Difference between revisions of "SUSE Manager/bootstrapping-salt-scripted"

From MicroFocusInternationalWiki
Jump to: navigation, search
(Registration using a bootstrap script (recommended))
(Registration using a bootstrap script (recommended))
Line 31: Line 31:
  
 
== Registration using a bootstrap script (recommended) ==
 
== Registration using a bootstrap script (recommended) ==
# If needed, regenerate the bootstrap script with the Salt option enabled <br/> <tt>mgr-bootstrap --salt --script=bootstrap-salt.sh</tt>
+
# If needed, regenerate the bootstrap script with the Salt option enabled <br/> <tt>mgr-bootstrap --salt --script=bootstrap-salt.sh --ssl-cert=RHN-ORG-TRUSTED-SSL-CERT</tt>
# Copy it and edit the script to reflect the correct activation key, and any other relevant content.
+
# Copy it and edit the script to reflect the correct activation key, and any other relevant content.  Here are some examples of changes:
 +
## Add an activation key <tt>ACTIVATION_KEYS=1-11sp4-x86_64</tt>
 +
## Comment out the removal of the certificate to prevent repository issues.  Search for this section and ensure it looks like this:
 +
  \#echo  "* removing TLS certificate used for bootstrap"
 +
  \#echo "  (will be re-added via salt state)"
 +
  \#removeTLSCertificate
 +
</tt>  The mechanism to add this to a salt state sometimes interferes with proper channel certification.
 
# Download and run the appropriately edited bootstrap script after adding correct activation key, etc.  This will install the necessary Salt packages, set the proper activation key, and starts the <tt>salt-minion</tt> service. <br/><tt>curl -Sks http://<server>/pub/bootstrap/bootstrap-salt.sh | /bin/bash </tt>  It also creates this file on the minion: <tt>/etc/salt/minion.d/susemanager.conf</tt>  
 
# Download and run the appropriately edited bootstrap script after adding correct activation key, etc.  This will install the necessary Salt packages, set the proper activation key, and starts the <tt>salt-minion</tt> service. <br/><tt>curl -Sks http://<server>/pub/bootstrap/bootstrap-salt.sh | /bin/bash </tt>  It also creates this file on the minion: <tt>/etc/salt/minion.d/susemanager.conf</tt>  
 
# Go to the Server web UI to Salt -> Onboarding and accept the minion's key.  After a few minutes, the new minion will appear in your list of systems with the channels assigned in the activation key you specified in the bootstrap process.
 
# Go to the Server web UI to Salt -> Onboarding and accept the minion's key.  After a few minutes, the new minion will appear in your list of systems with the channels assigned in the activation key you specified in the bootstrap process.

Revision as of 19:40, 23 February 2017

SUSE Manager Main Page

Bootstrap salt minions with bootstrap scripts

Since SUMA 3.0.2, you can create salt-specific bootstrap scripts that can be incorporated into your onboarding or build processes.

Prerequisites

Apply the latest updates to SUSE Manager 3, minimum update required is version 3.0.2.

Required channels

Make sure you have the corresponding product enabled and the channels synced. This must be completed before creating the bootstrap repositories. For example:

  • SLES11 SP4 x86_64
- Product: SUSE Linux Enterprise Server 11 SP4 (x86_64)
- Mandatory channels: sles11-sp4-pool-x86_64, sles11-sp4-suse-manager-tools-x86_64, sles11-sp4-updates-x86_64

In order to check if the channels have finished syncing:

  • Go to "Admin -> Setup Wizard" and look under tab "SUSE Products" You will see a Green indicator and the last sync time for completed products.
  • Go to Channels, and select the channel in question. Under "Basic Information", the "Last Modified" and "Last Repo Build" date/time stamps should agree, and the "Repo Cache Status" must be "Completed"
  • Optionally check the sync log file under /var/log/rhn/reposync/<channel-label>.log

Bootstrap repositories

On the server, create a bootstrap repository for each distribution/architecture with
mgr-create-bootstrap-repo
Ensure that this script finishes properly, and if not, re-check the channel sync. You can safely re-run this command, and you should whenever a new version of salt-minion is released, and your tools channel gets updated. The repositories are created under
/srv/www/htdocs/pub/repositories
, and are meant to be used in the registration/bootstrap process only.

Minion registration

On the client machine(s) perform the following:

Registration using a bootstrap script (recommended)

  1. If needed, regenerate the bootstrap script with the Salt option enabled
    mgr-bootstrap --salt --script=bootstrap-salt.sh --ssl-cert=RHN-ORG-TRUSTED-SSL-CERT
  2. Copy it and edit the script to reflect the correct activation key, and any other relevant content. Here are some examples of changes:
    1. Add an activation key ACTIVATION_KEYS=1-11sp4-x86_64
    2. Comment out the removal of the certificate to prevent repository issues. Search for this section and ensure it looks like this:
  \#echo  "* removing TLS certificate used for bootstrap"
  \#echo "  (will be re-added via salt state)"
  \#removeTLSCertificate

</tt> The mechanism to add this to a salt state sometimes interferes with proper channel certification.

  1. Download and run the appropriately edited bootstrap script after adding correct activation key, etc. This will install the necessary Salt packages, set the proper activation key, and starts the salt-minion service.
    curl -Sks http://<server>/pub/bootstrap/bootstrap-salt.sh | /bin/bash It also creates this file on the minion: /etc/salt/minion.d/susemanager.conf
  2. Go to the Server web UI to Salt -> Onboarding and accept the minion's key. After a few minutes, the new minion will appear in your list of systems with the channels assigned in the activation key you specified in the bootstrap process.