Documentation survey

SUSE Manager Server Migration to a Containerized Environment

1. Requirements and Considerations

1.1. General

  • To migrate a SUSE Manager 4.3 Server to a container, you require a new machine with SLE Micro 5.5 or SUSE Linux Enterprise Server 15 SP6, and mgradm installed.

  • An in-place migration from SUSE Manager 4.3 to 5.0 is not supported, regardless of whether the chosen host operating system is SLE Micro 5.5 or SUSE Linux Enterprise Server 15 SP6.

  • Before migrating from SUSE Manager 4.3 to 5.0, any existing traditional clients including the traditional proxies must be migrated to Salt.

  • Traditional contact protocol is no longer supported in SUSE Manager 5.0 and later.

This guide only covers the migration from SUSE Manager 4.3 to 5.0. Migrating an existing SUSE Manager 5.0 instance to the same version while switching the host operating system from SLE Micro 5.5 to SUSE Linux Enterprise Server 15 SP6, or vice versa, is not handled by the mgradm migrate command.

1.2. GPG Keys

  • Self trusted GPG keys are not migrated.

  • GPG keys that are trusted in the RPM database only are not migrated. Thus synchronizing channels with spacewalk-repo-sync can fail.

  • The administrator must migrate these keys manually from the 4.3 installation to the container host after the actual server migration.

    Procedure: Manual Migration of the 4.3 GPG Keys to New Server

    1. Copy the keys from the 4.3 server to the container host of the new server.

    2. Later, add each key to the migrated server with the command mgradm gpg add <PATH_TO_KEY_FILE>.

2. Migration

2.1. Prepare SUSE Manager 5.0 Server Host

Do not pre-install SUSE Manager on the prepared SLE Micro 5.5 or SUSE Linux Enterprise Server 15 SP6 system. The migration process is designed to perform the server installation automatically. Running mgradm install and then mgradm migrate is not supported and will lead to an unsupported system state.

In the following steps, we are only preparing the host system, not installing the actual SUSE Manager 5.0 Server.

2.1.1. Prepare SLE Micro 5.5 Host

2.1.1.1. Download the installation media
Procedure: Downloading the Installation Media

  1. Locate the SLE Micro 5.5 installation media at https://www.suse.com/download/sle-micro/.

  2. Download SLE-Micro-5.5-DVD-x86_64-GM-Media1.iso.

  3. Prepare a DVD or USB flash drive with the downloaded .iso image for installation.

2.1.1.2. Install SLE Micro 5.5

For more information about preparing your machines (virtual or physical), see SLE Micro 5.5 Deployment Guide.

Procedure: Installing SLE Micro 5.5

  1. Insert the DVD or USB flash drive (USB disk or key) containing the installation image for SLE Micro 5.5.

  2. Boot or reboot your system.

  3. Use the arrow keys to select Installation.

  4. Adjust Keyboard and language.

  5. Click the checkbox to accept the license agreement.

  6. Click Next to continue.

  7. Select the registration method. For this example, we will register the server with SUSE Customer Center.

    The SUSE Manager 5.0 containers are installed as extensions. Depending on the specific extension needed from the list below, additional SUSE Customer Center registration codes will be required for each.

    • SUSE Manager 5.0 Server

    • SUSE Manager 5.0 Proxy

    • SUSE Manager 5.0 Retail Branch Server

    The SLE Micro 5.5 entitlement is included within the SUSE Manager entitlement, so it does not require a separate registration code.

  8. Enter your SUSE Customer Center email address.

  9. Enter your registration code for SLE Micro 5.5.

  10. Click Next to continue.

  11. To install a proxy, select the SUSE Manager 5.0 Proxy extension; to install a server, select the SUSE Manager 5.0 Server extension Checkbox.

  12. Click Next to continue.

  13. Enter your SUSE Manager 5.0 extension registration code.

  14. Click Next to continue.

  15. On the NTP Configuration page click Next.

  16. On the Authentication for the System page enter a password for the root user. Click Next.

  17. On the Installation Settings page click Install.

This concludes installation of SLE Micro 5.5 and SUSE Manager 5.0 as an extension.

2.1.1.3. OPTIONAL: Registration from the command line

If you added SUSE Manager 5.0 as an extension during SLE Micro 5.5 installation then you can skip this procedure. However, optionally you may skip registration during SLE Micro 5.5 installation by selecting the Skip Registration button. This section provides steps on registering your products after SLE Micro 5.5 installation.

The following steps register a SUSE Manager 5.0 extension with the x86-64 architecture and thus require a registration code for the x86-64 architecture. To register ARM or s390x architectures use the correct registration code.
Procedure: Registering from the Command Line

  1. List available extensions with the following command:

    transactional-update --quiet register --list-extensions

  2. From the list of available extensions, select the one you wish to install:

    1. If installing the Server, use your SUSE Manager Server Extension 5.0 x86_64 registration code with following command:

      transactional-update register -p SUSE-Manager-Server/5.0/x86_64 -r <reg_code>

    2. If installing the Proxy, use your SUSE Manager Proxy Extension 5.0 x86_64 registration code with following command:

      transactional-update register -p SUSE-Manager-Proxy/5.0/x86_64 -r <reg_code>

  3. Reboot.

2.1.1.4. Update the system
Procedure: Updating the System

  1. Log in as root.

  2. Run transactional-update:

    transactional-update

  3. Reboot.

SLE Micro is designed to update itself automatically by default and will reboot after applying updates. However, this behavior is not desirable for the SUSE Manager environment. To prevent automatic updates on your server, SUSE Manager disables the transactional-update timer during the bootstrap process.

If you prefer the SLE Micro default behavior, enable the timer by running the following command:

systemctl enable --now transactional-update.timer

2.1.2. Prepare SUSE Linux Enterprise Server 15 SP6 Host

Alternatively, you can deploy SUSE Manager on SUSE Linux Enterprise Server 15 SP6.

The following procedure describes the main steps of the installation process.

Procedure: Installing SUSE Manager Extensions on SUSE Linux Enterprise Server 15 SP6

  1. Locate and download SUSE Linux Enterprise Server 15 SP6 .iso at https://www.suse.com/download/sles/.

  2. Make sure that you have regsistration codes both for the host operating system (SUSE Linux Enterprise Server 15 SP6) and extensions.

  3. Start the installation of SUSE Linux Enterprise Server 15 SP6.

    1. On the Language, keyboard and product selection select the product to install.

    2. On the License agreement read the agreement and check I Agree to the License Terms.

  4. Select the registration method. For this example, we will register the server with SUSE Customer Center.

  5. Enter your SUSE Customer Center email address.

  6. Enter your registration code for SUSE Linux Enterprise Server 15 SP6.

  7. Click Next to continue.

    Please note that for SUSE Linux Enterprise Server 15 SP6, you are required to have a valid SUSE Linux Enterprise Server subscription and corresponding registration code, which you must provide on this screen. You will be required to enter the SUSE Manager Extension registration code below.

  8. In the screen Extensions and Modules Selection check the following:

    • Select the SUSE Manager Server Extension to install the Server, or the SUSE Manager Proxy Extension to install the Proxy.

    • Basesystem Module

    • Containers Module

  9. Click Next to continue.

  10. Enter your SUSE Manager 5.0 extension registration code.

  11. Click Next to continue.

  12. Complete the installation.

  13. When the installation completes, log in to the newly installed server as root.

  14. Update the System (optional, if the system was not set to download updates during install):

    zypper up

  15. Reboot.

  16. Log in as root and install podman plus mgradm and mgradm-bash-completion (if not already automatically installed):

    zypper install podman mgradm mgradm-bash-completion

  17. Start the Podman service by rebooting the system, or running a command:

    systemctl enable --now podman.service

2.2. SSH Connection Preparation

This step ensures that the new SUSE Manager 5.0 Server can connect to the existing 4.3 Server over SSH without requiring a password. It involves generating and configuring SSH keys, setting up an SSH agent, and copying the public key to the old server.

This setup is required for the migration process to run without manual intervention.

Procedure: Preparing the SSH Connection

  1. Ensure that for root an SSH key exists on the new 5.0 server. If a key does not exist, create it with:

    ssh-keygen -t rsa

  2. The SSH configuration and agent should be ready on the new server for a connection to the 4.3 server that does not prompt for a password.

    eval $(ssh-agent); ssh-add

    To establish a connection that does not prompt for a password, the migration script relies on an SSH agent running on the new server. If the agent is not active yet, initiate it by running eval $(ssh-agent). Then add the SSH key to the running agent with ssh-add followed by the path to the private key. You will be prompted to enter the password for the private key during this process.

  3. Copy the public SSH key to the SUSE Manager 4.3 Server (<oldserver.fqdn>) with ssh-copy-id. Replace <oldserver.fqdn> with the FQDN of the 4.3 server:

    ssh-copy-id <old server.fqdn>

    The SSH key will be copied into the old server’s ~/.ssh/authorized_keys file. For more information, see the ssh-copy-id manpage.

  4. Establish an SSH connection from the new server to the old SUSE Manager Server to check that no password is needed. Also there must not by any problem with the host fingerprint. In case of trouble, remove old fingerprints from the ~/.ssh/known_hosts file. Then try again. The fingerprint will be stored in the local ~/.ssh/known_hosts file.

2.3. Perform the Migration

When planning your migration from SUSE Manager 4.3 to SUSE Manager 5.0, ensure that your target instance meets or exceeds the specifications of the old setup.

This includes, but is not limited to, memory (RAM), CPU Cores, Storage, and Network Bandwidth.

Procedure: Performing the Migration

  1. This step is optional. If custom persistent storage is required for your infrastructure, use the mgr-storage-server tool. For more information about mgr-storage-server, see installation-and-upgrade:hardware-requirements.adoc#install-hardware-requirements-storage.

  2. Execute the following command to install a new SUSE Manager server. Replace <oldserver.fqdn> with the FQDN of the 4.3 server:

    Make sure to upgrade your 4.3 server and apply all available updates before starting the migration process. Additionally, remove any unnecessary channels to help reduce the overall migration time.

    The migration can take a very long time depending on the amount of data that needs to be replicated. To reduce downtime it is possible to run the migration multiple times in a process of initial replication, re-replication, or final replication and switch over while all the services on the old server can stay up and running.

    Only during the final migration the processes on the old server need to be stopped.

    For all non-final replications add the parameter --prepare to prevent the automatic stopping the services on the old server. For example on SUSE Manager server:

    mgradm migrate podman <oldserver.fqdn> --prepare
Procedure: Final Migration

  1. Stop the SUSE Manager services on 4.3 Server:

    spacewalk-service stop

  2. Stop the PostgreSQL service on 4.3 Server:

    systemctl stop postgresql

  3. Perform the migration on SUSE Manager server

    mgradm migrate podman <oldserver.fqdn>

  4. Migrate trusted SSL CA certificates.

2.3.1. Migration of the Certificates

Trusted SSL CA certificates that were installed as part of an RPM and stored on SUSE Manager 4.3 in the /usr/share/pki/trust/anchors/ directory will not be migrated. Because SUSE does not install RPM packages in the container, the administrator must migrate these certificate files manually from the 4.3 installation after the migration.

Procedure: Migrating the Certificates

  1. Copy the file from the 4.3 server to the new server. For example, as /local/ca.file.

  2. Copy the file into the container with:

    mgrctl cp /local/ca.file server:/etc/pki/trust/anchors/

After successfully running the mgradm migrate command, the Salt setup on all clients will still point to the old 4.3 server.

To redirect them to the 5.0 server, it is required to rename the new server at the infrastructure level (DHCP and DNS) to use the same FQDN and IP address as 4.3 server.