Documentation survey

Hub deployment with XMLRPC

You can deploy a hub environment either with third party certificates or with self-generated certificates.

1. With third party certificates

Prepare third party certificates for both the Hub Server and the Peripheral servers first.

Database SSL certificates require reportdb and db as Subject Alternative Name. The same certificate can be used for server and database, as long the required alternative names are added.

1.1. Hub server installation

Procedure: Installing the Hub Server

  1. Install a container host with SL Micro. For more information about SL Micro as a container host, see installation-and-upgrade:container-deployment/mlm/server-deployment-mlm.adoc#deploy-mlm-server-micro.

  2. On the container host, deploy SUSE Multi-Linux Manager as the hub server using the third party certificate. Add --hubxmlrpc-replicas 1 to the mgradm install command line. For example:

    mgradm install podman --ssl-ca-root CA-Certificate.crt --ssl-server-cert hub.crt --ssl-server-key hub.key --ssl-db-ca-root CA-Certificate.crt --ssl-db-cert hud-db.crt --ssl-db-key hub-db.key --hubxmlrpc-replicas 1

For more information about deploying with mgradm, see installation-and-upgrade:container-deployment/mlm/server-deployment-mlm.adoc#deploy-mlm-server-mgradm.

1.2. Peripheral servers

Procedure: Installing peripheral servers using third party certificates

  1. Preliminary Requirement: A certificate for every peripheral server and its database (for example, server.crt) and a key (for example, server.key).

  2. Preliminary Requirement: CA Certificate.

  3. Preliminary Requirement: Hub server installation. For more information, see Hub server installation.

    • On every peripheral server host, copy the same CA to /etc/pki/trust/anchors/ and run update-ca-certificates.

    • On every peripheral server host, install SUSE Multi-Linux Manager using the following command (replace appropriately the names of the certificates):

    mgradm install podman --ssl-ca-root CA-Certificate.crt --ssl-server-cert server.crt --ssl-server-key server.key --ssl-db-ca-root CA-Certificate.crt --ssl-db-server-cert db.crt --ssl-db-server-key db.key

2. With self-generated certificates

2.1. Hub server installation

Procedure: Installing the hub server

  1. Install a container host with SL Micro. For more information about SL Micro as a container host, see installation-and-upgrade:container-deployment/mlm/server-deployment-mlm.adoc#deploy-mlm-server-micro.

  2. On the container host, deploy SUSE Multi-Linux Manager as the hub server. Add --hubxmlrpc-replicas 1 to the mgradm install command line. For example:

    mgradm install podman MLM.example.com --hubxmlrpc-replicas 1

For more information about deploying with mgradm, see installation-and-upgrade:container-deployment/mlm/server-deployment-mlm.adoc#deploy-mlm-server-mgradm.

2.2. Peripheral servers

Database SSL certificates require reportdb and db as Subject Alternative Name. The same certificate can be used for server and database, as long the required alternative names are added.
Procedure: Peripheral servers with self-generated certificates

  1. Preliminary Requirement: Hub server installation. For more information, see Hub server installation.

  2. On the container host of the hub server, enter the server container with:

    mgrctl term

  3. Inside the container, run rhn-ssl-tool for every pheripheral server:

    rhn-ssl-tool --gen-server --dir="/root/ssl-build" --set-country="COUNTRY" \
  --set-state="STATE" --set-city="CITY" --set-org="ORGANIZATION" \
  --set-org-unit="ORGANIZATION UNIT" --set-email="name@example.com" \
  --set-hostname=PERIPHAL-FQDN --set-cname="reportdb" --set-cname="db"

  4. For every peripheral server:

    • From the hub server container, copy /root/ssl-build/RHN-ORG-TRUSTED-SSL-CERT, /root/ssl-build/<hostname>/server.crt and /root/ssl-build/<hostname>/server.key to the peripheral server host.

    • On every peripheral server host, copy RHN-ORG-TRUSTED-SSL-CERT to /etc/pki/trust/anchors/, and run update-ca-certificates.

    • On every peripheral server host, deploy SUSE Multi-Linux Manager with:

    mgradm install podman --ssl-ca-root RHN-ORG-TRUSTED-SSL-CERT --ssl-server-cert server.crt --ssl-server-key server.key --ssl-db-ca-root RHN-ORG-TRUSTED-SSL-CERT --ssl-db-server-cert server.crt --ssl-db-server-key server.key

    • Finally, on every peripheral server host, register the peripheral server to the hub server:

      mgradm hub register --api-password <hub password> --api-server <hub fqdn> --api-user <hub admin>

3. Background information

Checking the following hub configuration settings is optional.

On the container host, find environment variables in /etc/systemd/system/uyuni-hub-xmlrpc.service generated by mgradm. If needed, you can customize these variables with Environment=settings in a user created /etc/systemd/system/uyuni-hub-xmlrpc.service.d/local.conf systemd configuration file on the container host.

It will override settings in /etc/hub/hub.conf inside the server container. It is the same file for all containers.

  • HUB_API_URL: URL to the Hub Server XMLRPC API endpoint. Use the default value if you are installing hub-xmlrpc-api on the Hub Server. It is set automatically in the systemd unit file during the installation.

  • HUB_CONNECT_TIMEOUT: the maximum number of seconds to wait for a response when connecting to a Server. Use the default value in most cases.

  • HUB_REQUEST_TIMEOUT: the maximum number of seconds to wait for a response when calling a Server method. Use the default value in most cases.

  • HUB_CONNECT_USING_SSL: use HTTPS instead of HTTP for communicating with peripheral Servers. Recommended for a secure environment. It is always enabled.