Deploy SUSE Manager 5.0.1 Proxy as a Virtual Machine

This chapter provides the Virtual Machine settings for deployment of SUSE Manager 5.0.1 as an image. KVM will be combined with Virtual Machine Manager (virt-manager) as a sandbox for this installation.

The preferred method for deploying SUSE Manager 5.0.1 Proxy is to use one of the following available images. All tools are included in these images greatly simplifying deployment.

1. Available Images

Images for SUSE Manager 5.0.1 are available at SUSE Manager 5.0.1 VM images.

Table 1. Available Proxy Images
Architecture Image Format

aarch64

qcow2, vmdk

x86_64

qcow2, vmdk, raw, Self Installer

2. Virtual Machine Manager (virt-manager) Settings

Enter the following settings when creating a new virtual machine using virt-manager.

This table specifies the minimum requirements. These are suitable for a quick test installation, such as a server with one client. If you want to use a production environment, review the requirements listed in Hardware Requirements.

3. Hardware Requirements for the Proxy

This table shows the hardware requirements for deploying SUSE Manager Proxy.

KVM Settings

Installation Method

Import Existing Disk Image

OS:

Linux

Version:

SUSE Manager-Proxy.x86_64-5.0.0-Build16.12.qcow2

Memory:

2 GB

CPU’s:

2

Storage Format:

.qcow2 40 GB (Default) Root Partition

Name:

test-setup

Network

Bridge br0

/var/lib/containers/storage/volumes/srv-www Minimum 100 GB, Storage requirements should be calculated for the number of ISO distribution images, containers, and bootstrap repositories you will use.

/var/lib/containers/storage/volumes/var-cache (Squid) Minimum 100 GB

4. Initial KVM Setup

Procedure: Creating Initial Setup
  1. Create a new virtual machine using the downloaded Minimal KVM image and select Import existing disk image.

  2. Configure RAM and number of CPUs (at least 16 GB RAM and 4 CPUs).

  3. Name your KVM machine and select the Customize configuration before install check box.

  4. Click Begin Installation to boot from the image.

  5. At the JeOS Firstboot screen select start to continue.

    jeos firstboot
  6. Select keyboard layout.

    select keyboard
  7. Accept the license agreement.

    accept license agreement
  8. Select your time zone.

    enter timezone
  9. Enter a password for root.

    root password
  10. Once installation completes login as root.

  11. Proceed to the next section.

5. Register SL Micro and SUSE Manager 5.0.1

Procedure: Registering SL Micro and SUSE Manager 5.0.1 Proxy
  1. Boot the virtual machine.

  2. Log in as root.

  3. Register SL Micro with SCC.

    transactional-update register -r <REGCODE> -e <your_email>
  4. Reboot.

  5. Register SUSE Manager 5.0.1 with SUSE Customer Center.

    transactional-update register -p SUSE-Manager-Proxy/5.0/x86_64 -r <REGCODE>
  6. Reboot.

  7. Update the system:

    transactional-update
  8. If updates were applied reboot.

6. Create an Activation Key for the Proxy

On the SUSE Manager server, create an activation key for the Proxy.

Task: Create an Activation Key
  1. Navigate to Systems  Activation Keys, and click Create key.

  2. Create an activation key for the proxy host with SL Micro 5.5 as the parent channel. This key should include all recommended channels and the Proxy as an extension child channel.

  3. Proceed to boostrapping the proxy host as a minion.

7. Bootstrap the Proxy Host

Task: Bootstrap the Proxy Host
  1. Select Systems  Bootstrapping.

  2. Fill in the fields for your proxy host.

  3. Select the Activation key created in the previous step from the dropdown.

  4. Click Bootstrap.

  5. Wait for the Bootstrap process to complete successfully. Check the Salt menu and confirm the Salt key is listed and accepted.

  6. Reboot the proxy host.

  7. Select the host from the System list and trigger a second reboot after all events are finished to conclude the onboarding.

Task: Update the Proxy Host
  1. Select the host from the Systems list and apply all patches to update it.

  2. Reboot the proxy host.

8. Generate the Proxy Configuration

The configuration archive of the SUSE Manager Proxy is generated by the SUSE Manager Server. Each additional Proxy requires its own configuration archive.

2 GB represents the default proxy squid cache size. This will need to be adjusted for your environment.

For Podman deployment, the container host for the SUSE Manager Proxy must be registered as a client to the SUSE Manager Server prior to generating this proxy configuration.

If a proxy FQDN is used to generate a proxy container configuration that is not a registered client (as in the Kubernetes use case), a new system entry will appear in system list. This new entry will be shown under previously entered Proxy FQDN value and will be of Foreign system type.

8.1. Generate the Proxy Configuration with Web UI

Procedure: Generating a Proxy Container Configuration using Web UI
  1. In the Web UI, navigate to Systems  Proxy Configuration and fill the required data:

  2. In the Proxy FQDN field type fully qualified domain name for the proxy.

  3. In the Parent FQDN field type fully qualified domain name for the SUSE Manager Server or another SUSE Manager Proxy.

  4. In the Proxy SSH port field type SSH port on which SSH service is listening on SUSE Manager Proxy. Recommended is to keep default 8022.

  5. In the Max Squid cache size [MB] field type maximal allowed size for Squid cache. Recommended is to use at most 60% of available storage for the containers.

    2 GB represents the default proxy squid cache size. This will need to be adjusted for your environment.

  6. In the SSL certificate selection list choose if new server certificate should be generated for SUSE Manager Proxy or an existing one should be used. You can consider generated certificates as SUSE Manager builtin (self signed) certificates.

    Depending on the choice then provide either path to signing CA certificate to generate a new certificate or path to an existing certificate and its key to be used as proxy certificate.

    The CA certificates generated by the server are stored in the /var/lib/containers/storage/volumes/root/_data/ssl-build directory.

    For more information about existing or custom certificates and the concept of corporate and intermediate certificates, see Import SSL Certificates.

  7. Click Generate to register a new proxy FQDN in the SUSE Manager Server and generate a configuration archive (config.tar.gz) containing details for the container host.

  8. After a few moments you are presented with file to download. Save this file locally.

suma proxy containerized webui

8.2. Generate the Proxy Configuration with spacecmd and Self-Signed Certificate

Procedure: Generating Proxy Configuration with spacecmd and Self-Signed Certificate

You can generate a Proxy configuration using spacecmd.

  1. SSH into your container host.

  2. Execute the following command replacing the Server and Proxy FQDN:

    mgrctl exec -ti 'spacecmd proxy_container_config_generate_cert -- dev-pxy.example.com dev-srv.example.com 2048 email@example.com -o /tmp/config.tar.gz'
  3. Copy the generated configuration from the server container:

    mgrctl cp server:/tmp/config.tar.gz .

8.3. Generate the Proxy Configuration with spacecmd and Custom Certificate

You can generate a Proxy configuration using spacecmd for a custom certificates rather than the default self-signed certificates.

Procedure: Generating Proxy Configuration with spacecmd and Custom Certificate
  1. SSH into your Server container host.

  2. Execute the following command replacing the Server and Proxy FQDN:

    for f in ca.crt proxy.crt proxy.key; do
      mgrctl cp $f server:/tmp/$f
    done
    mgrctl exec -ti 'spacecmd proxy_container_config -- -p 8022 pxy.example.com srv.example.com 2048 email@example.com /tmp/ca.crt /tmp/proxy.crt /tmp/proxy.key -o /tmp/config.tar.gz'
  3. Copy the generated configuration from the server container:

    mgrctl cp server:/tmp/config.tar.gz .

9. Configure Custom Persistent Storage

This step is optional. However, if custom persistent storage is required for your infrastructure, use the mgr-storage-proxy tool.

  • For more information, see mgr-storage-proxy --help. This tool simplifies creating the container storage and Squid cache volumes.

    Use the command in the following manner:

    mgr-storage-proxy <storage-disk-device>

    For example:

    mgr-storage-proxy /dev/nvme1n1 /dev/nvme2n1

    This command will create the persistent storage volumes at /var/lib/containers/storage/volumes.

    For more information, see List of persistent storage volumes.

10. Transfer the Proxy Configuration

The Web UI generates a configuration archive. This archive needs to be made available on the proxy container host.

Procedure: Copying the Proxy Configuration
  1. Copy the files from the Server container to the Server host OS:

    mgrctl cp server:/root/config.tar.gz .
  2. Next copy the files from the Server host OS to the Proxy host:

    scp config.tar.gz <proxy-FQDN>:/root
  3. Install the Proxy with:

    mgrpxy install podman config.tar.gz

11. Start the SUSE Manager 5.0.1 Proxy

Container can now be started with the mgrpxy command:

Procedure: Start and Check Proxy Status
  1. Start the Proxy by calling:

    mgrpxy start
  2. Check container status by calling:

    mgrpxy status

    Five SUSE Manager Proxy containers should be present:

    • proxy-salt-broker

    • proxy-httpd

    • proxy-tftpd

    • proxy-squid

    • proxy-ssh

And should be part of the proxy-pod container pod.

11.1. Using a Custom Container Image for a Service

By default, the SUSE Manager Proxy suite is set to use the same image version and registry path for each of its services. However, it is possible to override the default values for a specific service using the install parameters ending with -tag and -image.

For example, use it like this:

mgrpxy install podman --httpd-tag 0.1.0 --httpd-image registry.opensuse.org/uyuni/proxy-httpd /path/to/config.tar.gz

It adjusts the configuration file for the httpd service, where registry.opensuse.org/uyuni/proxy-httpds is the image to use and 0.1.0 is the version tag, before restarting it.

To reset the values to defaults, run the install command again without those parameters:

mgrpxy install podman /path/to/config.tar.gz

This command first resets the configuration of all services to the global defaults and then reloads it.