Install Uyuni Proxy with openSUSE Leap

Uyuni Proxy can be installed on openSUSE Leap. The proxy is installed in the same way as a client, but is designated as a proxy server during installation.

For more information about the stable version of Uyuni, see https://www.uyuni-project.org/pages/stable-version.html.
For more information about the development version of Uyuni, see https://www.uyuni-project.org/pages/devel-version.html.

Install Uyuni Proxy on openSUSE Leap

You can use a physical or virtual machine running openSUSE Leap to install the Uyuni Proxy. Configure a resolvable fully-qualified domain name on the proxy before you begin, to ensure that it is accessible across the network.

The Uyuni Proxy software is available from download.opensuse.org, and you can use zypper to retrieve the software and install it.

Procedure: Installing openSUSE Leap with Uyuni Proxy

Install openSUSE Leap as the base system, and ensure all package updates have been applied.
Configure a resolvable fully qualified domain name (FQDN) with YaST by navigating to System Network Settings Hostname/DNS.

At the command prompt, as root, add the repository for installing the Uyuni Server software:

repo=repositories/systemsmanagement:/
repo=${repo}Uyuni:/Stable/images/repo/Uyuni-Proxy-POOL-x86_64-Media1/
zypper ar https://download.opensuse.org/$repo uyuni-proxy-stable

Refresh metadata from the repositories:
```
zypper ref
```
Install the pattern for the Uyuni Proxy:
```
zypper in patterns-uyuni_proxy
```
Reboot the proxy.

When the installation is complete, you can continue with Uyuni setup. For more information, see installation:uyuni-proxy-registration.adoc.

Prepare the Proxy

Before you begin, ensure that the proxy pattern is installed correctly. To verify a successful installation, on the Uyuni Server, select the pattern_uyuni_proxy package for installation.

The salt-broker service will be automatically started after installation is complete. This service forwards the Salt interactions to the Uyuni server.

It is possible to arrange Salt proxies in a chain. In this case, the upstream proxy is named parent.

Make sure the TCP ports 4505 and 4506 are open on the proxy. The proxy must be able to reach the Uyuni Server or a parent proxy on these ports.

The proxy shares some SSL information with the Uyuni Server. You need to copy the certificate and its key from the Uyuni Server or the parent proxy to the proxy you are setting up.

Procedure: Copying the Server Certificate and Key

On the proxy you are setting up, at the command prompt, as root, create a directory for the certificate and key:
```
mkdir -m 700 /root/ssl-build
cd /root/ssl-build
```

Copy the certificate and the key from the source to the new directory. In this example, the source location is called PARENT. Replace this with the correct path:

scp root@<PARENT>:/root/ssl-build/RHN-ORG-PRIVATE-SSL-KEY .
scp root@<PARENT>:/root/ssl-build/RHN-ORG-TRUSTED-SSL-CERT .
scp root@<PARENT>:/root/ssl-build/rhn-ca-openssl.cnf .

To keep the security chain intact, the Uyuni Proxy functionality requires the SSL certificate to be signed by the same CA as the Uyuni Server certificate. Using certificates signed by different CAs for proxies and server is not supported. For more information on how Uyuni handles certificates, see administration:ssl-certs.adoc.

Register a Proxy

When the proxy is installed, you can register it to the Uyuni Server.

Procedure: Registering the Proxy

On the Uyuni Server, create openSUSE Leap and the Uyuni Proxy channels with the spacewalk-common-channels command. spacewalk-common-channels is part of the spacewalk-utils package:
```
spacewalk-common-channels \
opensuse_leap15_2 \
opensuse_leap15_2-non-oss \
opensuse_leap15_2-non-oss-updates \
opensuse_leap15_2-updates \
opensuse_leap15_2-uyuni-client \
uyuni-proxy-stable-leap-152
```
Instead of uyuni-proxy-stable-leap-152 you can also try the latest development version, called uyuni-proxy-devel-leap. For more information, see client-configuration:clients-opensuse.adoc.
Create an activation key with openSUSE Leap as a base channel and the other channels as child channels. For more information about activation keys, see client-configuration:activation-keys.adoc.
Modify a bootstrap script for the proxy. Add the GPG key to the ORG_GPG_KEY= parameter. For more information, see client-configuration:clients-opensuse.adoc.
Bootstrap the client using the script. For more information, see client-configuration:registration-bootstrap.adoc.
Navigate to Salt Keys and accept the key. When the key is accepted, the new proxy will show in Systems Overview in the Recently Registered Systems section.
Navigate to System Details Software Software Channels, and check that the proxy channel is selected.

Set Up the Proxy

When you have registered the proxy, you can use a supplied interactive script to complete proxy setup. The configure-proxy.sh script finalizes the setup of your Uyuni Proxy.

Procedure: Setting up the Proxy

On the proxy you are setting up, at the command prompt, as root, execute the setup script:
```
configure-proxy.sh
```
Follow the prompts to set up the proxy. Leave a field blank and type Enter to use the default values shown between square brackets.

More information about the settings set by the script:

Uyuni Parent

the Uyuni parent can be either another proxy or a server.

HTTP Proxy

A HTTP proxy enables your Uyuni Proxy to access the Web. This is needed if direct access to the Web is prohibited by a firewall.

Traceback Email

An email address where to report problems.

Do You Want to Import Existing Certificates?

Answer N. This ensures using the new certificates that were copied previously from the Uyuni server.

Organization

The next questions are about the characteristics to use for the SSL certificate of the proxy. The organization might be the same organization that was used on the server, unless of course your proxy is not in the same organization as your main server.

Organization Unit

The default value here is the proxy’s hostname.

City

Further information attached to the proxy’s certificate.

State

Further information attached to the proxy’s certificate.

Country Code

In the country code field, enter the country code set during the Uyuni installation. For example, if your proxy is in the US and your Uyuni is in DE, enter DE for the proxy.

The country code must be two upper case letters. For a complete list of country codes, see https://www.iso.org/obp/ui/#search.

Cname Aliases (Separated by Space)

Use this if your proxy can be accessed through various DNS CNAME aliases. Otherwise it can be left empty.

CA Password

Enter the password that was used for the certificate of your Uyuni Server.

Do You Want to Use an Existing SSH Key for Proxying SSH-Push Salt Minion?

Use this option if you want to reuse a SSH key that was used for SSH-Push Salt clients on the server.

Create and Populate Configuration Channel rhn_proxy_config_1000010001?

Accept default Y.

SUSE Manager Username

Use same user name and password as on the Uyuni server.

If parts are missing, such as CA key and public certificate, the script prints commands that you must execute to integrate the needed files. When the mandatory files are copied, run configure-proxy.sh again. If you receive an HTTP error during script execution, run the script again.

configure-proxy.sh activates services required by Uyuni Proxy, such as squid, apache2, salt-broker, and jabberd.

To check the status of the proxy system and its clients, click the proxy system’s details page on the Web UI (Systems Proxy, then the system name). Connection and Proxy subtabs display various status information.

You might also need to set up Cobbler on your Uyuni Proxy. For more information about Cobbler, see client-configuration:cobbler.adoc.

Procedure: Synchronizing Profiles and System Information

On the proxy, at the command prompt, as root, install the susemanager-tftpsync-recv package:
```
zypper in susemanager-tftpsync-recv
```
On the proxy, run the configure-tftpsync.sh setup script and enter the requested information:
```
configure-tftpsync.sh
```
You need to provide the hostname and IP address of the Uyuni Server and the proxy. You also need to enter the path to the tftpboot directory on the proxy.
On the server, at the command prompt, as root, install susemanager-tftpsync:
```
zypper in susemanager-tftpsync
```
On the server, run configure-tftpsync.sh setup script and enter the requested information:
```
configure-tftpsync.sh
```
Run the script again with the fully-qualified domain name of the proxy you are setting up. This creates the configuration, and uploads it to the Uyuni Proxy:
```
configure-tftpsync.sh FQDN_of_Proxy
```
On the server, start an initial synchronization:
```
cobbler sync
```
You can also synchronize after a change within Cobbler that needs to be synchronized immediately. Otherwise Cobbler synchronization will run automatically when needed. For more information about Cobbler, see Cobbler.

Configure DHCP for PXE through Proxy

Uyuni uses Cobbler for client provisioning. PXE (tftp) is installed and activated by default. Clients must be able to find the PXE boot on the Uyuni Proxy using DHCP. Use this DHCP configuration for the zone which contains the clients to be provisioned:

next-server: <IP_Address_of_Proxy>
filename: "pxelinux.0"

Register a Proxy

When the proxy is set up, you can register it to the Uyuni Server.

Procedure: Registering the Proxy

On the Uyuni Server, create openSUSE Leap and the Uyuni Proxy channels with the spacewalk-common-channels command. spacewalk-common-channels is part of the spacewalk-utils package:
```
spacewalk-common-channels \
opensuse_leap15_2 \
opensuse_leap15_2-non-oss \
opensuse_leap15_2-non-oss-updates \
opensuse_leap15_2-updates \
opensuse_leap15_2-uyuni-client \
uyuni-proxy-stable-leap-152
```
Instead of uyuni-proxy-stable-leap-152 you can also try the latest development version, called uyuni-proxy-devel-leap. For more information, see client-configuration:clients-opensuse.adoc.
Create an activation key with openSUSE Leap as a base channel and the other channels as child channels. For more information about activation keys, see client-configuration:activation-keys.adoc.
Modify a bootstrap script for the proxy. Add the GPG key to the ORG_GPG_KEY= parameter. For more information, see client-configuration:clients-opensuse.adoc. For more information about bootstrap scripts, see client-configuration:registration-bootstrap.adoc.
Bootstrap the client using the script. For more information, see client-configuration:registration-bootstrap.adoc.
Navigate to Salt Keys and accept the key. When the key is accepted, the new proxy will show in Systems Overview in the Recently Registered Systems section.
Navigate to System Details Software Software Channels, and check that the proxy channel is selected.

Reinstalling a Proxy

A proxy does not contain any information about the clients that are connected to it. Therefore, a proxy can be replaced by a new one at any time. The replacement proxy must have the same name and IP address as its predecessor.

For more information about reinstalling a proxy, see installation:proxy-setup.adoc.

Proxy systems are registered as Salt clients using a bootstrap script.

This procedure describes software channel setup and registering the installed proxy with an activation key as the Uyuni client.

Before you can select the correct child channels while creating the activation key, ensure you have properly synchronized the openSUSE Leap channel with all the needed child channels and the Uyuni Proxy channel.

More Information

For more information about the Uyuni project, and to download the source, see https://www.uyuni-project.org/.

For more Uyuni product documentation, see https://www.uyuni-project.org/uyuni-docs/uyuni/index.html.

To raise an issue or propose a change to the documentation, use the links under the Resources menu on the documentation site.