From 4d3f90db4c240d21a7cbe38fd8ec743cbc06f978 Mon Sep 17 00:00:00 2001 From: Ornela Maric Date: Tue, 15 Jul 2025 17:52:27 +0200 Subject: [PATCH 01/29] Extending proxy conversion instructions. --- .../proxy-conversion-from-client.adoc | 45 +++++++++++++++++++ 1 file changed, 45 insertions(+) diff --git a/modules/installation-and-upgrade/pages/container-deployment/proxy-conversion-from-client.adoc b/modules/installation-and-upgrade/pages/container-deployment/proxy-conversion-from-client.adoc index 4b0ebc644bd..1da480348b3 100644 --- a/modules/installation-and-upgrade/pages/container-deployment/proxy-conversion-from-client.adoc +++ b/modules/installation-and-upgrade/pages/container-deployment/proxy-conversion-from-client.adoc @@ -32,7 +32,9 @@ Either procedure can be used, and will achieve the same outcome. . Click button btn:[Convert to Proxy]. . Wait for the conversion to complete. . Confirm that the conversion has been successful by locating a new tab [literal]``Proxy`` on the [literal]``Overview`` page. +. Confirm there are two tabs within [literal]``Proxy``, [literal]``Clients`` and [literal]``Configuration``. +Proceed with the steps to <>. .Procedure: Converting client to {productname} Proxy by changing client's properties . For the client chosen to be converted to proxy, go to its [literal]``Properties`` page. @@ -41,3 +43,46 @@ Either procedure can be used, and will achieve the same outcome. . Click button btn:[Update Properties]. . Follow the displayed note and apply highstate to complete the conversion. . Confirm that the conversion has been successful by locating a new tab [literal]``Proxy`` on the [literal]``Overview`` page. +. Confirm there are two tabs within [literal]``Proxy``, [literal]``Clients`` and [literal]``Configuration``. + +Proceed with the steps to <>. + + +[[configure-proxy]] +== Configure the Proxy + +Once the client had been succesfully converted to proxy, it needs to be configured. + +. In the {webui}, navigate to menu:Proxy[Configuration] and fill the required data: +. In the [guimenu]``Parent FQDN`` field type fully qualified domain name for the parent. +. In the [guimenu]``Proxy SSH port`` field type SSH port on which SSH service is listening on {productname} Proxy. It is recommended to keep default 8022. +. In the [guimenu]``Max Squid cache size [MB]`` field type maximal allowed size for Squid cache. +. In the [guimenu]``Proxy admin email`` field type the admin's email. +. In the section [literal]``Certificates`` select one of two options: [literal]``Keep`` or [literal]``Replace``. +//.. If the option selected is [literal]``Keep`` it refers to... +//.. If the option selected is [literal]``Replace`` it refers to... +.. Select [literal]``Keep`` if an existing certificate should be used. +.. Select [literal]``Replace`` if the new server certificate should be generated for {productname} proxy. +(CAN WE KEEP THIS?) You can consider generated certificates as {productname} builtin (self-signed) certificates. ++ +Depending on the choice then provide either path to signing CA certificate to generate a new certificate or path to an existing certificate and its key to be used as proxy certificate. ++ +The CA certificates generated by the server are stored in the [path]``/var/lib/containers/storage/volumes/root/_data/ssl-build`` directory. ++ +For more information about existing or custom certificates and the concept of corporate and intermediate certificates, see xref:administration:ssl-certs-imported.adoc[]. + +. In the section [literal]``Source`` select one of two options: [literal]``Registry`` or [literal]``RPM``. +.. For air-gapped deployment, when the proxy has no access to the registry, select option [literal]``RPM``. (FIND OUT: Is the RPM then provided via GUI?) +.. If the proxy has access to the registry, either option can be selected. +. In case [literal]``Registry`` is selected, select one of two options: [literal]``Simple`` or [literal]``Advanced``. +.. If the option selected is [literal]``Simple`` enter the value in [literal]``Registry URL``. +.. If the option selected is [litaral]``Advanced`` additional section of the form opens. + Fill in all fields with the values of the relevant URls and Tags. +. Once all fields are filled in, click btn:[Apply] to apply the changes. + + +[WARNING] +==== +In case of the proxy chain, if the option [literal]``Registry`` is selected as source for the child proxy, the root proxy must have access to the same registry too. +==== + From 948ffbe9eb891f84b6aa02b7185b68e1957e984b Mon Sep 17 00:00:00 2001 From: Ornela Maric Date: Tue, 15 Jul 2025 17:56:49 +0200 Subject: [PATCH 02/29] Cont. --- .../container-deployment/proxy-conversion-from-client.adoc | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/modules/installation-and-upgrade/pages/container-deployment/proxy-conversion-from-client.adoc b/modules/installation-and-upgrade/pages/container-deployment/proxy-conversion-from-client.adoc index 1da480348b3..17922d919a5 100644 --- a/modules/installation-and-upgrade/pages/container-deployment/proxy-conversion-from-client.adoc +++ b/modules/installation-and-upgrade/pages/container-deployment/proxy-conversion-from-client.adoc @@ -59,8 +59,6 @@ Once the client had been succesfully converted to proxy, it needs to be configur . In the [guimenu]``Max Squid cache size [MB]`` field type maximal allowed size for Squid cache. . In the [guimenu]``Proxy admin email`` field type the admin's email. . In the section [literal]``Certificates`` select one of two options: [literal]``Keep`` or [literal]``Replace``. -//.. If the option selected is [literal]``Keep`` it refers to... -//.. If the option selected is [literal]``Replace`` it refers to... .. Select [literal]``Keep`` if an existing certificate should be used. .. Select [literal]``Replace`` if the new server certificate should be generated for {productname} proxy. (CAN WE KEEP THIS?) You can consider generated certificates as {productname} builtin (self-signed) certificates. @@ -72,7 +70,7 @@ The CA certificates generated by the server are stored in the [path]``/var/lib/c For more information about existing or custom certificates and the concept of corporate and intermediate certificates, see xref:administration:ssl-certs-imported.adoc[]. . In the section [literal]``Source`` select one of two options: [literal]``Registry`` or [literal]``RPM``. -.. For air-gapped deployment, when the proxy has no access to the registry, select option [literal]``RPM``. (FIND OUT: Is the RPM then provided via GUI?) +.. For disconnected environments, when the proxy has no access to the registry, select option [literal]``RPM``. (FIND OUT: Is the RPM then provided via GUI?) .. If the proxy has access to the registry, either option can be selected. . In case [literal]``Registry`` is selected, select one of two options: [literal]``Simple`` or [literal]``Advanced``. .. If the option selected is [literal]``Simple`` enter the value in [literal]``Registry URL``. From 2e0496c207ec86169c5cf75da116fabca2d25497 Mon Sep 17 00:00:00 2001 From: Ornela Maric Date: Wed, 16 Jul 2025 08:51:53 +0200 Subject: [PATCH 03/29] Cont. --- .../container-deployment/proxy-conversion-from-client.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/installation-and-upgrade/pages/container-deployment/proxy-conversion-from-client.adoc b/modules/installation-and-upgrade/pages/container-deployment/proxy-conversion-from-client.adoc index 17922d919a5..bda8507bce4 100644 --- a/modules/installation-and-upgrade/pages/container-deployment/proxy-conversion-from-client.adoc +++ b/modules/installation-and-upgrade/pages/container-deployment/proxy-conversion-from-client.adoc @@ -81,6 +81,6 @@ For more information about existing or custom certificates and the concept of co [WARNING] ==== -In case of the proxy chain, if the option [literal]``Registry`` is selected as source for the child proxy, the root proxy must have access to the same registry too. +When configuring a proxy chain, the root proxy needs access to any registry that a child proxy is set to use as its source. ==== From 338e59cffd48fa348b23b0ab9a83f88fd740f784 Mon Sep 17 00:00:00 2001 From: Ornela Maric Date: Wed, 16 Jul 2025 08:59:02 +0200 Subject: [PATCH 04/29] Cont. --- .../.proxy-conversion-from-client.adoc.swp | Bin 0 -> 16384 bytes .../proxy-conversion-from-client.adoc | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) create mode 100644 modules/installation-and-upgrade/pages/container-deployment/.proxy-conversion-from-client.adoc.swp diff --git a/modules/installation-and-upgrade/pages/container-deployment/.proxy-conversion-from-client.adoc.swp b/modules/installation-and-upgrade/pages/container-deployment/.proxy-conversion-from-client.adoc.swp new file mode 100644 index 0000000000000000000000000000000000000000..9d486aa418721c71ee79f9bbfc91e88b51495c0b GIT binary patch literal 16384 zcmeHOTaO$^6|RI^0wf@ih{Dt1ZaX_Owz-8NjN{zSwN;3fhhJRpdG7x)JRAtCX^3x6Tu1@WD#?wOut*Foe3q8{mJ*3;GJ@|{zs z>YOSME`O`HLEmU!5%_#uh_`PYjobfxQ@rpYAxxI2Nb-XRe=-$jW}uS?j}qc#&#*Jn z`M4N#ifNJPR%im-iA`8U%64>Oa~VZ4*CuJnBy1JwD3hV;q;iDEfk|?y6P2|>l}2V7 zt0eEFnK_=e@Mxkk%kK>{6Ssm$<6&EZ{X41EJZ}(q?;}v;!`9P}i7#Kha+!_&+-E;S zpZvuBd*ANH!Ull`fd+vFfd+vFfd+vFfd+vFff)jM`mlHf|9ZImi@r@(ElCix1gVbUIT4{{`9yIZ-Qb_1lj<76ZC1&lc0Y*hB2T&fPMk`5$K1YAApWP z6VQ{O*FP%6&p|`b7eJo}{pBM3>VbQSc=4?`c&I_L?|r$E1dREQDiGU!pz-yRX- zRnQZl*KlXyC!m)=Q_wLe1Z{wBgWmq25O0CL4|*Q-`UhYW=n>HO-Y>*9=TbCNk?pdN9AuVLLn$H#|BM6BRKodSu4roo|OSmmStA?o4IE!|T9!O%caVPUzntjO`S&W=^Tu(G^Kch>0E+S)el-R$jNzesmY zK>_%~ofevBGmXOf+i<(3`(PRtL7vE1oe+bAIH3zxMZ*?bsKSd2@3cj`O}i=rcGQnF zqC!S+#18Jz$Up&CJ#-#o!%O$ojk9A@MDVYwsf1uXrG_)~97(s7O1+r#0G!KU;J}7@ z-l-N!BQWcFuheD%xWa5U%p{7ZKz?M%r2LBQ)?X@BfZAsvP!rf66&m-73IMe2eCK8e zsaWa=(uP_Ai+q~8KqL3?OV&R=o6Ckgrrj3{4L`~NGsxSRU(GMuh86 z<_NLlhB3^wch45!)!f~^Njzg0xmLdd9y%K9U`+fAJDI17wiIFRD>o-FVll8BUpOM? zahP}}1}-5~LxkUhM=4Z8SwuNKefjFub5uhbNOD?#VRds+uVE2IQ+lzG5%L*Wh6ea1 z#1TzwG$*#yys0Npm}IC&g->M%Zc+|)6gg&@f(tks zaZ>3Dv4y1R9{7u5G?pCU$Q-r^0%g5^{!$qyHwa2O8kR`sNDwNtzpc1SaTc!N#iKU3(%LNohlh;0`^gEDxd&=?!wz8CI#`Srr~k-c zW#aVeb0`$6%P1A%NM!HUq;Fxtm}qqbz4)FVOJ6rU4cx#`TjZ%JkV;IsvdJ_>^o;dr zjO&6v3=o}Zr1)>}27KjZKxav$gL_Dmc@EKoJn8oLQ$&FxXq0j;Q5MS^EFLS2WxQdrvWPanSa^LG<7@=a8bq5t zrADdo94n|6sIbUXmwg7ioeN4aU~$HzW@iOsnT*(3ek5{OI)kGL&iN{NMsVJdNCH)s zn#UUZs|v%jyzNOK#N za+9;)_rSuAf_P0FdknH<|#0D=jE)*)Ny)nPgyO#`{9Q&2_t6|BNpQ&liYprbe@kZ_AW9Xtv#Dm7S8-`mJ@9 zQg}5CdAEU;4J!%~5nniV%9jh2iwzlNN`_M`oGb+i8|%MMzip~k3ZATWtIwXTSSxs= zJM4D*2jbEtx{n=ktb@#)(ARKp+yA2M30?Ur?QVZvT;eqfN>)3f1?;U$OtvfZP)%e6 zp7-Mj*QIf@8upwJmasf46c#AQhBLk71<@@`CB(Tgk)@d&*okB^h?M^&My-NfjJFs~Yl$sLKCKqe%7b1#uM1wowzaZoW=>^EJwErwun1tJ zaQG~)Ese31Ev8{_7w`9hP%T8MK8(y)*t&@1d-1ob;w*OdWf;@a8k~> z8sCE3u@B+;|BtA(xd!L@A0@u~yox{GdK@)1=qsQ82f9`uRuQo{TTEV z=!+oc(+4%527v~F27v~F27v~F27v~F27v~F|5pUA;Un(w!3s(uS3+|gUzX)u@aSa8 zm1TTzoaisOWC#{ zTIb#cnx{2hvz{zU=GxjS?QNk5 zUt8&|-=*cvyExq0yg|#)ZT0r|Xm9z(?seMQ!Rxo}^^1He)ANkWhNC~qU;}*DPx^zJ zmc4n(*#%4IMP; z%VWP1*0Rj5&}|bjLflG1Zy5odI8_0{L}w=9|5R?5a9YCcSs*f(mY@?g>xC=|tgLh= zPjw4+wl@G7U0CmJuF}^2UYB}krGPCS@b~PfGNg%?bYs8Af$@OTuU$7IfN~}B!RKC; M@9@GRv|cgsFU4O3ivR!s literal 0 HcmV?d00001 diff --git a/modules/installation-and-upgrade/pages/container-deployment/proxy-conversion-from-client.adoc b/modules/installation-and-upgrade/pages/container-deployment/proxy-conversion-from-client.adoc index bda8507bce4..2995b760751 100644 --- a/modules/installation-and-upgrade/pages/container-deployment/proxy-conversion-from-client.adoc +++ b/modules/installation-and-upgrade/pages/container-deployment/proxy-conversion-from-client.adoc @@ -75,7 +75,7 @@ For more information about existing or custom certificates and the concept of co . In case [literal]``Registry`` is selected, select one of two options: [literal]``Simple`` or [literal]``Advanced``. .. If the option selected is [literal]``Simple`` enter the value in [literal]``Registry URL``. .. If the option selected is [litaral]``Advanced`` additional section of the form opens. - Fill in all fields with the values of the relevant URls and Tags. + Fill in all fields with the values of the relevant URls and Tags. (DO WE NEED TO SPECIFY ANYTHING ABOIUT TAGS? OR URLs?) . Once all fields are filled in, click btn:[Apply] to apply the changes. From c2ec4bb62e8318a4fbaa22a18b1665bbde057ad7 Mon Sep 17 00:00:00 2001 From: Ornela Maric Date: Wed, 16 Jul 2025 11:08:47 +0200 Subject: [PATCH 05/29] Link added. --- .../.proxy-conversion-from-client.adoc.swp | Bin 16384 -> 0 bytes .../proxy-conversion-from-client.adoc | 6 +++++- 2 files changed, 5 insertions(+), 1 deletion(-) delete mode 100644 modules/installation-and-upgrade/pages/container-deployment/.proxy-conversion-from-client.adoc.swp diff --git a/modules/installation-and-upgrade/pages/container-deployment/.proxy-conversion-from-client.adoc.swp b/modules/installation-and-upgrade/pages/container-deployment/.proxy-conversion-from-client.adoc.swp deleted file mode 100644 index 9d486aa418721c71ee79f9bbfc91e88b51495c0b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 16384 zcmeHOTaO$^6|RI^0wf@ih{Dt1ZaX_Owz-8NjN{zSwN;3fhhJRpdG7x)JRAtCX^3x6Tu1@WD#?wOut*Foe3q8{mJ*3;GJ@|{zs z>YOSME`O`HLEmU!5%_#uh_`PYjobfxQ@rpYAxxI2Nb-XRe=-$jW}uS?j}qc#&#*Jn z`M4N#ifNJPR%im-iA`8U%64>Oa~VZ4*CuJnBy1JwD3hV;q;iDEfk|?y6P2|>l}2V7 zt0eEFnK_=e@Mxkk%kK>{6Ssm$<6&EZ{X41EJZ}(q?;}v;!`9P}i7#Kha+!_&+-E;S zpZvuBd*ANH!Ull`fd+vFfd+vFfd+vFfd+vFff)jM`mlHf|9ZImi@r@(ElCix1gVbUIT4{{`9yIZ-Qb_1lj<76ZC1&lc0Y*hB2T&fPMk`5$K1YAApWP z6VQ{O*FP%6&p|`b7eJo}{pBM3>VbQSc=4?`c&I_L?|r$E1dREQDiGU!pz-yRX- zRnQZl*KlXyC!m)=Q_wLe1Z{wBgWmq25O0CL4|*Q-`UhYW=n>HO-Y>*9=TbCNk?pdN9AuVLLn$H#|BM6BRKodSu4roo|OSmmStA?o4IE!|T9!O%caVPUzntjO`S&W=^Tu(G^Kch>0E+S)el-R$jNzesmY zK>_%~ofevBGmXOf+i<(3`(PRtL7vE1oe+bAIH3zxMZ*?bsKSd2@3cj`O}i=rcGQnF zqC!S+#18Jz$Up&CJ#-#o!%O$ojk9A@MDVYwsf1uXrG_)~97(s7O1+r#0G!KU;J}7@ z-l-N!BQWcFuheD%xWa5U%p{7ZKz?M%r2LBQ)?X@BfZAsvP!rf66&m-73IMe2eCK8e zsaWa=(uP_Ai+q~8KqL3?OV&R=o6Ckgrrj3{4L`~NGsxSRU(GMuh86 z<_NLlhB3^wch45!)!f~^Njzg0xmLdd9y%K9U`+fAJDI17wiIFRD>o-FVll8BUpOM? zahP}}1}-5~LxkUhM=4Z8SwuNKefjFub5uhbNOD?#VRds+uVE2IQ+lzG5%L*Wh6ea1 z#1TzwG$*#yys0Npm}IC&g->M%Zc+|)6gg&@f(tks zaZ>3Dv4y1R9{7u5G?pCU$Q-r^0%g5^{!$qyHwa2O8kR`sNDwNtzpc1SaTc!N#iKU3(%LNohlh;0`^gEDxd&=?!wz8CI#`Srr~k-c zW#aVeb0`$6%P1A%NM!HUq;Fxtm}qqbz4)FVOJ6rU4cx#`TjZ%JkV;IsvdJ_>^o;dr zjO&6v3=o}Zr1)>}27KjZKxav$gL_Dmc@EKoJn8oLQ$&FxXq0j;Q5MS^EFLS2WxQdrvWPanSa^LG<7@=a8bq5t zrADdo94n|6sIbUXmwg7ioeN4aU~$HzW@iOsnT*(3ek5{OI)kGL&iN{NMsVJdNCH)s zn#UUZs|v%jyzNOK#N za+9;)_rSuAf_P0FdknH<|#0D=jE)*)Ny)nPgyO#`{9Q&2_t6|BNpQ&liYprbe@kZ_AW9Xtv#Dm7S8-`mJ@9 zQg}5CdAEU;4J!%~5nniV%9jh2iwzlNN`_M`oGb+i8|%MMzip~k3ZATWtIwXTSSxs= zJM4D*2jbEtx{n=ktb@#)(ARKp+yA2M30?Ur?QVZvT;eqfN>)3f1?;U$OtvfZP)%e6 zp7-Mj*QIf@8upwJmasf46c#AQhBLk71<@@`CB(Tgk)@d&*okB^h?M^&My-NfjJFs~Yl$sLKCKqe%7b1#uM1wowzaZoW=>^EJwErwun1tJ zaQG~)Ese31Ev8{_7w`9hP%T8MK8(y)*t&@1d-1ob;w*OdWf;@a8k~> z8sCE3u@B+;|BtA(xd!L@A0@u~yox{GdK@)1=qsQ82f9`uRuQo{TTEV z=!+oc(+4%527v~F27v~F27v~F27v~F27v~F|5pUA;Un(w!3s(uS3+|gUzX)u@aSa8 zm1TTzoaisOWC#{ zTIb#cnx{2hvz{zU=GxjS?QNk5 zUt8&|-=*cvyExq0yg|#)ZT0r|Xm9z(?seMQ!Rxo}^^1He)ANkWhNC~qU;}*DPx^zJ zmc4n(*#%4IMP; z%VWP1*0Rj5&}|bjLflG1Zy5odI8_0{L}w=9|5R?5a9YCcSs*f(mY@?g>xC=|tgLh= zPjw4+wl@G7U0CmJuF}^2UYB}krGPCS@b~PfGNg%?bYs8Af$@OTuU$7IfN~}B!RKC; M@9@GRv|cgsFU4O3ivR!s diff --git a/modules/installation-and-upgrade/pages/container-deployment/proxy-conversion-from-client.adoc b/modules/installation-and-upgrade/pages/container-deployment/proxy-conversion-from-client.adoc index 2995b760751..b61768a3dec 100644 --- a/modules/installation-and-upgrade/pages/container-deployment/proxy-conversion-from-client.adoc +++ b/modules/installation-and-upgrade/pages/container-deployment/proxy-conversion-from-client.adoc @@ -71,8 +71,12 @@ For more information about existing or custom certificates and the concept of co . In the section [literal]``Source`` select one of two options: [literal]``Registry`` or [literal]``RPM``. .. For disconnected environments, when the proxy has no access to the registry, select option [literal]``RPM``. (FIND OUT: Is the RPM then provided via GUI?) ++ +For more information about deployment in air-gapped environment, see xref:installation-and-upgrade:container-deployment/mlm/proxy-air-gapped-deployment-mlm.adoc[]. + + .. If the proxy has access to the registry, either option can be selected. -. In case [literal]``Registry`` is selected, select one of two options: [literal]``Simple`` or [literal]``Advanced``. +. In case [literal]``Registry`` is selected, priceed with selecting one of two options: [literal]``Simple`` or [literal]``Advanced``. .. If the option selected is [literal]``Simple`` enter the value in [literal]``Registry URL``. .. If the option selected is [litaral]``Advanced`` additional section of the form opens. Fill in all fields with the values of the relevant URls and Tags. (DO WE NEED TO SPECIFY ANYTHING ABOIUT TAGS? OR URLs?) From 5888e2265713685ce0f17bb9dacd09912338f066 Mon Sep 17 00:00:00 2001 From: Ornela Maric Date: Wed, 16 Jul 2025 13:51:54 +0200 Subject: [PATCH 06/29] Further changes. --- .../proxy-conversion-from-client.adoc | 28 ++++++++----------- 1 file changed, 11 insertions(+), 17 deletions(-) diff --git a/modules/installation-and-upgrade/pages/container-deployment/proxy-conversion-from-client.adoc b/modules/installation-and-upgrade/pages/container-deployment/proxy-conversion-from-client.adoc index b61768a3dec..5cec3de1cf9 100644 --- a/modules/installation-and-upgrade/pages/container-deployment/proxy-conversion-from-client.adoc +++ b/modules/installation-and-upgrade/pages/container-deployment/proxy-conversion-from-client.adoc @@ -59,32 +59,26 @@ Once the client had been succesfully converted to proxy, it needs to be configur . In the [guimenu]``Max Squid cache size [MB]`` field type maximal allowed size for Squid cache. . In the [guimenu]``Proxy admin email`` field type the admin's email. . In the section [literal]``Certificates`` select one of two options: [literal]``Keep`` or [literal]``Replace``. -.. Select [literal]``Keep`` if an existing certificate should be used. -.. Select [literal]``Replace`` if the new server certificate should be generated for {productname} proxy. -(CAN WE KEEP THIS?) You can consider generated certificates as {productname} builtin (self-signed) certificates. +.. Select [literal]``Keep`` if an existing certificatesi should be used. + This option is not available when you configure the proxy for the first time. +.. Select [literal]``Replace`` if the new server certificates should be provided for {productname} proxy. + Fill in all the fields required for certificate genetration. +. In the section [literal]``Source`` select one of two options: [literal]``RPM`` or [literal]``Registry``. + -Depending on the choice then provide either path to signing CA certificate to generate a new certificate or path to an existing certificate and its key to be used as proxy certificate. -+ -The CA certificates generated by the server are stored in the [path]``/var/lib/containers/storage/volumes/root/_data/ssl-build`` directory. -+ -For more information about existing or custom certificates and the concept of corporate and intermediate certificates, see xref:administration:ssl-certs-imported.adoc[]. - -. In the section [literal]``Source`` select one of two options: [literal]``Registry`` or [literal]``RPM``. -.. For disconnected environments, when the proxy has no access to the registry, select option [literal]``RPM``. (FIND OUT: Is the RPM then provided via GUI?) +[literal]``RPM`` is recommended for air-gapped or restricted environments. +[literal]``Registry`` can be used if connectivity is available. + For more information about deployment in air-gapped environment, see xref:installation-and-upgrade:container-deployment/mlm/proxy-air-gapped-deployment-mlm.adoc[]. - -.. If the proxy has access to the registry, either option can be selected. -. In case [literal]``Registry`` is selected, priceed with selecting one of two options: [literal]``Simple`` or [literal]``Advanced``. -.. If the option selected is [literal]``Simple`` enter the value in [literal]``Registry URL``. +. In case [literal]``Registry`` is selected, proceed with selecting one of two options: [literal]``Simple`` or [literal]``Advanced``. +.. If the option selected is [literal]``Simple``, provide the values in [literal]``Registry URL`` and [literal]``Containers Tag``. .. If the option selected is [litaral]``Advanced`` additional section of the form opens. - Fill in all fields with the values of the relevant URls and Tags. (DO WE NEED TO SPECIFY ANYTHING ABOIUT TAGS? OR URLs?) + Fill in all fields with the values of the relevant URls and the corresponding tags. . Once all fields are filled in, click btn:[Apply] to apply the changes. [WARNING] ==== -When configuring a proxy chain, the root proxy needs access to any registry that a child proxy is set to use as its source. +When configuring a proxy chain, the parent proxy needs access to any registry that a child proxy is set to use as its source. ==== From 12f0f4254963ec8e9c7e049d5e67910284647e82 Mon Sep 17 00:00:00 2001 From: Ornela Maric Date: Wed, 16 Jul 2025 15:36:31 +0200 Subject: [PATCH 07/29] Added procedure header. --- .../pages/container-deployment/proxy-conversion-from-client.adoc | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/installation-and-upgrade/pages/container-deployment/proxy-conversion-from-client.adoc b/modules/installation-and-upgrade/pages/container-deployment/proxy-conversion-from-client.adoc index 5cec3de1cf9..1559a64f955 100644 --- a/modules/installation-and-upgrade/pages/container-deployment/proxy-conversion-from-client.adoc +++ b/modules/installation-and-upgrade/pages/container-deployment/proxy-conversion-from-client.adoc @@ -53,6 +53,7 @@ Proceed with the steps to <>. Once the client had been succesfully converted to proxy, it needs to be configured. +.Procedure: Configuring the Proxy . In the {webui}, navigate to menu:Proxy[Configuration] and fill the required data: . In the [guimenu]``Parent FQDN`` field type fully qualified domain name for the parent. . In the [guimenu]``Proxy SSH port`` field type SSH port on which SSH service is listening on {productname} Proxy. It is recommended to keep default 8022. From 6fe9b30319caa26e9d5c12bf79bb357705a95044 Mon Sep 17 00:00:00 2001 From: Ornela Maric Date: Wed, 16 Jul 2025 17:07:25 +0200 Subject: [PATCH 08/29] Further changes and clarifications following the feedback. --- .../container-deployment/proxy-conversion-from-client.adoc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/installation-and-upgrade/pages/container-deployment/proxy-conversion-from-client.adoc b/modules/installation-and-upgrade/pages/container-deployment/proxy-conversion-from-client.adoc index 1559a64f955..2bd834de68b 100644 --- a/modules/installation-and-upgrade/pages/container-deployment/proxy-conversion-from-client.adoc +++ b/modules/installation-and-upgrade/pages/container-deployment/proxy-conversion-from-client.adoc @@ -60,10 +60,10 @@ Once the client had been succesfully converted to proxy, it needs to be configur . In the [guimenu]``Max Squid cache size [MB]`` field type maximal allowed size for Squid cache. . In the [guimenu]``Proxy admin email`` field type the admin's email. . In the section [literal]``Certificates`` select one of two options: [literal]``Keep`` or [literal]``Replace``. -.. Select [literal]``Keep`` if an existing certificatesi should be used. +.. Select [literal]``Keep`` if an existing certificates should be used. This option is not available when you configure the proxy for the first time. .. Select [literal]``Replace`` if the new server certificates should be provided for {productname} proxy. - Fill in all the fields required for certificate genetration. + Fill in all the required fields. . In the section [literal]``Source`` select one of two options: [literal]``RPM`` or [literal]``Registry``. + [literal]``RPM`` is recommended for air-gapped or restricted environments. @@ -74,7 +74,7 @@ For more information about deployment in air-gapped environment, see xref:insta . In case [literal]``Registry`` is selected, proceed with selecting one of two options: [literal]``Simple`` or [literal]``Advanced``. .. If the option selected is [literal]``Simple``, provide the values in [literal]``Registry URL`` and [literal]``Containers Tag``. .. If the option selected is [litaral]``Advanced`` additional section of the form opens. - Fill in all fields with the values of the relevant URls and the corresponding tags. + Fill in all the required fields with the values of the relevant URls and the corresponding tags. . Once all fields are filled in, click btn:[Apply] to apply the changes. From 8cf97a86dabb0a13912e710b52748c6a3aba2be2 Mon Sep 17 00:00:00 2001 From: Ornela Maric Date: Thu, 17 Jul 2025 15:44:47 +0200 Subject: [PATCH 09/29] Changed list type. --- .../proxy-conversion-from-client.adoc | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/installation-and-upgrade/pages/container-deployment/proxy-conversion-from-client.adoc b/modules/installation-and-upgrade/pages/container-deployment/proxy-conversion-from-client.adoc index 2bd834de68b..e6e554a5f6d 100644 --- a/modules/installation-and-upgrade/pages/container-deployment/proxy-conversion-from-client.adoc +++ b/modules/installation-and-upgrade/pages/container-deployment/proxy-conversion-from-client.adoc @@ -60,9 +60,9 @@ Once the client had been succesfully converted to proxy, it needs to be configur . In the [guimenu]``Max Squid cache size [MB]`` field type maximal allowed size for Squid cache. . In the [guimenu]``Proxy admin email`` field type the admin's email. . In the section [literal]``Certificates`` select one of two options: [literal]``Keep`` or [literal]``Replace``. -.. Select [literal]``Keep`` if an existing certificates should be used. +* Select [literal]``Keep`` if an existing certificates should be used. This option is not available when you configure the proxy for the first time. -.. Select [literal]``Replace`` if the new server certificates should be provided for {productname} proxy. +* Select [literal]``Replace`` if the new server certificates should be provided for {productname} proxy. Fill in all the required fields. . In the section [literal]``Source`` select one of two options: [literal]``RPM`` or [literal]``Registry``. + @@ -72,8 +72,8 @@ Once the client had been succesfully converted to proxy, it needs to be configur For more information about deployment in air-gapped environment, see xref:installation-and-upgrade:container-deployment/mlm/proxy-air-gapped-deployment-mlm.adoc[]. . In case [literal]``Registry`` is selected, proceed with selecting one of two options: [literal]``Simple`` or [literal]``Advanced``. -.. If the option selected is [literal]``Simple``, provide the values in [literal]``Registry URL`` and [literal]``Containers Tag``. -.. If the option selected is [litaral]``Advanced`` additional section of the form opens. +* If the option selected is [literal]``Simple``, provide the values in [literal]``Registry URL`` and [literal]``Containers Tag``. +* If the option selected is [litaral]``Advanced`` additional section of the form opens. Fill in all the required fields with the values of the relevant URls and the corresponding tags. . Once all fields are filled in, click btn:[Apply] to apply the changes. From d6a5fc2f912d43a4cd14fcb3c443a52b999327ff Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ornela=20Mari=C4=87?= Date: Thu, 17 Jul 2025 15:45:34 +0200 Subject: [PATCH 10/29] Update modules/installation-and-upgrade/pages/container-deployment/proxy-conversion-from-client.adoc Co-authored-by: Karl Eichwalder --- .../container-deployment/proxy-conversion-from-client.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/installation-and-upgrade/pages/container-deployment/proxy-conversion-from-client.adoc b/modules/installation-and-upgrade/pages/container-deployment/proxy-conversion-from-client.adoc index e6e554a5f6d..2276ada7817 100644 --- a/modules/installation-and-upgrade/pages/container-deployment/proxy-conversion-from-client.adoc +++ b/modules/installation-and-upgrade/pages/container-deployment/proxy-conversion-from-client.adoc @@ -54,7 +54,7 @@ Proceed with the steps to <>. Once the client had been succesfully converted to proxy, it needs to be configured. .Procedure: Configuring the Proxy -. In the {webui}, navigate to menu:Proxy[Configuration] and fill the required data: +. In the {webui}, navigate to menu:Proxy[Configuration] and fill in the required data: . In the [guimenu]``Parent FQDN`` field type fully qualified domain name for the parent. . In the [guimenu]``Proxy SSH port`` field type SSH port on which SSH service is listening on {productname} Proxy. It is recommended to keep default 8022. . In the [guimenu]``Max Squid cache size [MB]`` field type maximal allowed size for Squid cache. From 7be1adbc5ed71aaf2e329654ad2afb658bb184fd Mon Sep 17 00:00:00 2001 From: Ornela Maric Date: Thu, 17 Jul 2025 16:03:31 +0200 Subject: [PATCH 11/29] Cont. --- .../container-deployment/proxy-conversion-from-client.adoc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/installation-and-upgrade/pages/container-deployment/proxy-conversion-from-client.adoc b/modules/installation-and-upgrade/pages/container-deployment/proxy-conversion-from-client.adoc index 2276ada7817..083689e3b4e 100644 --- a/modules/installation-and-upgrade/pages/container-deployment/proxy-conversion-from-client.adoc +++ b/modules/installation-and-upgrade/pages/container-deployment/proxy-conversion-from-client.adoc @@ -64,6 +64,8 @@ Once the client had been succesfully converted to proxy, it needs to be configur This option is not available when you configure the proxy for the first time. * Select [literal]``Replace`` if the new server certificates should be provided for {productname} proxy. Fill in all the required fields. ++ +For more information about certificate creation, see xref:administration:ssl-certs.adoc[]. . In the section [literal]``Source`` select one of two options: [literal]``RPM`` or [literal]``Registry``. + [literal]``RPM`` is recommended for air-gapped or restricted environments. From e9008656b2cedd0631ea0805d243e7e9d80c3f96 Mon Sep 17 00:00:00 2001 From: Ornela Maric Date: Tue, 22 Jul 2025 14:12:03 +0200 Subject: [PATCH 12/29] Fixes following the comments. --- .../proxy-conversion-from-client.adoc | 49 ++++++++++++++++--- 1 file changed, 43 insertions(+), 6 deletions(-) diff --git a/modules/installation-and-upgrade/pages/container-deployment/proxy-conversion-from-client.adoc b/modules/installation-and-upgrade/pages/container-deployment/proxy-conversion-from-client.adoc index 083689e3b4e..430b640b42e 100644 --- a/modules/installation-and-upgrade/pages/container-deployment/proxy-conversion-from-client.adoc +++ b/modules/installation-and-upgrade/pages/container-deployment/proxy-conversion-from-client.adoc @@ -63,20 +63,57 @@ Once the client had been succesfully converted to proxy, it needs to be configur * Select [literal]``Keep`` if an existing certificates should be used. This option is not available when you configure the proxy for the first time. * Select [literal]``Replace`` if the new server certificates should be provided for {productname} proxy. - Fill in all the required fields. ++ +The certificate can be replaced by one of the two options: +* an existing certificate, privided by the third-party authority +* a brand new certificate generated from the existing {productname} CA certificate for the proxy, by using command [command]``rhn-tool-ssl``. ++ +Example of command use: + ++ + +---- +rhn-tool-ssl --gen-server --set-hostname="proxy hostname" --set-email="email set in the proxy configuration tab" +---- + + For more information about certificate creation, see xref:administration:ssl-certs.adoc[]. . In the section [literal]``Source`` select one of two options: [literal]``RPM`` or [literal]``Registry``. + -[literal]``RPM`` is recommended for air-gapped or restricted environments. -[literal]``Registry`` can be used if connectivity is available. +. [literal]``RPM`` is recommended for air-gapped or restricted environments. ++ + +[WARNING] +==== +If [literal]``RPM`` option is selected, a number of packages must be installed before proceeding further. +==== + ++ +Go to [literal]``Software`` tab, search and install the following packages (the example illustrates the use of [literal]``x86_64`` architecture): + +* suse-multi-linux-manager-5.1-x86_64-proxy-httpd-image +* suse-multi-linux-manager-5.1-x86_64-proxy-salt-broker-image +* suse-multi-linux-manager-5.1-x86_64-proxy-squid-image +* suse-multi-linux-manager-5.1-x86_64-proxy-ssh-image +* suse-multi-linux-manager-5.1-x86_64-proxy-tftpd-image + ++ + +Return to Proxy configuration tab, and continue with the remaining configuration. + +. Option [literal]``Registry`` can be used if connectivity is available. + For more information about deployment in air-gapped environment, see xref:installation-and-upgrade:container-deployment/mlm/proxy-air-gapped-deployment-mlm.adoc[]. . In case [literal]``Registry`` is selected, proceed with selecting one of two options: [literal]``Simple`` or [literal]``Advanced``. -* If the option selected is [literal]``Simple``, provide the values in [literal]``Registry URL`` and [literal]``Containers Tag``. -* If the option selected is [litaral]``Advanced`` additional section of the form opens. - Fill in all the required fields with the values of the relevant URls and the corresponding tags. +. If the option selected is [literal]``Simple``, provide the values in [literal]``Registry URL`` and [literal]``Containers Tag``. ++ +* For [literal]``Registry URL`` use [literal]``registry.suse.com/suse/multi-linux-manager/5.1/x86_64``. +* Select the tag from the drop-down list. + +. If the option selected is [literal]``Advanced`` additional section of the form opens. + For every indivudual URl field, use the registry [literal]``registry.suse.com/suse/multi-linux-manager/5.1/x86_64`` and the corresponding suffix, or example _proxy-httpd_ or _salt-broker_. + Select the tag from the drop-down list. . Once all fields are filled in, click btn:[Apply] to apply the changes. From e012773061feae60e301c0fa8c8d0643964f354c Mon Sep 17 00:00:00 2001 From: Ornela Maric Date: Wed, 23 Jul 2025 11:03:56 +0200 Subject: [PATCH 13/29] More formatting fixes. --- .../proxy-conversion-from-client.adoc | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/modules/installation-and-upgrade/pages/container-deployment/proxy-conversion-from-client.adoc b/modules/installation-and-upgrade/pages/container-deployment/proxy-conversion-from-client.adoc index 430b640b42e..339889973a4 100644 --- a/modules/installation-and-upgrade/pages/container-deployment/proxy-conversion-from-client.adoc +++ b/modules/installation-and-upgrade/pages/container-deployment/proxy-conversion-from-client.adoc @@ -58,17 +58,17 @@ Once the client had been succesfully converted to proxy, it needs to be configur . In the [guimenu]``Parent FQDN`` field type fully qualified domain name for the parent. . In the [guimenu]``Proxy SSH port`` field type SSH port on which SSH service is listening on {productname} Proxy. It is recommended to keep default 8022. . In the [guimenu]``Max Squid cache size [MB]`` field type maximal allowed size for Squid cache. -. In the [guimenu]``Proxy admin email`` field type the admin's email. +. In the [guimenu]``Proxy admin email`` field type the administrator's email. . In the section [literal]``Certificates`` select one of two options: [literal]``Keep`` or [literal]``Replace``. * Select [literal]``Keep`` if an existing certificates should be used. This option is not available when you configure the proxy for the first time. * Select [literal]``Replace`` if the new server certificates should be provided for {productname} proxy. + The certificate can be replaced by one of the two options: -* an existing certificate, privided by the third-party authority -* a brand new certificate generated from the existing {productname} CA certificate for the proxy, by using command [command]``rhn-tool-ssl``. + -Example of command use: +** an existing certificate, provided by the third-party authority +** a brand new certificate generated from the existing {productname} CA certificate for the proxy, by using command [command]``rhn-tool-ssl``. + Example of command use: + @@ -77,10 +77,10 @@ rhn-tool-ssl --gen-server --set-hostname="proxy hostname" --set-email="email set ---- + -For more information about certificate creation, see xref:administration:ssl-certs.adoc[]. +** For more information about certificate creation, see xref:administration:ssl-certs.adoc[]. . In the section [literal]``Source`` select one of two options: [literal]``RPM`` or [literal]``Registry``. + -. [literal]``RPM`` is recommended for air-gapped or restricted environments. +. Option [literal]``RPM`` is recommended for air-gapped or restricted environments. + [WARNING] @@ -112,8 +112,9 @@ For more information about deployment in air-gapped environment, see xref:insta * Select the tag from the drop-down list. . If the option selected is [literal]``Advanced`` additional section of the form opens. - For every indivudual URl field, use the registry [literal]``registry.suse.com/suse/multi-linux-manager/5.1/x86_64`` and the corresponding suffix, or example _proxy-httpd_ or _salt-broker_. - Select the tag from the drop-down list. ++ +* For every indivudual URl field, use the registry [literal]``registry.suse.com/suse/multi-linux-manager/5.1/x86_64`` and the corresponding suffix, or example _proxy-httpd_ or _salt-broker_. +* Select the tag from the drop-down list. . Once all fields are filled in, click btn:[Apply] to apply the changes. From 2edb69ad46b2b462d00168893b6ebda9ec5a6392 Mon Sep 17 00:00:00 2001 From: Ornela Maric Date: Wed, 23 Jul 2025 16:07:10 +0200 Subject: [PATCH 14/29] Moved MLM file to corersponding direcory. --- .../nav-installation-and-upgrade-guide.adoc | 2 +- .../proxy-conversion-from-client-mlm.adoc} | 0 2 files changed, 1 insertion(+), 1 deletion(-) rename modules/installation-and-upgrade/pages/container-deployment/{proxy-conversion-from-client.adoc => mlm/proxy-conversion-from-client-mlm.adoc} (100%) diff --git a/modules/installation-and-upgrade/nav-installation-and-upgrade-guide.adoc b/modules/installation-and-upgrade/nav-installation-and-upgrade-guide.adoc index 69400d2774c..5b6b4127f95 100644 --- a/modules/installation-and-upgrade/nav-installation-and-upgrade-guide.adoc +++ b/modules/installation-and-upgrade/nav-installation-and-upgrade-guide.adoc @@ -54,7 +54,7 @@ ifeval::[{mlm-content} == true] **** xref:connect-payg.adoc[Connect {payg} Instance] *** xref:install-proxy.adoc[Proxy] **** xref:container-deployment/mlm/proxy-deployment-mlm.adoc[{productname} Proxy Deployment] -**** xref:container-deployment/proxy-conversion-from-client.adoc[{productname} Proxy Conversion From Client] +**** xref:container-deployment/mlm/proxy-conversion-from-client-mlm.adoc[{productname} Proxy Conversion From Client] **** xref:container-deployment/mlm/proxy-deployment-vm-mlm.adoc[Proxy Deployment as Virtual Machine - KVM] **** xref:container-deployment/mlm/proxy-deployment-vmdk-mlm.adoc[Proxy Deployment Virtual Machine - VMware] **** xref:container-deployment/mlm/proxy-k3s-deployment-mlm.adoc[Proxy Deployment on K3s] diff --git a/modules/installation-and-upgrade/pages/container-deployment/proxy-conversion-from-client.adoc b/modules/installation-and-upgrade/pages/container-deployment/mlm/proxy-conversion-from-client-mlm.adoc similarity index 100% rename from modules/installation-and-upgrade/pages/container-deployment/proxy-conversion-from-client.adoc rename to modules/installation-and-upgrade/pages/container-deployment/mlm/proxy-conversion-from-client-mlm.adoc From a6b0fdda1cc9909783cee7e6bb82ee00235c9b4f Mon Sep 17 00:00:00 2001 From: Ornela Maric Date: Wed, 23 Jul 2025 16:21:21 +0200 Subject: [PATCH 15/29] Changes for Uyuni file. --- .../mlm/proxy-conversion-from-client-mlm.adoc | 2 +- .../proxy-conversion-from-client-uyuni.adoc | 125 ++++++++++++++++++ 2 files changed, 126 insertions(+), 1 deletion(-) create mode 100644 modules/installation-and-upgrade/pages/container-deployment/uyuni/proxy-conversion-from-client-uyuni.adoc diff --git a/modules/installation-and-upgrade/pages/container-deployment/mlm/proxy-conversion-from-client-mlm.adoc b/modules/installation-and-upgrade/pages/container-deployment/mlm/proxy-conversion-from-client-mlm.adoc index 339889973a4..232fc48bc79 100644 --- a/modules/installation-and-upgrade/pages/container-deployment/mlm/proxy-conversion-from-client-mlm.adoc +++ b/modules/installation-and-upgrade/pages/container-deployment/mlm/proxy-conversion-from-client-mlm.adoc @@ -113,7 +113,7 @@ For more information about deployment in air-gapped environment, see xref:insta . If the option selected is [literal]``Advanced`` additional section of the form opens. + -* For every indivudual URl field, use the registry [literal]``registry.suse.com/suse/multi-linux-manager/5.1/x86_64`` and the corresponding suffix, or example _proxy-httpd_ or _salt-broker_. +* For every indivudual URL field, use the registry [literal]``registry.suse.com/suse/multi-linux-manager/5.1/x86_64`` and the corresponding suffix, or example _proxy-httpd_ or _salt-broker_. * Select the tag from the drop-down list. . Once all fields are filled in, click btn:[Apply] to apply the changes. diff --git a/modules/installation-and-upgrade/pages/container-deployment/uyuni/proxy-conversion-from-client-uyuni.adoc b/modules/installation-and-upgrade/pages/container-deployment/uyuni/proxy-conversion-from-client-uyuni.adoc new file mode 100644 index 00000000000..7a195c6ec9c --- /dev/null +++ b/modules/installation-and-upgrade/pages/container-deployment/uyuni/proxy-conversion-from-client-uyuni.adoc @@ -0,0 +1,125 @@ +[[proxy-conversion-from-client-mlm]] += Proxy conversion from client + +== Introduction + +This chapter describes how {productname} proxy can be registered with {productname} server. +The main principle consists of using a functionality within {webui} which converts an already onboarded client to a proxy. + +The client which is a candidate for conversion to proxy must adhere to the following pre-requisites: + +* it must already be onboarded +* it is reachable +* it has access to client tools + +ifeval::[{mlm-content} == true] +* it is one of the following systems: +** {sles} 15 SP7 +** {sl-micro} 6.1 +endif::[] + + +== Convert the client to {productname} Proxy + +The process of conversion is done entirely from the {webui} for already registered clients. +For more information about client onboarding, see xref:client-configuration:registration-overview.adoc[]. + +The following two procedures describe the client conversion to a proxy. +Either procedure can be used, and will achieve the same outcome. + +.Procedure: Converting client to {productname} Proxy using dedicated button +. For the client chosen to be converted to proxy, go to its [literal]``Overview`` page. +. Click button btn:[Convert to Proxy]. +. Wait for the conversion to complete. +. Confirm that the conversion has been successful by locating a new tab [literal]``Proxy`` on the [literal]``Overview`` page. +. Confirm there are two tabs within [literal]``Proxy``, [literal]``Clients`` and [literal]``Configuration``. + +Proceed with the steps to <>. + +.Procedure: Converting client to {productname} Proxy by changing client's properties +. For the client chosen to be converted to proxy, go to its [literal]``Properties`` page. +. Locate the section [literal]``Add-on System Types``. +. Check the option [literal]``Proxy``. +. Click button btn:[Update Properties]. +. Follow the displayed note and apply highstate to complete the conversion. +. Confirm that the conversion has been successful by locating a new tab [literal]``Proxy`` on the [literal]``Overview`` page. +. Confirm there are two tabs within [literal]``Proxy``, [literal]``Clients`` and [literal]``Configuration``. + +Proceed with the steps to <>. + + +[[configure-proxy]] +== Configure the Proxy + +Once the client had been succesfully converted to proxy, it needs to be configured. + +.Procedure: Configuring the Proxy +. In the {webui}, navigate to menu:Proxy[Configuration] and fill in the required data: +. In the [guimenu]``Parent FQDN`` field type fully qualified domain name for the parent. +. In the [guimenu]``Proxy SSH port`` field type SSH port on which SSH service is listening on {productname} Proxy. It is recommended to keep default 8022. +. In the [guimenu]``Max Squid cache size [MB]`` field type maximal allowed size for Squid cache. +. In the [guimenu]``Proxy admin email`` field type the administrator's email. +. In the section [literal]``Certificates`` select one of two options: [literal]``Keep`` or [literal]``Replace``. +* Select [literal]``Keep`` if an existing certificates should be used. + This option is not available when you configure the proxy for the first time. +* Select [literal]``Replace`` if the new server certificates should be provided for {productname} proxy. ++ +The certificate can be replaced by one of the two options: ++ +** an existing certificate, provided by the third-party authority +** a brand new certificate generated from the existing {productname} CA certificate for the proxy, by using command [command]``rhn-tool-ssl``. + Example of command use: + ++ + +---- +rhn-tool-ssl --gen-server --set-hostname="proxy hostname" --set-email="email set in the proxy configuration tab" +---- + ++ +** For more information about certificate creation, see xref:administration:ssl-certs.adoc[]. +. In the section [literal]``Source`` select one of two options: [literal]``RPM`` or [literal]``Registry``. ++ +. Option [literal]``RPM`` is recommended for air-gapped or restricted environments. ++ + +[WARNING] +==== +If [literal]``RPM`` option is selected, a number of packages must be installed before proceeding further. +==== + ++ +Go to [literal]``Software`` tab, search and install the following packages (the example illustrates the use of [literal]``x86_64`` architecture): + +* uyuni-proxy-httpd-image +* uyuni-proxy-salt-broker-image +* uyuni-proxy-squid-image +* uyuni-proxy-ssh-image +* uyuni-proxy-tftpd-image + ++ + +Return to Proxy configuration tab, and continue with the remaining configuration. + +. Option [literal]``Registry`` can be used if connectivity is available. ++ +For more information about deployment in air-gapped environment, see xref:installation-and-upgrade:container-deployment/mlm/proxy-air-gapped-deployment-mlm.adoc[]. + +. In case [literal]``Registry`` is selected, proceed with selecting one of two options: [literal]``Simple`` or [literal]``Advanced``. +. If the option selected is [literal]``Simple``, provide the values in [literal]``Registry URL`` and [literal]``Containers Tag``. ++ +* For [literal]``Registry URL`` use [literal]``registry.suse.com/suse/multi-linux-manager/5.1/x86_64``. +* Select the tag from the drop-down list. + +. If the option selected is [literal]``Advanced`` additional section of the form opens. ++ +* For every indivudual URL field, use the registry [literal]``registry.opensuse.org/uyuni/`` and the corresponding suffix, or example _proxy-httpd_ or _salt-broker_. +* Select the tag from the drop-down list. +. Once all fields are filled in, click btn:[Apply] to apply the changes. + + +[WARNING] +==== +When configuring a proxy chain, the parent proxy needs access to any registry that a child proxy is set to use as its source. +==== + From 96b6d7ce7cb17bae6abd074de833210d81ee99e6 Mon Sep 17 00:00:00 2001 From: Ornela Maric Date: Wed, 23 Jul 2025 16:21:58 +0200 Subject: [PATCH 16/29] Cont. --- l10n-weblate/installation-and-upgrade.cfg | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/l10n-weblate/installation-and-upgrade.cfg b/l10n-weblate/installation-and-upgrade.cfg index 9755ce7cd94..8218eacd083 100644 --- a/l10n-weblate/installation-and-upgrade.cfg +++ b/l10n-weblate/installation-and-upgrade.cfg @@ -14,6 +14,7 @@ [type: asciidoc] modules/installation-and-upgrade/pages/container-deployment/mlm/migrations/server/server-mlm-43-51.adoc $lang:translations/$lang/modules/installation-and-upgrade/pages/container-deployment/mlm/migrations/server/server-mlm-43-51.adoc [type: asciidoc] modules/installation-and-upgrade/pages/container-deployment/mlm/migrations/server/server-mlm-50-51.adoc $lang:translations/$lang/modules/installation-and-upgrade/pages/container-deployment/mlm/migrations/server/server-mlm-50-51.adoc [type: asciidoc] modules/installation-and-upgrade/pages/container-deployment/mlm/proxy-air-gapped-deployment-mlm.adoc $lang:translations/$lang/modules/installation-and-upgrade/pages/container-deployment/mlm/proxy-air-gapped-deployment-mlm.adoc +[type: asciidoc] modules/installation-and-upgrade/pages/container-deployment/mlm/proxy-conversion-from-client-mlm.adoc $lang:translations/$lang/modules/installation-and-upgrade/pages/container-deployment/mlm/proxy-conversion-from-client-mlm.adoc [type: asciidoc] modules/installation-and-upgrade/pages/container-deployment/mlm/proxy-deployment-mlm.adoc $lang:translations/$lang/modules/installation-and-upgrade/pages/container-deployment/mlm/proxy-deployment-mlm.adoc [type: asciidoc] modules/installation-and-upgrade/pages/container-deployment/mlm/proxy-deployment-vm-mlm.adoc $lang:translations/$lang/modules/installation-and-upgrade/pages/container-deployment/mlm/proxy-deployment-vm-mlm.adoc [type: asciidoc] modules/installation-and-upgrade/pages/container-deployment/mlm/proxy-deployment-vmdk-mlm.adoc $lang:translations/$lang/modules/installation-and-upgrade/pages/container-deployment/mlm/proxy-deployment-vmdk-mlm.adoc @@ -23,7 +24,6 @@ [type: asciidoc] modules/installation-and-upgrade/pages/container-deployment/mlm/server-deployment-vm-mlm.adoc $lang:translations/$lang/modules/installation-and-upgrade/pages/container-deployment/mlm/server-deployment-vm-mlm.adoc [type: asciidoc] modules/installation-and-upgrade/pages/container-deployment/mlm/server-deployment-vmdk-mlm.adoc $lang:translations/$lang/modules/installation-and-upgrade/pages/container-deployment/mlm/server-deployment-vmdk-mlm.adoc [type: asciidoc] modules/installation-and-upgrade/pages/container-deployment/mlm/snippet-warn-images-sl-micro.adoc $lang:translations/$lang/modules/installation-and-upgrade/pages/container-deployment/mlm/snippet-warn-images-sl-micro.adoc -[type: asciidoc] modules/installation-and-upgrade/pages/container-deployment/proxy-conversion-from-client.adoc $lang:translations/$lang/modules/installation-and-upgrade/pages/container-deployment/proxy-conversion-from-client.adoc [type: asciidoc] modules/installation-and-upgrade/pages/container-deployment/snippet-actkey-bootstrap-proxy-mlm.adoc $lang:translations/$lang/modules/installation-and-upgrade/pages/container-deployment/snippet-actkey-bootstrap-proxy-mlm.adoc [type: asciidoc] modules/installation-and-upgrade/pages/container-deployment/snippet-generate_proxy_config.adoc $lang:translations/$lang/modules/installation-and-upgrade/pages/container-deployment/snippet-generate_proxy_config.adoc [type: asciidoc] modules/installation-and-upgrade/pages/container-deployment/snippet-hardened-tmpdir.adoc $lang:translations/$lang/modules/installation-and-upgrade/pages/container-deployment/snippet-hardened-tmpdir.adoc @@ -36,6 +36,7 @@ [type: asciidoc] modules/installation-and-upgrade/pages/container-deployment/snippet-transfer_proxy_config.adoc $lang:translations/$lang/modules/installation-and-upgrade/pages/container-deployment/snippet-transfer_proxy_config.adoc [type: asciidoc] modules/installation-and-upgrade/pages/container-deployment/uyuni/migrate-uyuni-to-a-container.adoc $lang:translations/$lang/modules/installation-and-upgrade/pages/container-deployment/uyuni/migrate-uyuni-to-a-container.adoc [type: asciidoc] modules/installation-and-upgrade/pages/container-deployment/uyuni/proxy-container-setup-uyuni.adoc $lang:translations/$lang/modules/installation-and-upgrade/pages/container-deployment/uyuni/proxy-container-setup-uyuni.adoc +[type: asciidoc] modules/installation-and-upgrade/pages/container-deployment/uyuni/proxy-conversion-from-client-uyuni.adoc $lang:translations/$lang/modules/installation-and-upgrade/pages/container-deployment/uyuni/proxy-conversion-from-client-uyuni.adoc [type: asciidoc] modules/installation-and-upgrade/pages/container-deployment/uyuni/proxy-deployment-uyuni.adoc $lang:translations/$lang/modules/installation-and-upgrade/pages/container-deployment/uyuni/proxy-deployment-uyuni.adoc [type: asciidoc] modules/installation-and-upgrade/pages/container-deployment/uyuni/proxy-k3s-deployment-uyuni.adoc $lang:translations/$lang/modules/installation-and-upgrade/pages/container-deployment/uyuni/proxy-k3s-deployment-uyuni.adoc [type: asciidoc] modules/installation-and-upgrade/pages/container-deployment/uyuni/proxy-migration-uyuni.adoc $lang:translations/$lang/modules/installation-and-upgrade/pages/container-deployment/uyuni/proxy-migration-uyuni.adoc From 864590aafbbe13ade2778fafd53f8405326c0f1c Mon Sep 17 00:00:00 2001 From: Ornela Maric Date: Thu, 24 Jul 2025 08:47:08 +0200 Subject: [PATCH 17/29] Changes for Uyuni. --- .../nav-installation-and-upgrade-guide.adoc | 2 +- .../uyuni/proxy-conversion-from-client-uyuni.adoc | 11 ++++++++--- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/modules/installation-and-upgrade/nav-installation-and-upgrade-guide.adoc b/modules/installation-and-upgrade/nav-installation-and-upgrade-guide.adoc index 5b6b4127f95..df3bb7e0611 100644 --- a/modules/installation-and-upgrade/nav-installation-and-upgrade-guide.adoc +++ b/modules/installation-and-upgrade/nav-installation-and-upgrade-guide.adoc @@ -39,7 +39,7 @@ ifeval::[{uyuni-content} == true] *** xref:install-proxy.adoc[Proxy] **** xref:container-deployment/uyuni/proxy-container-setup-uyuni.adoc[Containerized {productname} Proxy Setup] **** xref:container-deployment/uyuni/proxy-deployment-uyuni.adoc[Proxy Deployment on {leapmicro}] -**** xref:container-deployment/proxy-conversion-from-client.adoc[{productname} Proxy Conversion From Client] +**** xref:container-deployment/uyuni/proxy-conversion-from-client-uyuni.adoc[{productname} Proxy Conversion From Client] **** xref:container-deployment/uyuni/proxy-k3s-deployment-uyuni.adoc[Proxy Deployment on K3s] endif::[] diff --git a/modules/installation-and-upgrade/pages/container-deployment/uyuni/proxy-conversion-from-client-uyuni.adoc b/modules/installation-and-upgrade/pages/container-deployment/uyuni/proxy-conversion-from-client-uyuni.adoc index 7a195c6ec9c..a6131caa97b 100644 --- a/modules/installation-and-upgrade/pages/container-deployment/uyuni/proxy-conversion-from-client-uyuni.adoc +++ b/modules/installation-and-upgrade/pages/container-deployment/uyuni/proxy-conversion-from-client-uyuni.adoc @@ -73,10 +73,15 @@ The certificate can be replaced by one of the two options: + ---- -rhn-tool-ssl --gen-server --set-hostname="proxy hostname" --set-email="email set in the proxy configuration tab" +rhn-tool-ssl --gen-server --set-hostname="proxy.example.com" --set-email="email@example.com" ---- ++ + +Email address must be the same one as set in the [litelal]``Configuration`` tab. + + + ** For more information about certificate creation, see xref:administration:ssl-certs.adoc[]. . In the section [literal]``Source`` select one of two options: [literal]``RPM`` or [literal]``Registry``. + @@ -108,12 +113,12 @@ For more information about deployment in air-gapped environment, see xref:insta . In case [literal]``Registry`` is selected, proceed with selecting one of two options: [literal]``Simple`` or [literal]``Advanced``. . If the option selected is [literal]``Simple``, provide the values in [literal]``Registry URL`` and [literal]``Containers Tag``. + -* For [literal]``Registry URL`` use [literal]``registry.suse.com/suse/multi-linux-manager/5.1/x86_64``. +* For [literal]``Registry URL`` use [literal]``registry.opensuse.org/uyuni``. * Select the tag from the drop-down list. . If the option selected is [literal]``Advanced`` additional section of the form opens. + -* For every indivudual URL field, use the registry [literal]``registry.opensuse.org/uyuni/`` and the corresponding suffix, or example _proxy-httpd_ or _salt-broker_. +* For every indivudual URL field, use the registry [literal]``registry.opensuse.org/uyuni`` and the corresponding suffix, or example _proxy-httpd_ or _salt-broker_. * Select the tag from the drop-down list. . Once all fields are filled in, click btn:[Apply] to apply the changes. From 9821a67fa69f704253231e0da1c92fe2c5a9b4fa Mon Sep 17 00:00:00 2001 From: Ornela Maric Date: Thu, 24 Jul 2025 11:41:21 +0200 Subject: [PATCH 18/29] Cont. --- .../mlm/proxy-conversion-from-client-mlm.adoc | 7 +++++-- .../uyuni/proxy-conversion-from-client-uyuni.adoc | 11 ++--------- 2 files changed, 7 insertions(+), 11 deletions(-) diff --git a/modules/installation-and-upgrade/pages/container-deployment/mlm/proxy-conversion-from-client-mlm.adoc b/modules/installation-and-upgrade/pages/container-deployment/mlm/proxy-conversion-from-client-mlm.adoc index 232fc48bc79..f50ec303f4f 100644 --- a/modules/installation-and-upgrade/pages/container-deployment/mlm/proxy-conversion-from-client-mlm.adoc +++ b/modules/installation-and-upgrade/pages/container-deployment/mlm/proxy-conversion-from-client-mlm.adoc @@ -3,8 +3,7 @@ == Introduction -This chapter describes how {productname} proxy can be registered with {productname} server. -The main principle consists of using a functionality within {webui} which converts an already onboarded client to a proxy. +This chapter describes how {productname} proxy can be registered with {productname} server from the {webui}. The client which is a candidate for conversion to proxy must adhere to the following pre-requisites: @@ -76,6 +75,10 @@ The certificate can be replaced by one of the two options: rhn-tool-ssl --gen-server --set-hostname="proxy hostname" --set-email="email set in the proxy configuration tab" ---- ++ + +Email address must be the same one as set in the [literal]``Configuration`` tab. + + ** For more information about certificate creation, see xref:administration:ssl-certs.adoc[]. . In the section [literal]``Source`` select one of two options: [literal]``RPM`` or [literal]``Registry``. diff --git a/modules/installation-and-upgrade/pages/container-deployment/uyuni/proxy-conversion-from-client-uyuni.adoc b/modules/installation-and-upgrade/pages/container-deployment/uyuni/proxy-conversion-from-client-uyuni.adoc index a6131caa97b..d1406e91e9b 100644 --- a/modules/installation-and-upgrade/pages/container-deployment/uyuni/proxy-conversion-from-client-uyuni.adoc +++ b/modules/installation-and-upgrade/pages/container-deployment/uyuni/proxy-conversion-from-client-uyuni.adoc @@ -3,8 +3,7 @@ == Introduction -This chapter describes how {productname} proxy can be registered with {productname} server. -The main principle consists of using a functionality within {webui} which converts an already onboarded client to a proxy. +This chapter describes how {productname} proxy can be registered with {productname} server from the {webui}. The client which is a candidate for conversion to proxy must adhere to the following pre-requisites: @@ -12,12 +11,6 @@ The client which is a candidate for conversion to proxy must adhere to the follo * it is reachable * it has access to client tools -ifeval::[{mlm-content} == true] -* it is one of the following systems: -** {sles} 15 SP7 -** {sl-micro} 6.1 -endif::[] - == Convert the client to {productname} Proxy @@ -78,7 +71,7 @@ rhn-tool-ssl --gen-server --set-hostname="proxy.example.com" --set-email="email@ + -Email address must be the same one as set in the [litelal]``Configuration`` tab. +Email address must be the same one as set in the [literal]``Configuration`` tab. + From 9c04bef2aa2e7d349c26ae12cdb2840c118bb3c7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ornela=20Mari=C4=87?= Date: Thu, 24 Jul 2025 12:51:47 +0200 Subject: [PATCH 19/29] Update modules/installation-and-upgrade/pages/container-deployment/uyuni/proxy-conversion-from-client-uyuni.adoc Co-authored-by: Karl Eichwalder --- .../uyuni/proxy-conversion-from-client-uyuni.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/installation-and-upgrade/pages/container-deployment/uyuni/proxy-conversion-from-client-uyuni.adoc b/modules/installation-and-upgrade/pages/container-deployment/uyuni/proxy-conversion-from-client-uyuni.adoc index d1406e91e9b..77ab81c7495 100644 --- a/modules/installation-and-upgrade/pages/container-deployment/uyuni/proxy-conversion-from-client-uyuni.adoc +++ b/modules/installation-and-upgrade/pages/container-deployment/uyuni/proxy-conversion-from-client-uyuni.adoc @@ -1,4 +1,4 @@ -[[proxy-conversion-from-client-mlm]] +[[proxy-conversion-from-client-uyuni]] = Proxy conversion from client == Introduction From cdd796cea24fc26fabc3293dc7773f99c0ea33b6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ornela=20Mari=C4=87?= Date: Thu, 24 Jul 2025 15:29:02 +0200 Subject: [PATCH 20/29] Update modules/installation-and-upgrade/pages/container-deployment/mlm/proxy-conversion-from-client-mlm.adoc Co-authored-by: Cedric Bosdonnat --- .../mlm/proxy-conversion-from-client-mlm.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/installation-and-upgrade/pages/container-deployment/mlm/proxy-conversion-from-client-mlm.adoc b/modules/installation-and-upgrade/pages/container-deployment/mlm/proxy-conversion-from-client-mlm.adoc index f50ec303f4f..51f4b551a36 100644 --- a/modules/installation-and-upgrade/pages/container-deployment/mlm/proxy-conversion-from-client-mlm.adoc +++ b/modules/installation-and-upgrade/pages/container-deployment/mlm/proxy-conversion-from-client-mlm.adoc @@ -31,7 +31,7 @@ Either procedure can be used, and will achieve the same outcome. . Click button btn:[Convert to Proxy]. . Wait for the conversion to complete. . Confirm that the conversion has been successful by locating a new tab [literal]``Proxy`` on the [literal]``Overview`` page. -. Confirm there are two tabs within [literal]``Proxy``, [literal]``Clients`` and [literal]``Configuration``. +. Confirm there are two tabs within [literal]``Proxy``: [literal]``Clients`` and [literal]``Configuration``. Proceed with the steps to <>. From faaff1558bd3a23b1f5532e9cfe42a4ccd7b0bb8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ornela=20Mari=C4=87?= Date: Thu, 24 Jul 2025 15:29:51 +0200 Subject: [PATCH 21/29] Update modules/installation-and-upgrade/pages/container-deployment/uyuni/proxy-conversion-from-client-uyuni.adoc Co-authored-by: Cedric Bosdonnat --- .../uyuni/proxy-conversion-from-client-uyuni.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/installation-and-upgrade/pages/container-deployment/uyuni/proxy-conversion-from-client-uyuni.adoc b/modules/installation-and-upgrade/pages/container-deployment/uyuni/proxy-conversion-from-client-uyuni.adoc index 77ab81c7495..97d0b0dbf9d 100644 --- a/modules/installation-and-upgrade/pages/container-deployment/uyuni/proxy-conversion-from-client-uyuni.adoc +++ b/modules/installation-and-upgrade/pages/container-deployment/uyuni/proxy-conversion-from-client-uyuni.adoc @@ -25,7 +25,7 @@ Either procedure can be used, and will achieve the same outcome. . Click button btn:[Convert to Proxy]. . Wait for the conversion to complete. . Confirm that the conversion has been successful by locating a new tab [literal]``Proxy`` on the [literal]``Overview`` page. -. Confirm there are two tabs within [literal]``Proxy``, [literal]``Clients`` and [literal]``Configuration``. +. Confirm there are two tabs within [literal]``Proxy``: [literal]``Clients`` and [literal]``Configuration``. Proceed with the steps to <>. From d6029ee8382f45106d36d591bf113b4f2e88ff39 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ornela=20Mari=C4=87?= Date: Thu, 24 Jul 2025 15:30:00 +0200 Subject: [PATCH 22/29] Update modules/installation-and-upgrade/pages/container-deployment/uyuni/proxy-conversion-from-client-uyuni.adoc Co-authored-by: Cedric Bosdonnat --- .../uyuni/proxy-conversion-from-client-uyuni.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/installation-and-upgrade/pages/container-deployment/uyuni/proxy-conversion-from-client-uyuni.adoc b/modules/installation-and-upgrade/pages/container-deployment/uyuni/proxy-conversion-from-client-uyuni.adoc index 97d0b0dbf9d..9d82c36f540 100644 --- a/modules/installation-and-upgrade/pages/container-deployment/uyuni/proxy-conversion-from-client-uyuni.adoc +++ b/modules/installation-and-upgrade/pages/container-deployment/uyuni/proxy-conversion-from-client-uyuni.adoc @@ -48,7 +48,7 @@ Once the client had been succesfully converted to proxy, it needs to be configur .Procedure: Configuring the Proxy . In the {webui}, navigate to menu:Proxy[Configuration] and fill in the required data: -. In the [guimenu]``Parent FQDN`` field type fully qualified domain name for the parent. +. In the [guimenu]``Parent FQDN`` field type fully qualified domain name for the parent server or proxy. . In the [guimenu]``Proxy SSH port`` field type SSH port on which SSH service is listening on {productname} Proxy. It is recommended to keep default 8022. . In the [guimenu]``Max Squid cache size [MB]`` field type maximal allowed size for Squid cache. . In the [guimenu]``Proxy admin email`` field type the administrator's email. From bb2591c69dfdda85a31c1ce8d5e874a109730bd9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ornela=20Mari=C4=87?= Date: Thu, 24 Jul 2025 15:30:10 +0200 Subject: [PATCH 23/29] Update modules/installation-and-upgrade/pages/container-deployment/mlm/proxy-conversion-from-client-mlm.adoc Co-authored-by: Cedric Bosdonnat --- .../mlm/proxy-conversion-from-client-mlm.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/installation-and-upgrade/pages/container-deployment/mlm/proxy-conversion-from-client-mlm.adoc b/modules/installation-and-upgrade/pages/container-deployment/mlm/proxy-conversion-from-client-mlm.adoc index 51f4b551a36..e5b375d0e0c 100644 --- a/modules/installation-and-upgrade/pages/container-deployment/mlm/proxy-conversion-from-client-mlm.adoc +++ b/modules/installation-and-upgrade/pages/container-deployment/mlm/proxy-conversion-from-client-mlm.adoc @@ -72,7 +72,7 @@ The certificate can be replaced by one of the two options: + ---- -rhn-tool-ssl --gen-server --set-hostname="proxy hostname" --set-email="email set in the proxy configuration tab" +rhn-ssl-tool --gen-server --set-hostname="proxy hostname" --set-email="email set in the proxy configuration tab" ---- + From 89c8b00a3f2068803f4b7bb7b4629a0738882728 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ornela=20Mari=C4=87?= Date: Thu, 24 Jul 2025 15:30:19 +0200 Subject: [PATCH 24/29] Update modules/installation-and-upgrade/pages/container-deployment/uyuni/proxy-conversion-from-client-uyuni.adoc Co-authored-by: Cedric Bosdonnat --- .../uyuni/proxy-conversion-from-client-uyuni.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/installation-and-upgrade/pages/container-deployment/uyuni/proxy-conversion-from-client-uyuni.adoc b/modules/installation-and-upgrade/pages/container-deployment/uyuni/proxy-conversion-from-client-uyuni.adoc index 9d82c36f540..8b32e6c3ea8 100644 --- a/modules/installation-and-upgrade/pages/container-deployment/uyuni/proxy-conversion-from-client-uyuni.adoc +++ b/modules/installation-and-upgrade/pages/container-deployment/uyuni/proxy-conversion-from-client-uyuni.adoc @@ -66,7 +66,7 @@ The certificate can be replaced by one of the two options: + ---- -rhn-tool-ssl --gen-server --set-hostname="proxy.example.com" --set-email="email@example.com" +rhn-ssl-tool --gen-server --set-hostname="proxy.example.com" --set-email="email@example.com" ---- + From 29201badad7b240ebcdae84a900dfeac4cd50f48 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ornela=20Mari=C4=87?= Date: Thu, 24 Jul 2025 15:30:32 +0200 Subject: [PATCH 25/29] Update modules/installation-and-upgrade/pages/container-deployment/mlm/proxy-conversion-from-client-mlm.adoc Co-authored-by: Cedric Bosdonnat --- .../mlm/proxy-conversion-from-client-mlm.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/installation-and-upgrade/pages/container-deployment/mlm/proxy-conversion-from-client-mlm.adoc b/modules/installation-and-upgrade/pages/container-deployment/mlm/proxy-conversion-from-client-mlm.adoc index e5b375d0e0c..c6ce8ea475e 100644 --- a/modules/installation-and-upgrade/pages/container-deployment/mlm/proxy-conversion-from-client-mlm.adoc +++ b/modules/installation-and-upgrade/pages/container-deployment/mlm/proxy-conversion-from-client-mlm.adoc @@ -54,7 +54,7 @@ Once the client had been succesfully converted to proxy, it needs to be configur .Procedure: Configuring the Proxy . In the {webui}, navigate to menu:Proxy[Configuration] and fill in the required data: -. In the [guimenu]``Parent FQDN`` field type fully qualified domain name for the parent. +. In the [guimenu]``Parent FQDN`` field type fully qualified domain name for the parent server or proxy. . In the [guimenu]``Proxy SSH port`` field type SSH port on which SSH service is listening on {productname} Proxy. It is recommended to keep default 8022. . In the [guimenu]``Max Squid cache size [MB]`` field type maximal allowed size for Squid cache. . In the [guimenu]``Proxy admin email`` field type the administrator's email. From 7a8e869a86c4eee79c24496868a957208e95f779 Mon Sep 17 00:00:00 2001 From: Ornela Maric Date: Thu, 24 Jul 2025 15:43:42 +0200 Subject: [PATCH 26/29] Further fixes following the feedback. --- .../mlm/proxy-conversion-from-client-mlm.adoc | 4 - ...roxy-conversion-from-client-uyuni.adoc.swp | Bin 0 -> 16384 bytes .../pages/container-deployment/uyuni/\\" | 129 ++++++++++++++++++ .../proxy-conversion-from-client-uyuni.adoc | 4 - 4 files changed, 129 insertions(+), 8 deletions(-) create mode 100644 modules/installation-and-upgrade/pages/container-deployment/uyuni/.proxy-conversion-from-client-uyuni.adoc.swp create mode 100644 "modules/installation-and-upgrade/pages/container-deployment/uyuni/\\" diff --git a/modules/installation-and-upgrade/pages/container-deployment/mlm/proxy-conversion-from-client-mlm.adoc b/modules/installation-and-upgrade/pages/container-deployment/mlm/proxy-conversion-from-client-mlm.adoc index c6ce8ea475e..c162a81f53d 100644 --- a/modules/installation-and-upgrade/pages/container-deployment/mlm/proxy-conversion-from-client-mlm.adoc +++ b/modules/installation-and-upgrade/pages/container-deployment/mlm/proxy-conversion-from-client-mlm.adoc @@ -75,10 +75,6 @@ The certificate can be replaced by one of the two options: rhn-ssl-tool --gen-server --set-hostname="proxy hostname" --set-email="email set in the proxy configuration tab" ---- -+ - -Email address must be the same one as set in the [literal]``Configuration`` tab. - + ** For more information about certificate creation, see xref:administration:ssl-certs.adoc[]. . In the section [literal]``Source`` select one of two options: [literal]``RPM`` or [literal]``Registry``. diff --git a/modules/installation-and-upgrade/pages/container-deployment/uyuni/.proxy-conversion-from-client-uyuni.adoc.swp b/modules/installation-and-upgrade/pages/container-deployment/uyuni/.proxy-conversion-from-client-uyuni.adoc.swp new file mode 100644 index 0000000000000000000000000000000000000000..537e54c66881000404d5f24341b506c6aa567a72 GIT binary patch literal 16384 zcmeHO&5s;M6|aPZgd{cyE}T%|9AfWo&-x?>R0c*diAQhclgTL^Zc>S5r)qP7<>6+&kg%?A31!*GNw%~Q$Y{*{tSi5 zbUxm@5T1T6G`KiWZdmpfbGh~KvBh#+<|;~bY!@?~l&Q3fDz{Fgsc=f?k;s#%ECxm- zaG($oJF{=<44}+7@UT zc$YCyx_)$gA3JvR$YC1Ug9kp!KlH)N@3KL*!)Y048E6@38E6@38E6@38E6@38Q6;f zSKP@yj{hCiyPnKP>|-11$qB11$qB11$qB11$qB11$qB z11$qB1OI~zh=j4{A=j(4;m7%Zz5oBi`x*Ng@KfM>z;}VifiCd-{fxa1{0R6q@Eq_( z;0wSCunhctA7ftuz6_iO?f@9@@&k;07I*~M4}A50oJ9f$fH&@A>~FwJz!LBP@W=Nt z_6l$vc;jBiz63lETmdcvtH4R%5O5H9{T{}C2mAo|H1OB=q8#w%-Hd$)cm(*%U5vd5 z90QI3|3Gr%P2h*XgTTGOJ;2?-UBEw)9QhXT67VAM0`Lu>3%my2h`ZkaH-Q_#Hn0Wk z^_ge$^Q^w=$;74tycALeQ zFP-1`@3*+YwVCNf4wQ9fys^{}SFv!C$42@` z3mA*!+eY@gBFR)vP5B31Ytx8oSbsfZZN0(Q~JD%A;r?@l_gJ@W2-< zT{P6z8*_&Y|)gUkNJN(AMQp6Y8pWeWM^ zR950*maH(5G$*S=Wh;H>_%GLvixDPM^is*UhBD`4U4pf|uLdO)k-GM^dChQN8SA)H znS{#jBKfDJEP~j#VYMkU^daf+J?(aBs`&OTTW=-APGj@4L32KF6l;SLBgsqX#U;Ay z#JwSLui5CWuO!HI<03H8urh5PvZ2`St(_O!eC2wn66it<60N!+`P%u@=&0FhCbm^3 zQjY6cdJBr;ixJh0y1RD}#9dkWBrmjav#r*@!pUJ$RXpVM3#pHa;an_FVN)_E13`&d zUGeRLA4lbkB)gG0nSj%L6LZTG*%xK%`0>L>kKRT!VQ@c;pLymJ7iQ(^muWiY*GrMY zm7&Q*!;$2iyv;#PKpOaOGgPGO_d%EOcU43HFiAXm}gn^~T0R^S32`$&XBq z7;F??YVsS5$^Ya#6L1Yg)a1q>$g)kch%NG_sm4-9L<{fQAXu}HN+8lsYOc}yMJ!Y! zCAT0K-CiWUIHSpUe8EIn*!UPs!Lwo5kX#f6bZ)2yLtKIk$^xCnf=2((h)Qi?)bS?o zmCm8-p3A#ymkTJ0*M)*Sk+fJ$QEn(vj_QZtp($b|JQX`fqYVA*5|W%sk_g?bj4_)T zUxk+e-C;ywHLLV3#*z$eni=vXF$~4IT zBgh3IFz8hnRo|Pm_rr*lCT&?PJ~lQAzO>20)Y*V65u7iaAdz*uXgctx^PUzaK|hU9 zIv5>YdiF6;2&hd6)cu!8S3YPGT$9LNNQ>Z#qTTwwG_9ctMSfV)u;{=MP2$>W8S}a! zQbhF07|Shf2PCadK?;lDs9Gt4GLXaC%UZEk%+az#URTiKvjoWO@&r5t1(d(#G> zisvaXRQZCBA*&Qo2m?ccWg6>>ypE#{(E zb|vHHw!i+ZgAICaF~*KIgYY_MmCNyRX=9`Y|>}o6=nCAg)D@Fr=od3`jUvAzEhA5T}xnK>jSD&XYvZNec#3XG7=&#_tM{ zJ@Nu~XaiH_!`}i`w8v{?hnB1J6e0^9(hN7A?n%vmFr*bl`6J4gfh0N~@M9Q>w3JY% znatV_fo@Hug*R_4UloH%VmcPHa@UPuL|%L8{E9Zy=zW?M4D{1%)+Y^(Q-&rBwe&lV zqNekNDcED{Jbg!)hANba22giQyUa(*=$zgj4!h}aGIhI`kGnAPTVFfQ(yV&vc-nH~ zwd4rTC%bM^!HfRrt~tC0S=A1aG7of&f(~;!7aZZthKQUTd~_IR%hHv`=h!a!t!wRq z{Ei<6+Y7l15?bXY&PwV`tf8|4pGu#p0utv*mBZ`U!I)eh#uOpnKcFpl^NF>?-G8SO zgx#M^t#Q}q-f*iY>}j7LY*@mI?z=5`GH8?^nw7%flz`N;ny<<%DYHsCRfu?#UKZyE z$tY_l0XK-G0Ug*O&4Ay@-eA#=!zrK zFsC!Bjx2GR^^g}p^AlNodI6b=N@UD(Pa+jj$+(Y5)KL literal 0 HcmV?d00001 diff --git "a/modules/installation-and-upgrade/pages/container-deployment/uyuni/\\" "b/modules/installation-and-upgrade/pages/container-deployment/uyuni/\\" new file mode 100644 index 00000000000..1feb38f452b --- /dev/null +++ "b/modules/installation-and-upgrade/pages/container-deployment/uyuni/\\" @@ -0,0 +1,129 @@ +[[proxy-conversion-from-client-mlm]] += Proxy conversion from client + +== Introduction + +This chapter describes how {productname} proxy can be registered with {productname} server from the {webui}. + +The client which is a candidate for conversion to proxy must adhere to the following pre-requisites: + +* it must already be onboarded +* it is reachable +* it has access to client tools + +ifeval::[{mlm-content} == true] +* it is one of the following systems: +** {sles} 15 SP7 +** {sl-micro} 6.1 +endif::[] + + +== Convert the client to {productname} Proxy + +The process of conversion is done entirely from the {webui} for already registered clients. +For more information about client onboarding, see xref:client-configuration:registration-overview.adoc[]. + +The following two procedures describe the client conversion to a proxy. +Either procedure can be used, and will achieve the same outcome. + +.Procedure: Converting client to {productname} Proxy using dedicated button +. For the client chosen to be converted to proxy, go to its [literal]``Overview`` page. +. Click button btn:[Convert to Proxy]. +. Wait for the conversion to complete. +. Confirm that the conversion has been successful by locating a new tab [literal]``Proxy`` on the [literal]``Overview`` page. +. Confirm there are two tabs within [literal]``Proxy``, [literal]``Clients`` and [literal]``Configuration``. + +Proceed with the steps to <>. + +.Procedure: Converting client to {productname} Proxy by changing client's properties +. For the client chosen to be converted to proxy, go to its [literal]``Properties`` page. +. Locate the section [literal]``Add-on System Types``. +. Check the option [literal]``Proxy``. +. Click button btn:[Update Properties]. +. Follow the displayed note and apply highstate to complete the conversion. +. Confirm that the conversion has been successful by locating a new tab [literal]``Proxy`` on the [literal]``Overview`` page. +. Confirm there are two tabs within [literal]``Proxy``, [literal]``Clients`` and [literal]``Configuration``. + +Proceed with the steps to <>. + + +[[configure-proxy]] +== Configure the Proxy + +Once the client had been succesfully converted to proxy, it needs to be configured. + +.Procedure: Configuring the Proxy +. In the {webui}, navigate to menu:Proxy[Configuration] and fill in the required data: +. In the [guimenu]``Parent FQDN`` field type fully qualified domain name for the parent. +. In the [guimenu]``Proxy SSH port`` field type SSH port on which SSH service is listening on {productname} Proxy. It is recommended to keep default 8022. +. In the [guimenu]``Max Squid cache size [MB]`` field type maximal allowed size for Squid cache. +. In the [guimenu]``Proxy admin email`` field type the administrator's email. +. In the section [literal]``Certificates`` select one of two options: [literal]``Keep`` or [literal]``Replace``. +* Select [literal]``Keep`` if an existing certificates should be used. + This option is not available when you configure the proxy for the first time. +* Select [literal]``Replace`` if the new server certificates should be provided for {productname} proxy. ++ +The certificate can be replaced by one of the two options: ++ +** an existing certificate, provided by the third-party authority +** a brand new certificate generated from the existing {productname} CA certificate for the proxy, by using command [command]``rhn-tool-ssl``. + Example of command use: + ++ + +---- +rhn-tool-ssl --gen-server --set-hostname="proxy.example.com" --set-email="email@example.com" +---- + ++ + +Email address must be the same one as set in the [literal]``Configuration`` tab. + ++ + +** For more information about certificate creation, see xref:administration:ssl-certs.adoc[]. +. In the section [literal]``Source`` select one of two options: [literal]``RPM`` or [literal]``Registry``. ++ +. Option [literal]``RPM`` is recommended for air-gapped or restricted environments. ++ + +[WARNING] +==== +If [literal]``RPM`` option is selected, a number of packages must be installed before proceeding further. +==== + ++ +Go to [literal]``Software`` tab, search and install the following packages (the example illustrates the use of [literal]``x86_64`` architecture): + +* uyuni-proxy-httpd-image +* uyuni-proxy-salt-broker-image +* uyuni-proxy-squid-image +* uyuni-proxy-ssh-image +* uyuni-proxy-tftpd-image + ++ + +Return to Proxy configuration tab, and continue with the remaining configuration. + +. Option [literal]``Registry`` can be used if connectivity is available. ++ +For more information about deployment in air-gapped environment, see xref:installation-and-upgrade:container-deployment/mlm/proxy-air-gapped-deployment-mlm.adoc[]. + +. In case [literal]``Registry`` is selected, proceed with selecting one of two options: [literal]``Simple`` or [literal]``Advanced``. +. If the option selected is [literal]``Simple``, provide the values in [literal]``Registry URL`` and [literal]``Containers Tag``. ++ +* For [literal]``Registry URL`` use [literal]``registry.opensuse.org/uyuni``. +* Select the tag from the drop-down list. + +. If the option selected is [literal]``Advanced`` additional section of the form opens. ++ +* For every indivudual URL field, use the registry [literal]``registry.opensuse.org/uyuni`` and the corresponding suffix, or example _proxy-httpd_ or _salt-broker_. +* Select the tag from the drop-down list. +. Once all fields are filled in, click btn:[Apply] to apply the changes. + + +[WARNING] +==== +When configuring a proxy chain, the parent proxy needs access to any registry that a child proxy is set to use as its source. +==== + diff --git a/modules/installation-and-upgrade/pages/container-deployment/uyuni/proxy-conversion-from-client-uyuni.adoc b/modules/installation-and-upgrade/pages/container-deployment/uyuni/proxy-conversion-from-client-uyuni.adoc index 8b32e6c3ea8..e525898b04b 100644 --- a/modules/installation-and-upgrade/pages/container-deployment/uyuni/proxy-conversion-from-client-uyuni.adoc +++ b/modules/installation-and-upgrade/pages/container-deployment/uyuni/proxy-conversion-from-client-uyuni.adoc @@ -69,10 +69,6 @@ The certificate can be replaced by one of the two options: rhn-ssl-tool --gen-server --set-hostname="proxy.example.com" --set-email="email@example.com" ---- -+ - -Email address must be the same one as set in the [literal]``Configuration`` tab. - + ** For more information about certificate creation, see xref:administration:ssl-certs.adoc[]. From 4980c1899910b9ebeca4d6a41120142b2fb6c986 Mon Sep 17 00:00:00 2001 From: Ornela Maric Date: Thu, 24 Jul 2025 15:48:03 +0200 Subject: [PATCH 27/29] Cont. --- ....proxy-conversion-from-client-uyuni.adoc.swp | Bin 16384 -> 0 bytes 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 modules/installation-and-upgrade/pages/container-deployment/uyuni/.proxy-conversion-from-client-uyuni.adoc.swp diff --git a/modules/installation-and-upgrade/pages/container-deployment/uyuni/.proxy-conversion-from-client-uyuni.adoc.swp b/modules/installation-and-upgrade/pages/container-deployment/uyuni/.proxy-conversion-from-client-uyuni.adoc.swp deleted file mode 100644 index 537e54c66881000404d5f24341b506c6aa567a72..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 16384 zcmeHO&5s;M6|aPZgd{cyE}T%|9AfWo&-x?>R0c*diAQhclgTL^Zc>S5r)qP7<>6+&kg%?A31!*GNw%~Q$Y{*{tSi5 zbUxm@5T1T6G`KiWZdmpfbGh~KvBh#+<|;~bY!@?~l&Q3fDz{Fgsc=f?k;s#%ECxm- zaG($oJF{=<44}+7@UT zc$YCyx_)$gA3JvR$YC1Ug9kp!KlH)N@3KL*!)Y048E6@38E6@38E6@38E6@38Q6;f zSKP@yj{hCiyPnKP>|-11$qB11$qB11$qB11$qB11$qB z11$qB1OI~zh=j4{A=j(4;m7%Zz5oBi`x*Ng@KfM>z;}VifiCd-{fxa1{0R6q@Eq_( z;0wSCunhctA7ftuz6_iO?f@9@@&k;07I*~M4}A50oJ9f$fH&@A>~FwJz!LBP@W=Nt z_6l$vc;jBiz63lETmdcvtH4R%5O5H9{T{}C2mAo|H1OB=q8#w%-Hd$)cm(*%U5vd5 z90QI3|3Gr%P2h*XgTTGOJ;2?-UBEw)9QhXT67VAM0`Lu>3%my2h`ZkaH-Q_#Hn0Wk z^_ge$^Q^w=$;74tycALeQ zFP-1`@3*+YwVCNf4wQ9fys^{}SFv!C$42@` z3mA*!+eY@gBFR)vP5B31Ytx8oSbsfZZN0(Q~JD%A;r?@l_gJ@W2-< zT{P6z8*_&Y|)gUkNJN(AMQp6Y8pWeWM^ zR950*maH(5G$*S=Wh;H>_%GLvixDPM^is*UhBD`4U4pf|uLdO)k-GM^dChQN8SA)H znS{#jBKfDJEP~j#VYMkU^daf+J?(aBs`&OTTW=-APGj@4L32KF6l;SLBgsqX#U;Ay z#JwSLui5CWuO!HI<03H8urh5PvZ2`St(_O!eC2wn66it<60N!+`P%u@=&0FhCbm^3 zQjY6cdJBr;ixJh0y1RD}#9dkWBrmjav#r*@!pUJ$RXpVM3#pHa;an_FVN)_E13`&d zUGeRLA4lbkB)gG0nSj%L6LZTG*%xK%`0>L>kKRT!VQ@c;pLymJ7iQ(^muWiY*GrMY zm7&Q*!;$2iyv;#PKpOaOGgPGO_d%EOcU43HFiAXm}gn^~T0R^S32`$&XBq z7;F??YVsS5$^Ya#6L1Yg)a1q>$g)kch%NG_sm4-9L<{fQAXu}HN+8lsYOc}yMJ!Y! zCAT0K-CiWUIHSpUe8EIn*!UPs!Lwo5kX#f6bZ)2yLtKIk$^xCnf=2((h)Qi?)bS?o zmCm8-p3A#ymkTJ0*M)*Sk+fJ$QEn(vj_QZtp($b|JQX`fqYVA*5|W%sk_g?bj4_)T zUxk+e-C;ywHLLV3#*z$eni=vXF$~4IT zBgh3IFz8hnRo|Pm_rr*lCT&?PJ~lQAzO>20)Y*V65u7iaAdz*uXgctx^PUzaK|hU9 zIv5>YdiF6;2&hd6)cu!8S3YPGT$9LNNQ>Z#qTTwwG_9ctMSfV)u;{=MP2$>W8S}a! zQbhF07|Shf2PCadK?;lDs9Gt4GLXaC%UZEk%+az#URTiKvjoWO@&r5t1(d(#G> zisvaXRQZCBA*&Qo2m?ccWg6>>ypE#{(E zb|vHHw!i+ZgAICaF~*KIgYY_MmCNyRX=9`Y|>}o6=nCAg)D@Fr=od3`jUvAzEhA5T}xnK>jSD&XYvZNec#3XG7=&#_tM{ zJ@Nu~XaiH_!`}i`w8v{?hnB1J6e0^9(hN7A?n%vmFr*bl`6J4gfh0N~@M9Q>w3JY% znatV_fo@Hug*R_4UloH%VmcPHa@UPuL|%L8{E9Zy=zW?M4D{1%)+Y^(Q-&rBwe&lV zqNekNDcED{Jbg!)hANba22giQyUa(*=$zgj4!h}aGIhI`kGnAPTVFfQ(yV&vc-nH~ zwd4rTC%bM^!HfRrt~tC0S=A1aG7of&f(~;!7aZZthKQUTd~_IR%hHv`=h!a!t!wRq z{Ei<6+Y7l15?bXY&PwV`tf8|4pGu#p0utv*mBZ`U!I)eh#uOpnKcFpl^NF>?-G8SO zgx#M^t#Q}q-f*iY>}j7LY*@mI?z=5`GH8?^nw7%flz`N;ny<<%DYHsCRfu?#UKZyE z$tY_l0XK-G0Ug*O&4Ay@-eA#=!zrK zFsC!Bjx2GR^^g}p^AlNodI6b=N@UD(Pa+jj$+(Y5)KL From 8629eba47d292ddb71bbdf2fd3d1aea57fae6de4 Mon Sep 17 00:00:00 2001 From: Ornela Maric Date: Thu, 24 Jul 2025 15:49:04 +0200 Subject: [PATCH 28/29] Cont. --- .../pages/container-deployment/uyuni/\\" | 129 ------------------ 1 file changed, 129 deletions(-) delete mode 100644 "modules/installation-and-upgrade/pages/container-deployment/uyuni/\\" diff --git "a/modules/installation-and-upgrade/pages/container-deployment/uyuni/\\" "b/modules/installation-and-upgrade/pages/container-deployment/uyuni/\\" deleted file mode 100644 index 1feb38f452b..00000000000 --- "a/modules/installation-and-upgrade/pages/container-deployment/uyuni/\\" +++ /dev/null @@ -1,129 +0,0 @@ -[[proxy-conversion-from-client-mlm]] -= Proxy conversion from client - -== Introduction - -This chapter describes how {productname} proxy can be registered with {productname} server from the {webui}. - -The client which is a candidate for conversion to proxy must adhere to the following pre-requisites: - -* it must already be onboarded -* it is reachable -* it has access to client tools - -ifeval::[{mlm-content} == true] -* it is one of the following systems: -** {sles} 15 SP7 -** {sl-micro} 6.1 -endif::[] - - -== Convert the client to {productname} Proxy - -The process of conversion is done entirely from the {webui} for already registered clients. -For more information about client onboarding, see xref:client-configuration:registration-overview.adoc[]. - -The following two procedures describe the client conversion to a proxy. -Either procedure can be used, and will achieve the same outcome. - -.Procedure: Converting client to {productname} Proxy using dedicated button -. For the client chosen to be converted to proxy, go to its [literal]``Overview`` page. -. Click button btn:[Convert to Proxy]. -. Wait for the conversion to complete. -. Confirm that the conversion has been successful by locating a new tab [literal]``Proxy`` on the [literal]``Overview`` page. -. Confirm there are two tabs within [literal]``Proxy``, [literal]``Clients`` and [literal]``Configuration``. - -Proceed with the steps to <>. - -.Procedure: Converting client to {productname} Proxy by changing client's properties -. For the client chosen to be converted to proxy, go to its [literal]``Properties`` page. -. Locate the section [literal]``Add-on System Types``. -. Check the option [literal]``Proxy``. -. Click button btn:[Update Properties]. -. Follow the displayed note and apply highstate to complete the conversion. -. Confirm that the conversion has been successful by locating a new tab [literal]``Proxy`` on the [literal]``Overview`` page. -. Confirm there are two tabs within [literal]``Proxy``, [literal]``Clients`` and [literal]``Configuration``. - -Proceed with the steps to <>. - - -[[configure-proxy]] -== Configure the Proxy - -Once the client had been succesfully converted to proxy, it needs to be configured. - -.Procedure: Configuring the Proxy -. In the {webui}, navigate to menu:Proxy[Configuration] and fill in the required data: -. In the [guimenu]``Parent FQDN`` field type fully qualified domain name for the parent. -. In the [guimenu]``Proxy SSH port`` field type SSH port on which SSH service is listening on {productname} Proxy. It is recommended to keep default 8022. -. In the [guimenu]``Max Squid cache size [MB]`` field type maximal allowed size for Squid cache. -. In the [guimenu]``Proxy admin email`` field type the administrator's email. -. In the section [literal]``Certificates`` select one of two options: [literal]``Keep`` or [literal]``Replace``. -* Select [literal]``Keep`` if an existing certificates should be used. - This option is not available when you configure the proxy for the first time. -* Select [literal]``Replace`` if the new server certificates should be provided for {productname} proxy. -+ -The certificate can be replaced by one of the two options: -+ -** an existing certificate, provided by the third-party authority -** a brand new certificate generated from the existing {productname} CA certificate for the proxy, by using command [command]``rhn-tool-ssl``. - Example of command use: - -+ - ----- -rhn-tool-ssl --gen-server --set-hostname="proxy.example.com" --set-email="email@example.com" ----- - -+ - -Email address must be the same one as set in the [literal]``Configuration`` tab. - -+ - -** For more information about certificate creation, see xref:administration:ssl-certs.adoc[]. -. In the section [literal]``Source`` select one of two options: [literal]``RPM`` or [literal]``Registry``. -+ -. Option [literal]``RPM`` is recommended for air-gapped or restricted environments. -+ - -[WARNING] -==== -If [literal]``RPM`` option is selected, a number of packages must be installed before proceeding further. -==== - -+ -Go to [literal]``Software`` tab, search and install the following packages (the example illustrates the use of [literal]``x86_64`` architecture): - -* uyuni-proxy-httpd-image -* uyuni-proxy-salt-broker-image -* uyuni-proxy-squid-image -* uyuni-proxy-ssh-image -* uyuni-proxy-tftpd-image - -+ - -Return to Proxy configuration tab, and continue with the remaining configuration. - -. Option [literal]``Registry`` can be used if connectivity is available. -+ -For more information about deployment in air-gapped environment, see xref:installation-and-upgrade:container-deployment/mlm/proxy-air-gapped-deployment-mlm.adoc[]. - -. In case [literal]``Registry`` is selected, proceed with selecting one of two options: [literal]``Simple`` or [literal]``Advanced``. -. If the option selected is [literal]``Simple``, provide the values in [literal]``Registry URL`` and [literal]``Containers Tag``. -+ -* For [literal]``Registry URL`` use [literal]``registry.opensuse.org/uyuni``. -* Select the tag from the drop-down list. - -. If the option selected is [literal]``Advanced`` additional section of the form opens. -+ -* For every indivudual URL field, use the registry [literal]``registry.opensuse.org/uyuni`` and the corresponding suffix, or example _proxy-httpd_ or _salt-broker_. -* Select the tag from the drop-down list. -. Once all fields are filled in, click btn:[Apply] to apply the changes. - - -[WARNING] -==== -When configuring a proxy chain, the parent proxy needs access to any registry that a child proxy is set to use as its source. -==== - From 819b59cabc05cdee097715a375782bf5f04208d4 Mon Sep 17 00:00:00 2001 From: Ornela Maric Date: Thu, 24 Jul 2025 17:55:43 +0200 Subject: [PATCH 29/29] More changes following the review. --- .../mlm/proxy-conversion-from-client-mlm.adoc | 13 +++---------- .../uyuni/proxy-conversion-from-client-uyuni.adoc | 15 +++------------ 2 files changed, 6 insertions(+), 22 deletions(-) diff --git a/modules/installation-and-upgrade/pages/container-deployment/mlm/proxy-conversion-from-client-mlm.adoc b/modules/installation-and-upgrade/pages/container-deployment/mlm/proxy-conversion-from-client-mlm.adoc index c162a81f53d..9e5554db90a 100644 --- a/modules/installation-and-upgrade/pages/container-deployment/mlm/proxy-conversion-from-client-mlm.adoc +++ b/modules/installation-and-upgrade/pages/container-deployment/mlm/proxy-conversion-from-client-mlm.adoc @@ -10,6 +10,7 @@ The client which is a candidate for conversion to proxy must adhere to the follo * it must already be onboarded * it is reachable * it has access to client tools +* it has access to proxy channels ifeval::[{mlm-content} == true] * it is one of the following systems: @@ -66,17 +67,9 @@ Once the client had been succesfully converted to proxy, it needs to be configur The certificate can be replaced by one of the two options: + ** an existing certificate, provided by the third-party authority -** a brand new certificate generated from the existing {productname} CA certificate for the proxy, by using command [command]``rhn-tool-ssl``. - Example of command use: - -+ - ----- -rhn-ssl-tool --gen-server --set-hostname="proxy hostname" --set-email="email set in the proxy configuration tab" ----- - +** a brand new certificate generated from the existing {productname} CA certificate for the proxy, by using command [command]``rhn-ssl-tool`` + -** For more information about certificate creation, see xref:administration:ssl-certs.adoc[]. +For more information about certificate creation, see xref:administration:ssl-certs.adoc[]. . In the section [literal]``Source`` select one of two options: [literal]``RPM`` or [literal]``Registry``. + . Option [literal]``RPM`` is recommended for air-gapped or restricted environments. diff --git a/modules/installation-and-upgrade/pages/container-deployment/uyuni/proxy-conversion-from-client-uyuni.adoc b/modules/installation-and-upgrade/pages/container-deployment/uyuni/proxy-conversion-from-client-uyuni.adoc index e525898b04b..4ecfeb2e7bb 100644 --- a/modules/installation-and-upgrade/pages/container-deployment/uyuni/proxy-conversion-from-client-uyuni.adoc +++ b/modules/installation-and-upgrade/pages/container-deployment/uyuni/proxy-conversion-from-client-uyuni.adoc @@ -10,7 +10,7 @@ The client which is a candidate for conversion to proxy must adhere to the follo * it must already be onboarded * it is reachable * it has access to client tools - +* it has access to proxy channels == Convert the client to {productname} Proxy @@ -60,18 +60,9 @@ Once the client had been succesfully converted to proxy, it needs to be configur The certificate can be replaced by one of the two options: + ** an existing certificate, provided by the third-party authority -** a brand new certificate generated from the existing {productname} CA certificate for the proxy, by using command [command]``rhn-tool-ssl``. - Example of command use: - +** a brand new certificate generated from the existing {productname} CA certificate for the proxy, by using command [command]``rhn-ssl-tool`` + - ----- -rhn-ssl-tool --gen-server --set-hostname="proxy.example.com" --set-email="email@example.com" ----- - -+ - -** For more information about certificate creation, see xref:administration:ssl-certs.adoc[]. +For more information about certificate creation, see xref:administration:ssl-certs.adoc[]. . In the section [literal]``Source`` select one of two options: [literal]``RPM`` or [literal]``Registry``. + . Option [literal]``RPM`` is recommended for air-gapped or restricted environments.