Hub deployment
|
The connection between hub and peripheral servers is now primarily established using Hub Online Synchronization. This chapter describes an optional but recommended best practice to use the same CA for all servers. |
You can deploy a hub environment either with third party certificates or with self-generated certificates.
1. With third party certificates
Prepare third party certificates for both the Hub Server and the Peripheral servers first.
1.1. Hub server installation
Install a container host with SL Micro. For more information about SL Micro as a container host, see installation-and-upgrade:container-deployment/mlm/server-deployment-mlm.adoc#deploy-mlm-server-micro.
On the container host, deploy SUSE Multi-Linux Manager as the hub server using the third party certificate. Add
--hubxmlrpc-replicas 1to themgradm installcommand line. For example:mgradm install podman --ssl-ca-root CA-Certificate.crt --ssl-server-cert hub.crt --ssl-server-key hub.key --ssl-db-ca-root CA-Certificate.crt --ssl-db-cert hud-db.crt --ssl-db-key hub-db.key --hubxmlrpc-replicas 1
For more information about deploying with mgradm, see installation-and-upgrade:container-deployment/mlm/server-deployment-mlm.adoc#deploy-mlm-server-mgradm.
1.2. Peripheral servers
Preliminary Requirement: A certificate for every peripheral server and its database (for example,
server.crt) and a key (for example,server.key).Preliminary Requirement: CA Certificate.
Preliminary Requirement: Hub server installation. For more information, see Hub server installation.
On every peripheral server host, copy the same CA to
/etc/pki/trust/anchors/and runupdate-ca-certificates.On every peripheral server host, install SUSE Multi-Linux Manager using the following command (replace appropriately the names of the certificates):
mgradm install podman --ssl-ca-root CA-Certificate.crt --ssl-server-cert server.crt --ssl-server-key server.key --ssl-db-ca-root CA-Certificate.crt --ssl-db-cert db.crt --ssl-db-key db.key
2. With self-generated certificates
2.1. Hub server installation
Install a container host with SL Micro. For more information about SL Micro as a container host, see installation-and-upgrade:container-deployment/mlm/server-deployment-mlm.adoc#deploy-mlm-server-micro.
On the container host, deploy SUSE Multi-Linux Manager as the hub server. Add
--hubxmlrpc-replicas 1to themgradm installcommand line. For example:mgradm install podman MLM.example.com --hubxmlrpc-replicas 1
For more information about deploying with mgradm, see installation-and-upgrade:container-deployment/mlm/server-deployment-mlm.adoc#deploy-mlm-server-mgradm.
2.2. Peripheral servers
Preliminary Requirement: Hub server installation. For more information, see Hub server installation.
On the container host of the hub server, enter the server container with:
mgrctl termInside the container, run
rhn-ssl-toolfor every peripheral server:rhn-ssl-tool --gen-server --dir="/root/ssl-build" --set-country="COUNTRY" \ --set-state="STATE" --set-city="CITY" --set-org="ORGANIZATION" \ --set-org-unit="ORGANIZATION UNIT" --set-email="name@example.com" \ --set-hostname=PERIPHAL-FQDNFor every peripheral server:
From the hub server container, copy
/root/ssl-build/RHN-ORG-TRUSTED-SSL-CERT,/root/ssl-build/<hostname>/server.crtand/root/ssl-build/<hostname>/server.keyto the peripheral server host.On every peripheral server host, copy
RHN-ORG-TRUSTED-SSL-CERTto/etc/pki/trust/anchors/, and runupdate-ca-certificates.On every peripheral server host, deploy SUSE Multi-Linux Manager with:
mgradm install podman --ssl-ca-root RHN-ORG-TRUSTED-SSL-CERT --ssl-server-cert server.crt --ssl-server-key server.key --ssl-db-ca-root RHN-ORG-TRUSTED-SSL-CERT --ssl-db-cert server.crt --ssl-db-key server.key
3. Background information
|
Checking the following hub configuration settings is optional. |
On the container host, find environment variables in /etc/systemd/system/uyuni-hub-xmlrpc.service generated by mgradm.
If needed, you can customize these variables with Environment=settings in a user created /etc/systemd/system/uyuni-hub-xmlrpc.service.d/local.conf systemd configuration file on the container host.
It will override settings in /etc/hub/hub.conf inside the server container.
It is the same file for all containers.
-
HUB_API_URL: URL to the Hub Server XMLRPC API endpoint. Use the default value if you are installinghub-xmlrpc-apion the Hub Server. It is set automatically in the systemd unit file during the installation. -
HUB_CONNECT_TIMEOUT: the maximum number of seconds to wait for a response when connecting to a Server. Use the default value in most cases. -
HUB_REQUEST_TIMEOUT: the maximum number of seconds to wait for a response when calling a Server method. Use the default value in most cases. -
HUB_CONNECT_USING_SSL: use HTTPS instead of HTTP for communicating with peripheral Servers. Recommended for a secure environment. It is always enabled.