Set Up the SUSE Manager for Retail Environment with non-containerized 4.3 branch server
To set up the SUSE Manager for Retail environment, you will need to have already installed and configured:
-
SUSE Manager for Retail Server
-
one or more SUSE Manager for Retail branch server proxies, or containerized proxy
-
one or more SUSE Manager build hosts
This section covers how to configure your SUSE Manager for Retail environment, including:
-
Prepare POS images
-
Prepare system groups
-
Configure services for Saltboot
-
Synchronize POS images to the branch servers
The very first time you set up the SUSE Manager for Retail environment, you will need to perform all configuration steps. You will need to revisit some of these steps later on as you are working with SUSE Manager for Retail.
For example, the first time you configure the branch server, you will need to have images prepared for synchronization. If you are configuring more than one branch server, you can use the same images across different branch servers.
If you have an existing environment, and need to build new images, you do not need to re-initialize the branches. You will need to synchronize the images, and can skip setting up the services on the branch server.
Usually, POS images are rebuild when updated packages are available, and synchronized to the branch servers before the update window opens.
1. Prepare and Build Terminal Images
For information about SUSE Manager image building, see Image Building and Management.
SUSE Manager for Retail POS images are images specifically tailored for SUSE Manager for Retail environment and designed to be deployed using PXE booting mechanism.
1.1. POS Image Templates
As starting point, SUSE provides basic templates at https://github.com/SUSE/manager-build-profiles/tree/master/OSImage. These templates need to be adapted for specific usecases, for example by including specific applications, configuration settings, and users.
|
By default, POS templates do not include a system user. You will not be able to login as a user to a system that has been installed with a SUSE provided template. However you can use Salt to manage clients without a system user. You can use Salt to install a system user after the terminal has been deployed. |
2. Branch Identification and Architecture Topology
Before you configure the branch server, ensure you have decided on networking topology and you choose branch id.
For information about the possible network topologies, see Network Architecture.
As a branch id select any alphanumerical string with up to 64 characters.
3. Required System Groups
SUSE Manager for Retail requires:
-
branch system group for every branch server proxy, using
branch idas its name -
hardware type system group for every used hardware type, using
HWTYPE:prefix in its name
For more information about hardware type groups, see Deployment basics.
|
Missing mandatory system group will cause terminal bootstrap to fail. |
SUSE Manager for Retail also recognizes two optional groups for better overview:
-
TERMINALS -
SERVERS
You can create system groups using the SUSE Manager Web UI. Navigate to and click Create System Group.
For more information about system groups, see System Groups.
During terminal bootstrap terminal automatically joins:
-
branch system group based on received
branch_id. This will make branch group formulas available to the terminal. -
HWType group based on SMBios information received from terminal. This will make Saltboot partitioning pillar available to the terminal.
-
TERMINALSif this group exists.
|
SUSE Manager for Retail command line tools create required system groups and branch group automatically. |
|
In case you plan to use the branch server as a monitoring server with Prometheus, be aware that Prometheus demands additional hardware resources. For more information about installing Prometheus, see Monitoring with Prometheus and Grafana. |
|
In case you plan to use the branch server with Ansible software, be aware that Ansible demands additional hardware resources. For more information about installing Ansible, see Ansible Integration. |
4. Configure Services for Saltboot
Saltboot technology is used to deploy POS images to the terminals. Saltboot consists of saltboot enabled initrd (build as part of POS images) and saltboot Salt states.
This section covers general information about generic Saltboot requirements. For configuration examples, see Example configurations.
4.1. Enable PXE Network Boot in the Terminal Network
Saltboot is usually used in network boot environment.
For this to work DHCP service for the network terminal is connected to must have PXE or sometimes called BOOTP support enabled.
if substring (option vendor-class-identifier, 0, 10) = "HTTPClient" {
option vendor-class-identifier "HTTPClient";
filename "<FQDN of branch server proxy>/saltboot/shim.efi";
}
else {
if option arch = 00:07 {
filename "boot/shim.efi";
next-server <IP address of branch server proxy>;
}
else {
filename "boot/pxelinux.0";
next-server <IP address of branch server proxy>;
}
}
Notice two important options, next-server which is set to the branch server IP address and filename set to the boot/pxelinux.0 for BIOS based system and boot/shim.efi for UEFI systems with SecureBoot support.
|
Containerized branch proxy uses different For containerized branch proxy set |
4.2. Saltboot Service Discovery
Saltboot requires some information where the Salt master is and from where to download the image. Saltboot tries multiple discoveries to obtain this information, described below.
For successful terminal deployment, both service discoveries must be successful. Depending on your architecture, choose what strategy works for you best.
4.2.1. Salt Master Discovery
During Saltboot initrd start, integrated Salt client needs to find branch server proxy to connect to. This discovery is trying following steps:
-
MASTERkernel command line option is set, then this is used as Salt master -
resolve
saltCNAME, if successful then resolved value is used as Salt master -
use
saltas a Salt master
Once Salt master is determined, Salt client configuration is generated and started.
|
Using fully qualified domain name in If used fully qualified domain name is different from fully qualified domain name of branch server proxy known to SUSE Manager, Saltboot may work correctly, however proxy detection of terminal will not work. |
4.2.2. Download Server Discovery
Before POS image is downloaded to the terminal, download server discovery is done to find where to download image from:
-
saltboot_download_serverpillar is set for terminal, then its value is used -
saltboot:download_serverpillar is set for terminal, then its value is used -
resolve
ftphostname
Value obtained by download server discovery is then used together with POS image pillar to fetch correct image from correct location.
4.3. Terminal Partitioning and Image Selection
Last piece for Saltboot is to provide partitioning for terminal. This is done individually for each hardware type of terminals. For more information about hardware types, see Deployment basics.
Above mentioned steps are mandatory minimum for successful Saltboot deployment. For configuration examples, see Example configurations.
5. Synchronize Images to the Branch Server
The OS image you use on the SUSE Manager server must be synchronized for use to the branch server.
You can do this with the Salt image-sync state, part of the Image Synchronization Formula.
-
On the SUSE Manager server, run this command:
salt <branch_server_minion_id> state.apply image-sync
-
The image details will be transferred to
/srv/saltbooton the branch server.
You can also set synchronization to run automatically on the branch server.
Configure the image synchronization formula to apply the highstate regularly.
For more information about Image Synchronization Formula, see Image Synchronization Formula.