Difference between revisions of "SUSE Manager/InterServerSync"

From MicroFocusInternationalWiki
Jump to: navigation, search
(Installation Instructions (Server))
(Configure the Master Server to accept connections from a SUSE Manager Slave Server)
Line 19: Line 19:
 
== Configure the Master Server to accept connections from a SUSE Manager Slave Server ==
 
== Configure the Master Server to accept connections from a SUSE Manager Slave Server ==
  
A SUSE Manager Server does not allow any other SUSE Manager Server to connect to. You need to allow it explicitly.
+
A SUSE Manager Server does not allow any other SUSE Manager Server to connect. You need to allow it explicitly.
  
Modify /etc/rhn/rhn.conf and add the hostnames or the allowed slaves to '''allowed_iss_slaves''' options:
+
Modify /etc/rhn/rhn.conf and add the hostnames of the allowed slaves to '''allowed_iss_slaves''' options:
  
 
   # Use this option if this server is intended to be a master
 
   # Use this option if this server is intended to be a master

Revision as of 11:36, 22 May 2013

New Features in SUSE Manager 1.7

This betatest comes with the latest upcoming features for SUSE Manager 1.7, which includes support for Inter Server Sync - connect a SUSE Manager Server to another SUSE Manager Server instead of NCC.

Installation Instructions (Server)

Take care, that you have the latest official updates installed. susemanager-schema should have version 1.7.56.18 .

Stop spacewalk services

 $> spacewalk-service stop

Update already installed packages

 $> zypper ar -f http://w3.suse.de/~mc/SUSEManager/ISS/ manager-iss-beta
 $> zypper dup --from manager-iss-beta

Start spacewalk services

 $> spacewalk-service start

Configure the Master Server to accept connections from a SUSE Manager Slave Server

A SUSE Manager Server does not allow any other SUSE Manager Server to connect. You need to allow it explicitly.

Modify /etc/rhn/rhn.conf and add the hostnames of the allowed slaves to allowed_iss_slaves options:

 # Use this option if this server is intended to be a master
 # Comma separated list of allowed iss slaves, like:
 allowed_iss_slaves=slave1.example.com,slave2.example.com

Additionally take care, that the option disable_iss is set to '0'

After changing the config, please restart the SUSE Manager Server:

 $> spacewalk-service restart

Now you need to refresh the NCC Sync data with:

 $> mgr-ncc-sync --refresh

Configure the SUSE Manager Slave Server

A SUSE Manager Slave Server connect only to its master server. A Connection to NCC is not needed.

During initial setup

We have enhanced the yast module which setup a SUSE Manager Server to be able to setup a Slave server. To test this, please install a new SUSE Manager Server from the appliance ISO and update all the packages before you start the yast module:

Update already installed packages

 $> zypper ar -f http://w3.suse.de/~mc/SUSEManager/ISS/ manager-iss-beta
 $> zypper dup --from manager-iss-beta

Setup SUSE Manager Server

 $> yast2 susemanager_setup

You will see that the screen with the NCC credentials has changed. You can select between

  • Connect to NCC
  • Connect to SUSE Manager for inter-server sync

Choose Connect to SUSE Manager for inter-server sync. The additional field Parent Server Name will be enabled. Enter the FQDN of the master server there.

The NCC Mirror Credential Username and Password needs to be the same as the first credential on the master Server.

Use the Test button to test if the credentials are working.


Manually setup

If you have an already setup SUSE Manager Server you want to connect as a slave, you need to configure it manually.

Update the Server using the same steps as described above in Installation Instruction (Server).

Modify /etc/rhn/rhn.conf and set iss_parent to the FQDN of the master server.

Check, if /etc/ssl/certs/RHN-ORG-TRUSTED-SSL-CERT.pem already exists. If yes, you need to rename it:

 $> mv /etc/ssl/certs/RHN-ORG-TRUSTED-SSL-CERT.pem /etc/ssl/certs/OWN-SUSE-MANAGER-TRUSTED-SSL-CERT.pem
 $> c_rehash /etc/ssl/certs/

Download the SSL CA Certificate:

 $> curl -o /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT "http://FQDN.ISS.PARENT/pub/RHN-ORG-TRUSTED-SSL-CERT"

Trust this certificate:

 $> ln -s /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT /etc/ssl/certs/RHN-ORG-TRUSTED-SSL-CERT.pem
 $> c_rehash /etc/ssl/certs/

Restart the SUSE Manager Server

 $> spacewalk-service restart

Initialize the SUSE Manager Server

 $> mgr-ncc-sync --refresh

Use Inter Server Sync

On a SUSE Manager Slave the functions of mgr-ncc-sync are limited. The tool you should use to sync channels is now mgr-inter-sync. (This is a symlink to satellite-sync)

List available channels:

 $> mgr-inter-sync --list-channels

Sync a channel:

 $> mgr-inter-sync --channel <channel label>

Refresh all channels which are available in this server:

 $> mgr-inter-sync

Forward Registrations to NCC

Slave server forward the registrations to NCC by using the parent as a proxy. A SUSE Manager Server acting as a parent accept register and de-register operations and forward them directly to his parent. The first SUSE Manager Server will send these requests to NCC and return the answer back the chain to the original requesting server.

There are some checks implemented which needs to be passed before a SUSE Manager Server forward such a request. It checks, if the requesting slave is in the allowed list and it checks the user and password. These must match the first configured mirror credential.