Red Hat SummitChapter 6. Managing content delivery servers
CDS nodes provide content to RHUI clients.
You can use the Content Delivery Server (CDS) Management screen to list, add, delete, and reinstall CDS nodes.
6.1. Registering a new CDS
The Red Hat Update Infrastructure Management Tool provides several options for configuring a CDS within the RHUI.
Prerequisites
-
Make sure
sshdis running on the CDS node and thatport 443is open.
Answering yes (y) to the below question: Update instance(s) after reinstalling? (y/n): will result in a dnf update being run on the instance after it is registered. This may require a reboot of the instance. Answering no (n) to this question will result in the dnf update not being run.
Procedure
Navigate to the Red Hat Update Infrastructure Management Tool home screen:
[root@rhua ~]# rhui-manager-
Press
cto select manage content delivery servers (CDS). -
From the Content Delivery Server (CDS) Management screen, press
ato add a new CDS instance. Enter the hostname of the CDS to add:
Hostname of the CDS instance to register: cds1.example.comEnter the user name that will have SSH access to the CDS and have sudo privileges.
Username with SSH access to <cds1.example.com> and sudo privileges: <cloud-user>Enter the absolute path to the SSH private key for logging in to the CDS and press
Enter.Absolute path to an SSH private key to log into <cds1.example.com> as <cloud-user>: /home/<cloud-user>/.ssh/id_rsa_rhuaUpdate the instance with the latest versions of available packages
Update instance after registering? (y/n): yOptional: If you wish to use custom SSL certificates, enter the absolute path to the custom SSL certificate, SSL Key, and SSL crt files.
NoteIf you do not provide an SSL certificate, it will be automatically generated.
Optional absolute path to user supplied SSL key file: /home/<cloud-user>/custom_ssl.key Optional absolute path to user supplied SSL crt file: /home/<cloud-user>/custom_ssl.crt ......................................................................... The following CDS has been successfully added: Hostname: <cds1.example.com> SSH Username: <cloud-user> SSH Private Key: /home/<cloud-user>/.ssh/id_rsa_rhua The CDS will now be configured: .................................................................... The CDS was successfully configured.- If adding the content delivery server fails, check that the firewall rules permit access between the RHUA and the CDS.
Run the
mountcommand to see if shared storage is mounted as read-write.[root@rhua ~]# mount | grep rhui nfs.example.com:/export on /var/lib/rhui/remote_share type nfs4 (rw,relatime,vers=4.2,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=10.8.41.163,local_lock=none,addr=10.8.41.163)- After successful configuration, repeat these steps for all remaining CDS nodes.
6.2. Listing all known CDS instances managed by RHUI 4
You can use the Content Delivery Server (CDS) Management screen to list all CDS nodes managed by Red Hat Update Infrastructure 4.
Procedure
Navigate to the Red Hat Update Infrastructure Management Tool home screen:
[root@rhua ~]# rhui-manager-
Press
cto select manage content delivery servers (CDS): From the Content Delivery Server (CDS) Management screen, press
lto list all known CDS nodes that Red Hat Update Infrastructure 4 manages:Hostname: <cds1.example.com> SSH Username: <cloud-user> SSH Private Key: /<cloud-user>/.ssh/id_rsa_rhua
6.3. Reinstalling and reapplying configuration to a CDS
You may encounter a situation where you need to reinstall and reapply the configuration for a CDS. The Red Hat Update Infrastructure Management Tool provides an easy way to accomplish this task.
Prerequisites
- At least one installed CDS
Answering yes (y) to the below question: Update instance(s) after reinstalling? (y/n): will result in a dnf update being run on the instance after it is reinstalled. This may require a reboot of the instance. Answering no (n) to this question will result in the dnf update not being run.
Procedure
Navigate to the Red Hat Update Infrastructure Management Tool home screen:
[root@rhua ~]# rhui-manager-
Press
cto select manage content delivery servers (CDS). -
From the Content Delivery Server (CDS) Management screen, press
rto select reinstall and reapply configuration to an existing CDS instance. The Red Hat Update Infrastructure Management Tool automatically performs all reinstallation and reconfiguration tasks. Select the CDS to reinstall:
1 - Hostname: <cds1.example.com> SSH Username: <cloud-user> SSH Private Key: /<cloud-user>/.ssh/id_rsa_rhua-
Enter a value or
bto abort: 1: 1 Update instance(s) after reinstalling? (y/n): y
Checking that the RHUA services are reachable from the instance... Done. Installing and configuring the CDS... PLAY [Registering a CDS instance] ********************************************** ... TASK [Update CDS instance] ***************************************************** ok: [cds1.example.com] PLAY RECAP ********************************************************************* cloud-user@cds1.example.com : ok=24 changed=10 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0 Done.
Verification
Check that you successfully reinstalled and reconfigured the CDS by viewing the code output:
Ensuring that instance ports are reachable ... Done.
6.4. Configuring a CDS to accept legacy CAs
By default, a content delivery server (CDS) node only accepts entitlement certificates signed by the Certificate Authority (CA) that is currently configured on your RHUI system. However, you might want to accept previously created CAs so that clients can continue to work in case you change your main CA or when the CA certificate expires.
This procedure provides instructions to support legacy CAs on RHUI by installing CA certificates on your CDS nodes.
Prerequisites
Ensure you are running the latest version of RHUI.
NoteIf you have installed an older version of RHUI, you must reinstall your CDS nodes in
rhui-manager.
Procedure
On the CDS node, create the
/etc/pki/rhui/legacydirectory if it does not already exist:# mkdir /etc/pki/rhui/legacy- Save the legacy CA certificate in the directory.
Verification
- The CDS node starts accepting legacy CAs as soon as you store the CA certificate in the directory.
6.5. Configuring a CDS to stop accepting legacy CAs
To limit your content delivery servers (CDS) nodes from accepting legacy certificate authorities (CAs), remove the respective CA certificates.
Prerequisites
- Clients are no longer using the CA.
Procedure
On the CDS node, navigate to the
/etc/pki/rhui/legacy/directory:# cd /etc/pki/rhui/legacy/- Optional: Back up the existing CA certificates:
Delete the CA certificate that corresponds to the CA you want to limit:
# rm example-legacy.crt
Verification
- The CDS node stops accepting legacy CAs as soon as you delete the CA certificate.
6.6. Unregistering a CDS
You can unregister (delete) a CDS instance that you are not going to use.
Procedure
Navigate to the Red Hat Update Infrastructure Management Tool home screen:
[root@rhua ~]# rhui-manager-
Press
cto select manage content delivery servers (CDS). -
From the Content Delivery Server (CDS) Management screen, press
dto delete a CDS instance. Enter the hostname of the CDS to delete:
Hostname of the CDS instance to unregister: cds1.example.com
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}