Hub Deployment with XMLRPC

Table of Contents

1. With Third Party Certificates
- 1.1. Hub Server Installation
- 1.2. Peripheral Servers
2. With Self-Generated Certificates
- 2.1. Hub Server Installation
- 2.2. Peripheral Servers
3. Background Information

You can deploy a hub environment either with third party certificates or with self-generated certificates.

For more information about SSL certificates, see specialized-guides:large-deployments/hub-reqs.adoc#lsd-hub-reqs-certs.

1. With Third Party Certificates

Prepare third party certificates for both the Hub Server and the Peripheral servers first.

1.1. Hub Server Installation

Procedure: Installing the Hub Server

Install a container host with SL Micro. For more information about SL Micro as a container host, see installation-and-upgrade:container-deployment/suma/server-deployment-suma.adoc#deploy-suma-server-micro.
On the container host, deploy Uyuni as the hub server using the third party certificate. Add --hubxmlrpc-replicas 1 to the mgradm install command line. For example:
```
mgradm install podman --ssl-ca-root CA-Certificate.crt --ssl-server-cert hub.crt --ssl-server-key hub.key --hubxmlrpc-replicas 1
```

For more information about deploying with mgradm, see installation-and-upgrade:container-deployment/suma/server-deployment-suma.adoc#deploy-suma-server-mgradm.

1.2. Peripheral Servers

Procedure: Installing peripheral servers using third party certificates

Preliminary Requirement: A certificate for every peripheral server (for example, server.crt) and a key (for example, server.key).
Preliminary Requirement: CA Certificate.
Preliminary Requirement: Hub server installation. For more information, see Hub Server Installation.
- On every peripheral server host, copy the same CA to /etc/pki/trust/anchors/ and run update-ca-certificates.
- On every peripheral server host, install Uyuni using the following command (replace appropriately the names of the certificates):
  mgradm install podman --ssl-ca-root CA-Certificate.crt --ssl-server-cert server.crt --ssl-server-key server.key

2. With Self-Generated Certificates

2.1. Hub Server Installation

Procedure: Installing the hub server

Install a container host with SL Micro. For more information about SL Micro as a container host, see installation-and-upgrade:container-deployment/suma/server-deployment-suma.adoc#deploy-suma-server-micro.
On the container host, deploy Uyuni as the hub server. Add --hubxmlrpc-replicas 1 to the mgradm install command line. For example:
```
mgradm install podman suma.example.com --hubxmlrpc-replicas 1
```
For more information about deploying with mgradm, see installation-and-upgrade:container-deployment/suma/server-deployment-suma.adoc#deploy-suma-server-mgradm.

2.2. Peripheral Servers

Procedure: Peripheral Servers with Self-Generated Certificates

Preliminary Requirement: Hub server installation. For more information, see Hub Server Installation.
On the container host of the hub server, enter the server container with:
```
mgrctl term
```

Inside the container, run rhn-ssl-tool for every pheripheral server:

rhn-ssl-tool --gen-server --dir="/root/ssl-build" --set-country="COUNTRY" \
  --set-state="STATE" --set-city="CITY" --set-org="ORGANIZATION" \
  --set-org-unit="ORGANIZATION UNIT" --set-email="name@example.com" \
  --set-hostname=PERIPHAL --set-cname="example.com"

For every peripheral server:
- From the hub server container, copy /root/ssl-build/RHN-ORG-TRUSTED-SSL-CERT, /root/ssl-build/<hostname>/server.crt and /root/ssl-build/<hostname>/server.key to the peripheral server host.
- On every peripheral server host, copy RHN-ORG-TRUSTED-SSL-CERT to /etc/pki/trust/anchors/, and run update-ca-certificates.
- On every peripheral server host, deploy Uyuni with:
  mgradm install podman --ssl-ca-root RHN-ORG-TRUSTED-SSL-CERT --ssl-server-cert server.crt --ssl-server-key server.key
- Finally, on every peripheral server host, register the peripheral server to the hub server:
  mgradm hub register --api-password <hub password> --api-server <hub fqdn> --api-user <hub admin>

3. Background Information

Checking the following hub configuration settings is optional.

On the container host, find environment variables in /etc/systemd/system/uyuni-hub-xmlrpc.service generated by mgradm. If needed, you can customize these variables with Environment=settings in a user created /etc/systemd/system/uyuni-hub-xmlrpc.service.d/local.conf systemd configuration file on the container host.

It will override settings in /etc/hub/hub.conf inside the server container. It is the same file for all containers.

HUB_API_URL: URL to the Hub Server XMLRPC API endpoint. Use the default value if you are installing hub-xmlrpc-api on the Hub Server. It is set automatically in the systemd unit file during the installation.
HUB_CONNECT_TIMEOUT: the maximum number of seconds to wait for a response when connecting to a Server. Use the default value in most cases.
HUB_REQUEST_TIMEOUT: the maximum number of seconds to wait for a response when calling a Server method. Use the default value in most cases.
HUB_CONNECT_USING_SSL: use HTTPS instead of HTTP for communicating with peripheral Servers. Recommended for a secure environment. It is always enabled.