Add functionality to the SUSE Manager Proxy product to act as a broker and package cache for Salt minions.
For new proxies, make sure the
spacewalk-proxy package is installed with version 184.108.40.206 or later.
For existing proxies, update the
spacewalk-proxy package to version 220.127.116.11 or later, along with its dependencies. The new salt-broker service will be automatically started at the end of the upgrade.
It is possible to arrange proxies in a chain.
Make sure your proxy has TCP ports 4505 and 4506 opened, and can reach the SUSE Manager server (or the upstream proxy) at those same ports as well.
To register a minion through a proxy, add the proxy FQDN as the master in the minion configuration (either
Then start or restart the salt-minion service and accept the minion key on the SUSE Manager server as per normal minions.
The minion will, at this point, connect to the proxy exclusively both for Salt operations and regular HTTP downloads (eg. package downloads).
In the Web UI, standard proxy pages will show information about minions just like regular clients (a list of all proxies is available in Systems -> Systems -> Proxy, a list of clients connected to a proxy is available in Systems -> <proxy name> -> Details -> Proxy and the list of chained proxies for a minion is available in Systems -> <minion name> -> Details -> Connection).
Moving minions between Proxies and Server
You have to repeat the registration process from scratch in order to move a minion from behind a Proxy to the Server, vice versa, or between different Proxies.
The salt broker SUSE Manager Proxy functionality is only supported if the same SSL certificate generated for SUSE Manager Server was used when setting up the Proxy.
Using different certificates for Proxies and Server is at the moment not supported.