Installation on SLES/openSUSE Leap

This chapter focuses on the package-based installation process of an opsi server on SUSE Linux Enterprise Server (SLES), and openSUSE Leap.

Proxy Settings

For the installation process, it’s important to ensure that you have Internet access via HTTP/HTTPS.

If you need to access through an HTTP proxy, it’s recommended to set the proxy settings at a system-wide level using environment variables. These should be entered into the /etc/environment file.

Keep in mind that the names of these environment variables consist only of lowercase letters.

  • http_proxy: Configures the proxy for HTTP connections. It requires the full URL, including if authentication is needed:
    http_proxy=http://<user>:<password>@<proxy-address>:<port>

  • https_proxy: Similar to http_proxy but for HTTPS connections:
    https_proxy=https://<proxy-address>:<port>

  • no_proxy: Lists addresses that should bypass the proxy. Use commas to separate multiple addresses:
    no_proxy=127.0.0.1,localhost,mydomain.example,hostname.domain.com:8080
    Remember these rules for addresses:

    • Only use lowercase letters.

    • Include IP addresses only for direct access via IPs, as no name resolution occurs for exceptions.

    • CIDR notation for IP address ranges (like 192.168.0.0/24) is not supported.

    • Always include exceptions for localhost and 127.0.0.1.

    • Wildcards and regular expressions are not supported.

    • Treat each name as a suffix, so domain.com applies to all hostnames ending in domain.com.

    • Optionally, add a specific port after a colon for each address to confine the exception to that port.

Here’s an example for setting up the /etc/environment file:

http_proxy=http://10.1.1.1:8080
https_proxy=https://10.1.1.1:8080
no_proxy=127.0.0.1,localhost,company.tld

To apply the changes to the currently running shell, execute the following commands:

set -a; source /etc/environment; set +a
For Suse distributions, the NO_PROXY parameter in the /etc/sysconfig/proxy file needs to be adjusted. Set NO_PROXY=127.0.0.1,localhost,company.tld as appropriate.

If the access to opsiconfd is channeled through a proxy, the service requests will appear to originate from the IP address of the proxy. As a result, all functionalities that rely on the client’s IP address, such as networks, admin-networks, update-ip, or max-session-per-ip, might not operate correctly. To address this, you can define trusted proxy addresses using the trusted-proxies parameter. When a connection comes from a trusted proxy, the server will look at the X-Forwarded-For header to ascertain the real IP address of the client.

Example:

admin-networks=[192.168.10.0/24]
trusted-proxies=[192.178.16.27]

Configuring Repositories

Add the Grafana repository:

sudo zypper addrepo https://rpm.grafana.com grafana

Add the opsi repository that matches your distribution:

openSUSE Leap 15.5:

sudo zypper addrepo https://download.opensuse.org/repositories/home:uibmz:opsi:4.3:stable/openSUSE_Leap_15.5/home:uibmz:opsi:4.3:stable.repo

openSUSE Leap 15.4:

sudo zypper addrepo https://download.opensuse.org/repositories/home:uibmz:opsi:4.3:stable/openSUSE_Leap_15.4/home:uibmz:opsi:4.3:stable.repo

SLES 15 SP4:

sudo zypper addrepo http://download.opensuse.org/repositories/home:uibmz:opsi:4.3:stable/SLE_15_SP4/home:uibmz:opsi:4.3:stable.repo

SLES 15 SP3:

sudo zypper addrepo http://download.opensuse.org/repositories/home:uibmz:opsi:4.3:stable/SLE_15_SP3/home:uibmz:opsi:4.3:stable.repo

SLES 15 SP2:

sudo zypper addrepo http://download.opensuse.org/repositories/home:uibmz:opsi:4.3:stable/SLE_15_SP2/home:uibmz:opsi:4.3:stable.repo

SLES 15 SP1:

sudo zypper addrepo http://download.opensuse.org/repositories/home:uibmz:opsi:4.3:stable/SLE_15_SP1/home:uibmz:opsi:4.3:stable.repo

Installing the Packages

Install the package opsi-server-full:

sudo zypper refresh
[...]
  Do you want to reject the key, trust temporarily, or trust always? [r/t/a/?] (r):
sudo zypper -v install opsi-server-full
As an alternative to the opsi-server-full package, you can install either opsi-server or opsi-server-expert. These packages differ in their dependencies and are tailored for scenarios where you prefer to run MySQL, Redis, or Grafana on separate servers. While opsi-server and opsi-server-expert provide more flexibility, they are best suited for experienced Linux administrators.
Make sure that your firewall and SELinux configurations permit connections on ports 69/UDP (TFTP) and both 4447/TCP and 4441/TCP (opsi). Further information on SELinux can be found at SELinux.

The opsi server is now set up and ready for the next steps.