From 45246f3dd2f0d84bd2f7c9a1538ed92bd12f2f33 Mon Sep 17 00:00:00 2001 From: 0rnela Date: Tue, 27 Dec 2022 15:38:51 +0100 Subject: [PATCH 01/29] New containerized proxy procedure. --- .../nav-installation-and-upgrade-guide.adoc | 1 + .../containerized-proxy-wo-internet.adoc | 70 +++++++++++++++++++ 2 files changed, 71 insertions(+) create mode 100644 modules/installation-and-upgrade/pages/containerized-proxy-wo-internet.adoc diff --git a/modules/installation-and-upgrade/nav-installation-and-upgrade-guide.adoc b/modules/installation-and-upgrade/nav-installation-and-upgrade-guide.adoc index 08b0f815af2..089cd81f991 100644 --- a/modules/installation-and-upgrade/nav-installation-and-upgrade-guide.adoc +++ b/modules/installation-and-upgrade/nav-installation-and-upgrade-guide.adoc @@ -86,6 +86,7 @@ ifeval::[{uyuni-content} == true] endif::[] **** xref:proxy-container-setup.adoc[Containerized Proxy Setup] +**** xref:containerized-proxy-wo-internet.adoc[Containerized Proxy Without Internet Connection] ** xref:upgrade-intro.adoc[Upgrade] ifeval::[{suma-content} == true] diff --git a/modules/installation-and-upgrade/pages/containerized-proxy-wo-internet.adoc b/modules/installation-and-upgrade/pages/containerized-proxy-wo-internet.adoc new file mode 100644 index 00000000000..fa3bee9e301 --- /dev/null +++ b/modules/installation-and-upgrade/pages/containerized-proxy-wo-internet.adoc @@ -0,0 +1,70 @@ +[[containerized-proxy-setup-without-internet]] += Containerized proxy deployment without an internet connection + +It is possible to deploy containerized {productname} Proxy in an environment without an internet connection. +In such case, the images are copied to an internal registry, or saved to a tar file. + +This procedure allows re-use of the existing minion FQDN to create a configuration to start a containerized proxy. +The user should first register the minion to suse manager server, and then re-use the same FQDN in a generation. + + +Make sure the default port is set up to `8022` for virtualized proxy when creating configuration using [literal]`spacecmd`. +The product that is installed in that machine will be SUSE Manager Proxy and will not have the needed packages. +Changing the base channel to have the SUSE Manager client tools can lead to package conflicts and port conflicts. + + +[IMPORTANT] +==== +This procedure applies to {salt} proxies only. +==== + +[[from.suma.to.internal.reg.without.ssl]] +== Copy images from suse manager registry to internal registry without SSL configured + +[NOTE] +==== +If you want to copy the images to a registry with SSL, remove the property [literal]`--dest-tls-verify=false`. +==== + +. In a machine with access to "registry.suse.com" (CONFIRM: what machine - SUMA server?) install [literal]`skopeo` by using the command ++ +---- +zypper in skopeo (can be suse manager server) +---- ++ +. Copy images between registries: ++ +---- +for image in httpd proxy-salt-broker squid ssh tftpd; do + skopeo copy --dest-tls-verify=false docker://registry.suse.com/suse/manager/4.3/proxy-$image:latest docker://m43-registry.tf.local/4.3/proxy-$image +done +---- + +If the registry is unsecured (not configured with SSL), on the containerized proxy VM edit [literal]`/etc/containers/registries.conf` and add the regitry domain to the section [literal]`insecure list`. + + +[[air-gapped-solution-for-podman]] +Air gapped solution for podman + +. Before starting the pod. +. On a machine with internet access ++ +---- +for image in httpd salt-broker squid ssh tftpd; do + podman pull registry.suse.com/suse/manager/4.3/proxy-$image +done +podman pull k8s.gcr.io/pause + +podman save -m -o proxy-images.tar \ + k8s.gcr.io/pause \ + registry.suse.com/suse/manager/4.3/proxy-httpd \ + registry.suse.com/suse/manager/4.3/proxy-salt-broker \ + registry.suse.com/suse/manager/4.3/proxy-squid registry.suse.com/suse/manager/4.3/proxy-ssh \ + registry.suse.com/suse/manager/4.3/proxy-tftpd +---- ++ +. Transfer the [literal`proxy-images.tar` to the air gapped proxy and run this command and start the pod: ++ +---- +podman load -i proxy-images.tar +---- From 8d87fad4b5d932150d2ce36eab0139531187e9a2 Mon Sep 17 00:00:00 2001 From: 0rnela Date: Wed, 15 Feb 2023 21:11:43 +0100 Subject: [PATCH 02/29] Added fixes following the initial feedback. --- .changelog | 2 + .../nav-installation-and-upgrade-guide.adoc | 2 +- .../pages/containerized-proxy-deployment.adoc | 69 ++++++++++++++++++ .../containerized-proxy-wo-internet.adoc | 70 ------------------- 4 files changed, 72 insertions(+), 71 deletions(-) create mode 100644 modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc delete mode 100644 modules/installation-and-upgrade/pages/containerized-proxy-wo-internet.adoc diff --git a/.changelog b/.changelog index 158c436c7c4..fd9e81b0d1f 100644 --- a/.changelog +++ b/.changelog @@ -4,6 +4,8 @@ # - Fixed error in Bat section of Upgrade Guide (bsc#1234567) # For guidelines: https://en.opensuse.org/openSUSE:Creating_a_changes_file_(RPM) +- Added instructions about contanerized proxy deployment to Installation and + Upgrade Guide - Warned about installing containerized proxy on traditional container host in Installation and Upgrade Guide - Added openSUSE Leap 15.5 as a supported client diff --git a/modules/installation-and-upgrade/nav-installation-and-upgrade-guide.adoc b/modules/installation-and-upgrade/nav-installation-and-upgrade-guide.adoc index 089cd81f991..82ea8981a4b 100644 --- a/modules/installation-and-upgrade/nav-installation-and-upgrade-guide.adoc +++ b/modules/installation-and-upgrade/nav-installation-and-upgrade-guide.adoc @@ -86,7 +86,7 @@ ifeval::[{uyuni-content} == true] endif::[] **** xref:proxy-container-setup.adoc[Containerized Proxy Setup] -**** xref:containerized-proxy-wo-internet.adoc[Containerized Proxy Without Internet Connection] +**** xref:containerized-proxy-deployment.adoc[Containerized Proxy Deployment] ** xref:upgrade-intro.adoc[Upgrade] ifeval::[{suma-content} == true] diff --git a/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc b/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc new file mode 100644 index 00000000000..a8dffcccc5e --- /dev/null +++ b/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc @@ -0,0 +1,69 @@ +[[containerized-proxy-deployment]] += Containerized proxy deployment + +It is possible to deploy containerized images in an environment without an internet connection. +In such case, the images are copied from {suse} registry to an internal registry, or saved to a [literal]``tar`` file. + +You should first register Salt minion to {productname} server, and then re-use the same FQDN in a generation. + +//When changing the base channel to have the {productname} client tools, this may lead to package conflicts and port conflicts. + + +[[image.from.suse.to.internal.registry]] +== Image copying from {suse} registry to internal registry + +[IMPORTANT] +==== +This procedure illustrates deployment of {salt} proxies only. +==== + +. Install [literal]``skopeo`` on a machine with access to [literal]``registry.suse.com``: ++ +---- +zypper in skopeo (can be {productname} server) +---- ++ +. Copy images between registries: ++ +---- +for image in httpd proxy-salt-broker squid ssh tftpd; do + skopeo copy --dest-tls-verify=false docker://registry.suse.com/suse/manager/4.3/proxy-$image:latest docker://(your_server)/proxy-$image +done +---- ++ +. If the registry is unsecured, i.e. not configured with SSL, add the regitry domain to the section [literal]``insecure list`` on the containerized proxy virtual machine by editing: ++ +---- +/etc/containers/registries.conf +---- + +[NOTE] +==== +If you want to copy the images to a registry with SSL, remove the property [literal]`--dest-tls-verify=false`. +==== + +[[air-gapped-solution-for-podman]] +== Air gapped solution for Podman + +. Before starting the pod, on a machine with internet access run: ++ +---- +for image in httpd salt-broker squid ssh tftpd; do + podman pull registry.suse.com/suse/manager/4.3/proxy-$image +done +podman pull k8s.gcr.io/pause + +podman save -m -o proxy-images.tar \ + k8s.gcr.io/pause \ + registry.suse.com/suse/manager/4.3/proxy-httpd \ + registry.suse.com/suse/manager/4.3/proxy-salt-broker \ + registry.suse.com/suse/manager/4.3/proxy-squid registry.suse.com/suse/manager/4.3/proxy-ssh \ + registry.suse.com/suse/manager/4.3/proxy-tftpd +---- ++ +. Transfer the [literal]`proxy-images.tar` to the air gapped proxy. +. Run this command to start the pod: ++ +---- +podman load -i proxy-images.tar +---- diff --git a/modules/installation-and-upgrade/pages/containerized-proxy-wo-internet.adoc b/modules/installation-and-upgrade/pages/containerized-proxy-wo-internet.adoc deleted file mode 100644 index fa3bee9e301..00000000000 --- a/modules/installation-and-upgrade/pages/containerized-proxy-wo-internet.adoc +++ /dev/null @@ -1,70 +0,0 @@ -[[containerized-proxy-setup-without-internet]] -= Containerized proxy deployment without an internet connection - -It is possible to deploy containerized {productname} Proxy in an environment without an internet connection. -In such case, the images are copied to an internal registry, or saved to a tar file. - -This procedure allows re-use of the existing minion FQDN to create a configuration to start a containerized proxy. -The user should first register the minion to suse manager server, and then re-use the same FQDN in a generation. - - -Make sure the default port is set up to `8022` for virtualized proxy when creating configuration using [literal]`spacecmd`. -The product that is installed in that machine will be SUSE Manager Proxy and will not have the needed packages. -Changing the base channel to have the SUSE Manager client tools can lead to package conflicts and port conflicts. - - -[IMPORTANT] -==== -This procedure applies to {salt} proxies only. -==== - -[[from.suma.to.internal.reg.without.ssl]] -== Copy images from suse manager registry to internal registry without SSL configured - -[NOTE] -==== -If you want to copy the images to a registry with SSL, remove the property [literal]`--dest-tls-verify=false`. -==== - -. In a machine with access to "registry.suse.com" (CONFIRM: what machine - SUMA server?) install [literal]`skopeo` by using the command -+ ----- -zypper in skopeo (can be suse manager server) ----- -+ -. Copy images between registries: -+ ----- -for image in httpd proxy-salt-broker squid ssh tftpd; do - skopeo copy --dest-tls-verify=false docker://registry.suse.com/suse/manager/4.3/proxy-$image:latest docker://m43-registry.tf.local/4.3/proxy-$image -done ----- - -If the registry is unsecured (not configured with SSL), on the containerized proxy VM edit [literal]`/etc/containers/registries.conf` and add the regitry domain to the section [literal]`insecure list`. - - -[[air-gapped-solution-for-podman]] -Air gapped solution for podman - -. Before starting the pod. -. On a machine with internet access -+ ----- -for image in httpd salt-broker squid ssh tftpd; do - podman pull registry.suse.com/suse/manager/4.3/proxy-$image -done -podman pull k8s.gcr.io/pause - -podman save -m -o proxy-images.tar \ - k8s.gcr.io/pause \ - registry.suse.com/suse/manager/4.3/proxy-httpd \ - registry.suse.com/suse/manager/4.3/proxy-salt-broker \ - registry.suse.com/suse/manager/4.3/proxy-squid registry.suse.com/suse/manager/4.3/proxy-ssh \ - registry.suse.com/suse/manager/4.3/proxy-tftpd ----- -+ -. Transfer the [literal`proxy-images.tar` to the air gapped proxy and run this command and start the pod: -+ ----- -podman load -i proxy-images.tar ----- From 81c729efc8b64539640555433bcbcd3e2f34da41 Mon Sep 17 00:00:00 2001 From: 0rnela Date: Wed, 15 Feb 2023 21:39:36 +0100 Subject: [PATCH 03/29] Minor fixes. --- .../pages/containerized-proxy-deployment.adoc | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc b/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc index a8dffcccc5e..9919cc05f6f 100644 --- a/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc +++ b/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc @@ -6,16 +6,16 @@ In such case, the images are copied from {suse} registry to an internal registry You should first register Salt minion to {productname} server, and then re-use the same FQDN in a generation. -//When changing the base channel to have the {productname} client tools, this may lead to package conflicts and port conflicts. [[image.from.suse.to.internal.registry]] == Image copying from {suse} registry to internal registry -[IMPORTANT] -==== -This procedure illustrates deployment of {salt} proxies only. -==== + +This example illustrates deployment of {salt} proxies only. + +.Procedure: Deploying {salt} Proxy from containerized image +[role=procedure] . Install [literal]``skopeo`` on a machine with access to [literal]``registry.suse.com``: + @@ -36,7 +36,7 @@ done ---- /etc/containers/registries.conf ---- - ++ [NOTE] ==== If you want to copy the images to a registry with SSL, remove the property [literal]`--dest-tls-verify=false`. @@ -45,6 +45,12 @@ If you want to copy the images to a registry with SSL, remove the property [lite [[air-gapped-solution-for-podman]] == Air gapped solution for Podman +This example illustrates deployment of containerized image on a machine with no access to internet. + + +.Procedure: Deploying air gapped proxy +[role=procedure] + . Before starting the pod, on a machine with internet access run: + ---- From 6c2acf9bf1112955dd1a763487ae8619d399b9e1 Mon Sep 17 00:00:00 2001 From: 0rnela Date: Thu, 16 Feb 2023 10:07:24 +0100 Subject: [PATCH 04/29] Minor fix. --- .../pages/containerized-proxy-deployment.adoc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc b/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc index 9919cc05f6f..698d7a5b014 100644 --- a/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc +++ b/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc @@ -43,12 +43,12 @@ If you want to copy the images to a registry with SSL, remove the property [lite ==== [[air-gapped-solution-for-podman]] -== Air gapped solution for Podman +== Air-gapped solution for Podman This example illustrates deployment of containerized image on a machine with no access to internet. -.Procedure: Deploying air gapped proxy +.Procedure: Deploying air-gapped proxy [role=procedure] . Before starting the pod, on a machine with internet access run: @@ -67,7 +67,7 @@ podman save -m -o proxy-images.tar \ registry.suse.com/suse/manager/4.3/proxy-tftpd ---- + -. Transfer the [literal]`proxy-images.tar` to the air gapped proxy. +. Transfer the [literal]`proxy-images.tar` to the air-gapped proxy. . Run this command to start the pod: + ---- From 5dd25d437a81c4387bee05b5fbf28f357015fd3e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ornela=20Mari=C4=87?= Date: Thu, 16 Feb 2023 14:21:30 +0100 Subject: [PATCH 05/29] Update modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc Co-authored-by: Ricardo Mateus --- .../pages/containerized-proxy-deployment.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc b/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc index 698d7a5b014..a6aa89a12f0 100644 --- a/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc +++ b/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc @@ -1,5 +1,5 @@ [[containerized-proxy-deployment]] -= Containerized proxy deployment += Containerized proxy deployment using internal registry It is possible to deploy containerized images in an environment without an internet connection. In such case, the images are copied from {suse} registry to an internal registry, or saved to a [literal]``tar`` file. From 738ffeaeef72a565f103a2ff2f7bcaf95298faac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ornela=20Mari=C4=87?= Date: Thu, 16 Feb 2023 14:25:48 +0100 Subject: [PATCH 06/29] Update modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc Co-authored-by: Ricardo Mateus --- .../pages/containerized-proxy-deployment.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc b/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc index a6aa89a12f0..b0fcc9907e4 100644 --- a/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc +++ b/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc @@ -14,7 +14,7 @@ You should first register Salt minion to {productname} server, and then re-use t This example illustrates deployment of {salt} proxies only. -.Procedure: Deploying {salt} Proxy from containerized image +.Procedure: Deploying {salt} Proxy from an internal image registry [role=procedure] . Install [literal]``skopeo`` on a machine with access to [literal]``registry.suse.com``: From 39ddb7d1cea393835e6ee5fcbb0aa689dfe0e57e Mon Sep 17 00:00:00 2001 From: 0rnela Date: Thu, 16 Feb 2023 14:29:31 +0100 Subject: [PATCH 07/29] Further fixes. --- .../pages/containerized-proxy-deployment.adoc | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc b/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc index b0fcc9907e4..bbdf960a5ae 100644 --- a/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc +++ b/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc @@ -4,9 +4,6 @@ It is possible to deploy containerized images in an environment without an internet connection. In such case, the images are copied from {suse} registry to an internal registry, or saved to a [literal]``tar`` file. -You should first register Salt minion to {productname} server, and then re-use the same FQDN in a generation. - - [[image.from.suse.to.internal.registry]] == Image copying from {suse} registry to internal registry @@ -41,6 +38,8 @@ done ==== If you want to copy the images to a registry with SSL, remove the property [literal]`--dest-tls-verify=false`. ==== ++ +. To start using the images from the internal registry, adapt the image path at file [literal]`/etc/sysconfig/uyuni-proxy-systemd-services.config`. [[air-gapped-solution-for-podman]] == Air-gapped solution for Podman @@ -68,7 +67,7 @@ podman save -m -o proxy-images.tar \ ---- + . Transfer the [literal]`proxy-images.tar` to the air-gapped proxy. -. Run this command to start the pod: +. To make images available to be started when needed, wun teh command: + ---- podman load -i proxy-images.tar From 1aac0df3c6e398ed7893a25c46e6378bd17ca5d3 Mon Sep 17 00:00:00 2001 From: 0rnela Date: Thu, 16 Feb 2023 14:45:46 +0100 Subject: [PATCH 08/29] Typo. --- .../pages/containerized-proxy-deployment.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc b/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc index bbdf960a5ae..2cb3e816ddc 100644 --- a/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc +++ b/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc @@ -67,7 +67,7 @@ podman save -m -o proxy-images.tar \ ---- + . Transfer the [literal]`proxy-images.tar` to the air-gapped proxy. -. To make images available to be started when needed, wun teh command: +. To make images available to be started when needed, wun the command: + ---- podman load -i proxy-images.tar From 364536a75c7e7ddc2c576153e2753faa1963e6e2 Mon Sep 17 00:00:00 2001 From: 0rnela Date: Thu, 16 Feb 2023 14:48:32 +0100 Subject: [PATCH 09/29] Typo. --- .../pages/containerized-proxy-deployment.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc b/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc index 2cb3e816ddc..3efe716cb8a 100644 --- a/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc +++ b/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc @@ -67,7 +67,7 @@ podman save -m -o proxy-images.tar \ ---- + . Transfer the [literal]`proxy-images.tar` to the air-gapped proxy. -. To make images available to be started when needed, wun the command: +. To make images available to be started when needed, run the command: + ---- podman load -i proxy-images.tar From 2be42e8ecf9d7368a8e6ff45e3f49124c83720c3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ornela=20Mari=C4=87?= Date: Mon, 27 Feb 2023 10:35:44 +0100 Subject: [PATCH 10/29] Update modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc Co-authored-by: Ricardo Mateus --- .../pages/containerized-proxy-deployment.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc b/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc index 3efe716cb8a..3b2f3f68707 100644 --- a/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc +++ b/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc @@ -2,7 +2,7 @@ = Containerized proxy deployment using internal registry It is possible to deploy containerized images in an environment without an internet connection. -In such case, the images are copied from {suse} registry to an internal registry, or saved to a [literal]``tar`` file. +In such case, the images can be copied from {suse} registry to an internal registry, or saved to a [literal]``tar`` file. [[image.from.suse.to.internal.registry]] From bef704086dc78d07f1b365bcc3ee5f838992da9c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ornela=20Mari=C4=87?= Date: Mon, 27 Feb 2023 10:37:56 +0100 Subject: [PATCH 11/29] Update modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc Co-authored-by: Cedric Bosdonnat --- .../pages/containerized-proxy-deployment.adoc | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc b/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc index 3b2f3f68707..5b954ea425c 100644 --- a/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc +++ b/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc @@ -23,9 +23,10 @@ zypper in skopeo (can be {productname} server) . Copy images between registries: + ---- -for image in httpd proxy-salt-broker squid ssh tftpd; do - skopeo copy --dest-tls-verify=false docker://registry.suse.com/suse/manager/4.3/proxy-$image:latest docker://(your_server)/proxy-$image +for image in httpd salt-broker squid ssh tftpd; do + skopeo copy docker://registry.suse.com/suse/manager/4.3/proxy-$image:latest docker://(your_server)/registry.suse.com/suse/manager/4.3/proxy-$image done +skopeo copy docker://k8s.gcr.io/pause:latest docker://(your_server)/k8s.gcr.io/pause:latest ---- + . If the registry is unsecured, i.e. not configured with SSL, add the regitry domain to the section [literal]``insecure list`` on the containerized proxy virtual machine by editing: From c3562ef41621ba691ba786e23041bf610744cf01 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ornela=20Mari=C4=87?= Date: Mon, 27 Feb 2023 10:38:34 +0100 Subject: [PATCH 12/29] Update modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc Co-authored-by: Cedric Bosdonnat --- .../pages/containerized-proxy-deployment.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc b/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc index 5b954ea425c..e3efe7b6007 100644 --- a/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc +++ b/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc @@ -29,7 +29,7 @@ done skopeo copy docker://k8s.gcr.io/pause:latest docker://(your_server)/k8s.gcr.io/pause:latest ---- + -. If the registry is unsecured, i.e. not configured with SSL, add the regitry domain to the section [literal]``insecure list`` on the containerized proxy virtual machine by editing: +. If the registry is unsecured, i.e. not configured with SSL, add the regitry domain to the section [literal]``registries.insecure`` on the containerized proxy virtual machine by editing: + ---- /etc/containers/registries.conf From 917af64c903ed5534d5c4a2a35e2a6e1beb20b77 Mon Sep 17 00:00:00 2001 From: 0rnela Date: Mon, 27 Feb 2023 11:41:43 +0100 Subject: [PATCH 13/29] Changes added based on PR reviews so far. --- .../pages/containerized-proxy-deployment.adoc | 26 ++++++++++++++++--- 1 file changed, 23 insertions(+), 3 deletions(-) diff --git a/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc b/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc index e3efe7b6007..a66157bcb9b 100644 --- a/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc +++ b/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc @@ -37,10 +37,12 @@ skopeo copy docker://k8s.gcr.io/pause:latest docker://(your_server)/k8s.gcr.io/p + [NOTE] ==== -If you want to copy the images to a registry with SSL, remove the property [literal]`--dest-tls-verify=false`. +//If you want to copy the images to a registry with SSL, remove the property [literal]`--dest-tls-verify=false`. +If the registry is not secured, add [literal]``--dest-tls-verify=false``. ==== + -. To start using the images from the internal registry, adapt the image path at file [literal]`/etc/sysconfig/uyuni-proxy-systemd-services.config`. +//. To start using the images from the internal registry, adapt the image path at file [literal]`/etc/sysconfig/uyuni-proxy-systemd-services.config`. +. To start using the images from the internal registry please adapt the [literal]`NAMESPACE` value in file `/etc/sysconfig/uyuni-proxy-systemd-services.config`. [[air-gapped-solution-for-podman]] == Air-gapped solution for Podman @@ -51,7 +53,20 @@ This example illustrates deployment of containerized image on a machine with no .Procedure: Deploying air-gapped proxy [role=procedure] -. Before starting the pod, on a machine with internet access run: +. Before starting the pod, to locate the pause image run the command: +//on a machine with internet access run: ++ +---- +echo -e '[engine]\nimfra_image = "(your_server)/pause:latest"'>>/etc/containers/containers.conf +---- ++ +[WARNING] +==== + +This command does not work on SLE 15 SP3 and earlier container hosts. +==== ++ +. On a machine with internet access run: + ---- for image in httpd salt-broker squid ssh tftpd; do @@ -73,3 +88,8 @@ podman save -m -o proxy-images.tar \ ---- podman load -i proxy-images.tar ---- ++ +[NOTE] +==== +For the k3s deployment, add [literal]`--set repository=(your_server)` to the helm install command line. +==== From 8a22e4754a5672646fa3f9ea28ecb83b5989947b Mon Sep 17 00:00:00 2001 From: 0rnela Date: Mon, 27 Feb 2023 11:48:14 +0100 Subject: [PATCH 14/29] Comments deleted. --- .../pages/containerized-proxy-deployment.adoc | 3 --- 1 file changed, 3 deletions(-) diff --git a/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc b/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc index a66157bcb9b..1ec29764062 100644 --- a/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc +++ b/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc @@ -37,11 +37,9 @@ skopeo copy docker://k8s.gcr.io/pause:latest docker://(your_server)/k8s.gcr.io/p + [NOTE] ==== -//If you want to copy the images to a registry with SSL, remove the property [literal]`--dest-tls-verify=false`. If the registry is not secured, add [literal]``--dest-tls-verify=false``. ==== + -//. To start using the images from the internal registry, adapt the image path at file [literal]`/etc/sysconfig/uyuni-proxy-systemd-services.config`. . To start using the images from the internal registry please adapt the [literal]`NAMESPACE` value in file `/etc/sysconfig/uyuni-proxy-systemd-services.config`. [[air-gapped-solution-for-podman]] @@ -54,7 +52,6 @@ This example illustrates deployment of containerized image on a machine with no [role=procedure] . Before starting the pod, to locate the pause image run the command: -//on a machine with internet access run: + ---- echo -e '[engine]\nimfra_image = "(your_server)/pause:latest"'>>/etc/containers/containers.conf From 0adfe1f564e40579de46c40be0e8a03d5f06e12f Mon Sep 17 00:00:00 2001 From: 0rnela Date: Tue, 28 Feb 2023 11:00:18 +0100 Subject: [PATCH 15/29] Further fixes and clarificiations following the review. --- .../pages/containerized-proxy-deployment.adoc | 24 +++++++++---------- 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc b/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc index 1ec29764062..00590be4bf3 100644 --- a/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc +++ b/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc @@ -29,17 +29,17 @@ done skopeo copy docker://k8s.gcr.io/pause:latest docker://(your_server)/k8s.gcr.io/pause:latest ---- + +[NOTE] +==== +If the registry is not secured, add [literal]``--dest-tls-verify=false``. +==== ++ . If the registry is unsecured, i.e. not configured with SSL, add the regitry domain to the section [literal]``registries.insecure`` on the containerized proxy virtual machine by editing: + ---- /etc/containers/registries.conf ---- + -[NOTE] -==== -If the registry is not secured, add [literal]``--dest-tls-verify=false``. -==== -+ . To start using the images from the internal registry please adapt the [literal]`NAMESPACE` value in file `/etc/sysconfig/uyuni-proxy-systemd-services.config`. [[air-gapped-solution-for-podman]] @@ -51,10 +51,10 @@ This example illustrates deployment of containerized image on a machine with no .Procedure: Deploying air-gapped proxy [role=procedure] -. Before starting the pod, to locate the pause image run the command: +. Before starting the pod, point the Podman where to get the [literal]`pause` image from on the internal registry: + ---- -echo -e '[engine]\nimfra_image = "(your_server)/pause:latest"'>>/etc/containers/containers.conf +echo -e '[engine]\ninfra_image = "(your_server)/pause:latest"'>>/etc/containers/containers.conf ---- + [WARNING] @@ -79,14 +79,14 @@ podman save -m -o proxy-images.tar \ registry.suse.com/suse/manager/4.3/proxy-tftpd ---- + +[NOTE] +==== +For the k3s deployment, add [literal]`--set repository=(your_server)` to the helm install command line. +==== ++ . Transfer the [literal]`proxy-images.tar` to the air-gapped proxy. . To make images available to be started when needed, run the command: + ---- podman load -i proxy-images.tar ---- -+ -[NOTE] -==== -For the k3s deployment, add [literal]`--set repository=(your_server)` to the helm install command line. -==== From b1dfff862fc4c06509a7a6f9dba05c15c6f874f8 Mon Sep 17 00:00:00 2001 From: 0rnela Date: Tue, 28 Feb 2023 15:35:34 +0100 Subject: [PATCH 16/29] Fixes and additional instructions. --- .../pages/containerized-proxy-deployment.adoc | 20 +++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc b/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc index 00590be4bf3..df0d75fd408 100644 --- a/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc +++ b/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc @@ -17,9 +17,14 @@ This example illustrates deployment of {salt} proxies only. . Install [literal]``skopeo`` on a machine with access to [literal]``registry.suse.com``: + ---- -zypper in skopeo (can be {productname} server) +zypper in skopeo ---- + +[NOTE] +==== +This can be {productname} server. +==== ++ . Copy images between registries: + ---- @@ -31,7 +36,7 @@ skopeo copy docker://k8s.gcr.io/pause:latest docker://(your_server)/k8s.gcr.io/p + [NOTE] ==== -If the registry is not secured, add [literal]``--dest-tls-verify=false``. +For every [literal]`skopeo` command add [literal]`--dest-tls-verify=false` if the registry is not secured. ==== + . If the registry is unsecured, i.e. not configured with SSL, add the regitry domain to the section [literal]``registries.insecure`` on the containerized proxy virtual machine by editing: @@ -40,6 +45,17 @@ If the registry is not secured, add [literal]``--dest-tls-verify=false``. /etc/containers/registries.conf ---- + +. Before starting the pod, point the Podman where to get the [literal]`pause` image from on the internal registry: ++ +---- +echo -e '[engine]\ninfra_image = "(your_server)/pause:latest"'>>/etc/containers/containers.conf +---- ++ +[NOTE] +==== +For the k3s deployment, add [literal]`--set repository=(your_server)` to the helm install command line. +==== ++ . To start using the images from the internal registry please adapt the [literal]`NAMESPACE` value in file `/etc/sysconfig/uyuni-proxy-systemd-services.config`. [[air-gapped-solution-for-podman]] From 0cf3ce741f46666e1a2218d86f387ff94ce995cb Mon Sep 17 00:00:00 2001 From: 0rnela Date: Tue, 28 Feb 2023 15:43:53 +0100 Subject: [PATCH 17/29] Moved admonition to a better place. --- .../pages/containerized-proxy-deployment.adoc | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc b/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc index df0d75fd408..31cf327a8b0 100644 --- a/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc +++ b/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc @@ -51,12 +51,13 @@ For every [literal]`skopeo` command add [literal]`--dest-tls-verify=false` if th echo -e '[engine]\ninfra_image = "(your_server)/pause:latest"'>>/etc/containers/containers.conf ---- + +. To start using the images from the internal registry please adapt the [literal]`NAMESPACE` value in file `/etc/sysconfig/uyuni-proxy-systemd-services.config`. ++ [NOTE] ==== For the k3s deployment, add [literal]`--set repository=(your_server)` to the helm install command line. -==== -+ -. To start using the images from the internal registry please adapt the [literal]`NAMESPACE` value in file `/etc/sysconfig/uyuni-proxy-systemd-services.config`. +==== + [[air-gapped-solution-for-podman]] == Air-gapped solution for Podman From 09e60bf930229566b74e9eca3f50730e1b3070b1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ornela=20Mari=C4=87?= Date: Wed, 1 Mar 2023 10:13:02 +0100 Subject: [PATCH 18/29] Update modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc Co-authored-by: Karl Eichwalder --- .../pages/containerized-proxy-deployment.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc b/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc index 31cf327a8b0..6d6015ff03b 100644 --- a/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc +++ b/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc @@ -22,7 +22,7 @@ zypper in skopeo + [NOTE] ==== -This can be {productname} server. +This can be {productname} Server. ==== + . Copy images between registries: From 8150e3b1f8c71f2f6024d1bdaa55407170b1f8a1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ornela=20Mari=C4=87?= Date: Wed, 1 Mar 2023 10:13:13 +0100 Subject: [PATCH 19/29] Update modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc Co-authored-by: Karl Eichwalder --- .../pages/containerized-proxy-deployment.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc b/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc index 6d6015ff03b..79293604db6 100644 --- a/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc +++ b/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc @@ -39,7 +39,7 @@ skopeo copy docker://k8s.gcr.io/pause:latest docker://(your_server)/k8s.gcr.io/p For every [literal]`skopeo` command add [literal]`--dest-tls-verify=false` if the registry is not secured. ==== + -. If the registry is unsecured, i.e. not configured with SSL, add the regitry domain to the section [literal]``registries.insecure`` on the containerized proxy virtual machine by editing: +. If the registry is unsecured, for example not configured with SSL, add the registry domain to the section [literal]``registries.insecure`` on the containerized proxy virtual machine by editing: + ---- /etc/containers/registries.conf From 9c6cb71c9a11e96b06f8e4a6fecdbec54690ed64 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ornela=20Mari=C4=87?= Date: Wed, 1 Mar 2023 10:13:23 +0100 Subject: [PATCH 20/29] Update modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc Co-authored-by: Karl Eichwalder --- .../pages/containerized-proxy-deployment.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc b/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc index 79293604db6..b45db182ab2 100644 --- a/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc +++ b/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc @@ -68,7 +68,7 @@ This example illustrates deployment of containerized image on a machine with no .Procedure: Deploying air-gapped proxy [role=procedure] -. Before starting the pod, point the Podman where to get the [literal]`pause` image from on the internal registry: +. Before starting the pod, point the Podman where to get the [literal]``pause`` image from on the internal registry: + ---- echo -e '[engine]\ninfra_image = "(your_server)/pause:latest"'>>/etc/containers/containers.conf From 4ecdeb9114cd04ccf0c6060df11c634af847613f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ornela=20Mari=C4=87?= Date: Wed, 1 Mar 2023 10:13:44 +0100 Subject: [PATCH 21/29] Update modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc Co-authored-by: Karl Eichwalder --- .../pages/containerized-proxy-deployment.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc b/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc index b45db182ab2..eab904281b5 100644 --- a/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc +++ b/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc @@ -98,7 +98,7 @@ podman save -m -o proxy-images.tar \ + [NOTE] ==== -For the k3s deployment, add [literal]`--set repository=(your_server)` to the helm install command line. +For the k3s deployment, add [literal]``--set repository=(your_server)`` to the helm install command line. ==== + . Transfer the [literal]`proxy-images.tar` to the air-gapped proxy. From 510998b01977fb269c2e7a6e7218cb491db59670 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ornela=20Mari=C4=87?= Date: Wed, 1 Mar 2023 10:13:53 +0100 Subject: [PATCH 22/29] Update modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc Co-authored-by: Karl Eichwalder --- .../pages/containerized-proxy-deployment.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc b/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc index eab904281b5..99b6a0cdbb8 100644 --- a/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc +++ b/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc @@ -101,7 +101,7 @@ podman save -m -o proxy-images.tar \ For the k3s deployment, add [literal]``--set repository=(your_server)`` to the helm install command line. ==== + -. Transfer the [literal]`proxy-images.tar` to the air-gapped proxy. +. Transfer the [literal]``proxy-images.tar`` to the air-gapped proxy. . To make images available to be started when needed, run the command: + ---- From 78b3386b588f5af0983d645d96b41bc70d169cc6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ornela=20Mari=C4=87?= Date: Wed, 1 Mar 2023 10:16:12 +0100 Subject: [PATCH 23/29] Update modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc Co-authored-by: Karl Eichwalder --- .../pages/containerized-proxy-deployment.adoc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc b/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc index 99b6a0cdbb8..6b0411efe1c 100644 --- a/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc +++ b/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc @@ -92,7 +92,8 @@ podman save -m -o proxy-images.tar \ k8s.gcr.io/pause \ registry.suse.com/suse/manager/4.3/proxy-httpd \ registry.suse.com/suse/manager/4.3/proxy-salt-broker \ - registry.suse.com/suse/manager/4.3/proxy-squid registry.suse.com/suse/manager/4.3/proxy-ssh \ + registry.suse.com/suse/manager/4.3/proxy-squid \ + registry.suse.com/suse/manager/4.3/proxy-ssh \ registry.suse.com/suse/manager/4.3/proxy-tftpd ---- + From bb9e06ddadaf86f748d13c02db76c3e5a5a2990c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ornela=20Mari=C4=87?= Date: Wed, 1 Mar 2023 10:21:06 +0100 Subject: [PATCH 24/29] Update modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc Co-authored-by: Karl Eichwalder --- .../pages/containerized-proxy-deployment.adoc | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc b/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc index 6b0411efe1c..ca8b31d9437 100644 --- a/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc +++ b/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc @@ -5,6 +5,7 @@ It is possible to deploy containerized images in an environment without an inter In such case, the images can be copied from {suse} registry to an internal registry, or saved to a [literal]``tar`` file. + [[image.from.suse.to.internal.registry]] == Image copying from {suse} registry to internal registry From 0924ae6816a866fce80252667e5aa52a26ae7a8d Mon Sep 17 00:00:00 2001 From: 0rnela Date: Wed, 1 Mar 2023 10:21:32 +0100 Subject: [PATCH 25/29] Formatting fixes. --- .../pages/containerized-proxy-deployment.adoc | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc b/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc index ca8b31d9437..d875313ef2e 100644 --- a/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc +++ b/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc @@ -37,7 +37,7 @@ skopeo copy docker://k8s.gcr.io/pause:latest docker://(your_server)/k8s.gcr.io/p + [NOTE] ==== -For every [literal]`skopeo` command add [literal]`--dest-tls-verify=false` if the registry is not secured. +For every [literal]``skopeo`` command add [literal]``--dest-tls-verify=false`` if the registry is not secured. ==== + . If the registry is unsecured, for example not configured with SSL, add the registry domain to the section [literal]``registries.insecure`` on the containerized proxy virtual machine by editing: @@ -46,17 +46,17 @@ For every [literal]`skopeo` command add [literal]`--dest-tls-verify=false` if th /etc/containers/registries.conf ---- + -. Before starting the pod, point the Podman where to get the [literal]`pause` image from on the internal registry: +. Before starting the pod, point the Podman where to get the [literal]``pause`` image from on the internal registry: + ---- echo -e '[engine]\ninfra_image = "(your_server)/pause:latest"'>>/etc/containers/containers.conf ---- + -. To start using the images from the internal registry please adapt the [literal]`NAMESPACE` value in file `/etc/sysconfig/uyuni-proxy-systemd-services.config`. +. To start using the images from the internal registry please adapt the [literal]``NAMESPACE`` value in file `/etc/sysconfig/uyuni-proxy-systemd-services.config`. + [NOTE] ==== -For the k3s deployment, add [literal]`--set repository=(your_server)` to the helm install command line. +For the k3s deployment, add [literal]``--set repository=(your_server)`` to the helm install command line. ==== From 6b73a1b9199d6f73bdc6f9fd3d9e9a3c5a01f35f Mon Sep 17 00:00:00 2001 From: 0rnela Date: Wed, 1 Mar 2023 10:25:31 +0100 Subject: [PATCH 26/29] Formatting fixes, brackets. --- .../pages/containerized-proxy-deployment.adoc | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc b/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc index d875313ef2e..4b2e1cdb1ee 100644 --- a/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc +++ b/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc @@ -30,9 +30,9 @@ This can be {productname} Server. + ---- for image in httpd salt-broker squid ssh tftpd; do - skopeo copy docker://registry.suse.com/suse/manager/4.3/proxy-$image:latest docker://(your_server)/registry.suse.com/suse/manager/4.3/proxy-$image + skopeo copy docker://registry.suse.com/suse/manager/4.3/proxy-$image:latest docker:///registry.suse.com/suse/manager/4.3/proxy-$image done -skopeo copy docker://k8s.gcr.io/pause:latest docker://(your_server)/k8s.gcr.io/pause:latest +skopeo copy docker://k8s.gcr.io/pause:latest docker:///k8s.gcr.io/pause:latest ---- + [NOTE] @@ -49,14 +49,14 @@ For every [literal]``skopeo`` command add [literal]``--dest-tls-verify=false`` i . Before starting the pod, point the Podman where to get the [literal]``pause`` image from on the internal registry: + ---- -echo -e '[engine]\ninfra_image = "(your_server)/pause:latest"'>>/etc/containers/containers.conf +echo -e '[engine]\ninfra_image = "/pause:latest"'>>/etc/containers/containers.conf ---- + . To start using the images from the internal registry please adapt the [literal]``NAMESPACE`` value in file `/etc/sysconfig/uyuni-proxy-systemd-services.config`. + [NOTE] ==== -For the k3s deployment, add [literal]``--set repository=(your_server)`` to the helm install command line. +For the k3s deployment, add [literal]``--set repository=`` to the helm install command line. ==== @@ -72,7 +72,7 @@ This example illustrates deployment of containerized image on a machine with no . Before starting the pod, point the Podman where to get the [literal]``pause`` image from on the internal registry: + ---- -echo -e '[engine]\ninfra_image = "(your_server)/pause:latest"'>>/etc/containers/containers.conf +echo -e '[engine]\ninfra_image = "/pause:latest"'>>/etc/containers/containers.conf ---- + [WARNING] @@ -100,7 +100,7 @@ podman save -m -o proxy-images.tar \ + [NOTE] ==== -For the k3s deployment, add [literal]``--set repository=(your_server)`` to the helm install command line. +For the k3s deployment, add [literal]``--set repository=`` to the helm install command line. ==== + . Transfer the [literal]``proxy-images.tar`` to the air-gapped proxy. From 6a919d6eeb0f2fdb1566ef78b2b84fd84efe09dc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ornela=20Mari=C4=87?= Date: Wed, 1 Mar 2023 10:31:24 +0100 Subject: [PATCH 27/29] Update modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc Co-authored-by: Karl Eichwalder --- .../pages/containerized-proxy-deployment.adoc | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc b/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc index 4b2e1cdb1ee..5819f8c5a67 100644 --- a/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc +++ b/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc @@ -77,7 +77,6 @@ echo -e '[engine]\ninfra_image = "/pause:latest"'>>/etc/containers/ + [WARNING] ==== - This command does not work on SLE 15 SP3 and earlier container hosts. ==== + From 4211bcac6fd7f8eceba1b2d3cff33ccc52798213 Mon Sep 17 00:00:00 2001 From: 0rnela Date: Wed, 1 Mar 2023 11:13:25 +0100 Subject: [PATCH 28/29] Sentence change. --- .../pages/containerized-proxy-deployment.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc b/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc index 5819f8c5a67..9b94091bc37 100644 --- a/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc +++ b/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc @@ -15,7 +15,7 @@ This example illustrates deployment of {salt} proxies only. .Procedure: Deploying {salt} Proxy from an internal image registry [role=procedure] -. Install [literal]``skopeo`` on a machine with access to [literal]``registry.suse.com``: +. On a machine with access to [literal]``registry.suse.com`` install [literal]``skopeo``: + ---- zypper in skopeo From b2fc9a44fab99063b2d2618b62b8449e308c4869 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ornela=20Mari=C4=87?= Date: Thu, 2 Mar 2023 10:45:05 +0100 Subject: [PATCH 29/29] Update modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc Co-authored-by: Karl Eichwalder --- .../pages/containerized-proxy-deployment.adoc | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc b/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc index 9b94091bc37..fbf0dfddb6f 100644 --- a/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc +++ b/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc @@ -11,6 +11,7 @@ In such case, the images can be copied from {suse} registry to an internal regis This example illustrates deployment of {salt} proxies only. +Machines must have access to [literal]``registry.suse.com``. .Procedure: Deploying {salt} Proxy from an internal image registry [role=procedure]