Documentation survey

SUSE Multi-Linux Manager 5.1 Server Deployment

This guide shows you how to install and configure a SUSE Multi-Linux Manager 5.1 container on SL Micro 6.1 or SUSE Linux Enterprise Server 15 SP7.

1. SUSE Multi-Linux Manager 的硬件要求

下表显示了在裸机上部署 SUSE Multi-Linux Manager 服务器所要满足的软件和硬件要求。在本指南中,您的计算机应具有 16 GB RAM 和至少 200 GB 磁盘空间。有关磁盘空间的背景信息,请参见 硬件要求

Table 1. 软件和硬件要求
Software and Hardware Recommended

Operating System

SL Micro 6.1 or

SUSE Linux Enterprise Server 15 SP7

Architecture

x86-64, ARM, s390x, ppc64le

Processor (CPU)

Minimum of four (4) 64-bit CPU cores

RAM

16 GB

Disk Space

200 GB

Channel Requirements

50 GB per SUSE or openSUSE product

360 GB per Red Hat product

Swap space:

8 to 12 GB
服务器容器主机支持的操作系统

The supported operating system for the container host is SL Micro 6.1 or SUSE Linux Enterprise Server 15 SP7.

容器主机

容器主机是配备了容器引擎(例如 Podman)的服务器,可用于管理和部署容器。这些容器包含应用程序及其必备组件(例如库),但不包含完整的操作系统,因此体量很小。此设置可确保应用程序能够在不同环境中以一致的方式运行。容器主机为这些容器提供必要的资源,例如 CPU、内存和存储空间。

必须使用完全限定的域名 (FQDN) 才能完成服务器部署。如果您的路由器或网络无法为 FQDN 提供自动 DNS 置备,则部署过程将无法成功进行。FQDN 通常采用 <主机>.<域>.com 格式。

例如:

  • mlm.example.com

  • mlm.container.lab

有关详细信息,请参见 网络要求 中有关网络要求的章节。

2. 永久性卷

SUSE Multi-Linux Manager 5.1 默认会定义所需的永久性存储卷。如果尚不存在,在安装期间 mgradm 工具将创建这些卷。

将在 /var/lib/containers/storage/volumes/ 中创建这些卷,默认情况下,Podman 也会将其卷存储到此路径。

建议

您可以通过将外部存储设备挂载到此目录来利用存储的简便性。由于这样会存储 PostgreSQL 数据库、储存库的二进制软件包、缓存、操作系统映像、自动安装发行套件和配置文件,我们提出了三项建议:

快速存储

此挂载点最好是 NVMe 或 SSD 级设备。较慢的存储会对 SUSE Multi-Linux Manager 性能产生不利影响。

大容量

建议的最小容量为 300 GB,如果需要管理多个 Linux 发行套件或体系结构,则应提供更多容量。

建议的文件系统

XFS (though any supported filesystem for SL Micro 6.1 could work).

可选

可以通过将磁盘挂载到文件系统中的预期卷路径(例如 /var/lib/containers/storage/volumes/var-spacewalk)来为卷提供自定义存储。这样会增大 SUSE Multi-Linux Manager 部署复杂性,并且可能会影响建议的默认存储配置所提供的弹性。

有关容器中所有永久性卷的列表,请参见 Persistent Container Volumes

3. Prepare SUSE Multi-Linux Manager Server Host

You can deploy SUSE Multi-Linux Manager on SL Micro 6.1 or SUSE Linux Enterprise Server 15 SP7. SL Micro is a transactional system, while SUSE Linux Enterprise Server is a full server operating system.

Depending on your decision, either continue with Prepare SL Micro 6.1 Host or with Prepare SUSE Linux Enterprise Server 15 SP7 Host and skip the not selected section.

3.1. Prepare SL Micro 6.1 Host

3.1.1. Download the installation media

过程:下载安装媒体

  1. Locate the SL Micro 6.1 installation media at https://www.suse.com/download/sle-micro/, and download the appropriate media file.

  2. 将下载下来的 .iso 映像放入一个 DVD 或 USB 闪存盘以进行安装。

3.1.2. Install SL Micro 6.1

For more information about preparing your machines (virtual or physical), see the SL Micro Deployment Guide.

Procedure: Installing SL Micro 6.1

  1. Insert the DVD or USB flash drive (USB disk or key) containing the installation image for SLE Micro 6.1.

  2. 引导或重引导您的系统。

  3. 使用箭头键选择安装

  4. Adjust Keyboard and language.

  5. 单击复选框接受许可协议。

  6. 单击下一步继续。

  7. 选择注册方法。在本示例中,我们将在 SUSE Customer Center 中注册服务器。

    SUSE Multi-Linux Manager 5.1 容器会安装为扩展。根据以下列出的所需特定扩展,您还需要有各个扩展的 SUSE Customer Center 注册代码。

    • SUSE Multi-Linux Manager 5.1 服务器

    • SUSE Multi-Linux Manager 5.1 代理

    • SUSE Multi-Linux Manager 5.1 Retail Branch Server

    The SL Micro 6.1 entitlement is included within the SUSE Multi-Linux Manager entitlement, so it does not require a separate registration code.

  8. 输入您的 SUSE Customer Center 电子邮件地址。

  9. Enter your registration code for SL Micro 6.1.

  10. 单击下一步继续。

  11. To install a proxy, select the SUSE Multi-Linux Manager 5.1 Proxy extension; to install a server, select the SUSE Multi-Linux Manager 5.1 Server extension Checkbox.

  12. 单击下一步继续。

  13. Enter your SUSE Multi-Linux Manager 5.1 extension registration code.

  14. 单击 下一步 继续。

  15. NTP 配置页面上,单击 下一步

  16. 系统身份验证页面上,输入 root 用户的口令。单击 下一步

  17. 安装设置页面上单击 安装

This concludes installation of SL Micro 6.1 and SUSE Multi-Linux Manager 5.1 as an extension.

3.1.3. OPTIONAL: Registration from the command line

If you added SUSE Multi-Linux Manager 5.1 as an extension during SL Micro 6.1 installation then you can skip this procedure. However, optionally you may skip registration during SL Micro 6.1 installation by selecting the Skip Registration button. This section provides steps on registering your products after SL Micro 6.1 installation.

The following steps register a SUSE Multi-Linux Manager 5.1 extension with the x86-64 architecture and thus require a registration code for the x86-64 architecture. To register ARM or s390x architectures use the correct registration code.
Procedure: Registering from the Command Line

  1. List available extensions with the following command:

    transactional-update --quiet register --list-extensions

  2. From the list of available extensions, select the one you wish to install:

    1. If installing the Server, use your SUSE Multi-Linux Manager Server Extension 5.1 x86_64 registration code with following command:

      transactional-update register -p Multi-Linux-Manager-Server/5.1/x86_64 -r <reg_code>

    2. If installing the Proxy, use your SUSE Multi-Linux Manager Proxy Extension 5.1 x86_64 registration code with following command:

      transactional-update register -p Multi-Linux-Manager-Proxy/5.1/x86_64 -r <reg_code>

  3. 重引导。

3.1.4. 更新系统

过程:更新系统

  1. root 身份登录。

  2. 运行 transactional-update

    transactional-update

  3. 重引导。

SL Micro is designed to update itself automatically by default and will reboot after applying updates. However, this behavior is not desirable for the SUSE Multi-Linux Manager environment. To prevent automatic updates on your server, SUSE Multi-Linux Manager disables the transactional-update timer during the bootstrap process.

If you prefer the SL Micro default behavior, enable the timer by running the following command:

systemctl enable --now transactional-update.timer

To continue with deployment, see 配置自定义永久性存储.

3.2. Prepare SUSE Linux Enterprise Server 15 SP7 Host

Alternatively, you can deploy SUSE Multi-Linux Manager on SUSE Linux Enterprise Server 15 SP7.

The following procedure describes the main steps of the installation process.

Procedure: Installing SUSE Multi-Linux Manager Extensions on SUSE Linux Enterprise Server 15 SP7

  1. Locate and download SUSE Linux Enterprise Server 15 SP7 .iso at https://www.suse.com/download/sles/.

  2. Make sure that you have regsistration codes both for the host operating system (SUSE Linux Enterprise Server 15 SP7) and extensions

  3. Start the installation of SUSE Linux Enterprise Server 15 SP7.

    1. On the Language, keyboard and product selection select the product to install.

    2. On the License agreement read the agreement and check I Agree to the License Terms.

  4. Select the registration method. For this example, we will register the server with SUSE Customer Center.

  5. 输入您的 SUSE Customer Center 电子邮件地址。

  6. Enter your registration code for SUSE Linux Enterprise Server 15 SP7.

  7. 单击下一步继续。

    Please note that for SUSE Linux Enterprise Server 15 SP7, you are required to have a valid SUSE Linux Enterprise Server subscription and corresponding registration code, which you must provide on this screen. You will be required to enter the SUSE Multi-Linux Manager Extension registration code below.

  8. In the screen Extensions and Modules Selection check the following:

    • Select the SUSE Multi-Linux Manager Server Extension to install the Server, or the SUSE Multi-Linux Manager Proxy Extension to install the Proxy.

    • Basesystem Module

    • Containers Module

  9. 单击下一步继续。

  10. Enter your SUSE Multi-Linux Manager 5.1 extension registration code.

  11. 单击 下一步 继续。

  12. 完成安装。

  13. When the installation completes, log in to the newly installed server as root.

  14. Update the System (optional, if the system was not set to download updates during install):

    zypper up

  15. 重引导。

  16. Log in as root and install podman plus mgradm and mgradm-bash-completion (if not already automatically installed):

    zypper install podman mgradm mgradm-bash-completion

  17. Start the Podman service by rebooting the system, or running a command:

    systemctl enable --now podman.service

To continue with deployment, see 配置自定义永久性存储.

4. 配置自定义永久性存储

配置永久性存储空间并非强制性要求,但这是唯一可避免在容器全盘空间用尽的情况下出现严重问题的方法。强烈建议您使用 mgr-storage-server 工具来配置自定义永久性存储空间。

有关详细信息,请参见 mgr-storage-server --help。此工具可以简化容器存储和数据库卷的创建。

+

如下所示使用命令:

+

mgr-storage-server <storage-disk-device> [<database-disk-device>]

+

例如:

+

mgr-storage-server /dev/nvme1n1 /dev/nvme2n1

+

此命令将在 /var/lib/containers/storage/volumes 中创建永久性存储卷。

有关详细信息,请参见

5. Deploy SUSE Multi-Linux Manager with mgradm

If you want to use third-party SSL certificates instead of the self-signed certificates, import them in the run of the following deployment procedure.

For more information about the requirements of third-party SSL certificates, see 导入 SSL 证书.

SUSE Multi-Linux Manager server hosts that are hardened for security may restrict execution of files from the /tmp folder. In such cases, as a workaround, export the TMPDIR environment variable to another existing path before running mgradm. For example:

export TMPDIR=/path/to/other/tmp

In SUSE Multi-Linux Manager updates, tools will be changed to make this workaround unnecessary.
过程:使用 mgradm 部署 SUSE Multi-Linux Manager 5.1

  1. 以 root 身份登录。

  2. Execute one of the following commands, depending on the SSL certificate variant (self-signed or third-party). Replace <FQDN> with your fully qualified domain name of the SUSE Multi-Linux Manager Server:

    • Using self-signed certificates provided by SUSE Multi-Linux Manager:

      mgradm install podman <FQDN>

    • With importing SSL certificates using third-party SSL certificate flags (the example can adjusted if not all these certificates are needed):

      mgradm install podman <FQDN> \
  --ssl-ca-intermediate <strings> \
  --ssl-ca-root <string> \
  --ssl-server-cert <string> \
  --ssl-server-key <string> \
  --ssl-db-ca-intermediate <strings> \
  --ssl-db-ca-root <string> \
  --ssl-db-cert <string> \
  --ssl-db-key <string>

      For more information, see mgradm install podman --help.

    If the executed command fails ensure that you have registered SUSE Multi-Linux Manager 5.1. If you skipped registration during installation and now need to register from the command line, follow the steps below to log in to the registry:

    podman login-u <电子邮件地址> -p <注册代码> registry.suse.com

    根据提示使用 SUSE Multi-Linux Manager 5.1 注册密钥。

  3. Enter CA key (certificate authority) and administrator account password when prompted.

    管理员帐户口令长度必须至少为 5 个字符且不超过 48 个字符。

  4. Enter

  5. 输入管理帐户的电子邮件地址。按 Enter

  6. 等待部署完成。

  7. 打开浏览器并访问您的服务器 FQDN。

  8. 输入您的用户名(默认为 admin)以及在部署过程中设置的口令。

在本指南中,您已将 SUSE Multi-Linux Manager 5.1 服务器部署为容器。请继续阅读下一节来添加您的组织身份凭证,以便与 SUSE Customer Center 同步。

6. 将 SUSE Multi-Linux Manager 5.1 连接到 SUSE Customer Center

本节介绍如何通过 Web UI 与 SCC 同步,以及如何添加第一个客户端通道。

过程:输入组织身份凭证

  1. 打开浏览器并访问您的服务器 FQDN。

  2. 输入您的用户名(默认为 admin)以及在部署过程中设置的口令。

  3. 在 SUSE Multi-Linux Manager Web UI 中,选择管理  安装向导

  4. 安装向导页中,选择 组织身份凭证 选项卡。

  5. 单击 添加新身份凭证

  6. 在浏览器中访问 SUSE Customer Center。

  7. 在左侧导航栏中选择您的组织。

  8. 在页面顶部选择用户选项卡,然后单击 组织身份凭证

  9. 记下您的镜像身份凭证

  10. 返回 SUSE Multi-Linux Manager Web UI,输入用户名口令,然后单击 保存 确认。

在系统以绿色打勾图标的形式确认身份凭证后,请继续执行过程:与 SUSE Customer Center 同步

过程:与 SUSE Customer Center 同步

  1. 在 Web UI 中,导航到管理  安装向导

  2. 安装向导页面中选择 SUSE 产品选项卡。如果您最近在 SUSE Customer Center 中注册过产品,则表格中将开始填充产品列表。此操作可能需要几分钟时间才会完成。您可在右侧的从 SUSE Customer Center 刷新产品目录部分监控该操作的进度。该产品表格会列出体系结构、通道和状态信息。有关详细信息,请参见 向导

    admin suse products

  3. 使用按产品说明过滤按体系结构过滤来过滤显示的产品列表。产品 页面上列出的通道将为客户端提供储存库。

    • 选中每个通道左侧的复选框将相应通道添加到 SUSE Multi-Linux Manager。单击说明左侧的箭头符号可以展开产品并列出可用模块。

    • 单击页面顶部的 添加产品 开始产品同步。

添加通道后,SUSE Multi-Linux Manager 将安排该通道的同步。这可能需要较长时间,因为 SUSE Multi-Linux Manager 会将通道软件源从 SUSE Customer Center 中的 SUSE 储存库复制到您服务器本地的 /var/lib/containers/storage/volumes/var-spacewalk/ 目录。

通道完全同步后,将自动为其生成引导储存库。此步骤对于成功引导客户端至关重要,可确保通道同步和分发能够在客户端正常运行。SUSE Multi-Linux Manager 的安装和配置,以及为引导客户端准备所需通道的过程到此完成。

通道同步过程完成后,可以继续注册 SUSE Multi-Linux Manager 5.1 代理或其他客户端。

有关详细说明,请参见 客户端注册

7. 进入容器进行管理

要在容器内访问外壳,请在容器主机上运行以下命令:

mgrctl term