Configuring Inter-Server Synchronization (ISS) in orcharhino
How to configure Inter-Server Synchronization
orcharhino uses Inter-Server Synchronization (ISS) to synchronize content between two orcharhino Servers including those that are air-gapped.
You can use ISS in cases such as:
-
If you want to copy some but not all content from your orcharhino Server to other orcharhino Servers. For example, you have content views that your IT department consumes from orcharhino Server, and you want to copy content from those content views to other orcharhino Servers.
-
If you want to copy all Library content from your orcharhino Server to other orcharhino Servers. For example, you have Products and repositories that your IT department consumes from orcharhino Server in the Library, and you want to copy all Products and repositories in that organization to other orcharhino Servers.
You cannot use ISS to synchronize content from orcharhino Server to orcharhino Proxy. orcharhino Proxy supports synchronization natively. For more information, see orcharhino Proxy Overview in Installing and Maintaining orcharhino. |
There are different ways of using ISS. The way you can use depends on your multi-server setup that can fall to one of the following scenarios.
ISS network sync in a disconnected scenario
In a disconnected scenario, there is the following setup:
-
The upstream orcharhino Server is connected to the Internet. This server consumes content from the Red Hat Content Delivery Network (CDN) or custom sources.
-
The downstream orcharhino Server is completely isolated from all external networks.
-
The downstream orcharhino Server can communicate with a connected upstream orcharhino Server over an internal network.
You can configure your downstream orcharhino Server to synchronize content from the upstream orcharhino Server over the network. See configuring server to synchronize content over a network.
ISS export sync in an air-gapped scenario
In an air-gapped scenario, there is the following setup:
-
The upstream orcharhino Server is connected to the Internet. This server consumes content from the Red Hat CDN or custom sources.
-
The downstream orcharhino Server is completely isolated from all external networks.
-
The downstream orcharhino Server does not have a network connection to a connected upstream orcharhino Server.
The only way for an air-gapped downstream orcharhino Server to receive content updates is by exporting payload from the upstream orcharhino Server, bringing it physically to the downstream orcharhino Server, and importing the payload. For more information, see Synchronizing Content Between orcharhino Servers in Managing Content.
Configure your downstream orcharhino Server to synchronize content using exports. See configuring server to sync content using exports.
Configuring orcharhino server to synchronize content using exports
If you deployed your downstream orcharhino Server as air-gapped, configure your orcharhino Server as such to avoid attempts to consume content from a network.
-
In the orcharhino management UI, navigate to Content > Subscriptions.
-
Click Manage Manifest.
-
Switch to the CDN Configuration tab.
-
Select the Export Sync tab.
-
Click Update.
-
Log in to your orcharhino Server using SSH.
-
Set CDN configuration to sync using exports:
# hammer organization configure-cdn --name="My_Organization" --type=export_sync
Configuring orcharhino Server to synchronize content over a network
Configure a downstream orcharhino Server to synchronize repositories from a connected upstream orcharhino Server over HTTPS.
-
A network connection exists between the upstream orcharhino Server and the downstream orcharhino Server.
-
You imported the subscription manifest on both the upstream and downstream orcharhino Server.
-
On the upstream orcharhino Server, you enabled the required repositories for the organization.
-
The upstream user is an admin or has the following permissions:
-
view_organizations
-
view_products
-
export_content
-
view_lifecycle_environments
-
view_content_views
-
-
On the downstream orcharhino Server, you have imported the SSL certificate of the upstream orcharhino Server using the contents of
http://upstream-orcharhino.example.com/pub/katello-server-ca.crt
. For more information, see Importing SSL Certificates in Managing Content. -
The downstream user is an admin or has the permissions to create product repositories and organizations.
-
Navigate to Content > Subscriptions.
-
Click Manage Manifest.
-
Navigate to the CDN Configuration tab.
-
Select the Network Sync tab.
-
In the URL field, enter the address of the upstream orcharhino Server.
-
In the Username, enter your username for upstream login.
-
In the Password, enter your password or personal access token for upstream login.
-
In the Organization label field, enter the label of the upstream organization.
-
Optional: In the Lifecycle Environment Label field, enter the label of the upstream lifecycle environment. Default is
Library
. -
Optional: In the Content view label field, enter the label of the upstream content view. Default is
Default_Organization_View
. -
From the SSL CA Content Credential menu, select a CA certificate used by the upstream orcharhino Server.
-
Click Update.
-
In the orcharhino management UI, navigate to Content > Products.
-
Select the product that contains the repositories that you want to synchronize.
-
From the Select Action menu, select Sync Now to synchronize all repositories within the product.
You can also create a synchronization plan to ensure updates on a regular basis. For more information, see Creating a Synchronization Plan in Managing Content.
-
Connect to your downstream orcharhino Server using SSH.
-
View information about the upstream CA certificate:
# hammer content-credential show \ --name="My_Upstream_CA_Cert" \ --organization="My_Downstream_Organization"
Note the ID of the CA certificate for the next step.
-
Set CDN configuration to an upstream orcharhino Server:
# hammer organization configure-cdn --name="My_Downstream_Organization" \ --type=network_sync \ --url https://upstream-orcharhino.example.com \ --username upstream_username --password upstream_password \ --ssl-ca-credential-id "My_Upstream_CA_Cert_ID" \ --upstream-organization-label="_My_Upstream_Organization" \ [--upstream-lifecycle-environment-label="My_Lifecycle_Environment"] \ [--upstream-content-view-label="My_Content_View"]
The default lifecycle environment label is
Library
. The default content view label isDefault_Organization_View
.
The text and illustrations on this page are licensed by ATIX AG under a Creative Commons Attribution Share Alike 4.0 International ("CC BY-SA 4.0") license. This page also contains text from the official Foreman documentation which uses the same license ("CC BY-SA 4.0"). |