Documentation survey

将 SUSE Multi-Linux Manager 服务器迁移到容器化环境

1. 要求和注意事项

1.1. 常规

  • To migrate a SUSE Multi-Linux Manager 4.3 Server to a container, you require a new machine with SL Micro 6.1 or SUSE Linux Enterprise Server 15 SP7 and mgradm installed.

  • An in-place migration from SUSE Multi-Linux Manager 4.3 to 5.1 is not supported, regardless of whether the chosen host operating system is SL Micro 6.1 or SUSE Linux Enterprise Server 15 SP7.

Before migrating from SUSE Multi-Linux Manager 4.3 to 5.1, any existing traditional clients including the traditional proxies must be migrated to Salt. For more information about migrating traditional SUSE Multi-Linux Manager 4.3 clients to Salt clients, see https://documentation.suse.com/suma/4.3/en/suse-manager/client-configuration/contact-methods-migrate-traditional.html.

  • SUSE Multi-Linux Manager 5.0 及更高版本不再支持传统联系协议。

This guide only covers the migration from SUSE Multi-Linux Manager 4.3 to 5.1. Migrating an existing SUSE Multi-Linux Manager 5.1 instance to the same version while switching the host operating system from SL Micro 6.1 to SUSE Linux Enterprise Server 15 SP7, or vice versa, is not handled by the mgradm migrate command.

1.2. 主机名

  • 当前的迁移过程不包含重命名主机名的功能。因此,新服务器的完全限定域名 (FQDN) 将与旧服务器的一样。

  • IP 地址必须保持不变,以确保客户端可以连接到服务器。

    迁移之后,需要手动更新 DHCP 和 DNS 记录以指向新的服务器。

1.3. GPG 密钥

  • 自信任 GPG 密钥不会被迁移。

  • 仅在 RPM 数据库中可信的 GPG 密钥不会迁移。因此,使用 spacewalk-repo-sync 同步通道可能会失败。

  • 在完成服务器的实际迁移后,管理员必须手动将这些密钥从所安装的 4.3 系统迁移到容器主机。

    过程:将 4.3 GPG 密钥手动迁移到新服务器

    1. 将 4.3 服务器中的密钥复制到新服务器的容器主机。

    2. 稍后,使用命令 mgradm gpg add <PATH_TO_KEY_FILE> 将每个密钥添加到迁移的服务器。

2. 迁移

2.1. Prepare SUSE Multi-Linux Manager 5.1 Server Host

Do not pre-install SUSE Multi-Linux Manager on the prepared SL Micro 6.1 or SUSE Linux Enterprise Server 15 SP7 system.

The migration process is designed to perform the server installation automatically. Running mgradm install and then mgradm migrate is not supported and will lead to an unsupported system state.

In the following steps, we are only preparing the host system, not installing the actual SUSE Multi-Linux Manager 5.1 Server.

2.1.1. Prepare SL Micro 6.1 Host

2.1.1.1. Download the installation media
过程:下载安装媒体

  1. Locate the SL Micro 6.1 installation media at https://www.suse.com/download/sle-micro/, and download the appropriate media file.

  2. 将下载下来的 .iso 映像放入一个 DVD 或 USB 闪存盘以进行安装。

2.1.1.2. Install SL Micro 6.1

For more information about preparing your machines (virtual or physical), see the SL Micro Deployment Guide.

Procedure: Installing SL Micro 6.1

  1. Insert the DVD or USB flash drive (USB disk or key) containing the installation image for SLE Micro 6.1.

  2. 引导或重引导您的系统。

  3. 使用箭头键选择安装

  4. Adjust Keyboard and language.

  5. 单击复选框接受许可协议。

  6. 单击下一步继续。

  7. 选择注册方法。在本示例中,我们将在 SUSE Customer Center 中注册服务器。

    SUSE Multi-Linux Manager 5.1 容器会安装为扩展。根据以下列出的所需特定扩展,您还需要有各个扩展的 SUSE Customer Center 注册代码。

    • SUSE Multi-Linux Manager 5.1 服务器

    • SUSE Multi-Linux Manager 5.1 代理

    • SUSE Multi-Linux Manager 5.1 Retail Branch Server

    The SL Micro 6.1 entitlement is included within the SUSE Multi-Linux Manager entitlement, so it does not require a separate registration code.

  8. 输入您的 SUSE Customer Center 电子邮件地址。

  9. Enter your registration code for SL Micro 6.1.

  10. 单击下一步继续。

  11. To install a proxy, select the SUSE Multi-Linux Manager 5.1 Proxy extension; to install a server, select the SUSE Multi-Linux Manager 5.1 Server extension Checkbox.

  12. 单击下一步继续。

  13. Enter your SUSE Multi-Linux Manager 5.1 extension registration code.

  14. 单击 下一步 继续。

  15. NTP 配置页面上,单击 下一步

  16. 系统身份验证页面上,输入 root 用户的口令。单击 下一步

  17. 安装设置页面上单击 安装

This concludes installation of SL Micro 6.1 and SUSE Multi-Linux Manager 5.1 as an extension.

2.1.1.3. OPTIONAL: Registration from the command line

If you added SUSE Multi-Linux Manager 5.1 as an extension during SL Micro 6.1 installation then you can skip this procedure. However, optionally you may skip registration during SL Micro 6.1 installation by selecting the Skip Registration button. This section provides steps on registering your products after SL Micro 6.1 installation.

The following steps register a SUSE Multi-Linux Manager 5.1 extension with the x86-64 architecture and thus require a registration code for the x86-64 architecture. To register ARM or s390x architectures use the correct registration code.
Procedure: Registering from the Command Line

  1. List available extensions with the following command:

    transactional-update --quiet register --list-extensions

  2. From the list of available extensions, select the one you wish to install:

    1. If installing the Server, use your SUSE Multi-Linux Manager Server Extension 5.1 x86_64 registration code with following command:

      transactional-update register -p Multi-Linux-Manager-Server/5.1/x86_64 -r <reg_code>

    2. If installing the Proxy, use your SUSE Multi-Linux Manager Proxy Extension 5.1 x86_64 registration code with following command:

      transactional-update register -p Multi-Linux-Manager-Proxy/5.1/x86_64 -r <reg_code>

  3. 重引导。

2.1.1.4. 更新系统
过程:更新系统

  1. root 身份登录。

  2. 运行 transactional-update

    transactional-update

  3. 重引导。

SL Micro is designed to update itself automatically by default and will reboot after applying updates. However, this behavior is not desirable for the SUSE Multi-Linux Manager environment. To prevent automatic updates on your server, SUSE Multi-Linux Manager disables the transactional-update timer during the bootstrap process.

If you prefer the SL Micro default behavior, enable the timer by running the following command:

systemctl enable --now transactional-update.timer

2.1.2. Prepare SUSE Linux Enterprise Server 15 SP7 Host

Alternatively, you can deploy SUSE Multi-Linux Manager on SUSE Linux Enterprise Server 15 SP7.

The following procedure describes the main steps of the installation process.

Procedure: Installing SUSE Multi-Linux Manager Extensions on SUSE Linux Enterprise Server 15 SP7

  1. Locate and download SUSE Linux Enterprise Server 15 SP7 .iso at https://www.suse.com/download/sles/.

  2. Make sure that you have regsistration codes both for the host operating system (SUSE Linux Enterprise Server 15 SP7) and extensions

  3. Start the installation of SUSE Linux Enterprise Server 15 SP7.

    1. On the Language, keyboard and product selection select the product to install.

    2. On the License agreement read the agreement and check I Agree to the License Terms.

  4. Select the registration method. For this example, we will register the server with SUSE Customer Center.

  5. 输入您的 SUSE Customer Center 电子邮件地址。

  6. Enter your registration code for SUSE Linux Enterprise Server 15 SP7.

  7. 单击下一步继续。

    Please note that for SUSE Linux Enterprise Server 15 SP7, you are required to have a valid SUSE Linux Enterprise Server subscription and corresponding registration code, which you must provide on this screen. You will be required to enter the SUSE Multi-Linux Manager Extension registration code below.

  8. In the screen Extensions and Modules Selection check the following:

    • Select the SUSE Multi-Linux Manager Server Extension to install the Server, or the SUSE Multi-Linux Manager Proxy Extension to install the Proxy.

    • Basesystem Module

    • Containers Module

  9. 单击下一步继续。

  10. Enter your SUSE Multi-Linux Manager 5.1 extension registration code.

  11. 单击 下一步 继续。

  12. 完成安装。

  13. When the installation completes, log in to the newly installed server as root.

  14. Update the System (optional, if the system was not set to download updates during install):

    zypper up

  15. 重引导。

  16. Log in as root and install podman plus mgradm and mgradm-bash-completion (if not already automatically installed):

    zypper install podman mgradm mgradm-bash-completion

  17. Start the Podman service by rebooting the system, or running a command:

    systemctl enable --now podman.service

2.2. SSH 连接准备

This step ensures that the new SUSE Multi-Linux Manager 5.1 Server can connect to the existing 4.3 Server over SSH without requiring a password. It involves generating and configuring SSH keys, setting up an SSH agent, and copying the public key to the old server. This setup is required for the migration process to run without manual intervention.

过程:准备 SSH 连接

  1. 确保对于 root,新 5.1 服务器上存在 SSH 密钥。如果不存在密钥,请使用以下命令创建一个:

    ssh-keygen -t rsa

  2. 新服务器上的 SSH 配置和代理应准备就绪,这样在连接 4.3 服务器时就不会提示输入口令。

    eval $(ssh-agent); ssh-add

    迁移脚本依赖新服务器上运行的 SSH 代理来建立不提示输入口令的连接。如果该代理尚未激活,请运行 eval $(ssh-agent) 将其启动。然后,使用 ssh-add(后跟私用密钥的路径)将 SSH 密钥添加到正在运行的代理。在此过程中,系统将提示您输入私用密钥的口令。

  3. 使用 ssh-copy-id 将公共 SSH 密钥复制到 SUSE Multi-Linux Manager 4.3 服务器 (<oldserver.fqdn>)。将 <oldserver.fqdn> 替换为 4.3 服务器的 FQDN:

    ssh-copy-id <old server.fqdn>

    SSH 密钥将会被复制到旧服务器的 ~/.ssh/authorized_keys 文件中。有关详细信息,请参见 ssh-copy-id 手册页。

  4. 在新服务器上与旧的 SUSE Multi-Linux Manager 服务器建立 SSH 连接,检查是否不需要口令。此外,主机指纹不得有任何问题。如果遇到问题,请从 ~/.ssh/known_hosts 文件中去除旧指纹。然后重试。指纹将存储在本地 ~/.ssh/known_hosts 文件中。

2.3. 执行迁移

When planning your migration from SUSE Multi-Linux Manager 4.3 to SUSE Multi-Linux Manager 5.1, ensure that your target instance meets or exceeds the specifications of the old setup.

这包括但不限于内存 (RAM)、CPU 核心、存储和网络带宽。

过程:执行迁移

  1. This step is optional. If custom persistent storage is required for your infrastructure, use the mgr-storage-server tool. For more information about mgr-storage-server, see installation-and-upgrade:hardware-requirements.adoc#install-hardware-requirements-storage.

  2. 执行以下命令来安装新的 SUSE Multi-Linux Manager 服务器。请将 <oldserver.fqdn> 替换为 4.3 服务器的 FQDN:

    Make sure to upgrade your 4.3 server and apply all available updates before starting the migration process. Additionally, remove any unnecessary channels to help reduce the overall migration time.

    The migration can take a very long time depending on the amount of data that needs to be replicated. To reduce downtime it is possible to run the migration multiple times in a process of initial replication, re-replication, or final replication and switch over while all the services on the old server can stay up and running.

    只有在最终迁移期间才需要停止旧服务器上的进程。

    For all non-final replications add the parameter --prepare to prevent the automatic stopping the services on the old server. For example on SUSE Multi-Linux Manager server:

    mgradm migrate podman <oldserver.fqdn> --prepare
Procedure: Final Migration

  1. Stop the SUSE Multi-Linux Manager services on 4.3 Server:

    spacewalk-service stop

  2. Stop the PostgreSQL service on 4.3 Server:

    systemctl stop postgresql

  3. Perform the migration on SUSE Multi-Linux Manager server

    mgradm migrate podman <oldserver.fqdn>

  4. 迁移可信 SSL CA 证书。

2.3.1. 证书的迁移

作为 RPM 的一部分安装并存储在 SUSE Multi-Linux Manager 4.3 上 /usr/share/pki/trust/anchors/ 目录中的可信 SSL CA 证书将不会迁移。由于 SUSE 不会在容器中安装 RPM 软件包,因此迁移完成后,管理员必须手动从所安装的 4.3 系统中迁移这些证书文件。

过程:迁移证书

  1. 将 4.3 服务器中的该文件复制到新服务器。 例如,复制为 /local/ca.file

  2. 使用以下命令将文件复制到容器中:

    mgrctl cp /local/ca.file server:/etc/pki/trust/anchors/

成功运行 mgradm migrate 命令后,所有客户端上的 Salt 设置仍会指向旧的 4.3 服务器。

要将其重定向到 5.1 服务器,需要在基础架构级别(DHCP 和 DNS)重命名新服务器,以使用与 4.3 服务器相同的 FQDN 和 IP 地址。

Adjusting the IP address can be avoided if the latest version of the minion is installed on the clients, as the newer version can automatically re-connect with the server using only the FQDN.

SUSE Multi-Linux Manager 5.1 introduces a rebranded set of client tools for all supported operating systems. This transition is seamless, and users performing a new product synchronization should only notice the updated channel names.

Channels named SUSE Manager Client Tools for XYZ, used by clients previously registered with SUSE Multi-Linux Manager 4.3 or 5.0, are no longer available in version 5.1 and will no longer receive updates in 5.1.

Although the legacy channels remain assigned to existing clients after migration, the corresponding repositories have been removed.

To ensure continued updates, users must:

  • Mirror the new SUSE Multi-Linux Manager Client Tools for XYZ channels for the relevant products and assign them to the appropriate clients.

  • Unassign the outdated SUSE Manager Client Tools for XYZ channels.

This also means that any CLM projects based on the old client tools must be adjusted accordingly.