diff --git a/.changelog b/.changelog index 8a3d1b94d6e..85f3ca949d3 100644 --- a/.changelog +++ b/.changelog @@ -4,6 +4,8 @@ # - Fixed error in Bat section of Upgrade Guide (bsc#1234567) # For guidelines: https://en.opensuse.org/openSUSE:Creating_a_changes_file_(RPM) +- Added instructions about contanerized proxy deployment to Installation and + Upgrade Guide - Explained using PTFs in SUSE Manager and Uyuni in Administration Guide - Added Uyuni Client Tools channels for Enterprise Linux / SUSE Liberty Linux and provide dedicated table for SUSE Manager in Client diff --git a/modules/installation-and-upgrade/nav-installation-and-upgrade-guide.adoc b/modules/installation-and-upgrade/nav-installation-and-upgrade-guide.adoc index 08b0f815af2..82ea8981a4b 100644 --- a/modules/installation-and-upgrade/nav-installation-and-upgrade-guide.adoc +++ b/modules/installation-and-upgrade/nav-installation-and-upgrade-guide.adoc @@ -86,6 +86,7 @@ ifeval::[{uyuni-content} == true] endif::[] **** xref:proxy-container-setup.adoc[Containerized Proxy Setup] +**** xref:containerized-proxy-deployment.adoc[Containerized Proxy Deployment] ** xref:upgrade-intro.adoc[Upgrade] ifeval::[{suma-content} == true] diff --git a/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc b/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc new file mode 100644 index 00000000000..fbf0dfddb6f --- /dev/null +++ b/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc @@ -0,0 +1,111 @@ +[[containerized-proxy-deployment]] += Containerized proxy deployment using internal registry + +It is possible to deploy containerized images in an environment without an internet connection. +In such case, the images can be copied from {suse} registry to an internal registry, or saved to a [literal]``tar`` file. + + + +[[image.from.suse.to.internal.registry]] +== Image copying from {suse} registry to internal registry + + +This example illustrates deployment of {salt} proxies only. +Machines must have access to [literal]``registry.suse.com``. + +.Procedure: Deploying {salt} Proxy from an internal image registry +[role=procedure] + +. On a machine with access to [literal]``registry.suse.com`` install [literal]``skopeo``: ++ +---- +zypper in skopeo +---- ++ +[NOTE] +==== +This can be {productname} Server. +==== ++ +. Copy images between registries: ++ +---- +for image in httpd salt-broker squid ssh tftpd; do + skopeo copy docker://registry.suse.com/suse/manager/4.3/proxy-$image:latest docker:///registry.suse.com/suse/manager/4.3/proxy-$image +done +skopeo copy docker://k8s.gcr.io/pause:latest docker:///k8s.gcr.io/pause:latest +---- ++ +[NOTE] +==== +For every [literal]``skopeo`` command add [literal]``--dest-tls-verify=false`` if the registry is not secured. +==== ++ +. If the registry is unsecured, for example not configured with SSL, add the registry domain to the section [literal]``registries.insecure`` on the containerized proxy virtual machine by editing: ++ +---- +/etc/containers/registries.conf +---- ++ +. Before starting the pod, point the Podman where to get the [literal]``pause`` image from on the internal registry: ++ +---- +echo -e '[engine]\ninfra_image = "/pause:latest"'>>/etc/containers/containers.conf +---- ++ +. To start using the images from the internal registry please adapt the [literal]``NAMESPACE`` value in file `/etc/sysconfig/uyuni-proxy-systemd-services.config`. ++ +[NOTE] +==== +For the k3s deployment, add [literal]``--set repository=`` to the helm install command line. +==== + + +[[air-gapped-solution-for-podman]] +== Air-gapped solution for Podman + +This example illustrates deployment of containerized image on a machine with no access to internet. + + +.Procedure: Deploying air-gapped proxy +[role=procedure] + +. Before starting the pod, point the Podman where to get the [literal]``pause`` image from on the internal registry: ++ +---- +echo -e '[engine]\ninfra_image = "/pause:latest"'>>/etc/containers/containers.conf +---- ++ +[WARNING] +==== +This command does not work on SLE 15 SP3 and earlier container hosts. +==== ++ +. On a machine with internet access run: ++ +---- +for image in httpd salt-broker squid ssh tftpd; do + podman pull registry.suse.com/suse/manager/4.3/proxy-$image +done +podman pull k8s.gcr.io/pause + +podman save -m -o proxy-images.tar \ + k8s.gcr.io/pause \ + registry.suse.com/suse/manager/4.3/proxy-httpd \ + registry.suse.com/suse/manager/4.3/proxy-salt-broker \ + registry.suse.com/suse/manager/4.3/proxy-squid \ + registry.suse.com/suse/manager/4.3/proxy-ssh \ + registry.suse.com/suse/manager/4.3/proxy-tftpd +---- ++ +[NOTE] +==== +For the k3s deployment, add [literal]``--set repository=`` to the helm install command line. +==== ++ +. Transfer the [literal]``proxy-images.tar`` to the air-gapped proxy. +. To make images available to be started when needed, run the command: ++ +---- +podman load -i proxy-images.tar +----