Install Rudder relay on RHEL or derivatives

Relay servers won’t work if you don’t have a valid scale-out-relay plugin installed.

If you install a relay without that plugin, policy generation will fail, preventing new policies to be applied to your Nodes.

More information about plugins in the dedicated section

Installation

Each official package is signed with our GPG signature. To ensure the packages you will install are official builds and have not been altered, import our key into rpm using the following command:

rpm --import https://repository.rudder.io/rudder_release_key.pub

Our key fingerprint is:

pub   rsa4096 2011-12-15 [SC]
      7C1698177904212DD58CB4D19322C330474A19E8
uid                      Rudder Project (release key) <security@rudder-project.org>

Add a yum repository for Rudder (replace VERSION with RHEL version):

Be careful, especially if you upgrade, the gpgkey URL below has changed since Rudder 8.3

 
echo '[Rudder_8.2]
name=Rudder 8.2
baseurl=http://repository.rudder.io/rpm/8.2/RHEL_<VERSION>/
gpgcheck=1
gpgkey=https://repository.rudder.io/rudder_release_key.pub' > /etc/yum.repos.d/rudder.repo

If you have an active subscription, use the following to get access to long term support (you need to replace the VERSION, username and the password by your Rudder account):

echo '[Rudder_8.2]
name=Rudder 8.2
username=LOGIN
password=PASSWORD
baseurl=http://download.rudder.io/rpm/8.2/RHEL_<VERSION>/
gpgcheck=1
gpgkey=https://download.rudder.io/rudder_release_key.pub' > /etc/yum.repos.d/rudder.repo

Or for RHEL/CentOS < 7 (replace VERSION with RHEL version):

echo '[Rudder_8.2]
name=Rudder 8.2
baseurl=https://LOGIN:PASSWORD@download.rudder.io/rpm/8.2/RHEL_<VERSION>/
gpgcheck=1
gpgkey=https://LOGIN:PASSWORD@download.rudder.io/rudder_release_key.pub' > /etc/yum.repos.d/rudder.repo

Install the package:

yum install rudder-relay

To complete this step, please make sure that your node is configured successfully and appears in your Rudder web interface.

On Rudder server

You have to tell the Rudder server that a node will be a relay. To do so, launch the rudder-node-to-relay script on the server, supplying the UUID of the host to be considered as a relay. You can find the UUID of your node with the rudder agent info command.

rudder server node-to-relay <aaaaaaaa-bbbb-cccc-dddd-eeeeeeee>

Validation

When every step has completed successfully:

  • The Rudder server will recognize the new node as a relay

  • It will generate specific policies for the relay

  • The relay will update and switch to its new role

You may have to run rudder agent run command on the relay, before adding new nodes under this relay.

This is an example of node details pane showing a Rudder relay. Note the "Role: Rudder relay" part that shows that the machine has successfully changed from a node to a relay.

Relay
Figure 1. Rudder relay node

Adding nodes to a relay

When you have at least one relay, you will likely want to add nodes on it.

You then have two possible cases:

  • You want to switch an already existing node to the relay

  • You want to add a new one

The procedure on both cases is the same, you have to:

  • Update the policy server with the IP address or the fully qualified domain name of the relay (instead of Rudder server) and reset pinned public key

rudder agent policy-server <rudder relay ip or hostname>
rudder agent server-keys-reset

  • Trigger an inventory immediately to make sure the node is registered correctly

rudder agent inventory

After those steps, the node should be registered correctly on your Rudder infrastructure.


← on Debian/Ubuntu on SLES →