SUSE Manager/SaltProxy

From MicroFocusInternationalWiki
Revision as of 15:42, 3 August 2016 by SilvioMoioli (Talk | contribs) (Created page with "= Summary = Add functionality to the SUSE Manager Proxy product to act as a broker and package cache for Salt minions. = Setup = For new proxies, make sure the <code>spacew...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Summary

Add functionality to the SUSE Manager Proxy product to act as a broker and package cache for Salt minions.

Setup

For new proxies, make sure the spacewalk-proxy package is installed with version 2.5.1.3 or later.

For existing proxies, update the spacewalk-proxy package to version 2.5.1.3 or later, along with its dependencies. The new salt-broker service will be automatically started at the end of the upgrade.

It is possible to arrange proxies in a chain.

Make sure your proxy has TCP ports 4505 and 4506 opened, and can reach the SUSE Manager server (or the upstream proxy) at those same ports as well.

Usage

To register a minion through a proxy, add the proxy FQDN as the master in the minion configuration (either /etc/salt/minion or /etc/salt/minion.d/<NAME>.conf):

master: proxy123.mycompany.com

Then start or restart the salt-minion service and accept the minion key on the SUSE Manager server as per normal minions.

The minion will, at this point, connect to the proxy exclusively both for Salt operations and regular HTTP downloads (eg. package downloads).

In the Web UI, standard proxy pages will show information about minions just like regular clients (a list of all proxies is available in Systems -> Systems -> Proxy, a list of clients connected to a proxy is available in Systems -> <proxy name> -> Details -> Proxy and the list of chained proxies for a minion is available in Systems -> <minion name> -> Details -> Connection).

Moving minions between Proxies and Server

You have to repeat the registration process from scratch in order to move a minion from behind a Proxy to the Server, vice versa, or between different Proxies.

Limitations

The salt broker SUSE Manager Proxy functionality is only supported if the same SSL certificate generated for SUSE Manager Server was used when setting up the Proxy.

Using different certificates for Proxies and Server is at the moment not supported.

Technical blueprint

This document is the project blueprint followed to implement this feature.