5 Registering Clients
5.1 Introduction #
Releases prior to SUSE Manager 2.1 were shipped with a traditional client management framework (which is still fully supported today). SUSE Manager 3 and later include the Salt framework in addition to the traditional framework.
- Salt
Is an end-to-end data-center automation tool which may also be used outside the scope of SUSE Manager to introduce reactive, real-time orchestration, and configuration management. Managed systems can coexist using both traditional and Salt frameworks. This functionality provides a safe learning environment when switching to Salt while you continue to maintain existing deployments.
5.2 Creating Activation Keys #
The following procedure will guide you through creating the activation keys for your test channels. Activation keys can be used with both Salt and traditional clients.
Activation keys define the number of software entitlements, channels, and groups a client system is allowed to subscribe to. This information is passed on to all systems registered with said key. Each activation key is bound to the organization for which it has been created.
Procedure: Creating Activation Keys #
As the administrator login to the SUSE Manager Web UI.
Switch to › .
Click the link at the upper right corner.
Enter an › to identify the generated activation key.
Enter a human readable › string value such as SLES12-SP3 to represent the distribution and service pack associated with the key.
Warning: Allowed Characters
For all SUSE Products do not use commas within the key string. Red Hat Products require commas. For more information, see Section 7.9, “Activation Keys”.
Select the SUSE Linux Enterprise channel that was added during First Channel Sync from the › drop down.
For this guide leave › set to default.
› should remain unchecked. Click to complete creation of the activation key.
5.3 Creating the SUSE Manager Tools Repository #
In this section you will create a tools repository on the SUSE Manager Server for providing client tools. The client tools repository contains packages for installing Salt on minions as well as required packages for registering traditional clients during the bootstrapping procedure. These packages will be installed from the newly generated repository during the registration process. In the following procedure you will create the SUSE Linux Enterprise tools repository.
Important: Creating a Tools Repository when an SCC Channel has not been Synced
Before following the procedure to create the tools repository make sure the SUSE vendor channel you will be using with your client has been completely synced.
You can check this by running tail -f /var/log/rhn/reposync/<CHANNEL_NAME>.log as root.
In the following example replace version with the actual version string:
# tail -f /var/log/rhn/reposync/sles`version`-pool-x86_64.log
Once completed you should see the following output in your terminal:
2017/12/12 15:20:32 +02:00 Importing packages started. 2017/12/12 15:22:02 +02:00 1.07 % ... 2017/12/12 15:34:25 +02:00 86.01 % 2017/12/12 15:35:49 +02:00 Importing packages finished. 2017/12/12 15:35:49 +02:00 Linking packages to channel. ... 2017/12/12 15:35:59 +02:00 Sync completed.
Procedure: Generating the Tools Repository for SUSE Linux Enterprise #
Open a terminal on the server as root and enter the following command to list available bootstrap repositories:
mgr-create-bootstrap-repo -l SLE-`version`-x86_64
Then invoke the same command using the listed repository as the product label to actually create the bootstrap repository:
mgr-create-bootstrap-repo -c SLE-version-x86_64
SUSE Manager will create and add the client tools to the newly created
repositoriesdirectory located at/srv/www/htdocs/pub/repositories/.
This repository is suitable for both Server and Desktop of SUSE Linux Enterprise .
5.4 Registering Traditional Clients #
5.4.1 Generating a Bootstrap Script #
This section goes over generating a template bootstrap script which will be copied and modified for use with “traditional” clients. Traditional clients register with SUSE Manager via a bootstrap script executed on the client which deploys all necessary packages to it. The bootstrap script contains parameters which assigns a client system to its base channel. Two of these important parameters are:
Activation Keys
GNU Privacy Guard (GPG) Keys
Note: Using the --traditional [option]
As of SUSE Manager 3.1 the --traditional option must be used if creating a bootstrap script from the command line via the mgr-bootstrap command for traditional clients.
Generated bootstrap scripts target Salt minions by default.
Note: Bootstrap Scripting Best Practices
It is possible to use various methods to register clients for use with SUSE Manager in mass using bootstrap. Using batch scripts for mass registration of both VM and Bare Metal machines is a possibility. Some of these methods will be covered in the Best Practices Guide and will be added as examples at a later time.
Important: SLES 15 and Python 3
SLES 15 utilizes Python 3 as its default system version. Due to this change any older bootstrap scripts(based on python 2) must be re-created for SLES 15 systems. Attempting to register SLES 15 systems with SUSE Manager using Python 2 versions of the bootstrap script will fail.
The following procedure will guide you through generating a bootstrap script.
Procedure: Creating a Bootstrap Script #
From the SUSE Manager Web UI, browse to › › › . For more information, see Section 18.4.2, “ › ”.
Uncheck › › . Use default settings and click the button.
Warning: Using SSL
Unchecking in the Web UI or setting
USING_SSL=0in the bootstrap script is not recommended. If you disable SSL nevertheless you will need to manage custom CA certificates to be able to run the registration process successfully.A template bootstrap script is generated and stored on the server’s file system in the
/srv/www/htdocs/pub/bootstrapdirectory.cd /srv/www/htdocs/pub/bootstrap
The bootstrap script is also available at
https://example.com/pub/bootstrap/bootstrap.sh.
Section 5.4.2, “Editing the Bootstrap Script” will cover copying and modifying your bootstrap template for use with each client.
5.4.2 Editing the Bootstrap Script #
In this section you will copy and modify the template bootstrap script you created from Section 5.4.1, “Generating a Bootstrap Script”.
A minimal requirement when modifying a bootstrap script for use with SUSE Manager is the inclusion of an activation key. Depending on your organizations security requirements it is strongly recommended to include one or more (GPG) keys (for example, your organization key, and package signing keys). For this tutorial you will be registering with the activation keys created in the previous section.
Procedure: Modifying the Bootstrap Script #
Login as root from the command line on your SUSE Manager server.
Navigate to the bootstrap directory with:
cd /srv/www/htdocs/pub/bootstrap/
Create and rename two copies of the template bootstrap script for use with each of your clients.
cp bootstrap.sh bootstrap-sles11.sh cp bootstrap.sh bootstrap-sles12.sh
Open
sles12.shfor modification. Scroll down and modify both lines marked in green. You must comment outexit 1with a hash mark (\#) to activate the script and then enter the name of the key for this script in theACTIVATION_KEYS=field as follows:echo "Enable this script: comment (with #'s) this block (or, at least just" echo "the exit below)" echo #exit 1 # can be edited, but probably correct (unless created during initial install): # NOTE: ACTIVATION_KEYS *must* be used to bootstrap a client machine. ACTIVATION_KEYS=1-sles12 ORG_GPG_KEY=
Once you have completed your modifications save the file and repeat this procedure for the second bootstrap script. Proceed to Section 5.4.3, “Connecting Clients”.
Note: Finding Your Keys
To find key names you have created: In the Web UI, click › › › . All keys created for channels are listed on this page. You must enter the full name of the key you wish to use in the bootstrap script exactly as presented in the key field.
5.4.3 Connecting Clients #
This section covers connecting your clients to SUSE Manager with the modified bootstrap script.
Procedure: Running the Bootstrap Script #
From your SUSE Manager Server command line as root navigate to the following directory:
cd /srv/www/htdocs/pub/bootstrap/
Run the following command to execute the bootstrap script on the client:
cat MODIFIED-SCRIPT.SH \ | ssh root@example.com /bin/bash
The script will execute and proceed to download the required dependencies located in the repositories directory you created earlier. Once the script has finished running, log in to the Web UI and click › to see the new client listed.
This concludes the bootstrap section of this guide. Section 5.5, “Registering Salt Clients” will go over registering Salt minions for use with SUSE Manager.
5.5 Registering Salt Clients #
There are currently three methods for registering Salt minions.
The following section describes the first method and uses a bootstrap repository.
The second method is to create a bootstrap script using mgr-bootstrap.
Bootstrapping Salt minions with mgr-bootstrap is performed in the same manner as bootstrapping traditional clients; for more information, see Section 5.4, “Registering Traditional Clients”.
The third method is performed from the SUSE Manager{webui}
; find this method located in Section 7.6, “Bootstrapping [Salt]”.
Important: Deprecation Warning
The mgr-bootstrap --salt option will be deprecated as of SUSE Manager 3.1.
To bootstrap a Salt minion call mgr-bootstrap from the command line as you would for a traditional system.
The following section assumes you have created a SUSE Manager tools repository. You can review creating a tools repository in Section 5.3, “Creating the SUSE Manager Tools Repository”.
Warning: Ensure the Salt Master is Reachable During Bootstrap
The Salt master and its proxy should always be reachable via both IP address and the FQDN. In the following rare scenario:
The Salt master (SUSE Manager) is in some DNS.
Your Minions are in a different subnet bound to an alternate DNS and the Salt master record is absent.
The Salt master cannot know that the minion is not utilizing the same DNS record. The the Salt master nevertheless sends the FQDN of itself to the minion expecting it to join.
The minion looks for a different DNS, one where the master record does not exist therefore bootstrap fails.
Once you have fully synced a base channel from the Web UI
for clients to obtain software sources from, for example: SLES12-SP3-Pool_for_x86_64 perform the following procedure to register a Salt minion.
Procedure: Registering Salt Minions #
On your minion as
rootenter the following command:zypper ar http://`FQDN.SUSE.Manager.com`/pub/repositories/sle/12/3/bootstrap/ \ sles12-sp3
Note
Do not use
HTTPS. UseHTTPinstead to avoid errors.After adding the repository containing the necessary Salt packages execute:
zypper in salt-minion
Modify the minion configuration file to point to the fully qualified domain name (FQDN) of the SUSE Manager server (master):
vi /etc/salt/minion
Find and change the line:
master: salt
to:
master:`FQDN.SUSE.Manager.com`
Restart the Salt minion with:
systemctl restart salt-minion
or on non-systemd OS:
rcsalt-minion restart
Your newly registered minion should now show up within the Web UI under › . Accept the key to begin management.