Documentation survey

Convert a Client to MLM Proxy

1. Overview

This chapter describes how to convert a client system into a SUSE Multi-Linux Manager Proxy using the Web UI.

It assumes that the proxy host system has already been bootstrapped, is subscribed to the base operating system channel (such as SUSE Linux Enterprise Server 15 SP7 or SL Micro 6.1) and to the Proxy Extension channel.

For information about client onboarding, see Client Registration.

2. Requirements

Before starting the conversion, ensure the following requirements are fulfilled.

2.1. Supported Systems

Only the following operating systems are currently supported for proxy conversion:

  • SUSE Linux Enterprise Server 15 SP7

  • SL Micro 6.1

2.2. Client Must Be

  • Already onboarded in SUSE Multi-Linux Manager

  • Reachable via the network

  • Subscribed to the appropriate proxy extension channel:

    • SUSE Multi-Linux Manager Proxy Extension 5.1 (matching architecture)

3. Preparation

Before proceeding with the proxy conversion, make sure the following preparations are completed to avoid interruptions during the conversion process.

3.1. SSL Certificates

Valid SSL certificates are required to secure communication between the proxy and other components.

You need:

  • The public certificate of the Certificate Authority (CA) that signed the certificate on the SUSE Multi-Linux Manager server

  • A certificate for the proxy.

  • The corresponding private key for the proxy certificate.

If your CA uses an intermediate certificate chain, you must include all intermediate certificates as well.

If you are not using third party certificates, you can generate them using the rhn-ssl-tool inside the SUSE Multi-Linux Manager container.

Generate a proxy certificate
  1. On the SUSE Multi-Linux Manager server host, run:

    mgrctl exec -ti -- rhn-ssl-tool --gen-server \
      --set-hostname="<PROXY-FQDN>" \
      --dir="/root/ssl-build"

    For more information about other parameters, see Self-Signed SSL Certificates.

  2. Transfer the certificates to SUSE Multi-Linux Manager server host

    mgrctl cp server:/root/ssl-build/<PROXY-FQDN>/server.crt /root/proxycert.pem
    mgrctl cp server:/root/ssl-build/<PROXY-FQDN>/server.key /root/proxykey.pem
    mgrctl cp server:/root/ssl-build/RHN-ORG-TRUSTED-SSL-CERT /root/rootca.pem

    To confirm the exact folder where the certificates and key files were generated, you can list the directories with:

    mgrctl exec -ti -- ls -ltd /root/ssl-build/*/
  3. Transfer the certificates from the SUSE Multi-Linux Manager server host to your local machine or other target system:

    scp <MLM-FQDN>:/root/proxycert.pem ./
    scp <MLM-FQDN>:/root/proxykey.pem ./
    scp <MLM-FQDN>:/root/rootca.pem ./

3.2. Packages Preparation

It is recommended to deploy the container images as RPM packages. Please ensure the following packages are installed on the client:

  • suse-multi-linux-manager-5.1-<ARCH>-proxy-httpd-image

  • suse-multi-linux-manager-5.1-<ARCH>-proxy-salt-broker-image

  • suse-multi-linux-manager-5.1-<ARCH>-proxy-squid-image

  • suse-multi-linux-manager-5.1-<ARCH>-proxy-ssh-image

  • suse-multi-linux-manager-5.1-<ARCH>-proxy-tftpd-image

You can install these packages from the Web UI by navigating to the Software > Packages > Install tab, then searching for the packages above, and installing them.

For details on air-gapped deployment, see SUSE Multi-Linux Manager Proxy Air-gapped Deployment

4. Setup Proxy Client

  1. Navigate to the client’s Overview page.

  2. Click button Convert to Proxy.

    Confirm you were redirected to the proxy configuration form.

    This page can be accessed later from the Details > Proxy > Configuration tab.

  3. In the Web UI, navigate to Proxy  Configuration and fill in the required data:

    Procedure: Configuring the Proxy
    1. In the Parent FQDN field, type the fully qualified domain name for the parent server or proxy.

    2. In the Proxy SSH port field, type the SSH port on which the SSH service is listening on the SUSE Multi-Linux Manager Proxy. It is recommended to keep the default: 8022.

    3. In the Max Squid cache size field, type the maximum allowed size for the Squid cache, in Gigabytes.

    4. In the Proxy admin email field, type the administrator’s email address.

    5. In the Certificates section, provide the certificates for the SUSE Multi-Linux Manager Proxy, obtained in the preparation step.

    6. In the Source section, select one of the two options: RPM or Registry.

      • The RPM option is recommended for air-gapped or restricted environments.

      • The Registry option can be used if connectivity to the container image registry is available.
        If selected, you will be prompted to choose between two sub-options: Simple or Advanced.

        • If Simple is selected, provide values in the Registry URL and Containers Tag fields.

          • For Registry URL use: registry.suse.com/suse/multi-linux-manager/5.1/x86_64.

          • Select the tag from the drop-down list.

        • If Advanced is selected, an additional section of the form is shown:

          • For each individual container URL field, use the registry: registry.suse.com/suse/multi-linux-manager/5.1/x86_64 followed by the corresponding suffix, for example, proxy-httpd or salt-broker.

          • Select the tag from the drop-down list.

  4. Once all fields are filled, click Apply to apply the configuration and schedule the proxy installation task.

5. Verify Proxy Activation

Check the client’s event history to confirm task success.

(Optional) Access the proxy’s HTTP endpoint to validate it shows a welcome page.