Hub Requirements

Table of Contents

1. Hub Server
- 1.1. SSL Certificates
- 1.2. Generate the Certificates for Peripheral Servers
2. Peripheral Servers

To set up a Hub installation, you require:

One central Uyuni Server, which acts as the Hub Server.
One or more additional Uyuni Servers, registered to the Hub. This document refers to these additional servers as peripheral servers.
Any number of clients registered to the peripheral servers.
Ensure the Hub Server and all peripheral servers are running Uyuni 5.0 or higher.

1. Hub Server

Deploy the central Uyuni Server, which acts as the Hub Server, with the mgradm command. Add --hubxmlrpc-replicas 1 to the mgradm install command line. For example:

mgradm install podman suma.example.com --hubxmlrpc-replicas 1

For more information about hub server deployment, see Hub Deployment with XMLRPC.

The Hub Server must not have clients registered to it. Clients should only be registered to the Peripheral Servers.

1.1. SSL Certificates

The Hub Server’s and the Peripheral Servers' SSL certificates must be signed by the same CA. There are two ways to fulfill this requirement:

Use third party certificates.
Deploy the Hub Server first and use it to generate the certificates for the Peripheral Servers. For more information, see Generate the Certificates for Peripheral Servers.

1.2. Generate the Certificates for Peripheral Servers

If you will use third party provided Certificates, you can skip this procedure.

Procedure: Generating the Certificates for Peripheral Servers

From the container host, enter the shell in the Hub Server container with:
```
mgrctl term
```

On the command line, run rhn-ssl-tool for each Peripheral Server (replace placeholders such as COUNTRY, STATE, example.com, etc. with values from your environment):

rhn-ssl-tool --gen-server --dir="/root/ssl-build" --set-country="COUNTRY" \
  --set-state="STATE" --set-city="CITY" --set-org="ORGANIZATION" \
  --set-org-unit="ORGANIZATION UNIT" --set-email="name@example.com" \
  --set-hostname="HOSTNAME" --set-cname="example.com"

Copy these files to the Peripheral Server host:
- /root/ssl-build/RHN-ORG-TRUSTED-SSL-CERT
- /root/ssl-build/HOSTNAME/server.crt
- /root/ssl-build/HOSTNAME/server.key

2. Peripheral Servers

Deploy the peripheral servers with mgradm. For more information about deploying with mgradm, see Uyuni 2024.12 Server Deployment on SLE Micro.

Procedure:Deploying and Registering Peripheral Servers

Prepare Peripheral Server hosts.
On each Peripheral Server host:
- Copy RHN-ORG-TRUSTED-SSL-CERT to /etc/pki/trust/anchors/ and run update-ca-certificates.
- Deploy the Peripheral Server with:
  mgradm install podman --ssl-ca-root RHN-ORG-TRUSTED-SSL-CERT \ --ssl-server-cert server.crt --ssl-server-key server.key
On each Peripheral Server host register Peripheral Server to the Hub Server:
```
mgradm hub register --api-server <HUB_FQDN> --api-user <HUB_ADMIN> \
  --api-password <HUB_ADMIN_PASSWORD>
```
Peripheral Servers must be registered to the Hub Server as foreign clients. Standard registration methods cannot be used.

Peripheral Servers must be registered to the Hub Server directly, do not use a proxy.

Optionally, it is possible to register the podman container host as a standard client (Salt minion) and manage it from Uyuni Server.

Now the XMLRPC API is available and reportdb synchronization will take place.