that you have cached the repository information to speed up the migration. You can do so using the following command:
rhui-manager repo unused
# rhui-manager repo unusedCopy to Clipboard Copied! Toggle word wrap Toggle overflow
Procedure
On your RHUI 4 machine, use the
rhui-managerutility to begin the migration:rhui-manager migrate --hostname my-rhui3-rhua.example.com --password <your_password> --keyfile_path ~/.ssh/id_rsa_rhua
# rhui-manager migrate --hostname my-rhui3-rhua.example.com --password <your_password> --keyfile_path ~/.ssh/id_rsa_rhuaCopy to Clipboard Copied! Toggle word wrap Toggle overflow If the migration fails with an error similar to the following, a conflict has occurred between the repositories that you are trying to migrate and those that already exist on your RHUI 4 machine.
ERROR: Configured repos detected. Use --force to ignore. Exiting
ERROR: Configured repos detected. Use --force to ignore. ExitingCopy to Clipboard Copied! Toggle word wrap Toggle overflow To fix this, use the
--forceargument to run the migration.NoteUsing the
--forceargument deletes and recreates any repositories whose IDs match the RHUI 3 repository IDs.rhui-manager migrate --hostname my-rhui3-rhua.example.com --password <your_password> --keyfile_path ~/.ssh/id_rsa_rhua --force
# rhui-manager migrate --hostname my-rhui3-rhua.example.com --password <your_password> --keyfile_path ~/.ssh/id_rsa_rhua --forceCopy to Clipboard Copied! Toggle word wrap Toggle overflow Optional: If custom repositories were migrated, you need to manually upload the RPM content to them.
For detailed instructions on how to do so, see the
upload_rpms_document.txtfile located in the/root/.rhui/migration/directory.
Verification
Run the following command and verify whether the RHUI 3 repositories are now available on your RHUI 4 machine:
rhui-manager repo list
# rhui-manager repo listCopy to Clipboard Copied! Toggle word wrap Toggle overflow
1.3. Migrating client RPMs from RHUI 3 to RHUI 4
After you upgrade to RHUI 4, you might want to keep using your RHUI 3 client RPMs. You can do so by migrating the RHUI 3 certificate authority (CA) to your RHUI 4 system and and configuring RHUI 4 to use the CA.
Prerequisites
- Ensure that you have the necessary credentials to access your RHUI 3 machine.
Procedure
Copy the CA certificate and CA key from RHUI 3 to RHUI 4.
-
The certificate,
rhui-default-ca.crt, is located in the/etc/pki/rhui/certs/directory. -
The key,
rhui-default-ca.key, is located in the/etc/pki/rhui/private/directory.
-
The certificate,
On the RHUA node, rerun
rhui-installerand specify the CA copied from the RHUI 3 installation.rhui-installer --rerun --remote-fs-server <address> --rhua-hostname <RHUA hostname> --cds-lb-hostname <HAProxy hostname> --user-supplied-rhui-ca-crt rhui-default-ca.crt --user-supplied-rhui-ca-key rhui-default-ca.key
# rhui-installer --rerun --remote-fs-server <address> --rhua-hostname <RHUA hostname> --cds-lb-hostname <HAProxy hostname> --user-supplied-rhui-ca-crt rhui-default-ca.crt --user-supplied-rhui-ca-key rhui-default-ca.keyCopy to Clipboard Copied! Toggle word wrap Toggle overflow - --remote-fs-server: The remote mountpoint for the shared file system.
- --rhua-hostname: The hostname of the RHUA node. You must specify the name as a Fully Qualified Domain Name (FQDN).
- --cds-lb-hostname: The name of the load balancer that clients use to access the CDS. You must specify the name as a Fully Qualified Domain Name (FQDN).
- --user-supplied-rhui-ca-crt rhui-default-ca.crt: The CA certificate copied from the RHUI 3 installation.
--user-supplied—rhui-ca-key rhui-default-ca.key: The CA key copied from the RHUI 3 installation.
NoteYou can use the RHUI 3 HAProxy if it is configured to use the new RHUI 4 CDS nodes. Or, you can use a new RHUI 4 HAProxy by updating the DNS so that the RHUI 3 HAProxy hostname points to the new HAProxy.
Chapter 2. Upgrading Red Hat Update Infrastructure
Red Hat Update Infrastructure (RHUI) is periodically upgraded to introduce bug fixes, enhancements, and fix common vulnerabilities and exposures.
Red Hat recommends keeping your installation up to date by applying the latest RHUI updates when they are released.
2.1. Updating Red Hat Update Infrastructure
To update your instance of Red Hat Update Infrastructure (RHUI) to the latest version, you must take the following steps.
Prerequisites
- Root access to the RHUA node.
- All of your RHUI nodes are subscribed and are using the correct repositories as desribed in Installing Red Hat Update Infrastructure.
- Repository synchronization tasks are scheduled to run after the update is complete. Tasks that run while the update is in progress might be aborted. For more information see Known Issues.
The rhui-installer supports upgrading the version of PostgreSQL. Before doing that it is important to back up your PostgreSQL database.
How to back up your PostgreSQL database is described in Chapter 12. Backing up and restoring Red Hat Update Infrastructure of the Configuring and Managing Red Hat Update Infrastructure documentation.
Do not attempt to keep the RHUA node up to date by simply applying all available package updates. Doing so may break the RHUA. Updating the RHUA must be performed exclusively by following the procedure below.
If you only want to apply OS updates and exclude any RHUI package updates, exclude the RHUI repository in your update transaction. For example, on the command line, run the following command:
dnf --disablerepo=rhui-4-for-rhel-8-x86_64-rpms update
# dnf --disablerepo=rhui-4-for-rhel-8-x86_64-rpms updateYou may need to reboot the system or restart RHUI services after this transaction.
To keep the CDS nodes up to date, it is not sufficient to apply available package updates on them. Because various configurations are modified in many RHUI versions, it is necessary to reapply the configurations by following the procedure below.
Procedure
On the RHUA node, update RHUI Installer.
dnf update rhui-installer
# dnf update rhui-installerCopy to Clipboard Copied! Toggle word wrap Toggle overflow Run RHUI Installer:
- If you are updating from RHUI 4.10 and you have already started using the on_demand synchronization policy, copy the relevant part of the configuration to the custom configuration file as described in Preserving Custom Configuration After RHUI Upgrade.
Run the
rhui-installercommand as follows:If you are updating from RHUI 4.1.0 or older, you must specify your custom RHUI CA along with the
rerunoption:rhui-installer --rerun --user-supplied-rhui-ca-crt <custom_RHUI_CA.crt> --user-supplied-rhui-ca-key <custom_RHUI_CA_key>
# rhui-installer --rerun --user-supplied-rhui-ca-crt <custom_RHUI_CA.crt> --user-supplied-rhui-ca-key <custom_RHUI_CA_key>Copy to Clipboard Copied! Toggle word wrap Toggle overflow If you are updating from RHUI 4.1.1 or newer, run RHUI Installer with just the
rerunoption:rhui-installer --rerun
# rhui-installer --rerunCopy to Clipboard Copied! Toggle word wrap Toggle overflow If you are updating the version of PostgreSQL from 12 to 15 you must specify this using the --postgresql-version option along with the
rerunoption:rhui-installer --postgresql-version 15 --rerun
# rhui-installer --postgresql-version 15 --rerunCopy to Clipboard Copied! Toggle word wrap Toggle overflow
Optional: In some environments,
rhui-installerfails to rerun and displays the following error instead:There have been identified artifacts with forbidden checksum md5. Run pulpcore-manager handle-artifact-checksums first to unset forbidden checksums.
There have been identified artifacts with forbidden checksum md5. Run pulpcore-manager handle-artifact-checksums first to unset forbidden checksums.Copy to Clipboard Copied! Toggle word wrap Toggle overflow To fix this error:
Run the following command on the RHUA node:
env PULP_SETTINGS=/etc/pulp/settings.py pulpcore-manager handle-artifact-checksums
# env PULP_SETTINGS=/etc/pulp/settings.py pulpcore-manager handle-artifact-checksumsCopy to Clipboard Copied! Toggle word wrap Toggle overflow -
Run
rhui-installerwith thererunoption.
Check if the
rhui-installerinstalled updated packages.By default the
rhui-installerwill install any available RHEL package updates. RHUA must be rebooted if any package has been updated that requires rebooting. The command to check this is:needs-restarting -r
# needs-restarting -rCopy to Clipboard Copied! Toggle word wrap Toggle overflow NoteThis command is part of the
yum-utilspackage, which must be installed on the RHUA for the command to be available.To apply updated templates and playbooks, reinstall all of the CDS nodes.
This will also install any available RHEL package updates. To avoid that, run the below command with the
--no_updateflag.rhui-manager --noninteractive cds reinstall --all
# rhui-manager --noninteractive cds reinstall --allCopy to Clipboard Copied! Toggle word wrap Toggle overflow Check if updated packages were installed on the CDS nodes.
If package updates were installed the CDS nodes may need to be rebooted. To check if your CDS nodes do need to be rebooted, log on to them and run this command:
needs-restarting -r
# needs-restarting -rCopy to Clipboard Copied! Toggle word wrap Toggle overflow NoteThis command is part of the
yum-utilspackage, which must be installed on the CDS for the command to be available.Log in to RHUI Manager.
rhui-manager
# rhui-managerCopy to Clipboard Copied! Toggle word wrap Toggle overflow
Verification
On the RHUA node, run the following command and verify whether the latest version of RHUI is installed.
rpm -q rhui-tools
# rpm -q rhui-toolsCopy to Clipboard Copied! Toggle word wrap Toggle overflow
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}