Install Containerized SUSE Manager Proxy
|
Only SUSE Linux Enterprise Server 15 SP3 and newer are supported to be used as container host for SUSE Manager Proxy containers. |
The container host must be connected to SUSE Manager as a Salt client. Connecting the container host as a traditional client will not work because required packages will not be available.
1. Container Host Requirements
| Hardware | Details | Recommendation |
|---|---|---|
CPU |
Minimum 2 dedicated 64-bit CPU cores |
|
RAM |
Test Server |
Minimum 2 GB |
Production Server |
Minimum 8 GB |
|
Disk Space |
Minimum 100 GB |
| Software | Details | Remark |
|---|---|---|
Connection Method |
Salt |
Host must be configured as a Salt client |
|
To ensure that the domain name of the SUSE Manager Server can be resolved by the clients: * Both container proxy and client machines must be connected to a DNS server * Reverse lookup must work |
2. Install Container Services on the host system
|
Container host to be used as a base for SUSE Manager Proxy containers needs to be first registered as a Salt client to the SUSE Manager Server. For more information about registering Salt client to the SUSE Manager Server, see Client Registration. |
|
|
SUSE Manager Proxy containers are using podman and systemd to run and manage all proxy containers.
First step is to install container control files provided by package uyuni-proxy-systemd-services.
-
Assign
Containers Modulesoftware channel to the container host in the SUSE Manager. For more information about assigning software channels to the system, see Channel Management. -
Log in as
rooton the container host. -
Manually install SUSE Manager Proxy service package:
zypper install uyuni-proxy-systemd-services
3. Customize SUSE Manager Proxy configuration
SUSE Manager Proxy containers require some volumes to be mounted for long term storage.
Those volumes are automatically created by podman and can be listed using the podman volume ls command.
By default, podman stores the files of the volumes in /var/lib/containers/storage/volumes.
The volumes are named:
-
uyuni-proxy-squid-cache -
uyuni-proxy-rhn-cache -
uyuni-proxy-tftpboot
To override default volume settings, create the volumes prior to the first start of the pod using the podman volume create command.
It is possible to add custom arguments passed to podman container pod to /etc/sysconfig/uyuni-proxy-systemd-services.config:
EXTRA_POD_ARGS=''
In this file it is possible to modify tag to use for container images:
TAG=latest
|
Changing the |
3.1. Using a custom container image for a service
By default, the SUSE Manager Proxy suite is set to use the same image version and registry path for each of its services.
However, it is possible to override the default values for a specific service.
The uyuni-proxy CLI bundled with the package, runs update image with the following parameters:
-
-sfor the service name -
-tfor the version tag -
-rfor the registry path
For example, use it like this:
uyuni-proxy update image -s httpd -t 0.1.0 -r registry.opensuse.org/uyuni
It adjusts the configuration file for the httpd service, where registry.opensuse.org/uyuni is the registry and 0.1.0 is the version tag, before restarting it.
To reset the values to defaults, run the proxy reset command, specifying the service with the -s parameter:
uyuni-proxy reset -s httpd
This command first resets the configuration of the httpd service to the global defaults and then reloads it.
For more information, see uyuni-proxy --help.
4. Allow network access for provided services on container host firewall
SUSE Manager Proxy containers work as so called node-port service. This means proxy container pod shares container host network TCP and UDP port space. For this reason container host firewall must be configured to accept incoming traffic on ports used by SUSE Manager Proxy containers. Those ports are:
-
69/UDP - TFTP
-
80/TCP - HTTP
-
443/TCP - HTTPS
-
4505/TCP - Salt
-
4506/TCP - Salt
-
8022/TCP - SSH
Continue with setting up the installed SUSE Manager Proxy as a containers at Containerized SUSE Manager Proxy Setup.