Proxy conversion from client

1. Overview

This chapter describes how to convert a client system into a SUSE Multi-Linux Manager Proxy using the Web UI.

It assumes that the proxy host system has already been bootstrapped and subscribed to the base operating system channel.

클라이언트 온보딩에 대한 자세한 내용은 클라이언트 등록에서 확인할 수 있습니다.

2. 요구사항

Before starting the conversion, ensure the following requirements are fulfilled.

2.1. Client Must Be

  • Already onboarded in SUSE Multi-Linux Manager

  • Reachable via the network

3. Preparation

Before proceeding with the proxy conversion, make sure the following preparations are completed to avoid interruptions during the conversion process.

3.1. SSL Certificates

Valid SSL certificates are required to secure communication between the proxy and other components.

You need:

  • The public certificate of the Certificate Authority (CA) that signed the certificate on the SUSE Multi-Linux Manager server

  • A certificate for the proxy.

  • The corresponding private key for the proxy certificate.

If your CA uses an intermediate certificate chain, you must include all intermediate certificates as well.

If you are not using third party certificates, you can generate them using the rhn-ssl-tool inside the SUSE Multi-Linux Manager container.

Generate a proxy certificate

  1. On the SUSE Multi-Linux Manager server host, run:

    mgrctl exec -ti -- rhn-ssl-tool --gen-server \
  --set-hostname="<PROXY-FQDN>" \
  --dir="/root/ssl-build"

    다른 파라미터에 대한 자세한 내용은 자체 서명된 SSL 인증서에서 확인할 수 있습니다.

  2. Transfer the certificates to SUSE Multi-Linux Manager server host

    mgrctl cp server:/root/ssl-build/<PROXY-FQDN>/server.crt /root/proxycert.pem
mgrctl cp server:/root/ssl-build/<PROXY-FQDN>/server.key /root/proxykey.pem
mgrctl cp server:/root/ssl-build/RHN-ORG-TRUSTED-SSL-CERT /root/rootca.pem

    To confirm the exact folder where the certificates and key files were generated, you can list the directories with:

    mgrctl exec -ti -- ls -ltd /root/ssl-build/*/

  3. Transfer the certificates from SUSE Multi-Linux Manager server host

    scp <UYUNI-FQDN>:/root/proxycert.pem ./
scp <UYUNI-FQDN>:/root/proxykey.pem ./
scp <UYUNI-FQDN>:/root/rootca.pem ./

3.2. Packages Preparation

3.2.1. Install mgrpxy

The mgrpxy tool must be installed from a repository matching your system. Choose the appropriate repository from:

https://download.opensuse.org/repositories/systemsmanagement:/Uyuni:/Stable:/ContainerUtils/

Listing 1. Example (for openSUSE Leap Micro 5.5):
zypper ar https://download.opensuse.org/repositories/systemsmanagement:/Uyuni:/Stable:/ContainerUtils/openSUSE_Leap_Micro_5.5/ uyuni-containerutils
zypper ref
zypper in mgrpxy

3.2.2. Install Container Images

It is recommended to deploy the container images as RPM packages. Please ensure the following packages are installed on the client:

zypper ar https://download.opensuse.org/repositories/systemsmanagement:/Uyuni:/Stable/containerfile/ uyuni-proxy-images
zypper ref
zypper in uyuni-proxy-httpd-image \
           uyuni-proxy-salt-broker-image \
           uyuni-proxy-squid-image \
           uyuni-proxy-ssh-image \
           uyuni-proxy-tftpd-image

air-gapped 배포에 대한 자세한 내용은 SUSE Multi-Linux Manager 프록시 air-gapped 배포에서 확인할 수 있습니다.

On transactional servers, wrap the above commands in a transactional-update shell session to ensure atomicity and persistence:

transactional-update shell
# (run zypper commands here)
exit

This ensures changes are applied correctly in the transactional environment.

4. Setup Proxy Client

  1. Navigate to the client’s Overview page.

  2. Click button Convert to Proxy.

    Confirm you were redirected to the proxy configuration form.

    This page can be accessed later from the Details > Proxy > Configuration tab.

  3. In the Web UI, navigate to Proxy  Configuration and fill in the required data:

    Procedure: Configuring the Proxy

    1. 상위 FQDN 필드에 상위 서버 또는 프록시의 완전히 정규화된 도메인 이름을 입력합니다.

    2. In the Proxy SSH port field, type the SSH port on which the SSH service is listening on the SUSE Multi-Linux Manager Proxy. It is recommended to keep the default: 8022.

    3. In the Max Squid cache size field, type the maximum allowed size for the Squid cache, in Gigabytes.

    4. 프록시 관리자 이메일 필드에 관리자 이메일 주소를 입력합니다.

    5. In the Certificates section, provide the certificates for the SUSE Multi-Linux Manager Proxy, obtained in the preparation step.

    6. In the Source section, select one of the two options: RPM or Registry.

      • The RPM option is recommended for air-gapped or restricted environments. The Registry option can be used if connectivity to the container image registry is available. + If selected, you will be prompted to choose between two sub-options: Simple or Advanced.

        • If Simple is selected, provide values in the Registry URL and Containers Tag fields.

          • For Registry URL use: registry.opensuse.org/uyuni.

          • Select the tag from the drop-down list.

        • If Advanced is selected, an additional section of the form is shown:

          • For each individual container URL field, use the registry: registry.opensuse.org/uyuni followed by the corresponding suffix, for example, proxy-httpd or salt-broker.

          • Select the tag from the drop-down list.

  4. Once all fields are filled, click Apply to apply the configuration and schedule the proxy installation task.

5. Verify Proxy Activation

Check the client’s event history to confirm task success.

(Optional) Access the proxy’s HTTP endpoint to validate it shows a welcome page.