Install containerized SUSE Manager Proxy

Table of Contents

1. Container host requirements
2. Install container services on the host system
3. Install SUSE Manager Proxy containers
- 3.1. Using a custom container image for a service
4. Allow network access for provided services on container host firewall

Only SUSE Linux Enterprise Server 15 SP5 or SLE Micro 5.5 and newer are supported to be used as container host for SUSE Manager Proxy containers.

1. Container host requirements

Table 1. Proxy Container host hardware requirements
Hardware	Details	Recommendation
CPU		Minimum 2 dedicated 64-bit CPU cores
RAM	Test Server	Minimum 2 GB
	Production Server	Minimum 8 GB
Disk Space		Minimum 100 GB

Table 2. Proxy Container host software requirements
Software	Details	Remark
Connection Method	Salt	Host must be configured as a Salt client

To ensure that domain name of the SUSE Manager Server can be resolved by the clients: * Both container proxy and client machines must be connected to a DNS server * Reverse lookup must work

2. Install container services on the host system

Container host to be used as a base for SUSE Manager Proxy containers needs to be first registered as a client to the SUSE Manager Server.

For more information about registering client to the SUSE Manager Server, see Client Registration.

Containers Module is required to be available for container host on a SUSE Linux Enterprise Server machine.

SUSE Manager Proxy containers are using podman and systemd to run and manage all proxy containers.

First step is to install the mgrpxy utility provided by the package of the same name.

The mgrpxy package is available in the SUSE Manager Proxy product repositories.

To install them run:

zypper in helm mgrpxy

Procedure: Installation of container utility tool mgrpxy for SUSE Manager Proxy

Assign Containers Module software channel to the container host in the SUSE Manager. For more information about assigning software channels to the system, see Channel Management.
Log in as root on the container host.
Manually install mgrpxy package:
```
zypper install mgrpxy
```

3. Install SUSE Manager Proxy containers

SUSE Manager Proxy containers require some volumes to be mounted for long term storage. Those volumes are automatically created by podman and can be listed using the podman volume ls command. By default, podman stores the files of the volumes in /var/lib/containers/storage/volumes. The volumes are named:

uyuni-proxy-squid-cache
uyuni-proxy-rhn-cache
uyuni-proxy-tftpboot

To override default volume settings, create the volumes prior to the first start of the pod using the podman volume create command.

By default, the uyuni-proxy-systemd-services package creates these three directories that can be used to mount external disks:

/var/lib/uyuni/proxy-rhn-cache
/var/lib/uyuni/proxy-squid-cache
/var/lib/uyuni/proxy-tftpboot

If /etc/fstab has these entries:

/dev/uyuni-proxy/rhn-cache    /var/lib/uyuni/proxy-rhn-cache    xfs 	defaults 0 0
/dev/uyuni-proxy/squid-cache  /var/lib/uyuni/proxy-squid-cache  xfs 	defaults 0 0
/dev/uyuni-proxy/tftpboot     /var/lib/uyuni/proxy-tftpboot     xfs 	defaults 0 0

Run these commands to create custom volumes:

podman volume create --driver local --opt device=/dev/mapper/uyuni--proxy-rhn--cache --opt type=xfs uyuni-proxy-rhn-cache
podman volume create --driver local --opt device=/dev/mapper/uyuni--proxy-squid--cache --opt type=xfs uyuni-proxy-squid-cache
podman volume create --driver local --opt device=/dev/mapper/uyuni--proxy-tftpboot --opt type=xfs uyuni-proxy-tftpboot

To install the systemd service starting the SUSE Manager proxy, run the mgrpxy install podman /path/to/config.tar.gz command.

It is possible to add custom arguments passed to podman container pod with the one or more --podman-arg parameters to the install command.

It is possible to modify the tag to use for container images with the --tag=latest parameter to the install command.

Changing the containers images and version parameters is dangerous and can cause a non-functional system.

3.1. Using a custom container image for a service

By default, the SUSE Manager Proxy suite is set to use the same image version and registry path for each of its services. However, it is possible to override the default values for a specific service using the install parameters ending with -tag and -image.

For example, use it like this:

mgrpxy install podman --httpd-tag 0.1.0 --httpd-image registry.opensuse.org/uyuni/proxy-httpd /path/to/config.tar.gz

It adjusts the configuration file for the httpd service, where registry.opensuse.org/uyuni/proxy-httpds is the image to use and 0.1.0 is the version tag, before restarting it.

To reset the values to defaults, run the install command again without those parameters:

mgrpxy install podman /path/to/config.tar.gz

This command first resets the configuration of all services to the global defaults and then reloads it.

4. Allow network access for provided services on container host firewall

SUSE Manager Proxy containers work as so called node-port service. This means proxy container pod shares container host network TCP and UDP port space. For this reason container host firewall must be configured to accept incoming traffic on ports used by SUSE Manager Proxy containers. Those ports are:

69/UDP - TFTP
80/TCP - HTTP
443/TCP - HTTPS
4505/TCP - Salt
4506/TCP - Salt
8022/TCP - SSH

Continue with setting up the installed SUSE Manager Proxy as a containers at Containerized SUSE Manager Proxy Setup.