Containerized SUSE Manager Proxy Setup

Once container host for SUSE Manager Proxy containers is prepared, setup of containers require few additional steps to finish configuration.

  1. Generate SUSE Manager Proxy configuration archive file

  2. Transfer configuration archive to the container host prepared in installation step and extract it

  3. Start systemd proxy services

1. Create and generate SUSE Manager Proxy configuration

Configuration of SUSE Manager Proxy is generated by SUSE Manager Server and this configuration generation is required to be done for each containerized proxy. There are two ways how to generate SUSE Manager configuration: use the Web UI or the spacecmd command.

Procedure: Generating Of Container Services Configuration using Web UI

  1. In the Web UI, navigate to Systems  Proxy Configuration and fill the required data:

  2. In the Proxy FQDN field type fully qualified domain name for the proxy.

  3. In the Parent FQDN field type fully qualified domain name for the SUSE Manager Server or another SUSE Manager Proxy.

  4. In the Proxy SSH port field type SSH port on which SSH service is listening on SUSE Manager Proxy. Recommended is to keep default 8022.

  5. In the Max Squid cache size [MB] field type maximal allowed size for Squid cache. Typically this should be at most 60% of available storage for the containers.

  6. In the SSL certificate selection list choose if new server certificate should be generated for SUSE Manager Proxy or an existing one should be used. You can consider generated certificates as SUSE Manager builtin (self signed) certificates.

    Depending on the choice then provide either path to signing CA certificate to generate a new certificate or path to an existing certificate and its key to be used as proxy certificate.

    The CA certificates generated on the server are stored in the /root/ssl-build directory.

    For more information about existing or custom certificates and the concept of corporate and intermediate certificates, see Import SSL Certificates.

  7. Click Generate to register new proxy FQDN in SUSE Manager Server and generate configuration archive with details for container host.

  8. After a few moments you are presented with file to download. Save this file locally.

suma proxy containerized webui
Procedure: Generating Of Container Services Configuration using spacecmd command

  1. In the console run following command:

    spacecmd proxy_container_config_generate_cert -- <proxy_fqdn> <parent_fqdn> <squid_max_cache> <admin_email>

  2. Answer questions presented by script, namely SUSE Manager credentials and CA password.

    This will generate file config.tar.gz with configuration for the SUSE Manager Proxy containers.

    For more information about spacecmd container proxy generation, see proxy_container_config.

If a Proxy FQDN is used to generate SUSE Manager Proxy container configuration that is not a registered minion, a new system entry will appear in system list. This new entry will be shown under previously entered Proxy FQDN value and will be of Foreign system type.

2. Transfer SUSE Manager Proxy configuration

Both spacecmdcommand and web UI ways generate configuration archive. This archive needs to be made available on container host.

Transfer this generated archive to the container host and extract it to configuration directory (by default /etc/uyuni/proxy).

3. Start SUSE Manager Proxy containers

Container can now be started by single systemctl command:

Listing 1. Procedure: Start SUSE Manager Proxy containers
systemctl start uyuni-proxy-pod
Listing 2. Procedure: Start SUSE Manager Proxy containers and make settings permanent
systemctl enable --now uyuni-proxy-pod

Check if all containers started up as expected by calling

podman ps

Five SUSE Manager Proxy containers should be present:

  • proxy-salt-broker

  • proxy-httpd

  • proxy-tftpd

  • proxy-squid

  • proxy-ssh

And should be part of proxy-pod container pod.