Registering Traditional Clients
Generating a Bootstrap Script
To register traditional clients, you need to create a template bootstrap script, which can be copied and modified. The bootstrap script you create is executed on the traditional client when it is registered, and ensures all the necessary packages are deployed to the client. There are some parameters contained in the bootstrap script which ensure the client system can be assigned to its base channel, including activation keys, and GPG keys.
It is important that you check the repository information carefully, to ensure it matches the base channel repository. If the repository information does not match exactly, the bootstrap script will not be able to download the correct packages.
|
GPG Keys and Uyuni Client Tools
The GPG key used by Uyuni Client Tools is not trusted by default.
When you create your bootstrap script, add a path to the file containing the public key fingerprint with the |
|
SLES 15 and Python 3
SLES 15 uses Python 3 by default. Bootstrap scripts based on Python 2 must be re-created for SLES 15 systems. Attempting to register SLES 15 systems with SUSE Manager using Python 2 bootstrap scripts will fail. |
This procedure describes how to generate a bootstrap script.
-
From the SUSE Manager Web UI, browse to . For more information, see xref:FILENAME.adoc#s3-sattools-config-bootstrap[].
-
In the
SUSE Manager Configuration - Bootstrapdialog disableBootstrap using Salt. Use default settings and click the Update button.
Using SSLUnchecking Enable SSL in the Web UI or setting
USING_SSL=0in the bootstrap script is not recommended. If you disable SSL nevertheless you will need to manage custom CA certificates to be able to run the registration process successfully. -
A template bootstrap script is generated and stored on the server’s file system in the
/srv/www/htdocs/pub/bootstrapdirectory.cd /srv/www/htdocs/pub/bootstrap
The bootstrap script is also available at
https://example.com/pub/bootstrap/bootstrap.sh.
Editing the Bootstrap Script
In this section you will copy and modify the template bootstrap script you created from xref:FILENAME.adoc#generate.bootstrap.script[].
A minimal requirement when modifying a bootstrap script for use with SUSE Manager is the inclusion of an activation key. Depending on your organizations security requirements it is strongly recommended to include one or more (GPG) keys (for example, your organization key, and package signing keys). For this tutorial you will be registering with the activation keys created in the previous section.
-
Login as root from the command line on your SUSE Manager server.
-
Navigate to the bootstrap directory with:
cd /srv/www/htdocs/pub/bootstrap/
-
Create and rename two copies of the template bootstrap script for use with each of your clients.
cp bootstrap.sh bootstrap-sles11.sh cp bootstrap.sh bootstrap-sles12.sh
-
Open
sles12.shfor modification. Scroll down and modify both lines marked in green. You must comment outexit 1with a hash mark (#) to activate the script and then enter the name of the key for this script in theACTIVATION_KEYS=field as follows:echo "Enable this script: comment (with #'s) this block (or, at least just" echo "the exit below)" echo #exit 1 # can be edited, but probably correct (unless created during initial install): # NOTE: ACTIVATION_KEYS *must* be used to bootstrap a client machine. ACTIVATION_KEYS=1-sles12 ORG_GPG_KEY=
-
Once you have completed your modifications save the file and repeat this procedure for the second bootstrap script. Proceed to xref:FILENAME.adoc#connect.first.client[].
|
Finding Your Keys
To find key names you have created, navigate to in the Web UI. All keys created for channels are listed on this page. You must enter the full name of the key you wish to use in the bootstrap script exactly as presented in the key field. |
Connecting Clients
This section covers connecting your clients to SUSE Manager with the modified bootstrap script.
-
From your SUSE Manager Server command line as root navigate to the following directory:
cd /srv/www/htdocs/pub/bootstrap/
-
Run the following command to execute the bootstrap script on the client:
cat MODIFIED-SCRIPT.SH | ssh root@example.com /bin/bash
-
The script will execute and proceed to download the required dependencies located in the repositories directory you created earlier. Once the script has finished running, log in to the Web UI and click to see the new client listed.
Package Locks
Package locks are used to prevent unauthorized installation or upgrades to software packages on traditional clients. When a package has been locked, it will show a padlock icon, indicating that it can not be installed. Any attempt to install a locked package will be reported as an error in the event log.
Locked packages can not be installed, upgraded, or removed, either through the SUSE Manager Web UI, or directly on the client machine using a package manager. Locked packages will also indirectly lock any dependent packages.
|
Package locks can only be used on traditional clients that use the Zypper package manager. The feature is not currently supported on Red Hat Enterprise Linux or Salt clients. |
-
On the client machine, install the
zypp-plugin-spacewalkpackage:# zypper in zypp-plugin-spacewalk
-
Navigate to the tab on the managed system to see a list of all available packages.
-
Select the packages to lock, and click Request Lock. You can also choose to enter a date and time for the lock to activate. Leave the date and time blank if you want the lock to activate as soon as possible. Note that the lock might not activate immediately.
-
To remove a package lock, select the packages to unlock and click Request Unlock. Leave the date and time blank if you want the lock to deactivate as soon as possible. Note that the lock might not deactivate immediately.