Hub Deployment with XMLRPC

You can deploy a hub environment either with third party certificates or with self-generated certificates.

1. With Third Party Certificates

Prepare third party certificates for both the Hub Server and the Peripheral servers first.

1.1. Hub Server Installation

Procedure: Installing the Hub Server

  1. Install a container host with SL Micro. For more information about SL Micro as a container host, see installation-and-upgrade:container-deployment/mlm/server-deployment-mlm.adoc#deploy-mlm-server-micro.

  2. On the container host, deploy Uyuni as the hub server using the third party certificate. Add --hubxmlrpc-replicas 1 to the mgradm install command line. For example:

    mgradm install podman --ssl-ca-root CA-Certificate.crt --ssl-server-cert hub.crt --ssl-server-key hub.key --hubxmlrpc-replicas 1

For more information about deploying with mgradm, see installation-and-upgrade:container-deployment/mlm/server-deployment-mlm.adoc#deploy-mlm-server-mgradm.

1.2. Peripheral Servers

Procedure: Installing peripheral servers using third party certificates

  1. Preliminary Requirement: A certificate for every peripheral server (for example, server.crt) and a key (for example, server.key).

  2. Preliminary Requirement: CA Certificate.

  3. Preliminary Requirement: Hub server installation. For more information, see Hub Server Installation.

    • On every peripheral server host, copy the same CA to /etc/pki/trust/anchors/ and run update-ca-certificates.

    • On every peripheral server host, install Uyuni using the following command (replace appropriately the names of the certificates):

      mgradm install podman --ssl-ca-root CA-Certificate.crt --ssl-server-cert server.crt --ssl-server-key server.key

2. With Self-Generated Certificates

2.1. Hub Server Installation

Procedure: Installing the hub server

  1. Install a container host with SL Micro. For more information about SL Micro as a container host, see installation-and-upgrade:container-deployment/mlm/server-deployment-mlm.adoc#deploy-mlm-server-micro.

  2. On the container host, deploy Uyuni as the hub server. Add --hubxmlrpc-replicas 1 to the mgradm install command line. For example:

    mgradm install podman MLM.example.com --hubxmlrpc-replicas 1

    For more information about deploying with mgradm, see installation-and-upgrade:container-deployment/mlm/server-deployment-mlm.adoc#deploy-mlm-server-mgradm.

2.2. Peripheral Servers

Procedure: Peripheral Servers with Self-Generated Certificates

  1. Preliminary Requirement: Hub server installation. For more information, see Hub Server Installation.

  2. On the container host of the hub server, enter the server container with:

    mgrctl term

  3. Inside the container, run rhn-ssl-tool for every pheripheral server:

    rhn-ssl-tool --gen-server --dir="/root/ssl-build" --set-country="COUNTRY" \
  --set-state="STATE" --set-city="CITY" --set-org="ORGANIZATION" \
  --set-org-unit="ORGANIZATION UNIT" --set-email="name@example.com" \
  --set-hostname=PERIPHAL --set-cname="example.com"

  4. For every peripheral server:

    • From the hub server container, copy /root/ssl-build/RHN-ORG-TRUSTED-SSL-CERT, /root/ssl-build/<hostname>/server.crt and /root/ssl-build/<hostname>/server.key to the peripheral server host.

    • On every peripheral server host, copy RHN-ORG-TRUSTED-SSL-CERT to /etc/pki/trust/anchors/, and run update-ca-certificates.

    • On every peripheral server host, deploy Uyuni with:

      mgradm install podman --ssl-ca-root RHN-ORG-TRUSTED-SSL-CERT --ssl-server-cert server.crt --ssl-server-key server.key

    • Finally, on every peripheral server host, register the peripheral server to the hub server:

      mgradm hub register --api-password <hub password> --api-server <hub fqdn> --api-user <hub admin>

3. Background Information

Checking the following hub configuration settings is optional.

On the container host, find environment variables in /etc/systemd/system/uyuni-hub-xmlrpc.service generated by mgradm. If needed, you can customize these variables with Environment=settings in a user created /etc/systemd/system/uyuni-hub-xmlrpc.service.d/local.conf systemd configuration file on the container host.

It will override settings in /etc/hub/hub.conf inside the server container. It is the same file for all containers.

  • HUB_API_URL: URL to the Hub Server XMLRPC API endpoint. Use the default value if you are installing hub-xmlrpc-api on the Hub Server. It is set automatically in the systemd unit file during the installation.

  • HUB_CONNECT_TIMEOUT: the maximum number of seconds to wait for a response when connecting to a Server. Use the default value in most cases.

  • HUB_REQUEST_TIMEOUT: the maximum number of seconds to wait for a response when calling a Server method. Use the default value in most cases.

  • HUB_CONNECT_USING_SSL: use HTTPS instead of HTTP for communicating with peripheral Servers. Recommended for a secure environment. It is always enabled.