Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Containerized proxy - copying images to internal registry #1981

Merged
merged 31 commits into from
Mar 2, 2023

Conversation

0rnela
Copy link
Contributor

@0rnela 0rnela commented Dec 27, 2022

Description

Customers may want to deploy SUMA containerized proxy in an environment without an internet connection.
To do so, they can copy the images to an internal registry or by saving the images to a tar file.

Target branches

Which documentation version does this PR apply to?

Links

Fixes https://github.com/SUSE/spacewalk/issues/19597 i.e. Confluence instructions were converted to documentation.

@0rnela 0rnela requested a review from rjmateus January 4, 2023 11:42
@0rnela 0rnela marked this pull request as ready for review January 4, 2023 11:55
Copy link
Member

@rjmateus rjmateus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some comments to be reviewed

It is possible to deploy containerized {productname} Proxy in an environment without an internet connection.
In such case, the images are copied to an internal registry, or saved to a tar file.

This procedure allows re-use of the existing minion FQDN to create a configuration to start a containerized proxy.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is not related with a proxy deployment without internet connection

The user should first register the minion to suse manager server, and then re-use the same FQDN in a generation.


Make sure the default port is set up to `8022` for virtualized proxy when creating configuration using [literal]`spacecmd`.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is not related to connected setup, but rater related to general installation.

@rjmateus
Copy link
Member

rjmateus commented Jan 4, 2023

please add also @cbosdo as a reviewer

Comment on lines 12 to 13
The product that is installed in that machine will be SUSE Manager Proxy and will not have the needed packages.
Changing the base channel to have the SUSE Manager client tools can lead to package conflicts and port conflicts.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do we need the proxy product here? I fail to understand that.

====

[[from.suma.to.internal.reg.without.ssl]]
== Copy images from suse manager registry to internal registry without SSL configured
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we really want to describe without SSL configured? Shouldn't we assume they have setup their registry safely and if needed they read the skopeo man page?

+
----
for image in httpd proxy-salt-broker squid ssh tftpd; do
skopeo copy --dest-tls-verify=false docker://registry.suse.com/suse/manager/4.3/proxy-$image:latest docker://m43-registry.tf.local/4.3/proxy-$image
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should the destination registry FQDN we abstracted away? Be careful some people are blindly copy / pasting doc's commands...

done
----

If the registry is unsecured (not configured with SSL), on the containerized proxy VM edit [literal]`/etc/containers/registries.conf` and add the regitry domain to the section [literal]`insecure list`.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same here... do we really want to document unsecure things?

@0rnela 0rnela force-pushed the copyImagesToInternalRegistry branch from aefbf69 to 8d87fad Compare February 15, 2023 20:16
@0rnela 0rnela changed the title [WIP] Containerized proxy - copying images to internal registry Containerized proxy - copying images to internal registry Feb 16, 2023
@0rnela 0rnela requested review from cbosdo and rjmateus February 16, 2023 09:20
Copy link
Contributor

@cbosdo cbosdo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We miss the tweaks needed to use these images... but there is one thing I am not sure about and need to test to provide you the proper steps.

@0rnela 0rnela requested review from cbosdo and rjmateus February 16, 2023 13:51
Copy link
Member

@rjmateus rjmateus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Form my side just one small change

Copy link
Contributor

@cbosdo cbosdo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added more infos after testing

Copy link
Contributor

@cbosdo cbosdo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is some mix and match between the two solutions. I hope I have explained clearly enough.

@0rnela
Copy link
Contributor Author

0rnela commented Feb 28, 2023

@cbosdo - final final check please :)

@0rnela 0rnela requested a review from cbosdo February 28, 2023 14:44
Copy link
Contributor

@cbosdo cbosdo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Many thanks for your patience!

@0rnela 0rnela requested review from keichwa and jcayouette February 28, 2023 14:47
Copy link
Contributor

@keichwa keichwa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Most proposals for consistency.

@0rnela
Copy link
Contributor Author

0rnela commented Mar 1, 2023

Many thanks for your patience!

Many thanks for YOUR patience too @cbosdo.

@0rnela 0rnela requested a review from keichwa March 1, 2023 09:45
@0rnela 0rnela merged commit 9816445 into master Mar 2, 2023
@0rnela 0rnela deleted the copyImagesToInternalRegistry branch March 2, 2023 14:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants