Installation on SLES/openSUSE Leap
This chapter focuses on the package-based installation process of an opsi server on SUSE Linux Enterprise Server (SLES), and openSUSE Leap.
Proxy Settings
For the installation process, it’s important to ensure that you have Internet access via HTTP/HTTPS.
If you need to access through an HTTP proxy, it’s recommended to set the proxy settings at a system-wide level using environment variables. These should be entered into the /etc/environment
file.
Keep in mind that the names of these environment variables consist only of lowercase letters. |
-
http_proxy
: Configures the proxy for HTTP connections. It requires the full URL, including if authentication is needed:
http_proxy=http://<user>:<password>@<proxy-address>:<port>
-
https_proxy
: Similar tohttp_proxy
but for HTTPS connections:
https_proxy=https://<proxy-address>:<port>
-
no_proxy
: Lists addresses that should bypass the proxy. Use commas to separate multiple addresses:
no_proxy=127.0.0.1,localhost,mydomain.example,hostname.domain.com:8080
Remember these rules for addresses:-
Only use lowercase letters.
-
Include IP addresses only for direct access via IPs, as no name resolution occurs for exceptions.
-
CIDR notation for IP address ranges (like
192.168.0.0/24
) is not supported. -
Always include exceptions for
localhost
and127.0.0.1
. -
Wildcards and regular expressions are not supported.
-
Treat each name as a suffix, so
domain.com
applies to all hostnames ending indomain.com
. -
Optionally, add a specific port after a colon for each address to confine the exception to that port.
-
Here’s an example for setting up the /etc/environment
file:
http_proxy=http://10.1.1.1:8080
https_proxy=https://10.1.1.1:8080
no_proxy=127.0.0.1,localhost,company.tld
To apply the changes to the currently running shell, execute the following commands:
set -a; source /etc/environment; set +a
For Suse distributions, the NO_PROXY parameter in the /etc/sysconfig/proxy file needs to be adjusted. Set NO_PROXY=127.0.0.1,localhost,company.tld as appropriate.
|
If the access to opsiconfd
is channeled through a proxy, the service requests will appear to originate from the IP address of the proxy. As a result, all functionalities that rely on the client’s IP address, such as networks
, admin-networks
, update-ip
, or max-session-per-ip
, might not operate correctly. To address this, you can define trusted proxy addresses using the trusted-proxies
parameter. When a connection comes from a trusted proxy, the server will look at the X-Forwarded-For
header to ascertain the real IP address of the client.
Example:
admin-networks=[192.168.10.0/24]
trusted-proxies=[192.178.16.27]
Configuring Repositories
Add the Grafana repository:
sudo zypper addrepo https://rpm.grafana.com grafana
Add the opsi repository that matches your distribution:
openSUSE Leap 15.5:
sudo zypper addrepo https://download.opensuse.org/repositories/home:uibmz:opsi:4.3:testing/openSUSE_Leap_15.5/home:uibmz:opsi:4.3:testing.repo
openSUSE Leap 15.4:
sudo zypper addrepo https://download.opensuse.org/repositories/home:uibmz:opsi:4.3:testing/openSUSE_Leap_15.4/home:uibmz:opsi:4.3:testing.repo
SLES 15 SP4:
sudo zypper addrepo http://download.opensuse.org/repositories/home:uibmz:opsi:4.3:testing/SLE_15_SP4/home:uibmz:opsi:4.3:testing.repo
SLES 15 SP3:
sudo zypper addrepo http://download.opensuse.org/repositories/home:uibmz:opsi:4.3:testing/SLE_15_SP3/home:uibmz:opsi:4.3:testing.repo
SLES 15 SP2:
sudo zypper addrepo http://download.opensuse.org/repositories/home:uibmz:opsi:4.3:testing/SLE_15_SP2/home:uibmz:opsi:4.3:testing.repo
SLES 15 SP1:
sudo zypper addrepo http://download.opensuse.org/repositories/home:uibmz:opsi:4.3:testing/SLE_15_SP1/home:uibmz:opsi:4.3:testing.repo
Installing the Packages
Install the package opsi-server-full
:
sudo zypper refresh
[...]
Do you want to reject the key, trust temporarily, or trust always? [r/t/a/?] (r):
sudo zypper -v install opsi-server-full
As an alternative to the opsi-server-full package, you can install either opsi-server or opsi-server-expert . These packages differ in their dependencies and are tailored for scenarios where you prefer to run MySQL, Redis, or Grafana on separate servers. While opsi-server and opsi-server-expert provide more flexibility, they are best suited for experienced Linux administrators.
|
Make sure that your firewall and SELinux configurations permit connections on ports 69/UDP (TFTP) and both 4447/TCP and 4441/TCP (opsi). Further information on SELinux can be found at SELinux. |
The opsi server is now set up and ready for the next steps.