Hub Online Synchronization

1. Introduction

Hub online synchronization reuses the existing repository synchronization and synchronizes channels in the peripheral servers from the repositories on the hub server.

When the connection between hub and peripheral server is established, the hub server becomes the main source of data for the peripheral server. In case of vendor channels, hub server is effectively replacing SUSE Customer Center. In case of custom channels, when they are synchronized, the peripheral server will fetch the packages from the hub and not from the original location of the custom channel defined on the hub.

The main characteristics of this feature are:

  • There can only be one hub server per connection, with one or more peripheral servers.

  • Each peripheral server can only have one hub server.

  • Content can be synchronized on regular basis, or on demand.

2. Registration of the hub and peripheral servers

Hub online synchronization is configured from menu Admin  Hub Configuration.

Configuration process uses token which uniquely identifies peripheral server’s connection to the hub.

There are two ways to register a peripheral server to the hub server:

  1. by using a combination of token creation on the peripheral, and subsequent registration on the hub server. This method uses Procedure: Generating token on the peripheral server and Procedure: Registering to the hub server with the token.

  2. by direct registration from the hub, without any user interactions with the peripheral server. This method is described in Procedure: Direct registering from the hub server.

    In any case, if the peripheral host should be managed by the hub, you must first bootstrap the host as a minion to the hub before proceeding with the registration of the peripheral server. If the bootstrapping happens later, two systems are shown in the systems list.

2.1. Registration from peripheral server by token generation

Before being registered to the hub server, a token needs to be generated on the peripheral server and passed to the administrator of the hub server.

Procedure: Generating token on the peripheral server

  1. On the peripheral server, go to Admin  Hub Configuration  Access Tokens.

  2. Click button Add token and select option Issue new token.

  3. In the field Server FQDN on the form that opens type the FQDN of the hub server that will be using this token.

  4. Click Issue.

  5. A new form with the successfully generated token appears and button Copy.

    The only time token is displayed is at the time of its creation. Save it in a safe place until it is later needed.

  6. Once generated, the token appears on the screen Access Tokens.

The generated token needs to be transferred to the hub server before it can be used.

Procedure: Registering to the hub server with the token

  1. On the hub server, go to Hub Configuration  Peripherals Configuration.

  2. Click button Add peripheral. A new form Register a new peripheral server opens.

  3. In the field Peripheral Server FQDN enter the name of the peripheral server.

  4. In the field Registration mode select option Existing token.

  5. In the field Token paste the token that was created on the peripheral server.

  6. In the field Root CA certificate specify the certificate using one of the options:

    • Use option Not needed if both hub and peripheral servers have the same certificate authority.

    • Use option Upload a file if the servers have different certificate authorities to upload a certificate file.

    • Use option Paste a PEM certificate to paste a certificate.

  7. Click button Register. A newly registered peripheral server will appear on screen Peripherals Configuration.

2.2. Registration from the hub server directly

It is possible to initiate the registration of a peripheral server from hub server, without any interaction with the peripheral server.

Procedure: Direct registering from the hub server

  1. On the hub server, go to Hub Configuration  Peripherals Configuration.

  2. Click button Add peripheral. A new form Register a new peripheral server opens.

  3. In the field Peripheral Server FQDN enter the name of the peripheral server.

  4. In the field Registration mode select option Administrator User/Password.

  5. In the fields Username and Password enter the credentials for the peripheral server.

    The credentials must be those of SUSE Manager Administrator of the peripheral server.

  6. In the field Root CA certificate specify the certificate using one of the options:

    • Use option Not needed if both hub and peripheral servers have the same certificate authority.

    • Use option Upload a file if the servers have different certificate authorities to upload a certificate file.

    • Use option Paste a PEM certificate in cases when PEM certificate is used.

  7. Click button Register.

  8. The newly registered peripheral server will be shown in the Systems  System List with the value Foreign in the column System Type.

  9. To access its details, click on the peripheral server’s name and select tab Details  Peripheral Server.

Peripheral server uses hub to access the vendor channels and does not connect to the SUSE Customer Center directly. Therefore, if you open configured peripheral server’s page Admin  Setup Wizard  Organization Credentials, Admin  Setup Wizard  Products or Admin  Setup Wizard  PAYG Connections, you will see a notification that this is peripheral server and its connections are managed via hub.

2.3. Access tokens

All existing tokens are shown in Hub Configuration  Access Tokens.

A token can viewed as Consumed and Issued, both from the perspective of the peripheral and the hub server.

  • From the perspective of the peripheral server:

    Consumed

    The Consumedtoken is generated on the peripheral server and received by the hub server to be used.

    Issued

    The Issued token is issued by the hub server to be used by the peripheral server.

  • From the perspective of the hub server:

    Consumed

    The Consumedtoken is generated on the hub server and received by the peripheral server to be used.

    Issued

    The Issued token is issued by the peripheral server to be used by the hub server.

2.3.1. Token operations

A token can be invalidated, or deleted.

Be careful when using option Invalidate as it no longer grants access to the other server. This operation ensures that no communication will happen until a new token is generated if the existing one is compromised, or until the current token is reactivated. Invalidated token can be made valid again at any time.

It is possible to delete a token. Deleting is only possible when the server associated with the token is not registered as hub or peripheral. This operation cannot be undone.

2.4. Access hub server details from the peripheral server

Every peripheral server stores the information about its hub server.

A peripheral server can only have one hub server configured.
Procedure: Accessing hub server details

  1. On the peripheral server, go to Hub Configuration  Hub Details.

  2. On the screen Hub Details find the information about the hub server.

    1. Field Server FQDN shows the hub server’s FQDN.

    2. Field Registration date shows the time when the peripheral server was registered to the hub server.

    3. Field Last modified shows the time of the last saved configuration change.

    4. Field Root Certificate Authority shows certificate details. To download, edit or delete the root certificate, clicking Download, Edit or Delete respectively. Deleting the certificate will break the connection between servers.

    5. Field GPG Public Key shows whether the GPG key has been configured for the hub server. For more information about GPG keys between hub and peripheral servers, see GPG key usage with hub online synhronization.

    6. Field Mirror credentials is the username the peripheral server uses when connecting to the hub server to synchronize vendor channels. This username is generated automatically on the hub server, and then transmitted to the peripheral server during the registration phase.

2.4.1. GPG key usage with hub online synhronization

When the metadata on the hub server are signed with a GPG key, the public key is automatically transmitted from hub to peripheral server.

By default, SUSE Multi-Linux Manager is not signing metadata. Therefore, when the peripheral server is downloading data from the hub server there is no way of checking if the downloaded metadata have a valid signature, unless the customer has created their own GPG key.

To enable checking of the data integrity, the GPG key needs to be created on the hub. When the peripheral server is configured to communicate with the hub, the public GPG key will then automatically be transferred to it.

When the GPG key is created on the hub, field GPG Public Key will be set to show that this server is using the GPG key. For more information about setting up own GPG key, see Repository Metadata.

2.5. Deregister peripheral server

Deregistration can happen from both sides, from the hub or from the peripheral server.

Procedure: Deregistering from the peripheral server

  1. Go to Hub Configuration  Hub Details.

  2. Click Deregister.

  3. Confirm the operation by clicking Deregister on the pop-up window.

  4. Page Hub Configuration  Hub Details is now empty.

Procedure: Deregistering from the hub server

  1. Go to Hub Configuration  Peripheral Configuration.

  2. Find the perpheral server on the list.

  3. Click Deregister next to the peripheral server’s name.

  4. The peripheral server is no longer shown on the list.

3. Synchronize channels from hub to peripheral server

Synchronizing vendor channels for the configured hub and server is done via dedicated user interface.

Procedure: Synchronizing channels from hub to peripheral server

  1. Go to Admin  Hub Configuration  Peripherals Configuration.

  2. In the field Synchronized channels click on Edit channels.

  3. Page Sync Channels from Hub to Peripheral opens.

  4. Select the channels you want to synchronize.

  5. For custom channels also select the target organization on the peripheral from the dropdown.

    The drop-down list exists only for custom channels which do not yet exist on the peripheral server. If the channel exists, the organization stays unchanged.

  6. Click Apply Changes to view the summary of your changes.

  7. A pop-up window with the summary of your selections will open.

  8. Click Confirm to confirm the selection.

Following the confirmation, the channels will be created on the peripheral server and everything will be set up to mirror the channels during the next regular repository synchronization task.

The repository synchronization can be initated from the peripheral server.

Procedure: Initiating repository synchronization from the peripheral server

  1. Go to Admin  Hub Configuration  Hub Details.

  2. Click Sync Channels.

  3. Confirm the operation by clicking Schedule on the pop-up window.

The full channel synchronization will start in the background.

OSZAR »