Containerized proxy - copying images to internal registry (#1981)

* New containerized proxy procedure. * Added fixes following the initial feedback. * Minor fixes. * Minor fix. * Update modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc Co-authored-by: Ricardo Mateus <[email protected]> * Update modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc Co-authored-by: Ricardo Mateus <[email protected]> * Further fixes. * Typo. * Typo. * Update modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc Co-authored-by: Ricardo Mateus <[email protected]> * Update modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc Co-authored-by: Cedric Bosdonnat <[email protected]> * Update modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc Co-authored-by: Cedric Bosdonnat <[email protected]> * Changes added based on PR reviews so far. * Comments deleted. * Further fixes and clarificiations following the review. * Fixes and additional instructions. * Moved admonition to a better place. * Update modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc Co-authored-by: Karl Eichwalder <[email protected]> * Update modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc Co-authored-by: Karl Eichwalder <[email protected]> * Update modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc Co-authored-by: Karl Eichwalder <[email protected]> * Update modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc Co-authored-by: Karl Eichwalder <[email protected]> * Update modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc Co-authored-by: Karl Eichwalder <[email protected]> * Update modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc Co-authored-by: Karl Eichwalder <[email protected]> * Update modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc Co-authored-by: Karl Eichwalder <[email protected]> * Formatting fixes. * Formatting fixes, brackets. * Update modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc Co-authored-by: Karl Eichwalder <[email protected]> * Sentence change. * Update modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc Co-authored-by: Karl Eichwalder <[email protected]> --------- Co-authored-by: Ricardo Mateus <[email protected]> Co-authored-by: Cedric Bosdonnat <[email protected]> Co-authored-by: Karl Eichwalder <[email protected]>
uyuni-project · Mar 2, 2023 · 9816445 · 9816445
1 parent da2924a
commit 9816445
Show file tree

Hide file tree

Showing 3 changed files with 114 additions and 0 deletions.
diff --git a/.changelog b/.changelog
@@ -4,6 +4,8 @@
 # - Fixed error in Bat section of Upgrade Guide (bsc#1234567)
 # For guidelines: https://en.opensuse.org/openSUSE:Creating_a_changes_file_(RPM)
 
+- Added instructions about contanerized proxy deployment to Installation and 
+  Upgrade Guide
 - Explained using PTFs in SUSE Manager and Uyuni in Administration Guide
 - Added Uyuni Client Tools channels for Enterprise Linux / SUSE Liberty
   Linux and provide dedicated table for SUSE Manager in Client

diff --git a/modules/installation-and-upgrade/nav-installation-and-upgrade-guide.adoc b/modules/installation-and-upgrade/nav-installation-and-upgrade-guide.adoc
@@ -86,6 +86,7 @@ ifeval::[{uyuni-content} == true]
 endif::[]
 
 **** xref:proxy-container-setup.adoc[Containerized Proxy Setup]
+**** xref:containerized-proxy-deployment.adoc[Containerized Proxy Deployment]
 ** xref:upgrade-intro.adoc[Upgrade]
 
 ifeval::[{suma-content} == true]

diff --git a/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc b/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc
@@ -0,0 +1,111 @@
+[[containerized-proxy-deployment]]
+= Containerized proxy deployment using internal registry
+
+It is possible to deploy containerized images in an environment without an internet connection.
+In such case, the images can be copied from {suse} registry to an internal registry, or saved to a [literal]``tar`` file.
+
+
+
+[[image.from.suse.to.internal.registry]]
+== Image copying from {suse} registry to internal registry 
+
+
+This example illustrates deployment of {salt} proxies only.
+Machines must have access to [literal]``registry.suse.com``.
+
+.Procedure: Deploying {salt} Proxy from an internal image registry
+[role=procedure]
+
+. On a machine with access to [literal]``registry.suse.com`` install [literal]``skopeo``:
++
+----
+zypper in skopeo
+----
++
+[NOTE]
+====
+This can be {productname} Server.
+====
++
+. Copy images between registries:
++
+----
+for image in httpd salt-broker squid ssh tftpd; do
+    skopeo copy docker://registry.suse.com/suse/manager/4.3/proxy-$image:latest docker://<your_server>/registry.suse.com/suse/manager/4.3/proxy-$image
+done
+skopeo copy docker://k8s.gcr.io/pause:latest docker://<your_server>/k8s.gcr.io/pause:latest
+----
++
+[NOTE]
+====
+For every [literal]``skopeo`` command add [literal]``--dest-tls-verify=false`` if the registry is not secured.
+====
++
+. If the registry is unsecured, for example not configured with SSL, add the registry domain to the section [literal]``registries.insecure`` on the containerized proxy virtual machine by editing:
++
+----
+/etc/containers/registries.conf
+----
++
+. Before starting the pod, point the Podman where to get the [literal]``pause`` image from on the internal registry:
++
+----
+echo -e '[engine]\ninfra_image = "<your_server>/pause:latest"'>>/etc/containers/containers.conf
+----
++
+. To start using the images from the internal registry please adapt the [literal]``NAMESPACE`` value in file `/etc/sysconfig/uyuni-proxy-systemd-services.config`.
++
+[NOTE]
+====
+For the k3s deployment, add [literal]``--set repository=<your_server>`` to the helm install command line.
+====
+
+
+[[air-gapped-solution-for-podman]]
+== Air-gapped solution for Podman
+
+This example illustrates deployment of containerized image on a machine with no access to internet.
+
+
+.Procedure: Deploying air-gapped proxy
+[role=procedure]
+
+. Before starting the pod, point the Podman where to get the [literal]``pause`` image from on the internal registry:
++
+----
+echo -e '[engine]\ninfra_image = "<your_server>/pause:latest"'>>/etc/containers/containers.conf
+----
++
+[WARNING]
+====
+This command does not work on SLE 15 SP3 and earlier container hosts.
+====
++
+. On a machine with internet access run:
++
+----
+for image in httpd salt-broker squid ssh tftpd; do
+    podman pull registry.suse.com/suse/manager/4.3/proxy-$image
+done
+podman pull k8s.gcr.io/pause
+
+podman save -m -o proxy-images.tar \
+    k8s.gcr.io/pause \
+    registry.suse.com/suse/manager/4.3/proxy-httpd \
+    registry.suse.com/suse/manager/4.3/proxy-salt-broker \
+    registry.suse.com/suse/manager/4.3/proxy-squid \
+    registry.suse.com/suse/manager/4.3/proxy-ssh \
+    registry.suse.com/suse/manager/4.3/proxy-tftpd
+----
++
+[NOTE]
+====
+For the k3s deployment, add [literal]``--set repository=<your_server>`` to the helm install command line.
+====
++
+. Transfer the [literal]``proxy-images.tar`` to the air-gapped proxy.
+. To make images available to be started when needed, run the command:
++
+----
+podman load -i proxy-images.tar
+----