Hub Online Synchronization
1. Introduction
Hub online synchronization reuses the existing repository synchronization and synchronizes channels in the peripheral servers from the repositories on the hub server.
When the connection between hub and peripheral server is established, the hub server becomes the main source of data for the peripheral server. In case of vendor channels, hub server is effectively replacing SUSE Customer Center. In case of custom channels, when they are synchronized, the peripheral server will fetch the packages from the hub and not from the original location of the custom channel defined on the hub.
The main characteristics of this feature are:
-
There can only be one hub server per connection, with one or more peripheral servers.
-
Each peripheral server can only have one hub server.
-
Content can be synchronized on regular basis, or on demand.
2. Registration of the hub and peripheral servers
Hub online synchronization is configured from menu
.Configuration process uses token which uniquely identifies peripheral server’s connection to the hub.
There are two ways to register a peripheral server to the hub server:
-
by using a combination of token creation on the peripheral, and subsequent registration on the hub server. This method uses Procedure: Generating token on the peripheral server and Procedure: Registering to the hub server with the token.
-
by direct registration from the hub, without any user interactions with the peripheral server. This method is described in Procedure: Direct registering from the hub server.
In any case, if the peripheral host should be managed by the hub, you must first bootstrap the host as a minion to the hub before proceeding with the registration of the peripheral server. If the bootstrapping happens later, two systems are shown in the systems list.
2.1. Registration from peripheral server by token generation
Before being registered to the hub server, a token needs to be generated on the peripheral server and passed to the administrator of the hub server.
-
On the peripheral server, go to
. -
Click button Add token and select option
Issue new token
. -
In the field
Server FQDN
on the form that opens type the FQDN of the hub server that will be using this token. -
Click Issue.
-
A new form with the successfully generated token appears and button Copy.
The only time token is displayed is at the time of its creation. Save it in a safe place until it is later needed.
-
Once generated, the token appears on the screen
Access Tokens
.
The generated token needs to be transferred to the hub server before it can be used.
-
On the hub server, go to
. -
Click button Add peripheral. A new form
Register a new peripheral server
opens. -
In the field
Peripheral Server FQDN
enter the name of the peripheral server. -
In the field
Registration mode
select optionExisting token
. -
In the field
Token
paste the token that was created on the peripheral server. -
In the field
Root CA certificate
specify the certificate using one of the options:-
Use option
Not needed
if both hub and peripheral servers have the same certificate authority. -
Use option
Upload a file
if the servers have different certificate authorities to upload a certificate file. -
Use option
Paste a PEM certificate
to paste a certificate.
-
-
Click button Register. A newly registered peripheral server will appear on screen
Peripherals Configuration
.
2.2. Registration from the hub server directly
It is possible to initiate the registration of a peripheral server from hub server, without any interaction with the peripheral server.
-
On the hub server, go to
. -
Click button Add peripheral. A new form
Register a new peripheral server
opens. -
In the field
Peripheral Server FQDN
enter the name of the peripheral server. -
In the field
Registration mode
select optionAdministrator User/Password
. -
In the fields
Username
andPassword
enter the credentials for the peripheral server.The credentials must be those of
SUSE Manager Administrator
of the peripheral server. -
In the field
Root CA certificate
specify the certificate using one of the options:-
Use option
Not needed
if both hub and peripheral servers have the same certificate authority. -
Use option
Upload a file
if the servers have different certificate authorities to upload a certificate file. -
Use option
Paste a PEM certificate
in cases when PEM certificate is used.
-
-
Click button Register.
-
The newly registered peripheral server will be shown in the
with the valueForeign
in the columnSystem Type
. -
To access its details, click on the peripheral server’s name and select tab
.
Peripheral server uses hub to access the vendor channels and does not connect to the SUSE Customer Center directly. Therefore, if you open configured peripheral server’s page
, or , you will see a notification that this is peripheral server and its connections are managed via hub.2.3. Access tokens
All existing tokens are shown in
.A token can viewed as Consumed
and Issued
, both from the perspective of the peripheral and the hub server.
-
From the perspective of the peripheral server:
- Consumed
-
The
Consumed
token is generated on the peripheral server and received by the hub server to be used. - Issued
-
The
Issued
token is issued by the hub server to be used by the peripheral server.
-
From the perspective of the hub server:
- Consumed
-
The
Consumed
token is generated on the hub server and received by the peripheral server to be used. - Issued
-
The
Issued
token is issued by the peripheral server to be used by the hub server.
2.3.1. Token operations
A token can be invalidated, or deleted.
Be careful when using option Invalidate as it no longer grants access to the other server. This operation ensures that no communication will happen until a new token is generated if the existing one is compromised, or until the current token is reactivated. Invalidated token can be made valid again at any time.
It is possible to delete a token. Deleting is only possible when the server associated with the token is not registered as hub or peripheral. This operation cannot be undone.
2.4. Access hub server details from the peripheral server
Every peripheral server stores the information about its hub server.
A peripheral server can only have one hub server configured. |
-
On the peripheral server, go to
. -
On the screen
Hub Details
find the information about the hub server.-
Field
Server FQDN
shows the hub server’s FQDN. -
Field
Registration date
shows the time when the peripheral server was registered to the hub server. -
Field
Last modified
shows the time of the last saved configuration change. -
Field
Root Certificate Authority
shows certificate details. To download, edit or delete the root certificate, clicking Download, Edit or Delete respectively. Deleting the certificate will break the connection between servers. -
Field
GPG Public Key
shows whether the GPG key has been configured for the hub server. For more information about GPG keys between hub and peripheral servers, see GPG key usage with hub online synhronization. -
Field
Mirror credentials
is the username the peripheral server uses when connecting to the hub server to synchronize vendor channels. This username is generated automatically on the hub server, and then transmitted to the peripheral server during the registration phase.
-
2.4.1. GPG key usage with hub online synhronization
When the metadata on the hub server are signed with a GPG key, the public key is automatically transmitted from hub to peripheral server.
By default, SUSE Multi-Linux Manager is not signing metadata. Therefore, when the peripheral server is downloading data from the hub server there is no way of checking if the downloaded metadata have a valid signature, unless the customer has created their own GPG key.
To enable checking of the data integrity, the GPG key needs to be created on the hub. When the peripheral server is configured to communicate with the hub, the public GPG key will then automatically be transferred to it.
When the GPG key is created on the hub, field GPG Public Key
will be set to show that this server is using the GPG key.
For more information about setting up own GPG key, see Repository Metadata.
2.5. Deregister peripheral server
Deregistration can happen from both sides, from the hub or from the peripheral server.
-
Go to
. -
Click Deregister.
-
Confirm the operation by clicking Deregister on the pop-up window.
-
Page
is now empty.
-
Go to
. -
Find the perpheral server on the list.
-
Click Deregister next to the peripheral server’s name.
-
The peripheral server is no longer shown on the list.
3. Synchronize channels from hub to peripheral server
Synchronizing vendor channels for the configured hub and server is done via dedicated user interface.
-
Go to
. -
In the field
Synchronized channels
click on Edit channels. -
Page
Sync Channels from Hub to Peripheral
opens. -
Select the channels you want to synchronize.
-
For custom channels also select the target organization on the peripheral from the dropdown.
The drop-down list exists only for custom channels which do not yet exist on the peripheral server. If the channel exists, the organization stays unchanged.
-
Click Apply Changes to view the summary of your changes.
-
A pop-up window with the summary of your selections will open.
-
Click Confirm to confirm the selection.
Following the confirmation, the channels will be created on the peripheral server and everything will be set up to mirror the channels during the next regular repository synchronization task.
The repository synchronization can be initated from the peripheral server.
-
Go to
. -
Click Sync Channels.
-
Confirm the operation by clicking Schedule on the pop-up window.
The full channel synchronization will start in the background.