SUSE Manager 5.0 Proxy Deployment

This quick start guide shows you how to prepare, configure and deploy a SUSE Manager 5.0 Proxy container on SLE Micro 5.5.

1. Hardware Requirements for the Proxy

This table shows the hardware requirements for deploying SUSE Manager Proxy.

Table 1. Proxy Hardware Requirements
Hardware Details Recommendation

CPU

x86-64, ARM

Minimum 2 dedicated 64-bit CPU cores

RAM

Minimum

2 GB

Recommended

8 GB

Disk Space

/ (root directory)

Minimum 40 GB

/var/lib/containers/storage/volumes/srv-www

Minimum 100 GB, Storage requirements should be calculated for the number of ISO distribution images, containers, and bootstrap repositories you will use.

/var/lib/containers/storage/volumes/var-cache (Squid)

Minimum 100 GB
Supported operating system for the Proxy Container Host

The supported operating system for the Proxy container host is SLE Micro 5.5.

2. SLE Micro 5.5 Installation

Procedure: Download the Installation Media

  1. Locate the SLE Micro 5.5 installation media at https://www.suse.com/download/sle-micro/.

  2. You will need an account with SUSE Customer Center and must be logged in to download the ISO.

  3. Download the following file: SLE-Micro-5.5-DVD-x86_64-GM-Media1.iso

  4. Prepare the installation media for use. For this guide a USB flash disk was used.

  5. For detailed documentation covering installation on bare metal or in a virtual machine, see SLE Micro 5.5 Deployment Guide.

Procedure: SLE Micro 5.5 Installation

  1. Use the arrow keys to select Installation.

  2. Adjust Keyboard and language. Click the checkbox to accept the License Agreement.

  3. Click Next to continue.

  4. Skip Registration.

  5. On the NTP Configuration page click Next.

  6. On the Authentication for the System page enter a password for the root user. Click Next.

  7. On the Installation Settings page click Install.

This concludes installation of SLE Micro 5.5.

Once the container host is prepared, the Proxy requires the following steps to complete configuration.

3. Register the Proxy Host as a Minion with the Server

Before proceeding with configuration of the proxy you need to sync the correct channels, create a Salt activation key and register the proxy host as a Salt minion with SUSE Manager 5.0 Server.

The container host for the SUSE Manager Proxy must be registered as a salt minion to the SUSE Manager Server.

For more information about registering a client to the SUSE Manager Server, see Client Registration.

The following procedure assumes you have added your Organization Credentials to the Admin  Setup Wizard → Organization Credentials page on the SUSE Manager 5.0 Server.
Procedure: Prepare the Proxy and Required Channels

  1. Log in to the SUSE Manager Web UI.

  2. Select Admin  Setup Wizard → Products.

  3. Use the checkbox to select SLE Micro 5.5 then select the dropdown and check the Proxy Extension.

  4. Select the + Add Products button.

  5. Wait for the sync to complete.

  6. Select Systems  Activation Keys then click + Create key.

  7. Create an activation key for the proxy host with SLE Micro 5.5 as the parent channel. This key should include all recommended channels and the proxy extension.

  8. Proceed to boostrapping the proxy host as a minion.

Procedure: Bootstrap the Proxy Host

  1. Select Systems  Bootstrapping.

  2. Fill in the fields for your Proxy host.

  3. Select the Activation key created in the previous step from the dropdown.

  4. Click + Bootstrap.

  5. Wait for the Bootstrap process to complete successfully. Check the Salt menu and confirm the Salt minion key is listed and accepted.

  6. Reboot the Proxy host.

  7. Select the host from the System list and trigger a second reboot after all events are finished to conclude the onboarding.

Procedure: Update the Proxy Host

  1. Select the host from the Systems list and apply all patches to update it.

  2. Reboot the Proxy host.

4. Proxy Container Configuration and Deployment

4.1. Create and generate the SUSE Manager Proxy Configuration Files

The configuration archive of the SUSE Manager Proxy is generated by the SUSE Manager Server. Each additional Proxy requires its own configuration archive. There are two paths for generating SUSE Manager Proxy configuration archives: use the Web UI or the spacecmd command.

The following tasks will be performed:

  1. Generate SUSE Manager a Proxy configuration archive file

  2. Transfer the configuration archive to the container host from the Server and extract it

  3. Start the Proxy with mgrpxy

Procedure: Generating a Proxy Container Configuration using Web UI

  1. In the Web UI, navigate to Systems  Proxy Configuration and fill the required data:

  2. In the Proxy FQDN field type fully qualified domain name for the proxy.

  3. In the Parent FQDN field type fully qualified domain name for the SUSE Manager Server or another SUSE Manager Proxy.

  4. In the Proxy SSH port field type SSH port on which SSH service is listening on SUSE Manager Proxy. Recommended is to keep default 8022.

  5. In the Max Squid cache size [MB] field type maximal allowed size for Squid cache. Typically this should be at most 60% of available storage for the containers.

  6. In the SSL certificate selection list choose if new server certificate should be generated for SUSE Manager Proxy or an existing one should be used. You can consider generated certificates as SUSE Manager builtin (self signed) certificates.

    Depending on the choice then provide either path to signing CA certificate to generate a new certificate or path to an existing certificate and its key to be used as proxy certificate.

    The CA certificates generated on the server are stored in the /root/ssl-build directory.

    For more information about existing or custom certificates and the concept of corporate and intermediate certificates, see Import SSL Certificates.

  7. Click Generate to register new proxy FQDN in SUSE Manager Server and generate configuration archive with details for container host.

  8. After a few moments you are presented with file to download. Save this file locally.

suma proxy containerized webui

5. Transfer the Proxy Configuration

Both spacecmd command and Web UI methods generate a configuration archive. This archive needs to be made available on container host.

Procedure: Copy the Proxy configuration generated with the spacecmd command

  1. Copy the files from the server container to the server host OS:

    mgrctl cp server:/root/config.tar.gz .

  2. Next copy the files from the server host OS to the proxy host:

    scp config.tar.gz <proxy-FQDN>:/root

  3. Install the Proxy with:

    mgrpxy install podman config.tar.gz

For installation instructions to use the archive to get the proxy containers, see Install containerized SUSE Manager Proxy.

6. Start SUSE Manager Proxy containers

Container can now be started with the mgrpxy command:

Listing 1. Procedure: Start SUSE Manager Proxy containers
mgrpxy start uyuni-proxy-pod

Check if all containers started up as expected by calling

podman ps

Five SUSE Manager Proxy containers should be present:

  • proxy-salt-broker

  • proxy-httpd

  • proxy-tftpd

  • proxy-squid

  • proxy-ssh

And should be part of proxy-pod container pod.