Red Hat Summit Red Hat Summitサポートコンソール開発者トライアルの開始お問い合わせ

このコンテンツは選択した言語では利用できません。

Chapter 4. RHUI 5 install procedure

Before you begin

For RHUI 5, only the container images will be published, and not the individual RPMs. There are separate images for:

  • installer
  • RHUA
  • CDS
  • HAPROXY

Providing local files to the installer

In RHUI 4, the installer would accept local file paths as arguments to some command line switches. This is no longer an option with containerized installations, since the running container has no access to arbitrary files on the host filesystem. Therefore, the RHUI 5 installer is taught to look into some hardcoded file paths to source some files, and those paths can be provided as volume mounts through the podman command line. Unfortunately, those paths cannot be provided through the answers file as the container has already been started at the point the answers file is parsed.

The list of special file paths, local to the container, that the installer will reference:

  • /ssh-keyfile - The private SSH key used to log into target host.
  • /rhua-image.tar - The RHUA container image file in case we want to explicitly transfer it to the target host, the image file must be in the format created by podman save command. In this case, --rhua-container-image and --rhua-container-registry installation parameters are not allowed

  • /answers.yaml - The answers file, which will look similar to the following: 

    rhua:
    certs_country: HR
    certs_city: Zadar
    certs_org: RHUI devs
    certs_org_unit: Containerization efforts
    certs_ca_common_name: rhui5-development.example.net
    default_sync_policy: on demand
    Copy to Clipboard Toggle word wrap
  • /rhui-ca.crt and /rhui-ca.key - The RHUI CA certificate and its key.
  • /client-ssl-ca.crt and /client-ssl-ca.key - The CA Certificate for CDS SSL traffic and its key.
  • /client-entitlement-ca.crt and /client-entitlement-ca.key - The CA certificate for client certificate management and its key.
Important

Whenever providing the volume mounts to the container, make sure you have proper SELinux labels for the container, providing either :z or :Z as a volume mount option.

Running the installer image for RHUI 5

To run the installer image you will need to access the public Red Hat registry, registry.redhat.io. The registry is protected by credentials. Also, you must be logged in a machine that has Podman installed (we call it control node), so that you can log in to the registry and subsequently run the installer image against the target host as shown in the following:

Note

The following examples assume that you are using RHEL 9. 

$ sudo dnf -y install podman
[...]
$ podman login --username <CCSP_login> --password '<CCSP_password>' registry.redhat.io
Login Succeeded!
Copy to Clipboard Toggle word wrap

After you have logged in to the registry, you can check the available RHUI container images: 

$ podman search registry.redhat.io/rhui5
NAME                                      DESCRIPTION
registry.redhat.io/rhui5/cds-rhel9        Red Hat Update Infrastructure 5 Content Deli...
registry.redhat.io/rhui5/installer-rhel9  Red Hat Update Infrastructure 5 Installer
registry.redhat.io/rhui5/rhua-rhel9       Red Hat Update Infrastructure 5 Appliance
registry.redhat.io/rhui5/haproxy-rhel9    Red Hat Update Infrastructure 5 Load Balance...
Copy to Clipboard Toggle word wrap

At this point you are ready to start the installation process assuming all of the following is provided:

  • The target host you want to install RHUA on. This is the --target-host installation parameter.
  • The target host can meet or exceed the following requirements:
  • It should run RHEL 9 or 10 and already be registered with Red Hat.
Note

The target host needs to be registered using the following command: subscription-manager register. When prompted, enter your CCSP user name and password.

  • Hardware should be a minimum of: x86_64, 8+ CPU cords, 8+ GB RAM, 128+ GB disk.
  • The NFS fileshare used for storing Pulp content. This is the --remote-fs-server installation parameter.
  • The target host has accepted your SSH authentication.

Assuming you have launched the target host and it is configured to accept your SSH key, you can run the following commands in Podman:

  • -it This means an interactive session is needed with a proper terminal output.
  • --rm This will remove the container after the operation is finished.

  • -v ~/.ssh/id_rsa:/ssh-keyfile:Z This will volume mount your SSH private key so that the installer container has access to it.

    Note

    Do not forget to supply your SSH passphrase if you have set up your SSH key with a passphrase. 

    $ podman run -it --rm -v ~/.ssh/id_rsa:/ssh-keyfile:Z  \
  registry.redhat.io/rhui5/installer-rhel9 rhui-installer  \
  --target-user <target-user> --rhua-container-registry registry.redhat.io \
  --podman-username <CCSP_login> --podman-password '<CCSP_password>' \
  --remote-fs-server <nfs-host:/path> \
  --target-host <rhua-hostname>

Trying to pull registry.redhat.io/rhui5/installer-rhel9:latest...
...
Getting image source signatures
Copying blob 92efcdccd105 done   |
Copying blob 19f9949dbedd done   |
Copying blob 467b1cd556e7 done   |
Copying blob 5c6a65a8d3b9 done   |
Copying config be3b9592ab done   |
Writing manifest to image destination

PLAY [RHUI 5 installation RHUA installation playbook executing on the *target* host] *****************************************************************************************

TASK [Populate service facts] ***********************************************************
Enter passphrase for key '/ssh-keyfile':
ok: [<rhua-hostname>]

TASK [Stop the RHUA container that might be running already] *****************************************************************************************
skipping: [<rhua-hostname>]

TASK [Prepare the dictionary for holding the rhui-tools.conf values] *****************************************************************************************
ok: [<rhua-hostname>]

TASK [Check whether we have rhui-tools.conf in the designated location] *****************************************************************************************
ok: [<rhua-hostname>]

[...]

TASK [Enable and start RHUA container as a systemd service] *****************************************************************************************
changed: [<rhua-hostname>]

PLAY RECAP ******************************************************************************
<rhua-hostname> : ok=69   changed=43   unreachable=0
	failed=0	skipped=43   rescued=0	ignored=0


PLAY [Attempt to copy the installer log file onto the managed node] *****************************************************************************************

TASK [Copy the log file] ****************************************************************
changed: [<rhua-hostname>]

PLAY RECAP ******************************************************************************
<rhua-hostname>: ok=1	changed=1	unreachable=0
      failed=0	skipped=0	rescued=0	ignored=0
    Copy to Clipboard Toggle word wrap

Installation Verification

Your RHUA container is ready and running on the target host. So how do you access it? During the installation, a shell function named rhua has been created to save you from typing the Podman exec invocation. Assuming you are root on the target host enter the following: 

[root@rhua ~]# which rhua
rhua ()
{
    default_arg="";
    [ $# -eq 0 ] && default_arg=bash;
    [ "$1" = "-h" ] && echo -e "rhua: executes commands in the RHUA container environment.\n   Usage: rhua command [args ...]" && return 1;
    ( cd /var/lib/rhui;
    sudo -u rhui podman exec -it rhui5-rhua "${default_arg}${@}" )
}
[root@rhua ~]# rhua bash
bash-5.1# cat /etc/rhui/rhui-subscription-sync.conf
[auth]
username = admin
password = <generated_password>
bash-5.1# rhui-manager
Logging into the RHUI.

It is recommended to change the user's password
in the User Management section of RHUI Tools.

RHUI Username: admin
RHUI Password: <generated_password>
Copy to Clipboard Toggle word wrap

Using SSH agent for authentication (Optional)

If you want to use ssh-agent for passing your SSH key, you must run the installer container in the --privileged mode to allow using the ssh-agent sockets inside the container. Additionally, ensure you have ssh-agent working and you have unlocked your SSH private key. Then, run the following command: 

$ ssh-add
Enter passphrase for /home/<username>/.ssh/id_rsa:
Identity added: /home/<username>/.ssh/id_rsa (/home/<username>/.ssh/id_rsa)
Copy to Clipboard Toggle word wrap

Next, in your installer invocation, replace: 

-v ~/.ssh/id_rsa:/ssh-keyfile:Z
Copy to Clipboard Toggle word wrap

with the following: 

--privileged -v $SSH_AUTH_SOCK:$SSH_AUTH_SOCK:Z -e SSH_AUTH_SOCK=$SSH_AUTH_SOCK
Copy to Clipboard Toggle word wrap
  • --privileged This is so the container has access to the ssh-agent sockets.
  • -v $SSH_AUTH_SOCK:$SSH_AUTH_SOCK:Z This is to pass the SSH authentication socket to the container filesystem, so that the container can access your SSH key.
  • -e SSH_AUTH_SOCK=$SSH_AUTH_SOCK This is to set the environment variable in the container runtime pointing to the location of the SSH authentication socket.
Red Hat logoGithubredditYoutubeTwitter

詳細情報

試用、購入および販売

コミュニティー

Red Hat ドキュメントについて

Red Hat をお使いのお客様が、信頼できるコンテンツが含まれている製品やサービスを活用することで、イノベーションを行い、目標を達成できるようにします。 最新の更新を見る.

多様性を受け入れるオープンソースの強化

Red Hat では、コード、ドキュメント、Web プロパティーにおける配慮に欠ける用語の置き換えに取り組んでいます。このような変更は、段階的に実施される予定です。詳細情報: Red Hat ブログ.

会社概要

Red Hat は、企業がコアとなるデータセンターからネットワークエッジに至るまで、各種プラットフォームや環境全体で作業を簡素化できるように、強化されたソリューションを提供しています。

Theme

© 2026 Red Hatトップに戻る