Convert a Client to MLM Proxy
1. 概要
This chapter describes how to convert a client system into a SUSE Multi-Linux Manager Proxy using the Web UI.
It assumes that the proxy host system has already been bootstrapped, is subscribed to the base operating system channel (such as SUSE Linux Enterprise Server 15 SP7 or SL Micro 6.1) and to the Proxy Extension channel.
For information about client onboarding, see クライアントの登録.
2. 要件
Before starting the conversion, ensure the following requirements are fulfilled.
2.1. Supported Systems
Only the following operating systems are currently supported for proxy conversion:
-
SUSE Linux Enterprise Server 15 SP7
-
SL Micro 6.1
2.2. Client Must Be
-
Already onboarded in SUSE Multi-Linux Manager
-
Reachable via the network
-
Subscribed to the appropriate proxy extension channel:
-
SUSE Multi-Linux Manager Proxy Extension 5.1 (matching architecture)
-
3. Preparation
Before proceeding with the proxy conversion, make sure the following preparations are completed to avoid interruptions during the conversion process.
3.1. SSL Certificates
Valid SSL certificates are required to secure communication between the proxy and other components.
You need:
-
The public certificate of the Certificate Authority (CA) that signed the certificate on the SUSE Multi-Linux Manager server
-
A certificate for the proxy.
-
The corresponding private key for the proxy certificate.
If your CA uses an intermediate certificate chain, you must include all intermediate certificates as well. |
If you are not using third party certificates, you can generate them using the rhn-ssl-tool
inside the SUSE Multi-Linux Manager container.
-
On the SUSE Multi-Linux Manager server host, run:
mgrctl exec -ti -- rhn-ssl-tool --gen-server \ --set-hostname="<PROXY-FQDN>" \ --dir="/root/ssl-build"
For more information about other parameters, see 自己署名SSL証明書.
-
Transfer the certificates to SUSE Multi-Linux Manager server host
mgrctl cp server:/root/ssl-build/<PROXY-FQDN>/server.crt /root/proxycert.pem mgrctl cp server:/root/ssl-build/<PROXY-FQDN>/server.key /root/proxykey.pem mgrctl cp server:/root/ssl-build/RHN-ORG-TRUSTED-SSL-CERT /root/rootca.pem
To confirm the exact folder where the certificates and key files were generated, you can list the directories with:
mgrctl exec -ti -- ls -ltd /root/ssl-build/*/
-
Transfer the certificates from the SUSE Multi-Linux Manager server host to your local machine or other target system:
scp <MLM-FQDN>:/root/proxycert.pem ./ scp <MLM-FQDN>:/root/proxykey.pem ./ scp <MLM-FQDN>:/root/rootca.pem ./
3.2. Packages Preparation
It is recommended to deploy the container images as RPM packages. Please ensure the following packages are installed on the client:
-
suse-multi-linux-manager-5.1-<ARCH>-proxy-httpd-image
-
suse-multi-linux-manager-5.1-<ARCH>-proxy-salt-broker-image
-
suse-multi-linux-manager-5.1-<ARCH>-proxy-squid-image
-
suse-multi-linux-manager-5.1-<ARCH>-proxy-ssh-image
-
suse-multi-linux-manager-5.1-<ARCH>-proxy-tftpd-image
You can install these packages from the Web UI by navigating to the Software
> Packages
> Install
tab, then searching for the packages above, and installing them.
For details on air-gapped deployment, see SUSE Multi-Linux ManagerプロキシのAir-gapped配備
4. Setup Proxy Client
-
Navigate to the client’s
Overview
page. -
Click button Convert to Proxy.
Confirm you were redirected to the proxy configuration form.
This page can be accessed later from the
Details
>Proxy
>Configuration
tab. -
In the Web UI, navigate to
and fill in the required data:Procedure: Configuring the Proxy-
In the
Parent FQDN
field, type the fully qualified domain name for the parent server or proxy. -
In the
Proxy SSH port
field, type the SSH port on which the SSH service is listening on the SUSE Multi-Linux Manager Proxy. It is recommended to keep the default: 8022. -
In the
Max Squid cache size
field, type the maximum allowed size for the Squid cache, in Gigabytes. -
In the
Proxy admin email
field, type the administrator’s email address. -
In the
Certificates
section, provide the certificates for the SUSE Multi-Linux Manager Proxy, obtained in the preparation step. -
In the
Source
section, select one of the two options:RPM
orRegistry
.-
The
RPM
option is recommended for air-gapped or restricted environments. TheRegistry
option can be used if connectivity to the container image registry is available. + If selected, you will be prompted to choose between two sub-options:Simple
orAdvanced
.-
If
Simple
is selected, provide values in theRegistry URL
andContainers Tag
fields.-
For
Registry URL
use:registry.suse.com/suse/multi-linux-manager/5.1/x86_64
. -
Select the tag from the drop-down list.
-
-
If
Advanced
is selected, an additional section of the form is shown:-
For each individual container URL field, use the registry:
registry.suse.com/suse/multi-linux-manager/5.1/x86_64
followed by the corresponding suffix, for example,proxy-httpd
orsalt-broker
. -
Select the tag from the drop-down list.
-
-
-
-
-
Once all fields are filled, click Apply to apply the configuration and schedule the proxy installation task.
5. Verify Proxy Activation
Check the client’s event history to confirm task success.
(Optional) Access the proxy’s HTTP endpoint to validate it shows a welcome page.