Chapter 6. Managing content delivery servers
CDS nodes are the main component of a content delivery network (CDN), offering high availability to the client. Running servers in a geographically dispersed manner can also improve response time.
You can use the Content Delivery Server (CDS) Management screen to list, add, delete, and reinstall CDS nodes.
It is up to the cloud provider to determine the best course of action when allocating the necessary devices. The Red Hat Update Infrastructure Management Tool configuration RPM links the package directory with the NGINX configuration to serve it.
The NGINX configuration is handled through the /etc/nginx/conf.d/ssl.conf
file during the CDS installation.
If multiple clients experience problems updating against a repository, this might indicate a problem with the RHUI.
6.1. Listing all known CDS instances managed by RHUI 4
You can use the Content Delivery Server (CDS) Management screen to list all CDS nodes managed by Red Hat Update Infrastructure 4.
Procedure
Navigate to the Red Hat Update Infrastructure Management Tool home screen:
[root@rhua ~]# rhui-manager
-
Press
c
to select manage content delivery servers (CDS): From the Content Delivery Server (CDS) Management screen, press
l
to list all known CDS nodes that Red Hat Update Infrastructure 4 manages:Hostname: <cds1.example.com> SSH Username: <cloud-user> SSH Private Key: /<cloud-user>/.ssh/id_rsa_rhua
6.2. Registering a new CDS
The Red Hat Update Infrastructure Management Tool provides several options for configuring a CDS within the RHUI.
Prerequisites
-
Make sure
sshd
is running on the CDS node and thatport 443
is open.
Answering yes (y) to the below question: Update instance(s) after reinstalling? (y/n):
will result in a dnf update
being run on the instance after it is registered. This may require a reboot of the instance. Answering no (n) to this question will result in the dnf update
not being run.
Procedure
Navigate to the Red Hat Update Infrastructure Management Tool home screen:
[root@rhua ~]# rhui-manager
-
Press
c
to select manage content delivery servers (CDS). -
From the Content Delivery Server (CDS) Management screen, press
a
to add a new CDS instance. Enter the hostname of the CDS to add:
Hostname of the CDS instance to register: cds1.example.com
Enter the user name that will have SSH access to the CDS and have sudo privileges.
Username with SSH access to <cds1.example.com> and sudo privileges: <cloud-user>
Enter the absolute path to the SSH private key for logging in to the CDS and press
Enter
.Absolute path to an SSH private key to log into <cds1.example.com> as <cloud-user>: /home/<cloud-user>/.ssh/id_rsa_rhua
Update the instance with the latest versions of available packages
Update instance after registering? (y/n): y
Optional: If you wish to use custom SSL certificates, enter the absolute path to the custom SSL certificate, SSL Key, and SSL crt files.
NoteIf you do not provide an SSL certificate, it will be automatically generated.
Optional absolute path to user supplied SSL key file: /home/<cloud-user>/custom_ssl.key Optional absolute path to user supplied SSL crt file: /home/<cloud-user>/custom_ssl.crt ......................................................................... The following CDS has been successfully added: Hostname: <cds1.example.com> SSH Username: <cloud-user> SSH Private Key: /home/<cloud-user>/.ssh/id_rsa_rhua The CDS will now be configured: .................................................................... The CDS was successfully configured.
- If adding the content delivery server fails, check that the firewall rules permit access between the RHUA and the CDS.
Run the
mount
command to see if shared storage is mounted as read-write.[root@rhua ~]# mount | grep rhui nfs.example.com:/export on /var/lib/rhui/remote_share type nfs4 (rw,relatime,vers=4.2,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=10.8.41.163,local_lock=none,addr=10.8.41.163)
- After successful configuration, repeat these steps for all remaining CDS nodes.
6.3. Reinstalling and reapplying configuration to a CDS
You may encounter a situation where you need to reinstall and reapply the configuration for a CDS. The Red Hat Update Infrastructure Management Tool provides an easy way to accomplish this task.
Prerequisites
- At least one installed CDS
Answering yes (y) to the below question: Update instance(s) after reinstalling? (y/n):
will result in a dnf update
being run on the instance after it is reinstalled. This may require a reboot of the instance. Answering no (n) to this question will result in the dnf update
not being run.
Procedure
Navigate to the Red Hat Update Infrastructure Management Tool home screen:
[root@rhua ~]# rhui-manager
-
Press
c
to select manage content delivery servers (CDS). -
From the Content Delivery Server (CDS) Management screen, press
r
to select reinstall and reapply configuration to an existing CDS instance. The Red Hat Update Infrastructure Management Tool automatically performs all reinstallation and reconfiguration tasks. Select the CDS to reinstall:
1 - Hostname: <cds1.example.com> SSH Username: <cloud-user> SSH Private Key: /<cloud-user>/.ssh/id_rsa_rhua
-
Enter a value or
b
to abort: 1: 1 Update instance(s) after reinstalling? (y/n): y
Checking that the RHUA services are reachable from the instance... Done. Installing and configuring the CDS... PLAY [Registering a CDS instance] ********************************************** ... TASK [Update CDS instance] ***************************************************** ok: [cds1.example.com] PLAY RECAP ********************************************************************* cloud-user@cds1.example.com : ok=24 changed=10 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0 Done.
Verification
Check that you successfully reinstalled and reconfigured the CDS by viewing the code output:
Ensuring that instance ports are reachable ... Done.
6.4. Configuring a CDS to accept legacy CAs
By default, a content delivery server (CDS) node only accepts entitlement certificates signed by the Certificate Authority (CA) that is currently configured on your RHUI system. However, you might want to accept previously created CAs so that clients can continue to work in case you change your main CA or when the CA certificate expires.
This procedure provides instructions to support legacy CAs on RHUI by installing CA certificates on your CDS nodes.
Prerequisites
Ensure you are running the latest version of RHUI.
NoteIf you have installed an older version of RHUI, you must reinstall your CDS nodes in
rhui-manager
.
Procedure
On the CDS node, create the
/etc/pki/rhui/legacy
directory if it does not already exist:# mkdir /etc/pki/rhui/legacy
- Save the legacy CA certificate in the directory.
Verification
- The CDS node starts accepting legacy CAs as soon as you store the CA certificate in the directory.
6.5. Configuring a CDS to stop accepting legacy CAs
To limit your content delivery servers (CDS) nodes from accepting legacy certificate authorities (CAs), remove the respective CA certificates.
Prerequisites
- Clients are no longer using the CA.
Procedure
On the CDS node, navigate to the
/etc/pki/rhui/legacy/
directory:# cd /etc/pki/rhui/legacy/
- Optional: Back up the existing CA certificates:
Delete the CA certificate that corresponds to the CA you want to limit:
# rm example-legacy.crt
Verification
- The CDS node stops accepting legacy CAs as soon as you delete the CA certificate.
6.6. Unregistering a CDS
You can unregister (delete) a CDS instance that you are not going to use.
Procedure
Navigate to the Red Hat Update Infrastructure Management Tool home screen:
[root@rhua ~]# rhui-manager
-
Press
c
to select manage content delivery servers (CDS). -
From the Content Delivery Server (CDS) Management screen, press
d
to delete a CDS instance. Enter the hostname of the CDS to delete:
Hostname of the CDS instance to unregister: cds1.example.com