Extending proxy conversion instructions #4174
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change | ||||
|---|---|---|---|---|---|---|
| @@ -0,0 +1,117 @@ | ||||||
| [[proxy-conversion-from-client-mlm]] | ||||||
| = Proxy conversion from client | ||||||
|
|
||||||
| == Introduction | ||||||
|
|
||||||
| This chapter describes how {productname} proxy can be registered with {productname} server from the {webui}. | ||||||
|
|
||||||
| The client which is a candidate for conversion to proxy must adhere to the following pre-requisites: | ||||||
|
|
||||||
| * it must already be onboarded | ||||||
| * it is reachable | ||||||
| * it has access to client tools | ||||||
| * it has access to proxy channels | ||||||
|
|
||||||
| ifeval::[{mlm-content} == true] | ||||||
| * it is one of the following systems: | ||||||
| ** {sles} 15 SP7 | ||||||
| ** {sl-micro} 6.1 | ||||||
| endif::[] | ||||||
|
|
||||||
|
|
||||||
| == Convert the client to {productname} Proxy | ||||||
|
|
||||||
| The process of conversion is done entirely from the {webui} for already registered clients. | ||||||
| For more information about client onboarding, see xref:client-configuration:registration-overview.adoc[]. | ||||||
|
|
||||||
| The following two procedures describe the client conversion to a proxy. | ||||||
| Either procedure can be used, and will achieve the same outcome. | ||||||
|
|
||||||
| .Procedure: Converting client to {productname} Proxy using dedicated button | ||||||
0rnela marked this conversation as resolved.
Show resolved
Hide resolved
|
||||||
| . For the client chosen to be converted to proxy, go to its [literal]``Overview`` page. | ||||||
| . Click button btn:[Convert to Proxy]. | ||||||
| . Wait for the conversion to complete. | ||||||
| . Confirm that the conversion has been successful by locating a new tab [literal]``Proxy`` on the [literal]``Overview`` page. | ||||||
| . Confirm there are two tabs within [literal]``Proxy``: [literal]``Clients`` and [literal]``Configuration``. | ||||||
|
|
||||||
| Proceed with the steps to <<configure-proxy>>. | ||||||
|
|
||||||
| .Procedure: Converting client to {productname} Proxy by changing client's properties | ||||||
| . For the client chosen to be converted to proxy, go to its [literal]``Properties`` page. | ||||||
| . Locate the section [literal]``Add-on System Types``. | ||||||
| . Check the option [literal]``Proxy``. | ||||||
| . Click button btn:[Update Properties]. | ||||||
| . Follow the displayed note and apply highstate to complete the conversion. | ||||||
| . Confirm that the conversion has been successful by locating a new tab [literal]``Proxy`` on the [literal]``Overview`` page. | ||||||
| . Confirm there are two tabs within [literal]``Proxy``, [literal]``Clients`` and [literal]``Configuration``. | ||||||
|
|
||||||
| Proceed with the steps to <<configure-proxy>>. | ||||||
|
|
||||||
|
|
||||||
| [[configure-proxy]] | ||||||
| == Configure the Proxy | ||||||
|
|
||||||
| Once the client had been succesfully converted to proxy, it needs to be configured. | ||||||
|
|
||||||
| .Procedure: Configuring the Proxy | ||||||
| . In the {webui}, navigate to menu:Proxy[Configuration] and fill in the required data: | ||||||
| . In the [guimenu]``Parent FQDN`` field type fully qualified domain name for the parent server or proxy. | ||||||
| . In the [guimenu]``Proxy SSH port`` field type SSH port on which SSH service is listening on {productname} Proxy. It is recommended to keep default 8022. | ||||||
| . In the [guimenu]``Max Squid cache size [MB]`` field type maximal allowed size for Squid cache. | ||||||
| . In the [guimenu]``Proxy admin email`` field type the administrator's email. | ||||||
| . In the section [literal]``Certificates`` select one of two options: [literal]``Keep`` or [literal]``Replace``. | ||||||
| * Select [literal]``Keep`` if an existing certificates should be used. | ||||||
|
There was a problem hiding this comment.
Suggested change
|
||||||
| This option is not available when you configure the proxy for the first time. | ||||||
| * Select [literal]``Replace`` if the new server certificates should be provided for {productname} proxy. | ||||||
| + | ||||||
| The certificate can be replaced by one of the two options: | ||||||
| + | ||||||
| ** an existing certificate, provided by the third-party authority | ||||||
|
There was a problem hiding this comment.
Suggested change
|
||||||
| ** a brand new certificate generated from the existing {productname} CA certificate for the proxy, by using command [command]``rhn-ssl-tool`` | ||||||
|
There was a problem hiding this comment.
Suggested change
|
||||||
| + | ||||||
| For more information about certificate creation, see xref:administration:ssl-certs.adoc[]. | ||||||
| . In the section [literal]``Source`` select one of two options: [literal]``RPM`` or [literal]``Registry``. | ||||||
| + | ||||||
| . Option [literal]``RPM`` is recommended for air-gapped or restricted environments. | ||||||
| + | ||||||
|
|
||||||
| [WARNING] | ||||||
| ==== | ||||||
| If [literal]``RPM`` option is selected, a number of packages must be installed before proceeding further. | ||||||
0rnela marked this conversation as resolved.
Show resolved
Hide resolved
|
||||||
| ==== | ||||||
|
|
||||||
| + | ||||||
| Go to [literal]``Software`` tab, search and install the following packages (the example illustrates the use of [literal]``x86_64`` architecture): | ||||||
|
|
||||||
| * suse-multi-linux-manager-5.1-x86_64-proxy-httpd-image | ||||||
| * suse-multi-linux-manager-5.1-x86_64-proxy-salt-broker-image | ||||||
| * suse-multi-linux-manager-5.1-x86_64-proxy-squid-image | ||||||
| * suse-multi-linux-manager-5.1-x86_64-proxy-ssh-image | ||||||
| * suse-multi-linux-manager-5.1-x86_64-proxy-tftpd-image | ||||||
|
|
||||||
| + | ||||||
|
|
||||||
| Return to Proxy configuration tab, and continue with the remaining configuration. | ||||||
0rnela marked this conversation as resolved.
Show resolved
Hide resolved
|
||||||
|
|
||||||
| . Option [literal]``Registry`` can be used if connectivity is available. | ||||||
| + | ||||||
| For more information about deployment in air-gapped environment, see xref:installation-and-upgrade:container-deployment/mlm/proxy-air-gapped-deployment-mlm.adoc[]. | ||||||
|
There was a problem hiding this comment.
Suggested change
Once space too much. |
||||||
|
|
||||||
| . In case [literal]``Registry`` is selected, proceed with selecting one of two options: [literal]``Simple`` or [literal]``Advanced``. | ||||||
| . If the option selected is [literal]``Simple``, provide the values in [literal]``Registry URL`` and [literal]``Containers Tag``. | ||||||
| + | ||||||
| * For [literal]``Registry URL`` use [literal]``registry.suse.com/suse/multi-linux-manager/5.1/x86_64``. | ||||||
| * Select the tag from the drop-down list. | ||||||
|
|
||||||
| . If the option selected is [literal]``Advanced`` additional section of the form opens. | ||||||
|
There was a problem hiding this comment.
Suggested change
|
||||||
| + | ||||||
| * For every indivudual URL field, use the registry [literal]``registry.suse.com/suse/multi-linux-manager/5.1/x86_64`` and the corresponding suffix, or example _proxy-httpd_ or _salt-broker_. | ||||||
| * Select the tag from the drop-down list. | ||||||
| . Once all fields are filled in, click btn:[Apply] to apply the changes. | ||||||
|
|
||||||
|
|
||||||
| [WARNING] | ||||||
| ==== | ||||||
| When configuring a proxy chain, the parent proxy needs access to any registry that a child proxy is set to use as its source. | ||||||
0rnela marked this conversation as resolved.
Show resolved
Hide resolved
|
||||||
| ==== | ||||||
|
|
||||||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,110 @@ | ||
| [[proxy-conversion-from-client-uyuni]] | ||
| = Proxy conversion from client | ||
|
|
||
| == Introduction | ||
|
|
||
| This chapter describes how {productname} proxy can be registered with {productname} server from the {webui}. | ||
|
|
||
| The client which is a candidate for conversion to proxy must adhere to the following pre-requisites: | ||
|
|
||
| * it must already be onboarded | ||
| * it is reachable | ||
| * it has access to client tools | ||
| * it has access to proxy channels | ||
|
|
||
| == Convert the client to {productname} Proxy | ||
|
|
||
| The process of conversion is done entirely from the {webui} for already registered clients. | ||
| For more information about client onboarding, see xref:client-configuration:registration-overview.adoc[]. | ||
|
|
||
| The following two procedures describe the client conversion to a proxy. | ||
| Either procedure can be used, and will achieve the same outcome. | ||
|
|
||
| .Procedure: Converting client to {productname} Proxy using dedicated button | ||
| . For the client chosen to be converted to proxy, go to its [literal]``Overview`` page. | ||
| . Click button btn:[Convert to Proxy]. | ||
| . Wait for the conversion to complete. | ||
| . Confirm that the conversion has been successful by locating a new tab [literal]``Proxy`` on the [literal]``Overview`` page. | ||
| . Confirm there are two tabs within [literal]``Proxy``: [literal]``Clients`` and [literal]``Configuration``. | ||
|
|
||
| Proceed with the steps to <<configure-proxy>>. | ||
|
|
||
| .Procedure: Converting client to {productname} Proxy by changing client's properties | ||
| . For the client chosen to be converted to proxy, go to its [literal]``Properties`` page. | ||
| . Locate the section [literal]``Add-on System Types``. | ||
| . Check the option [literal]``Proxy``. | ||
| . Click button btn:[Update Properties]. | ||
| . Follow the displayed note and apply highstate to complete the conversion. | ||
| . Confirm that the conversion has been successful by locating a new tab [literal]``Proxy`` on the [literal]``Overview`` page. | ||
| . Confirm there are two tabs within [literal]``Proxy``, [literal]``Clients`` and [literal]``Configuration``. | ||
|
|
||
| Proceed with the steps to <<configure-proxy>>. | ||
|
|
||
|
|
||
| [[configure-proxy]] | ||
| == Configure the Proxy | ||
|
|
||
| Once the client had been succesfully converted to proxy, it needs to be configured. | ||
|
|
||
| .Procedure: Configuring the Proxy | ||
| . In the {webui}, navigate to menu:Proxy[Configuration] and fill in the required data: | ||
| . In the [guimenu]``Parent FQDN`` field type fully qualified domain name for the parent server or proxy. | ||
| . In the [guimenu]``Proxy SSH port`` field type SSH port on which SSH service is listening on {productname} Proxy. It is recommended to keep default 8022. | ||
| . In the [guimenu]``Max Squid cache size [MB]`` field type maximal allowed size for Squid cache. | ||
| . In the [guimenu]``Proxy admin email`` field type the administrator's email. | ||
| . In the section [literal]``Certificates`` select one of two options: [literal]``Keep`` or [literal]``Replace``. | ||
| * Select [literal]``Keep`` if an existing certificates should be used. | ||
| This option is not available when you configure the proxy for the first time. | ||
| * Select [literal]``Replace`` if the new server certificates should be provided for {productname} proxy. | ||
| + | ||
| The certificate can be replaced by one of the two options: | ||
| + | ||
| ** an existing certificate, provided by the third-party authority | ||
| ** a brand new certificate generated from the existing {productname} CA certificate for the proxy, by using command [command]``rhn-ssl-tool`` | ||
| + | ||
| For more information about certificate creation, see xref:administration:ssl-certs.adoc[]. | ||
| . In the section [literal]``Source`` select one of two options: [literal]``RPM`` or [literal]``Registry``. | ||
| + | ||
| . Option [literal]``RPM`` is recommended for air-gapped or restricted environments. | ||
| + | ||
|
|
||
| [WARNING] | ||
| ==== | ||
| If [literal]``RPM`` option is selected, a number of packages must be installed before proceeding further. | ||
| ==== | ||
|
|
||
| + | ||
| Go to [literal]``Software`` tab, search and install the following packages (the example illustrates the use of [literal]``x86_64`` architecture): | ||
|
|
||
| * uyuni-proxy-httpd-image | ||
| * uyuni-proxy-salt-broker-image | ||
| * uyuni-proxy-squid-image | ||
| * uyuni-proxy-ssh-image | ||
| * uyuni-proxy-tftpd-image | ||
|
|
||
| + | ||
|
|
||
| Return to Proxy configuration tab, and continue with the remaining configuration. | ||
|
|
||
| . Option [literal]``Registry`` can be used if connectivity is available. | ||
| + | ||
| For more information about deployment in air-gapped environment, see xref:installation-and-upgrade:container-deployment/mlm/proxy-air-gapped-deployment-mlm.adoc[]. | ||
|
|
||
| . In case [literal]``Registry`` is selected, proceed with selecting one of two options: [literal]``Simple`` or [literal]``Advanced``. | ||
| . If the option selected is [literal]``Simple``, provide the values in [literal]``Registry URL`` and [literal]``Containers Tag``. | ||
| + | ||
| * For [literal]``Registry URL`` use [literal]``registry.opensuse.org/uyuni``. | ||
| * Select the tag from the drop-down list. | ||
|
|
||
| . If the option selected is [literal]``Advanced`` additional section of the form opens. | ||
| + | ||
| * For every indivudual URL field, use the registry [literal]``registry.opensuse.org/uyuni`` and the corresponding suffix, or example _proxy-httpd_ or _salt-broker_. | ||
| * Select the tag from the drop-down list. | ||
| . Once all fields are filled in, click btn:[Apply] to apply the changes. | ||
|
|
||
|
|
||
| [WARNING] | ||
| ==== | ||
| When configuring a proxy chain, the parent proxy needs access to any registry that a child proxy is set to use as its source. | ||
| ==== | ||
|
|
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.