Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Chapter 10. Working with RHUI 4 commands

Red Hat Update Infrastructure provides a powerful, scriptable interface to manage the RHUI nodes, repositories, and client configurations.

10.1. Using RHUI 4 CLI options
Copy link

The majority of administrative tasks for Red Hat Update Infrastructure 4 are in its installation. After installation, it runs on its own, periodically getting updated packages from the Red Hat CDN and automatically making those packages available to clients.

A command line interface called Red Hat Update Infrastructure Management Tool (run with rhui-manager) facilitates the installation. This tool provides interactive prompts for the necessary configuration elements for each RHUI component: RHUA, CDS, and load-balancer. This tool also provides a means for taking the content certificate provided by Red Hat for use when connecting to the Red Hat CDN and generating internal, cloud-specific certificates that clients use to connect to RHUI. The Red Hat Update Infrastructure Management Tool allows the cloud provider to generate a client configuration bundle to install on client RHEL instances. This bundle allows the clients to get updates from the RHUI installation.

Red Hat Update Infrastructure Management Tool uses an interactive shell; some functions can also run from a shell prompt. The Red Hat Update Infrastructure Management Tool uses seven main commands. For each command’s subcommand, a list of options is provided if the subcommand expects one or more options other than -h and --help.

View all options and commands. 

# rhui-manager --help
Usage: rhui-manager [options]

  OPTIONS
    -h/--help  show this help message and exit
    --debug    enables debug logging
    --noninteractive prevents console input, used for scripting
    --config   absolute path to the configuration file; defaults to /etc/rhui/rhui-tools.conf
    --server   location of the RHUA server (overrides the config file)
    --username if specified, previously saved authentication credentials are ignored and this username is used to login
    --password used in conjunction with --username
    --logout   logout from the active session

  COMMANDS
    cert      : Red Hat content certificate management
    packages  : package manipulation on repositories
    repo      : repository listing and manipulation
    cds       : CDS listing and manipulation
    migrate : Migrate from {RHUI3}
    haproxy   : Load balancer listing and manipulation
    status    : RHUI status and health information
    client    : Red Hat client management

10.1.1. cert
Copy link

Red Hat content certificate management
    upload    : uploads a new content certificate
    info      : display information about the current content certificate
 
# rhui-manager cert upload
upload: uploads a new content certificate
    --cert - full path to the new content certificate (required)
    --key - full path to the new content certificate's key

10.1.2. packages
Copy link

package manipulation on repositories
    list      : lists all packages in a repository
    remove    : removes a package from a custom repository
    upload    : uploads a package or directory of packages to a custom repository
    remote    : uploads RPM content from a remote URL to a custom repository
 
list: lists all packages in a repository
    --repo_id - id of the repository to list packages for (required)
 
remove: removes a package from a custom repository
    --repo_id - id of the custom repository to remove a package from (required)
    --package - name of the package to be removed (required)
    --vr - if specified, only the supplied version-release of the package will be removed
    --force - don't ask for confirmation
 
upload: uploads a package or directory of packages to a custom repository
    --repo_id - id of the custom repository where the packages will be uploaded (required)
    --packages - path to an .rpm file or directory of RPMs that will be uploaded (required)
 
remote: uploads RPM content from a remote URL to a custom repository
    --repo_id - id of the custom repository where the packages will be uploaded (required)
    --url - remote URL of the package or a web page that will be scraped for RPM content (required)

10.1.3. repo
Copy link

repository listing and manipulation
    list      : lists all repositories in the RHUI
    info      : displays information on an individual repo
    add       : add a Red Hat repository to the RHUA
    add_by_repo: add Red Hat repositories to the RHUA via repo ID
    add_by_file: add Red Hat repositories to the RHUA using an input file
    add_errata: associate errata metadata with a repository
    add_comps : associate comps metadata (group/category/environment/langpacks) with a repository
    delete    : delete a repository
    sync      : sync a repository
    set_retain_versions: limits the number of older repository versions kept in database
    orphan_cleanup: submits a background task to remove orphaned artifacts from storage
    export	  : export a repository to the filesystem
    enable_sync: enable scheduled synchronization of a repository
    disable_sync: disable scheduled synchronization of a repository
    sync_all  : sync all repositories
    metadata : ensure metadata is generated for the latest version of repositories
    enable_autopublish: enable automatic publishing of a new repository version
    disable_autopublish: disable automatic publishing of a new repository version
    create_custom: create a custom repository
    unused    : list of products available but not synced to the RHUA
 
info: displays information on an individual repo
    --repo_id - identifies the repository to display (required)
 
add: add a Red Hat repository to the RHUA
    --product_name - product to add the RHUA (required)
 
add_by_repo: add Red Hat repositories to the RHUA via repo ID
    --repo_ids - repo IDs to add, comma-separated (required)
    --sync-now - Use to sync any repos that are added (optional)
 
add_by_file: add Red Hat repositories to the RHUA using an input file
    --file - file containing repo IDs to add, one per line (required)
    --sync_now - Use to sync any repos that are added (optional)
 
add_errata: associate errata metadata with a repository
    --repo_id - repo ID to associate the metadata with (required)
    --updateinfo - updateinfo file to be applied (required)
 
add_comps: associate comps metadata (group/category/environment/langpacks) with a repository
    --repo_id - repo ID to associate the metadata with (required)
    --comps - comps file to be applied (required)
 
delete: delete a repository
    --repo_id - identifies the repository to delete (required)
 
sync: sync a repository
    --repo_id - identifies the repository to sync (required)
 
set_retain_versions: limits the number of older repository versions kept in database
    --repo_id - identifies the repository to operate on
    --all - operate on all repositories (either --repo_id or --all must be provided, but not both)
    --versions - number of versions to keep (required)
    --dry_run - display what will be executed without actually executing
 
orphan_cleanup: submits a background task to remove orphaned artifacts from storage
 
export: export a repository to the filesystem
	  --repo_id - identifies the repository to export (required)
 
metadata : ensure metadata is generated for the latest version of repositories
   --repo_id - explicit repo ID to generate metadata for
 
enable_sync: enable scheduled synchronization of a repository
    --repo_id - identifies the repository to enable scheduled synchronization for (required)
    --verbose - if present, info on last/next synchronization tasks will be displayed
 
disable_sync: disable scheduled synchronization of a repository
    --repo_id - identifies the repository to disable scheduled synchronization for (required)
    --verbose - if present, info on last/next synchronization tasks will be displayed
 
enable_autopublish: enable automatic publishing of a new repository version
    --repo_id - identifies the repository to enable automatic publishing for (required)
 
disable_autopublish: disable automatic publishing of a new repository version
    --repo_id - identifies the repository to disable automatic publishing for (required)
 
create_custom: create a custom repository
    --repo_id - identifies the repository to add (required)
    --path - path to the content being served by CDS; defaults to repo_id
    --display_name - display name for the custom repository
    --redhat_content - repository will host Red Hat GPG signed content
    --protected - make the content protected by entitlement certificate
    --gpg_public_keys - comma separated list of public keys used to sign the served content; the filenames must not contain comma
 
unused: list all unused Red Hat repositories
Loading latest entitled products from Red Hat...
... listings loaded
Available Repositories
--------------------

10.1.4. cds
Copy link

CDS listing and manipulation
    list      : lists all cds instances in the RHUI
    add       : register a cds instance to the RHUI
    reinstall : reinstalls an already registered cds instance
    delete    : unregisters cds instances from the RHUI
 
add: register a cds instance to the RHUI
    --hostname - The hostname of the instance to add. (required)
    --ssh_user - Username with SSH access to the instance and sudo privileges. (required)
    --keyfile_path - Absolute path to an SSH private key to use with the given user. (required)
    --hostfile - Absolute path to a known_hosts file to use to determine the identity of the instance; if this is not provided and the instance hostkey is not in the system-wide known_hosts file, this command will fail.
    --user_supplied_ssl_key - Optional absolute path to the user supplied SSL key file.
    --user_supplied_ssl_crt - Optional absolute path to the user supplied SSL crt file.
    --force - Add the system even if the hostname is already registered.
    --unsafe - Proceed even if the instance host key is not in the known_hosts file. This is not secure!
    --no_update - Use this flag to prevent the final dnf update; it must be specified every time this functionality is desired.
 
reinstall: reinstalls an already registered cds instance
    --hostname - The hostname of the instance to reinstall on; this instance must be registered already.
    --all - Reinstall all the registered instances.
    --no_update - Use this flag to prevent the final dnf update; it must be specified every time this functionality is desired.
 
delete: unregisters cds instances from the RHUI
    --force - Delete the system, even if it is the last of its kind.
    --hostnames - Comma-separated list of hostnames to delete (unregister) from RHUI. (required)

10.1.5. migrate
Copy link

Migrate from RHUI3
    --force - Migrate repos even when some repos are detected locally
    --hostname - The remote RHUIv3, migration source, hostname (required)
    --password - The remote RHUIv3, migration source, rhui-manager password. (required)
    --keyfile_path - The path to an SSH private key to use with the given user. default=/root/.ssh/id_rsa_rhua
    --local_system_user - The local RHUIv4, migration destination, system username. default=<cloud-user>
    --remote_system_user - The remote RHUIv3, migration source, system username. default=<cloud-user>
    --remote_server_crt - The remote RHUIv3, migration source, server crt path. default=/etc/pki/rhui/certs/entitlement-ca.crt
    --remote_server_key - The remote RHUIv3, migration source, server key path. default=/etc/pki/rhui/private/entitlement-ca.key
    --username - The remote RHUIv3, migration source, rhui-manager username. default=admin

10.1.6. haproxy
Copy link

Load balancer listing and manipulation
    list      : lists all haproxy instances in the RHUI
    add       : register a haproxy instance to the RHUI
    reinstall : reinstalls an already registered haproxy instance
    delete    : unregisters haproxy instances from the RHUI
 
add: register a haproxy instance to the RHUI
    --hostname - The hostname of the instance to add. (required)
    --ssh_user - Username with SSH access to the instance and sudo privileges. (required)
    --keyfile_path - Absolute path to an SSH private key to use with the given user. (required)
    --hostfile - Absolute path to a known_hosts file to use to determine the identity of the instance; if this is not provided and the instance hostkey is not in the system-wide known_hosts file, this command will fail.
    --config - Optional absolute path to a user supplied HAProxy config file.
    --force - Add the system even if the hostname is already registered.
    --unsafe - Proceed even if the instance host key is not in the known_hosts file. This is not secure!
    --no_update - Use this flag to prevent the final dnf update; it must be specified every time this functionality is desired.
 
reinstall: reinstalls an already registered haproxy instance
    --hostname - The hostname of the instance to reinstall on; this instance must be registered already.
    --all - Reinstall all the registered instances.
    --no_update - Use this flag to prevent the final dnf update; it must be specified every time this functionality is desired.
 
delete: unregisters haproxy instances from the RHUI
    --force - Delete the system, even if it is the last of its kind.
    --hostnames - Comma-separated list of hostnames to delete (unregister) from RHUI. (required)

10.1.7. status
Copy link

status: RHUI status and health information
    --code - if specified, only a numeric code for the result will be displayed
    --repo_json - Name of the JSON file for a repo status

10.1.8. client
Copy link

Red Hat client management
    labels    : list the labels required for client certificate creation
    cert      : create a content certificate for a rhui client
    rpm       : create a client config rpm
    content_source: create an alternate source config rpm
    acs_config: output a JSON representation of the alternate source config
 
cert: create a content certificate for a rhui client
    --repo_label - identifies the repositories to add. Comma delimited string of repo labels (required)
    --name - identifies the certificate name (required)
    --days - number of days cert will be valid (required)
    --dir - directory where the certificate will be stored (required)
 
rpm: create a client config rpm
    --private_key - entitlement private key
    --entitlement_cert - entitlement certificate
    --rpm_version - version number of the client config rpm
    --rpm_release - release of rpm package. Default is 1
    --rpm_name - name of the client config rpm (required)
    --dir - directory where the rpm will be created (required)
    --unprotected_repos - comma-separated list of unprotected repos to include
    --cert - generate certificate also before building client config rpm if given
    --ca_cert - full path to the certificate authority of CDS servers
    --repo_label - identifies the repositories to add. Comma delimited string of repo labels
    --name - identifies the certificate name if it is different from rpm name
    --days - number of days cert will be valid
    --proxy - url/string in case proxy option is necessary in yum repo file
 
content_source: create an alternate source config rpm
    --private_key - entitlement private key
    --entitlement_cert - entitlement certificate
    --rpm_version - version number of the client config rpm
    --rpm_name - name of the client config rpm (required)
    --dir - directory where the rpm will be created (required)
    --unprotected_repos - comma-separated list of unprotected repos to include
    --cert - generate certificate also before building client config rpm if given
    --ca_cert - full path to the certificate authority of CDS servers
    --repo_label - identifies the repositories to add. Comma delimited string of repo labels
    --name - identifies the certificate name if it is different from rpm name
    --days - number of days cert will be valid
 
acs_config: output a JSON representation of the alternate source config
    --dir - directory where the JSON representation will be stored (required)
    --private_key - entitlement private key
    --entitlement_cert - entitlement certificate
    --cert - generate certificate based on the the repos supplied via --repo_label
    --ssl_ca_cert - full path to the certificate authority of CDS servers (defaults to ssl_ca_crt specified in rhui-tools.conf)
    --repo_label - identifies the repositories to add. Comma delimited string of repo labels
    --days - number of days cert will be valid if new cert is generated
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2026 Red HatBack to top