Proxy Migration

In SUSE Manager 2024.04, the containerized proxy is managed by a set of systemd services.

In SUSE Manager 5.0, management of the containerized proxy was re-designed and made simpler with the mgrpxy tool.

This section will help you migrate from the legacy systemd proxy using the new mgrpxy tool.

An in-place migration from SUSE Manager 2024.04 to 2024.06 will remain unsupported due to the HostOS change from SUSE Linux Enterprise Server 15 SP4 to openSUSE Leap Micro 5.5

The traditional contact protocol is no longer supported in SUSE Manager 5.0 and later. Before migrating from SUSE Manager 2024.04 to 5.0, any existing traditional clients including the traditional proxies must be migrated to Salt.

For more information about migrating traditional SUSE Manager 2024.04 clients to Salt clients, see https://documentation.suse.com/suma/4.3/en/suse-manager/client-configuration/contact-methods-migrate-traditional.html

1. Migrate from Legacy to Containerized Proxy with Systemd

1.1. Generate the Proxy Configuration

Task: Generate the Proxy Configuration

  1. Log in to the SUSE Manager Server Web UI.

  2. Select Systems  Proxy Configuration from the left navigation.

  3. Enter your Proxy FQDN. Use the same FQDN as the original proxy host.

  4. Enter your Server FQDN.

  5. Enter the Proxy port number. We recommend using the default port of 8022

  6. Certificate and private key are located on the Server container host in /var/lib/containers/storage/volumes/root/_data/ssl-build/.

    • RHN-ORG-TRUSTED-SSL-CERT

    • RHN-ORG-PRIVATE-SSL-KEY

  7. Copy the certificate and key to your machine with:

    scp root@uyuni-server-example.com:/root/ssl-build/RHN-ORG-PRIVATE-SSL-KEY .
scp root@uyuni-server-example.com:/root/ssl-build/RHN-ORG-TRUSTED-SSL-CERT .

  8. Select Choose File and browse your local machine for the certificate.

  9. Select Choose File and brose your local machine for the private key.

  10. Enter the CA password.

  11. Click Generate.

1.2. Transfer Proxy Configuration to New Host

Task: Transfer the Proxy Configuration

  1. From the Server transfer the generated tar.gz file containing the proxy configuration to the new Proxy host:

    scp config.tar.gz <uyuni-proxy-FQDN>:/root/

  2. Disable the legacy proxy prior to executing the next step:

    Listing 1. Disable the Legacy Proxy
    spacewalk-proxy stop

  3. Deploy the new Proxy with:

    systemctl start uyuni-proxy-pod

  4. Enable the new Proxy with:

    systemctl enable --now uyuni-proxy-pod

  5. Run podman ps to verify all the containers are present and running:

    proxy-salt-broker
proxy-httpd
proxy-tftpd
proxy-squid
proxy-ssh

2. Migrate SUSE Manager 2024.04 Proxy to SUSE Manager 5.0 Containerized Proxy

Task: Migrate SUSE Manager 2024.04 Containerized Proxy to SUSE Manager 5.0 New Containerized Proxy

  1. Boot your new machine and begin installation of openSUSE Leap Micro 5.5.

  2. Complete the installation.

  3. Update the system:

    transactional-update --continue

  4. Install mgrpxy and optionally, mgrpxy-bash-completion:

    transactional-update pkg install mgrpxy mgrpxy-bash-completion

  5. Reboot.

  6. Copy your tar.gz proxy configuration to the host.

3. Installing packages using the Web UI

The mgrpxy and mgrpxy-bash-completion packages can also be installed via the web UI after the minion has been bootstrapped and registered with the Server.

Task: Installing Packages using the Web UI

  1. After installation, ensure that the SLE Micro 5.5 Parent channel and Proxy child channels are added and synced from the Admin  Setup Wizard → Products page.

  2. In the Web UI, go to Systems  Activation Keys and create an activation key linked to the synced SLE Micro 5.5 channel.

  3. Bootstrap your system as a minion using the Systems  Bootstrapping page.

  4. Once the new machine is onboarded and displayed in the systems list, select the system and navigate to the System Details  Install Package page.

  5. Install the packages mgrpxy and mgrpxy-bash-completion.

  6. Reboot the system.

4. Generate Proxy Config with spacecmd and Self-Signed Certificate

Task: Generate Proxy Config with spacecmd and Self-Signed Certificate

You can generate a Proxy configuration using spacecmd.

  1. SSH into your container host.

  2. Execute the following command replacing the Server and Proxy FQDN:

    mgrctl exec -ti 'spacecmd proxy_container_config_generate_cert -- dev-pxy.example.com dev-srv.example.com 2048 email@example.com -o /tmp/config.tar.gz'

  3. Copy the generated config to the Proxy:

    mgrctl cp server:/tmp/config.tar.gz .

  4. Deploy the Proxy with:

    mgrpxy install podman config.tar.gz

5. Generate Proxy Config with spacecmd and Custom Certificate

You can generate a Proxy configuration using spacecmd for a custom certificates rather than the default self signed certificates.

2 GB represents the default proxy squid cache size. This will need to be adjusted for your environment.
Task: Generate Proxy Config with spacecmd and Custom Certificate

  1. SSH into your Server container host.

  2. Execute the following command replacing the Server and Proxy FQDN:

    for f in ca.crt proxy.crt proxy.key; do
  mgrctl cp $f server:/tmp/$f
done
mgrctl exec -ti 'spacecmd proxy_container_config -- -p 8022 pxy.example.com srv.example.com 2048 email@example.com /tmp/ca.crt /tmp/proxy.crt /tmp/proxy.key -o /tmp/config.tar.gz'

  3. Copy the generated config to the Proxy:

    mgrctl cp server:/tmp/config.tar.gz .

  4. Deploy the Proxy with:

    mgrpxy install podman config.tar.gz