此内容没有您所选择的语言版本。
Chapter 3. Prerequisites for installing Red Hat Update Infrastructure
The cloud provider provides the following technical prerequisites:
Completion of the initial stages of the Red Hat Certified Cloud and Service Provider (CCSP) certification, including review of the client’s :
- Virtualization, image creation, and instance provisioning technologies, tools, and processes
- Proposed process for measuring and reporting consumption of Red Hat software
- Proposed process for notifying customers of errata updates to Red Hat software
Proposed process for making images that include Red Hat software available to customers, including image lifecycle management and retiring outdated images
See Product Documentation for Red Hat Certified Cloud and Service Provider Certification Browse Knowledgebase for more information.
- Self-signed certificates are typically used for Red Hat Update Infrastructure (RHUI) deployment. If SSL certificates signed by a third-party certificate authority will be used, they have been obtained by the client and reviewed by Red Hat.
The Red Hat consultant can assist with the development of self-signed certificates, and their use will not affect the user experience of the client’s customers.
- The client will provide systems, virtual machines, or tenant instances for installation of all Red Hat Update Appliances (RHUAs), external load balancers, and content delivery servers (CDSs), configured as described below.
- Make sure access to RHEL 7 and the RHUI bits (by ISO or subscription) are available.
A minimal RHUI installation includes four required servers: one RHUA, one load balancer, and two CDSs (physical or virtual) configured as follows:
- Red Hat Enterprise Linux (RHEL) 7.6 or greater with Minimal installation recommended
- SELinux on
- Two CPUs, AMD64 processor architecture
- 4 GB memory minimum (16 GB memory minimum for CDSs if Gluster Storage is used)
- 10 GB disk for operating system
- 50 GB disk per major RHEL release
- Each CDS node with a 500 GB local block device dedicated to the GlusterFS brick (if Gluster Storage is used)
-
50 GB for
MongoDB
(100 GB if you plan to keep a large number of RHEL repositories in RHUI). Either add this capacity to the root file system, or attach a volume of this capacity and mount it at/var/lib/mongodb
.
Certification generation using
openssl
requires one server, new or existing, configured as follows:- RHEL 7.6 or greater with Minimal installation recommended
- SELinux enabled
- Two CPUs, AMD64 processor architecture
- 2 GB memory
- 6 GB disk for operating system
Image certification is performed on RHEL guest templates as provided:
- Minimum 10 GB disk for operating system
- iptables on
- SELinux enabled
- If password authentication is on, must use strongest possible hash
- Default logging on
The client’s network must be properly configured for the RHUI:
- IP addresses must be allocated for all RHUAs, CDSs, and external load balancers (if any).
-
DNS records (forward and reverse) have been created for all IP addresses, for example,
rhua.company.com
,cds1.company.com
,cds2.company.com
, andcerts.company.com
.
If the server has multiple network interface cards (NICs), the fully qualified domain name (FQDN) of the RHUA and the CDSs must be resolved to the IP of the NIC that is used to communicate between the RHUA and the CDSs.
RHUI uses DNS to reach the CDN. In most cases, your instance should be preconfigured to talk to the proper DNS servers hosted as part of the cloud’s infrastructure. If you run your own DNS servers or update your client DNS configuration, there is a chance you will see errors similar to yum Could not contact any CDS load balancers
. In these cases, check that your DNS server is forwarding to the cloud’s DNS servers for the request or that your DNS client is configured to fall back to the cloud’s DNS server for name resolution.
Using more than one HAProxy node requires a round-robin DNS entry for the host name used as the value of the --cds-lb-hostname
parameter when rhui-installer is run (cds.example.com
in this guide) that resolves to the IP addresses of all HAProxy nodes. How to Configure DNS Round Robin presents one way to configure a round-robin DNS. In the context of RHUI, these will be the IP addresses of the HAProxy nodes, and they are to be mapped to the host name specified as --cds-lb-hostname
while calling rhui-installer
.
See HAProxy Configuration for more information.
- All required network ports are open.
Connection | Port | Usage |
---|---|---|
RHUA to cdn.redhat.com | 443/TCP | Content Delivery |
RHUA to CDSs | 22/TCP | Initial SSH configuration |
RHUA to HAProxy servers | 22/TCP | Initial SSH configuration |
CDS to RHUA | 8140/TCP | Puppet |
HAProxy to RHUA | 8140/TCP | Puppet |
Clients to CDS or HAProxy | 443/TCP | |
Clients to CDS or HAProxy | 5000/TCP | Docker |
HAProxy to CDS | 443/TCP | Load balancing |
HAProxy to CDS | 5000/TCP | Docker load balancing |
GlusterFS ports | 24007/TCP, 49152-4/TCP | Storage |
NFS ports | 2049/TCP | File system |
- Network proxy settings between RHUA and the Red Hat CDN are configured appropriately.
-
Network proxy settings between the CDSs and the clients via
yum.conf
are configured appropriately. - A round-robin DNS entry if more than one HAProxy node is used