Extending proxy conversion instructions #4174
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -32,7 +32,9 @@ Either procedure can be used, and will achieve the same outcome. | |
| . Click button btn:[Convert to Proxy]. | ||
| . Wait for the conversion to complete. | ||
| . Confirm that the conversion has been successful by locating a new tab [literal]``Proxy`` on the [literal]``Overview`` page. | ||
| . Confirm there are two tabs within [literal]``Proxy``, [literal]``Clients`` and [literal]``Configuration``. | ||
|
|
||
| Proceed with the steps to <<configure-proxy>>. | ||
|
|
||
| .Procedure: Converting client to {productname} Proxy by changing client's properties | ||
| . For the client chosen to be converted to proxy, go to its [literal]``Properties`` page. | ||
|
|
@@ -41,3 +43,83 @@ Either procedure can be used, and will achieve the same outcome. | |
| . Click button btn:[Update Properties]. | ||
| . Follow the displayed note and apply highstate to complete the conversion. | ||
| . Confirm that the conversion has been successful by locating a new tab [literal]``Proxy`` on the [literal]``Overview`` page. | ||
| . Confirm there are two tabs within [literal]``Proxy``, [literal]``Clients`` and [literal]``Configuration``. | ||
|
|
||
| Proceed with the steps to <<configure-proxy>>. | ||
|
|
||
|
|
||
| [[configure-proxy]] | ||
| == Configure the Proxy | ||
|
|
||
| Once the client had been succesfully converted to proxy, it needs to be configured. | ||
|
|
||
| .Procedure: Configuring the Proxy | ||
| . In the {webui}, navigate to menu:Proxy[Configuration] and fill in the required data: | ||
| . In the [guimenu]``Parent FQDN`` field type fully qualified domain name for the parent. | ||
| . In the [guimenu]``Proxy SSH port`` field type SSH port on which SSH service is listening on {productname} Proxy. It is recommended to keep default 8022. | ||
| . In the [guimenu]``Max Squid cache size [MB]`` field type maximal allowed size for Squid cache. | ||
| . In the [guimenu]``Proxy admin email`` field type the administrator's email. | ||
| . In the section [literal]``Certificates`` select one of two options: [literal]``Keep`` or [literal]``Replace``. | ||
| * Select [literal]``Keep`` if an existing certificates should be used. | ||
| This option is not available when you configure the proxy for the first time. | ||
| * Select [literal]``Replace`` if the new server certificates should be provided for {productname} proxy. | ||
| + | ||
| The certificate can be replaced by one of the two options: | ||
| + | ||
| ** an existing certificate, provided by the third-party authority | ||
| ** a brand new certificate generated from the existing {productname} CA certificate for the proxy, by using command [command]``rhn-tool-ssl``. | ||
| Example of command use: | ||
|
|
||
| + | ||
|
|
||
| ---- | ||
| rhn-tool-ssl --gen-server --set-hostname="proxy hostname" --set-email="email set in the proxy configuration tab" | ||
| ---- | ||
|
|
||
| + | ||
| ** For more information about certificate creation, see xref:administration:ssl-certs.adoc[]. | ||
| . In the section [literal]``Source`` select one of two options: [literal]``RPM`` or [literal]``Registry``. | ||
| + | ||
| . Option [literal]``RPM`` is recommended for air-gapped or restricted environments. | ||
|
There was a problem hiding this comment. Just one last comment. I noticed that maybe we can indicate to the user that has to be subscribed into the proxy extensions channel to donwnload it. There was a problem hiding this comment. That should be already covered in the requisites to convert to a proxy actually, bc they'd also required to have access to mgrpxy and podman There was a problem hiding this comment. Well, just noticed that the alternative install methods do explicitly mention the bootstrapping and channel setup. In that case suggest reviewing then what I documented @ https://confluence.suse.com/display/~RMestre/Proxy+Onboarding
bearing in mind that step 2 "Configure channels" could be read as "add and sync the proxy extension child channel." and after this you would be able to install the packages as well. There was a problem hiding this comment. Isn't it mentioned in the Introduction already? |
||
| + | ||
|
|
||
| [WARNING] | ||
| ==== | ||
| If [literal]``RPM`` option is selected, a number of packages must be installed before proceeding further. | ||
| ==== | ||
|
|
||
| + | ||
| Go to [literal]``Software`` tab, search and install the following packages (the example illustrates the use of [literal]``x86_64`` architecture): | ||
|
|
||
| * suse-multi-linux-manager-5.1-x86_64-proxy-httpd-image | ||
| * suse-multi-linux-manager-5.1-x86_64-proxy-salt-broker-image | ||
| * suse-multi-linux-manager-5.1-x86_64-proxy-squid-image | ||
| * suse-multi-linux-manager-5.1-x86_64-proxy-ssh-image | ||
| * suse-multi-linux-manager-5.1-x86_64-proxy-tftpd-image | ||
|
|
||
| + | ||
|
|
||
| Return to Proxy configuration tab, and continue with the remaining configuration. | ||
|
|
||
| . Option [literal]``Registry`` can be used if connectivity is available. | ||
| + | ||
| For more information about deployment in air-gapped environment, see xref:installation-and-upgrade:container-deployment/mlm/proxy-air-gapped-deployment-mlm.adoc[]. | ||
|
|
||
| . In case [literal]``Registry`` is selected, proceed with selecting one of two options: [literal]``Simple`` or [literal]``Advanced``. | ||
| . If the option selected is [literal]``Simple``, provide the values in [literal]``Registry URL`` and [literal]``Containers Tag``. | ||
| + | ||
| * For [literal]``Registry URL`` use [literal]``registry.suse.com/suse/multi-linux-manager/5.1/x86_64``. | ||
| * Select the tag from the drop-down list. | ||
|
|
||
| . If the option selected is [literal]``Advanced`` additional section of the form opens. | ||
| + | ||
| * For every indivudual URl field, use the registry [literal]``registry.suse.com/suse/multi-linux-manager/5.1/x86_64`` and the corresponding suffix, or example _proxy-httpd_ or _salt-broker_. | ||
| * Select the tag from the drop-down list. | ||
| . Once all fields are filled in, click btn:[Apply] to apply the changes. | ||
|
|
||
|
|
||
| [WARNING] | ||
| ==== | ||
| When configuring a proxy chain, the parent proxy needs access to any registry that a child proxy is set to use as its source. | ||
| ==== | ||
|
|
||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.