Legacy Proxy Migration to Container

The containerized proxy now is managed by a set of systemd services. For managing the containerized proxy, use the mgrpxy tool.

This section will help you migrate from the legacy systemd proxy using the mgrpxy tool.

An in-place migration from previous releases of SUSE Multi-Linux Manager to 5.1 will remain unsupported due to the HostOS change from openSUSE Leap to openSUSE Leap Micro.

The traditional contact protocol is no longer supported in SUSE Multi-Linux Manager 5.1 and later. Before migrating from previous SUSE Multi-Linux Manager releases to 5.1, any existing traditional clients including the traditional proxies must be migrated to Salt.

1. Migrate From Legacy to Containerized Proxy With Systemd

1.1. Generate Proxy Configuration

Procedure: Generate the Proxy Configuration

  1. Log in to the SUSE Multi-Linux Manager Server Web UI.

  2. Select Systems  Proxy Configuration from the left navigation.

  3. Enter your Proxy FQDN. Use the same FQDN as the original proxy host.

  4. Enter your Server FQDN.

  5. Enter the Proxy port number. We recommend using the default port of 8022.

  6. Certificate and private key are located on the Server container host in /var/lib/containers/storage/volumes/root/_data/ssl-build/.

    • RHN-ORG-TRUSTED-SSL-CERT

    • RHN-ORG-PRIVATE-SSL-KEY

  7. Copy the certificate and key to your machine with:

    scp root@uyuni-server-example.com:/root/ssl-build/RHN-ORG-PRIVATE-SSL-KEY .
scp root@uyuni-server-example.com:/root/ssl-build/RHN-ORG-TRUSTED-SSL-CERT .

  8. Select Choose File and browse your local machine for the certificate.

  9. Select Choose File and brose your local machine for the private key.

  10. Enter the CA password.

  11. Click Generate.

1.2. Transfer Proxy Configuration to New Host

Procedure: Transfering the Proxy Configuration

  1. From the Server transfer the generated tar.gz file containing the proxy configuration to the new Proxy host:

    scp config.tar.gz <uyuni-proxy-FQDN>:/root/

  2. Disable the legacy proxy prior to executing the next step:

    spacewalk-proxy stop

  3. Deploy the new Proxy with:

    systemctl start uyuni-proxy-pod

  4. Enable the new Proxy with:

    systemctl enable --now uyuni-proxy-pod

  5. Run podman ps to verify all the containers are present and running:

    proxy-salt-broker
proxy-httpd
proxy-tftpd
proxy-squid
proxy-ssh

2. Migrate SUSE Multi-Linux Manager Proxy to SUSE Multi-Linux Manager 5.1 Containerized Proxy

Procedure: Migrate SUSE Multi-Linux Manager Containerized Proxy to SUSE Multi-Linux Manager 5.1 New Containerized Proxy

  1. Boot your new machine and begin installation of openSUSE Leap Micro 6.1.

  2. Complete the installation.

  3. Update the system:

    transactional-update --continue

  4. Install mgrpxy and optionally, mgrpxy-bash-completion:

    transactional-update pkg install mgrpxy mgrpxy-bash-completion

  5. Reboot.

  6. Copy your tar.gz proxy configuration to the host.

3. Install Packages Using the Web UI

The mgrpxy and mgrpxy-bash-completion packages can also be installed via the web UI after the minion has been bootstrapped and registered with the Server.

Procedure: Installing Packages Using the Web UI

  1. After installation, ensure that the SLE Micro 6.1 parent channel and Proxy child channels are added and synchronized from the Admin  Setup Wizard → Products page.

  2. In the Web UI, go to Systems  Activation Keys and create an activation key linked for the synchronized SLE Micro 6.1 channel.

  3. Bootstrap your system as a minion using the Systems  Bootstrapping page.

  4. Once the new machine is onboarded and displayed in the systems list, select the system and navigate to the System Details  Install Package page.

  5. Install the packages mgrpxy and mgrpxy-bash-completion.

  6. Reboot the system.

4. Generate Proxy Config With spacecmd and Self-Signed Certificate

You can generate a Proxy configuration using spacecmd.

Procedure: Generate Proxy Config With spacecmd and Self-Signed Certificate

  1. SSH into your container host.

  2. Execute the following command replacing the Server and Proxy FQDN:

    mgrctl exec -ti 'spacecmd proxy_container_config_generate_cert -- dev-pxy.example.com dev-srv.example.com 2048 email@example.com -o /tmp/config.tar.gz'

  3. Copy the generated config to the Proxy:

    mgrctl cp server:/tmp/config.tar.gz .

  4. Deploy the Proxy with:

    mgrpxy install podman config.tar.gz

5. Generate Proxy Config With spacecmd and Custom Certificate

You can generate Proxy configuration using spacecmd for a custom certificates rather than default self-signed certificates.

2 GB represents the default proxy squid cache size. This will need to be adjusted for your environment.
Procedure: Generate Proxy Config With spacecmd and Custom Certificate

  1. SSH into your Server container host.

  2. Execute the following command replacing the Server and Proxy FQDN:

    for f in ca.crt proxy.crt proxy.key; do
  mgrctl cp $f server:/tmp/$f
done
mgrctl exec -ti 'spacecmd proxy_container_config -- -p 8022 pxy.example.com srv.example.com 2048 email@example.com /tmp/ca.crt /tmp/proxy.crt /tmp/proxy.key -o /tmp/config.tar.gz'

  3. Copy the generated config to the Proxy:

    mgrctl cp server:/tmp/config.tar.gz .

  4. Deploy the Proxy with:

    mgrpxy install podman config.tar.gz