diff --git a/.changelog b/.changelog index 158c436c7c4..fd9e81b0d1f 100644 --- a/.changelog +++ b/.changelog @@ -4,6 +4,8 @@ # - Fixed error in Bat section of Upgrade Guide (bsc#1234567) # For guidelines: https://en.opensuse.org/openSUSE:Creating_a_changes_file_(RPM) +- Added instructions about contanerized proxy deployment to Installation and + Upgrade Guide - Warned about installing containerized proxy on traditional container host in Installation and Upgrade Guide - Added openSUSE Leap 15.5 as a supported client diff --git a/modules/installation-and-upgrade/nav-installation-and-upgrade-guide.adoc b/modules/installation-and-upgrade/nav-installation-and-upgrade-guide.adoc index 089cd81f991..82ea8981a4b 100644 --- a/modules/installation-and-upgrade/nav-installation-and-upgrade-guide.adoc +++ b/modules/installation-and-upgrade/nav-installation-and-upgrade-guide.adoc @@ -86,7 +86,7 @@ ifeval::[{uyuni-content} == true] endif::[] **** xref:proxy-container-setup.adoc[Containerized Proxy Setup] -**** xref:containerized-proxy-wo-internet.adoc[Containerized Proxy Without Internet Connection] +**** xref:containerized-proxy-deployment.adoc[Containerized Proxy Deployment] ** xref:upgrade-intro.adoc[Upgrade] ifeval::[{suma-content} == true] diff --git a/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc b/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc new file mode 100644 index 00000000000..a8dffcccc5e --- /dev/null +++ b/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc @@ -0,0 +1,69 @@ +[[containerized-proxy-deployment]] += Containerized proxy deployment + +It is possible to deploy containerized images in an environment without an internet connection. +In such case, the images are copied from {suse} registry to an internal registry, or saved to a [literal]``tar`` file. + +You should first register Salt minion to {productname} server, and then re-use the same FQDN in a generation. + +//When changing the base channel to have the {productname} client tools, this may lead to package conflicts and port conflicts. + + +[[image.from.suse.to.internal.registry]] +== Image copying from {suse} registry to internal registry + +[IMPORTANT] +==== +This procedure illustrates deployment of {salt} proxies only. +==== + +. Install [literal]``skopeo`` on a machine with access to [literal]``registry.suse.com``: ++ +---- +zypper in skopeo (can be {productname} server) +---- ++ +. Copy images between registries: ++ +---- +for image in httpd proxy-salt-broker squid ssh tftpd; do + skopeo copy --dest-tls-verify=false docker://registry.suse.com/suse/manager/4.3/proxy-$image:latest docker://(your_server)/proxy-$image +done +---- ++ +. If the registry is unsecured, i.e. not configured with SSL, add the regitry domain to the section [literal]``insecure list`` on the containerized proxy virtual machine by editing: ++ +---- +/etc/containers/registries.conf +---- + +[NOTE] +==== +If you want to copy the images to a registry with SSL, remove the property [literal]`--dest-tls-verify=false`. +==== + +[[air-gapped-solution-for-podman]] +== Air gapped solution for Podman + +. Before starting the pod, on a machine with internet access run: ++ +---- +for image in httpd salt-broker squid ssh tftpd; do + podman pull registry.suse.com/suse/manager/4.3/proxy-$image +done +podman pull k8s.gcr.io/pause + +podman save -m -o proxy-images.tar \ + k8s.gcr.io/pause \ + registry.suse.com/suse/manager/4.3/proxy-httpd \ + registry.suse.com/suse/manager/4.3/proxy-salt-broker \ + registry.suse.com/suse/manager/4.3/proxy-squid registry.suse.com/suse/manager/4.3/proxy-ssh \ + registry.suse.com/suse/manager/4.3/proxy-tftpd +---- ++ +. Transfer the [literal]`proxy-images.tar` to the air gapped proxy. +. Run this command to start the pod: ++ +---- +podman load -i proxy-images.tar +---- diff --git a/modules/installation-and-upgrade/pages/containerized-proxy-wo-internet.adoc b/modules/installation-and-upgrade/pages/containerized-proxy-wo-internet.adoc deleted file mode 100644 index fa3bee9e301..00000000000 --- a/modules/installation-and-upgrade/pages/containerized-proxy-wo-internet.adoc +++ /dev/null @@ -1,70 +0,0 @@ -[[containerized-proxy-setup-without-internet]] -= Containerized proxy deployment without an internet connection - -It is possible to deploy containerized {productname} Proxy in an environment without an internet connection. -In such case, the images are copied to an internal registry, or saved to a tar file. - -This procedure allows re-use of the existing minion FQDN to create a configuration to start a containerized proxy. -The user should first register the minion to suse manager server, and then re-use the same FQDN in a generation. - - -Make sure the default port is set up to `8022` for virtualized proxy when creating configuration using [literal]`spacecmd`. -The product that is installed in that machine will be SUSE Manager Proxy and will not have the needed packages. -Changing the base channel to have the SUSE Manager client tools can lead to package conflicts and port conflicts. - - -[IMPORTANT] -==== -This procedure applies to {salt} proxies only. -==== - -[[from.suma.to.internal.reg.without.ssl]] -== Copy images from suse manager registry to internal registry without SSL configured - -[NOTE] -==== -If you want to copy the images to a registry with SSL, remove the property [literal]`--dest-tls-verify=false`. -==== - -. In a machine with access to "registry.suse.com" (CONFIRM: what machine - SUMA server?) install [literal]`skopeo` by using the command -+ ----- -zypper in skopeo (can be suse manager server) ----- -+ -. Copy images between registries: -+ ----- -for image in httpd proxy-salt-broker squid ssh tftpd; do - skopeo copy --dest-tls-verify=false docker://registry.suse.com/suse/manager/4.3/proxy-$image:latest docker://m43-registry.tf.local/4.3/proxy-$image -done ----- - -If the registry is unsecured (not configured with SSL), on the containerized proxy VM edit [literal]`/etc/containers/registries.conf` and add the regitry domain to the section [literal]`insecure list`. - - -[[air-gapped-solution-for-podman]] -Air gapped solution for podman - -. Before starting the pod. -. On a machine with internet access -+ ----- -for image in httpd salt-broker squid ssh tftpd; do - podman pull registry.suse.com/suse/manager/4.3/proxy-$image -done -podman pull k8s.gcr.io/pause - -podman save -m -o proxy-images.tar \ - k8s.gcr.io/pause \ - registry.suse.com/suse/manager/4.3/proxy-httpd \ - registry.suse.com/suse/manager/4.3/proxy-salt-broker \ - registry.suse.com/suse/manager/4.3/proxy-squid registry.suse.com/suse/manager/4.3/proxy-ssh \ - registry.suse.com/suse/manager/4.3/proxy-tftpd ----- -+ -. Transfer the [literal`proxy-images.tar` to the air gapped proxy and run this command and start the pod: -+ ----- -podman load -i proxy-images.tar -----